From 81aead69921edf307f6548db26a621cd4ac7d092 Mon Sep 17 00:00:00 2001
From: nickfyson <nickfyson@github.com>
Date: Wed, 13 Dec 2023 15:21:54 +0000
Subject: [PATCH] ensure branch protection script targets all release branches

---
 .github/workflows/script/update-required-checks.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh
index a06e90a38..4bd0676c7 100755
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -29,7 +29,10 @@ echo "$CHECKS" | jq
 
 echo "{\"contexts\": ${CHECKS}}" > checks.json
 
-for BRANCH in main releases/v2; do
+# retrieve lists of branches on origin that match releases/v[0-9]*, putting them on same line
+RELEASE_BRANCHES="$(git ls-remote --heads origin 'releases/v[0-9]*' | sed -e 's/.*refs\/heads\///' | sort -V | tr '\n' ' ')"
+
+for BRANCH in main $RELEASE_BRANCHES; do
   echo "Updating $BRANCH"
   gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
 done