robojerk/codeql-action

Merge pull request #1630 from github/henrymercer/automate-bundle-upgrade

Browse source 
Automate the bundle upgrade
This commit is contained in:
Henry Mercer 2023-04-03 20:07:03 +01:00 committed by GitHub
commit f0a422fa27
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 235 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

0
.github/check-codescanning-config/action.yml → .github/actions/check-codescanning-config/action.yml vendored
View file

0
.github/check-codescanning-config/index.ts → .github/actions/check-codescanning-config/index.ts vendored
View file

0
.github/check-sarif/action.yml → .github/actions/check-sarif/action.yml vendored
View file

0
.github/check-sarif/index.js → .github/actions/check-sarif/index.js vendored
View file

0
.github/prepare-test/action.yml → .github/actions/prepare-test/action.yml vendored
View file

2
.github/query-filter-test/action.yml → .github/actions/query-filter-test/action.yml vendored
View file

@ -44,7 +44,7 @@ runs:
env:
CODEQL_ACTION_TEST_MODE: "true"
- name: Check SARIF
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ inputs.sarif-file }}
queries-run: ${{ inputs.queries-run}}

0
.github/setup-swift/action.yml → .github/actions/setup-swift/action.yml vendored
View file

14
.github/actions/update-bundle/action.yml vendored Normal file
View file

@ -0,0 +1,14 @@
name: Update default CodeQL bundle
description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
runs:
using: composite
steps:
- name: Install ts-node
shell: bash
run: npm install -g ts-node
- name: Run update script
working-directory: ${{ github.action_path }}
shell: bash
run: ts-node ./index.ts

69
.github/actions/update-bundle/index.ts vendored Normal file
View file

@ -0,0 +1,69 @@
import * as fs from 'fs';
import * as github from '@actions/github';
interface BundleInfo {
bundleVersion: string;
cliVersion: string;
}
interface Defaults {
bundleVersion: string;
cliVersion: string;
priorBundleVersion: string;
priorCliVersion: string;
}
const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
function getCodeQLCliVersionForRelease(release): string {
// We do not currently tag CodeQL bundles based on the CLI version they contain.
// Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
// This marker file is uploaded as a release asset for all new CodeQL bundles.
const cliVersionsFromMarkerFiles = release.assets
.map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
.filter((v) => v)
.map((v) => v as string);
if (cliVersionsFromMarkerFiles.length > 1) {
throw new Error(
`Release ${release.tag_name} has multiple CLI version marker files.`
);
} else if (cliVersionsFromMarkerFiles.length === 0) {
throw new Error(
`Failed to find the CodeQL CLI version for release ${release.tag_name}.`
);
}
return cliVersionsFromMarkerFiles[0];
}
async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
return {
bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
cliVersion: getCodeQLCliVersionForRelease(release)
};
}
async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
const release = github.context.payload.release;
console.log('Updating default bundle as a result of the following release: ' +
`${JSON.stringify(release)}.`)
const bundleInfo = await getBundleInfoFromRelease(release);
return {
bundleVersion: bundleInfo.bundleVersion,
cliVersion: bundleInfo.cliVersion,
priorBundleVersion: currentDefaults.bundleVersion,
priorCliVersion: currentDefaults.cliVersion
};
}
async function main() {
const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
const newDefaults = await getNewDefaults(previousDefaults);
// Update the source file in the repository. Calling workflows should subsequently rebuild
// the Action to update `lib/defaults.json`.
fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
}
// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
// So instead we rely on the fact that Node won't exit until the event loop is empty.
main();

2
.github/dependabot.yml vendored
View file

@ -16,6 +16,6 @@ updates:
schedule:
interval: weekly
- package-ecosystem: github-actions
directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
schedule:
interval: weekly

2
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -69,7 +69,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -39,7 +39,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

2
.github/workflows/__config-export.yml generated vendored
View file

@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

2
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

4
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -39,7 +39,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init
@ -49,7 +49,7 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
CODEQL_FILE_BASELINE_INFORMATION: true
- uses: ./../action/.github/setup-swift
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{steps.init.outputs.codeql-path}}
- name: Build code

2
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

2
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -69,7 +69,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -57,7 +57,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -57,7 +57,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -57,7 +57,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -51,7 +51,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Init with registries

2
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -39,7 +39,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Move codeql-action

4
.github/workflows/__ml-powered-queries.yml generated vendored
View file

@ -57,7 +57,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go
@ -85,7 +85,7 @@ jobs:
retention-days: 7
- name: Check sarif
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
# Running on Windows requires CodeQL CLI 2.9.0+.
if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
with:

4
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -57,7 +57,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go
@ -71,7 +71,7 @@ jobs:
db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/setup-swift
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{steps.init.outputs.codeql-path}}

4
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -51,7 +51,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init
@ -69,7 +69,7 @@ jobs:
upload-database: false
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

4
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -51,7 +51,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init
@ -69,7 +69,7 @@ jobs:
upload-database: false
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

4
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -51,7 +51,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init
@ -68,7 +68,7 @@ jobs:
upload-database: false
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

4
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -51,7 +51,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init
@ -68,7 +68,7 @@ jobs:
output: ${{ runner.temp }}/results
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

2
.github/workflows/__remote-config.yml generated vendored
View file

@ -69,7 +69,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Ruby

2
.github/workflows/__ruby.yml generated vendored
View file

@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

2
.github/workflows/__split-workflow.yml generated vendored
View file

@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

2
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -39,7 +39,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: actions/checkout@v3

4
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init
@ -53,7 +53,7 @@ jobs:
with:
languages: swift
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/setup-swift
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{steps.init.outputs.codeql-path}}
- name: Check working directory

2
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Test setup

2
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Fetch a CodeQL bundle

2
.github/workflows/__test-proxy.yml generated vendored
View file

@ -35,7 +35,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: ./../action/init

2
.github/workflows/__unset-environment.yml generated vendored
View file

@ -45,7 +45,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -69,7 +69,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

2
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -69,7 +69,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Set up Go

26
.github/workflows/codescanning-config-cli.yml vendored
View file

@ -47,12 +47,12 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- name: Empty file
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: "{}"
languages: javascript
@ -60,7 +60,7 @@ jobs:
- name: Packs from input
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -72,7 +72,7 @@ jobs:
- name: Packs from input with +
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -84,7 +84,7 @@ jobs:
- name: Queries from input
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -96,7 +96,7 @@ jobs:
- name: Queries from input with +
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -108,7 +108,7 @@ jobs:
- name: Queries and packs from input with +
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -122,7 +122,7 @@ jobs:
- name: Queries and packs from config
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -137,7 +137,7 @@ jobs:
- name: Queries and packs from config overriden by input
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -152,7 +152,7 @@ jobs:
- name: Queries and packs from config merging with input
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -172,7 +172,7 @@ jobs:
- name: Multi-language packs from config
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -190,7 +190,7 @@ jobs:
- name: Other config properties
if: success() || failure()
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: |
{
@ -209,7 +209,7 @@ jobs:
if: success() || failure()
env:
CODEQL_PASS_CONFIG_TO_CLI: false
uses: ./../action/.github/check-codescanning-config
uses: ./../action/.github/actions/check-codescanning-config
with:
expected-config-file-contents: ""
languages: javascript

2
.github/workflows/debug-artifacts-failure.yml vendored
View file

@ -36,7 +36,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: latest
- uses: actions/setup-go@v4

2
.github/workflows/debug-artifacts.yml vendored
View file

@ -56,7 +56,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
- uses: actions/setup-go@v4

4
.github/workflows/expected-queries-runs.yml vendored
View file

@ -25,7 +25,7 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: latest
- uses: ./../action/init
@ -39,7 +39,7 @@ jobs:
upload: never
- name: Check Sarif
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/incomplete-hostname-regexp,js/path-injection

8
.github/workflows/query-filters.yml vendored
View file

@ -23,12 +23,12 @@ jobs:
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
uses: ./.github/actions/prepare-test
with:
version: latest
- name: Check SARIF for default queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
uses: ./../action/.github/actions/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip
@ -37,7 +37,7 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check SARIF for query packs with Single include, Single exclude
uses: ./../action/.github/query-filter-test
uses: ./../action/.github/actions/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block
@ -46,7 +46,7 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check SARIF for query packs and local queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
uses: ./../action/.github/actions/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs

82
.github/workflows/update-bundle.yml vendored Normal file
View file

@ -0,0 +1,82 @@
name: Update default CodeQL bundle
on:
release:
types: [prereleased]
jobs:
update-bundle:
if: startsWith(github.event.release.tag_name, 'codeql-bundle-')
runs-on: ubuntu-latest
steps:
- name: Dump environment
run: env
- name: Dump GitHub context
env:
GITHUB_CONTEXT: '${{ toJson(github) }}'
run: echo "$GITHUB_CONTEXT"
- uses: actions/checkout@v3
- name: Update git config
run: |
git config --global user.email "github-actions@github.com"
git config --global user.name "github-actions[bot]"
- name: Update bundle
uses: ./.github/actions/update-bundle
- name: Rebuild Action
run: npm run build
- name: Commit and push changes
env:
RELEASE_TAG: "${{ github.event.release.tag_name }}"
run: |
git checkout -b "update-bundle/$RELEASE_TAG"
git commit -am "Update default bundle to $RELEASE_TAG"
git push --set-upstream origin "update-bundle/$RELEASE_TAG"
- name: Open pull request
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
cli_version=$(jq -r '.cliVersion' src/defaults.json)
pr_url=$(gh pr create \
--title "Update default bundle to $cli_version" \
--body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
--assignee "$GITHUB_ACTOR" \
--draft \
)
echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
- name: Create changelog note
shell: python
run: |
import os
import re
# Get the PR number from the PR URL.
pr_number = os.environ['PR_URL'].split('/')[-1]
changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
# If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
# Use perl to avoid having to escape the newline character.
with open('CHANGELOG.md', 'r') as f:
changelog = f.read()
changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
# Add the changelog note to the bottom of the "[UNRELEASED]" section.
changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
with open('CHANGELOG.md', 'w') as f:
f.write(changelog)
- name: Push changelog note
run: |
git commit -am "Add changelog note"
git push

2
pr-checks/checks/export-file-baseline-information.yml
View file

@ -11,7 +11,7 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
CODEQL_FILE_BASELINE_INFORMATION: true
- uses: ./../action/.github/setup-swift
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{steps.init.outputs.codeql-path}}
- name: Build code

2
pr-checks/checks/ml-powered-queries.yml
View file

@ -28,7 +28,7 @@ steps:
retention-days: 7
- name: Check sarif
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
# Running on Windows requires CodeQL CLI 2.9.0+.
if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
with:

2
pr-checks/checks/multi-language-autodetect.yml
View file

@ -10,7 +10,7 @@ steps:
db-location: "${{ runner.temp }}/customDbLocation"
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/setup-swift
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{steps.init.outputs.codeql-path}}

2
pr-checks/checks/packaging-codescanning-config-inputs-js.yml
View file

@ -21,7 +21,7 @@ steps:
upload-database: false
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

2
pr-checks/checks/packaging-config-inputs-js.yml
View file

@ -17,7 +17,7 @@ steps:
upload-database: false
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

2
pr-checks/checks/packaging-config-js.yml
View file

@ -16,7 +16,7 @@ steps:
upload-database: false
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

2
pr-checks/checks/packaging-inputs-js.yml
View file

@ -16,7 +16,7 @@ steps:
output: "${{ runner.temp }}/results"
- name: Check results
uses: ./../action/.github/check-sarif
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block

2
pr-checks/checks/swift-custom-build.yml
View file

@ -11,7 +11,7 @@ steps:
with:
languages: swift
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/setup-swift
- uses: ./../action/.github/actions/setup-swift
with:
codeql-path: ${{steps.init.outputs.codeql-path}}
- name: Check working directory

2
pr-checks/sync.py
View file

@ -79,7 +79,7 @@ for file in os.listdir('checks'):
{
'name': 'Prepare test',
'id': 'prepare-test',
'uses': './.github/prepare-test',
'uses': './.github/actions/prepare-test',
'with': {
'version': '${{ matrix.version }}'
}