Merge branch 'main' into hmakholm/pr/2.9.0

2022-04-26 02:33:49 +02:00 · 2022-04-26 02:33:49 +02:00 · 80771fd2d0
commit 80771fd2d0
parent 23b7196b6b ce63ab5d00
30 changed files with 115 additions and 104 deletions
--- a/.github/update-release-branch.py
+++ b/.github/update-release-branch.py
@ -19,6 +19,9 @@ V1_MODE = 'v1-release'
 # Value of the mode flag for a v2 release
 V2_MODE = 'v2-release'
 SOURCE_BRANCH_FOR_MODE = { V1_MODE: 'releases/v2', V2_MODE: 'main' }
 TARGET_BRANCH_FOR_MODE = { V1_MODE: 'releases/v1', V2_MODE: 'releases/v2' }
 # Name of the remote
 ORIGIN = 'origin'
@ -191,8 +194,10 @@ def main():
    type=str,
    required=True,
    choices=[V2_MODE, V1_MODE],
-    help=f"Which release to perform. '{V2_MODE}' uses main as the source branch and v2 as the target branch. " +
+    help=f"Which release to perform. '{V2_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V2_MODE]} as the source " +
-      f"'{V1_MODE}' uses v2 as the source branch and v1 as the target branch."
+      f"branch and {TARGET_BRANCH_FOR_MODE[V2_MODE]} as the target branch. " +
      f"'{V1_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V1_MODE]} as the source branch and " +
      f"{TARGET_BRANCH_FOR_MODE[V1_MODE]} as the target branch."
  )
  parser.add_argument(
    '--conductor',
@ -203,14 +208,8 @@ def main():
  args = parser.parse_args()
-  if args.mode == V2_MODE:
+  source_branch = SOURCE_BRANCH_FOR_MODE[args.mode]
-    source_branch = 'main'
+  target_branch = TARGET_BRANCH_FOR_MODE[args.mode]
    target_branch = 'v2'
  elif args.mode == V1_MODE:
    source_branch = 'v2'
    target_branch = 'v1'
  else:
    raise ValueError(f"Unexpected value for release mode: '{args.mode}'")
  repo = Github(args.github_token).get_repo(args.repository_nwo)
  version = get_current_version()
@ -247,9 +246,9 @@ def main():
  print('Creating branch ' + new_branch_name)
  if args.mode == V1_MODE:
-    # If we're performing a backport, start from the v1 branch
+    # If we're performing a backport, start from the target branch
-    print(f'Creating {new_branch_name} from the {ORIGIN}/v1 branch')
+    print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch')
-    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/v1')
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}')
    # Revert the commit that we made as part of the last release that updated the version number and
    # changelog to refer to 1.x.x variants. This avoids merge conflicts in the changelog and
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__debug-artifacts.yml
+++ b/.github/workflows/__debug-artifacts.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__go-custom-tracing-autobuild.yml
+++ b/.github/workflows/__go-custom-tracing-autobuild.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__go-custom-tracing.yml
+++ b/.github/workflows/__go-custom-tracing.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__ml-powered-queries.yml
+++ b/.github/workflows/__ml-powered-queries.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__test-ruby.yml
+++ b/.github/workflows/__test-ruby.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@ -11,8 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
-    - v2
+    - releases/v2
  pull_request:
    types:
    - opened
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -2,9 +2,9 @@ name: "CodeQL action"
 on:
  push:
-    branches: [main, v1, v2]
+    branches: [main, releases/v1, releases/v2]
  pull_request:
-    branches: [main, v1, v2]
+    branches: [main, releases/v1, releases/v2]
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
    types: [opened, synchronize, reopened, ready_for_review]
--- a/.github/workflows/post-release-mergeback.yml
+++ b/.github/workflows/post-release-mergeback.yml
@ -1,7 +1,8 @@
-# This workflow runs after a release of the action.
+# This workflow runs after a release of the action. For v2 releases, it merges any changes from the
-# It merges any changes from the release back into the
+# release back into the main branch. Typically, this is just a single commit that updates the
-# main branch. Typically, this is just a single commit
+# changelog. For v2 and v1 releases, it then (a) tags the merge commit on the release branch that
-# that updates the changelog.
+# represents the new release with an `vx.y.z` tag and (b) updates the `vx` tag to refer to this
 # commit.
 name: Tag release and merge back
 on:
@ -14,8 +15,8 @@ on:
  push:
    branches:
-      - v1
+      - releases/v1
-      - v2
+      - releases/v2
 jobs:
  merge-back:
@ -32,7 +33,7 @@ jobs:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
-        run: echo "$GITHUB_CONTEXT"
+        run: echo "${GITHUB_CONTEXT}"
      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
@ -46,25 +47,25 @@ jobs:
        id: getVersion
        run: |
          VERSION="v$(jq '.version' -r 'package.json')"
-          SHORT_SHA="${GITHUB_SHA:0:8}"
+          echo "::set-output name=version::${VERSION}"
-          echo "::set-output name=version::$VERSION"
+          short_sha="${GITHUB_SHA:0:8}"
-          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${SHORT_SHA}"
+          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
-          echo "::set-output name=newBranch::$NEW_BRANCH"
+          echo "::set-output name=newBranch::${NEW_BRANCH}"
      - name: Dump branches
        env:
          NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
        run: |
-          echo "BASE_BRANCH $BASE_BRANCH"
+          echo "BASE_BRANCH ${BASE_BRANCH}"
-          echo "HEAD_BRANCH $HEAD_BRANCH"
+          echo "HEAD_BRANCH ${HEAD_BRANCH}"
-          echo "NEW_BRANCH $NEW_BRANCH"
+          echo "NEW_BRANCH ${NEW_BRANCH}"
      - name: Create mergeback branch
        env:
          NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
        run: |
-          git checkout -b "$NEW_BRANCH"
+          git checkout -b "${NEW_BRANCH}"
      - name: Check for tag
        id: check
@ -72,13 +73,13 @@ jobs:
          VERSION: "${{ steps.getVersion.outputs.version }}"
        run: |
          set +e # don't fail on an errored command
-          git ls-remote --tags origin | grep "$VERSION"
+          git ls-remote --tags origin | grep "${VERSION}"
-          EXISTS="$?"
+          exists="$?"
-          if [ "$EXISTS" -eq 0 ]; then
+          if [ "${exists}" -eq 0 ]; then
-            echo "Tag $TAG exists. Not going to re-release."
+            echo "Tag ${VERSION} exists. Not going to re-release."
            echo "::set-output name=exists::true"
          else
-            echo "Tag $TAG does not exist yet."
+            echo "Tag ${VERSION} does not exist yet."
          fi
      # we didn't tag the release during the update-release-branch workflow because the
@ -89,20 +90,31 @@ jobs:
        env:
          VERSION: ${{ steps.getVersion.outputs.version }}
        run: |
-          git tag -a "$VERSION" -m "$VERSION"
+          # Unshallow the repo in order to allow pushes
-          git fetch --unshallow  # unshallow the repo in order to allow pushes
+          git fetch --unshallow
-          git push origin --follow-tags "$VERSION"
+          # Create the `vx.y.z` tag
          git tag --annotate "${VERSION}" --message "${VERSION}"
          # Update the `vx` tag
          major_version_tag=$(cut -d '.' -f1 <<< "${VERSION}")
          # Use `--force` to overwrite the major version tag
          git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force
          # Push the tags, using:
          # - `--atomic` to make sure we either update both tags or neither (an intermediate state,
          #   e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in
          #   unwanted Dependabot updates, e.g. from v2 to v2.x.y)
          # - `--force` since we're overwriting the `vx` tag
          git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}"
      - name: Create mergeback branch
-        if: steps.check.outputs.exists != 'true' && contains(github.ref, 'v2')
+        if: steps.check.outputs.exists != 'true' && contains(github.ref, 'releases/v2')
        env:
          VERSION: "${{ steps.getVersion.outputs.version }}"
          NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
        run: |
          set -exu
-          PR_TITLE="Mergeback $VERSION $HEAD_BRANCH into $BASE_BRANCH"
+          pr_title="Mergeback ${VERSION} ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          PR_BODY="Updates version and changelog."
+          pr_body="Updates version and changelog."
          # Update the version number ready for the next release
          npm version patch --no-git-tag-version
@ -110,16 +122,16 @@ jobs:
          # Update the changelog
          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md
          git add .
-          git commit -m "Update changelog and version after $VERSION"
+          git commit -m "Update changelog and version after ${VERSION}"
-          git push origin "$NEW_BRANCH"
+          git push origin "${NEW_BRANCH}"
          # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft
          # so that a maintainer can take the PR out of draft, thereby triggering the PR checks.
          gh pr create \
-            --head "$NEW_BRANCH" \
+            --head "${NEW_BRANCH}" \
-            --base "$BASE_BRANCH" \
+            --base "${BASE_BRANCH}" \
-            --title "$PR_TITLE" \
+            --title "${pr_title}" \
            --label "Update dependencies" \
-            --body "$PR_BODY" \
+            --body "${pr_body}" \
            --draft
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@ -2,7 +2,7 @@ name: PR Checks (Basic Checks and Runner)
 on:
  push:
-    branches: [main, v1, v2]
+    branches: [main, releases/v1, releases/v2]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
--- a/.github/workflows/python-deps.yml
+++ b/.github/workflows/python-deps.yml
@ -2,7 +2,7 @@ name: Test Python Package Installation on Linux and Mac
 on:
  push:
-    branches: [main, v1, v2]
+    branches: [main, releases/v1, releases/v2]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@ -7,7 +7,7 @@ on:
  # When the v2 release is complete, this workflow will open a PR to update the v1 release branch.
  push:
    branches:
-      - v2
+      - releases/v2
 jobs:
  update:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -61,22 +61,22 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Releasing (write access required)
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
-    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v2` release branch.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch.
    You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
+1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
 1. Review the checklist items in the pull request description.
    Once you've checked off all but the last two of these, approve the PR and automerge it.
-1. When the "Merge main into v2" pull request is merged into the `v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
-    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into v2" pull request, and bumps the patch version of the CodeQL Action.
+    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
    Approve the mergeback PR and automerge it.
-1. When the "Merge main into v2" pull request is merged into the `v2` branch, the "Update release branch" workflow will create a "Merge v2 into v1" pull request to merge the changes since the last release into the `v1` release branch.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch.
-    This ensures we keep both the `v1` and `v2` release branches up to date and fully supported.
+    This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported.
    Review the checklist items in the pull request description.
    Once you've checked off all the items, approve the PR and automerge it.
-1. Once the mergeback has been merged to `main` and the "Merge v2 into v1" PR has been merged to `v1`, the release is complete.
+1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete.
 ## Keeping the PR checks up to date (admin access required)
@ -91,8 +91,8 @@ To regenerate the PR jobs for the action:
    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
    echo "{\"contexts\": ${CHECKS}}" > checks.json
    gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
-    gh api -X "PATCH" repos/github/codeql-action/branches/v2/protection/required_status_checks --input checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/releases/v2/protection/required_status_checks --input checks.json
-    gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/releases/v1/protection/required_status_checks --input checks.json
    ````
 2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
--- a/pr-checks/sync.py
+++ b/pr-checks/sync.py
@ -108,7 +108,7 @@ for file in os.listdir('checks'):
            },
            'on': {
                'push': {
-                    'branches': ['main', 'v1', 'v2']
+                    'branches': ['main', 'releases/v1', 'releases/v2']
                },
                'pull_request': {
                    'types': ["opened", "synchronize", "reopened", "ready_for_review"]