github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-22 05:18:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add scanGeneratedWorkflows

Browse Source
This commit is contained in:
Michael B. Gale
2026-03-01 15:37:11 +00:00
parent 6a6bd778b6
commit e1b83ccb74
1 changed files with 52 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pr-checks/sync_back.ts
+52 -1
View File
@@ -19,6 +19,7 @@ files are updated directly by Dependabot and don't need sync-back.
import { parseArgs } from "node:util"; import { parseArgs } from "node:util";
import * as fs from "fs";
import * as path from "path"; import * as path from "path";
const THIS_DIR = __dirname; const THIS_DIR = __dirname;
@@ -26,6 +27,43 @@ const CHECKS_DIR = path.join(THIS_DIR, "checks");
const WORKFLOW_DIR = path.join(THIS_DIR, "..", ".github", "workflows"); const WORKFLOW_DIR = path.join(THIS_DIR, "..", ".github", "workflows");
const SYNC_TS_PATH = path.join(THIS_DIR, "sync.ts"); const SYNC_TS_PATH = path.join(THIS_DIR, "sync.ts");
/**
* Scan generated workflow files to extract the latest action versions.
*
* @param workflowDir - Path to .github/workflows directory
* @returns Map from action names to their latest versions (including comments)
*/
function scanGeneratedWorkflows(workflowDir: string): Record<string, string> {
const actionVersions: Record<string, string> = {};
const generatedFiles = fs
.readdirSync(workflowDir)
.filter((f) => f.startsWith("__") && f.endsWith(".yml"))
.map((f) => path.join(workflowDir, f));
for (const filePath of generatedFiles) {
const content = fs.readFileSync(filePath, "utf8");
// Find all action uses in the file, including potential comments
// This pattern captures: action_name@version_with_possible_comment
const pattern = /uses:\s+([^/\s]+\/[^@\s]+)@([^@\n]+)/g;
let match: RegExpExecArray | null;
while ((match = pattern.exec(content)) !== null) {
const actionName = match[1];
const versionWithComment = match[2].trimEnd();
// Only track non-local actions (those with / but not starting with ./)
if (!actionName.startsWith("./")) {
// Assume that version numbers are consistent (this should be the case on a Dependabot update PR)
actionVersions[actionName] = versionWithComment;
}
}
}
return actionVersions;
}
function main(): number { function main(): number {
const { values } = parseArgs({ const { values } = parseArgs({
options: { options: {
@@ -40,7 +78,20 @@ function main(): number {
const verbose = values.verbose ?? false; const verbose = values.verbose ?? false;
console.log(verbose); console.info("Scanning generated workflows for latest action versions...");
const actionVersions = scanGeneratedWorkflows(WORKFLOW_DIR);
if (verbose) {
console.info("Found action versions:");
for (const [action, version] of Object.entries(actionVersions)) {
console.info(` ${action}@${version}`);
}
}
if (Object.keys(actionVersions).length === 0) {
console.error("No action versions found in generated workflows");
return 1;
}
return 0; return 0;
} }