Merge remote-tracking branch 'origin/releases/v4' into backport-v3.32.0-b20883b0c

2026-05-07 06:10:19 +00:00 · 2026-01-26 18:41:32 +00:00
parent 92f3a2822b b20883b0cd
commit 4f5ca6f9a5
21 changed files with 99 additions and 51 deletions
@@ -76,6 +76,14 @@ jobs:
        with:
          java-version: ${{ inputs.java-version || '17' }}
          distribution: temurin
+      - name: Install yq
+        if: runner.os == 'Windows'
+        env:
+          YQ_PATH: ${{ runner.temp }}/yq
+          YQ_VERSION: v4.50.1
+        run: |-
+          gh release download --repo mikefarah/yq --pattern "yq_windows_amd64.exe" "$YQ_VERSION" -O "$YQ_PATH/yq.exe"
+          echo "$YQ_PATH" >> "$GITHUB_PATH"
      - name: Set up Java test repo configuration
        run: |
          mv * .github ../action/tests/multi-language-repo/
@@ -90,11 +98,6 @@ jobs:
          languages: java
          tools: ${{ steps.prepare-test.outputs.tools-url }}

-      - name: Install yq
-        if: runner.os == 'Windows'
-        run: |
-          choco install yq -y
-
      - name: Validate database build mode
        run: |
          metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
@@ -57,6 +57,24 @@ jobs:
      - name: Update bundle
        uses: ./.github/actions/update-bundle

+      - name: Bump Action minor version if new CodeQL minor version series
+        id: bump-action-version
+        run: |
+          prior_cli_version=$(jq -r '.priorCliVersion' src/defaults.json)
+          cli_version=$(jq -r '.cliVersion' src/defaults.json)
+
+          prior_minor=$(echo "$prior_cli_version" | cut -d. -f2)
+          current_minor=$(echo "$cli_version" | cut -d. -f2)
+
+          if [[ "$current_minor" != "$prior_minor" ]]; then
+            echo "New CodeQL minor version series ($prior_cli_version -> $cli_version), bumping Action minor version"
+            npm version minor --no-git-tag-version
+            echo "bumped=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "Same minor version series ($prior_cli_version -> $cli_version), skipping Action version bump"
+            echo "bumped=false" >> "$GITHUB_OUTPUT"
+          fi
+
      - name: Rebuild Action
        run: npm run build

@@ -71,11 +89,19 @@ jobs:
      - name: Open pull request
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ACTION_VERSION_BUMPED: ${{ steps.bump-action-version.outputs.bumped }}
        run: |
          cli_version=$(jq -r '.cliVersion' src/defaults.json)
+          action_version=$(jq -r '.version' package.json)
+
+          pr_body="This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version."
+          if [[ "$ACTION_VERSION_BUMPED" == "true" ]]; then
+            pr_body+=$'\n\n'"Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version."
+          fi
+
          pr_url=$(gh pr create \
            --title "Update default bundle to $cli_version" \
-            --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
+            --body "$pr_body" \
            --assignee "$GITHUB_ACTOR" \
            --draft \
          )