diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh index a06e90a38..068e1df4c 100755 --- a/.github/workflows/script/update-required-checks.sh +++ b/.github/workflows/script/update-required-checks.sh @@ -27,11 +27,18 @@ CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs - echo "$CHECKS" | jq -echo "{\"contexts\": ${CHECKS}}" > checks.json - -for BRANCH in main releases/v2; do +for BRANCH in main releases/v2 releases/v3; do echo "Updating $BRANCH" + echo "{\"contexts\": ${CHECKS}}" > checks.json + + # we need to special case the JS checks for releases/v2 + if [ "$BRANCH" == "releases/v2" ]; then + # we remove entries matching "Check JS (*" and add "Check JS" to the list + PROCESSED_CHECKS="$(echo "$CHECKS" | jq --compact-output --raw-output 'map(select(. | contains("Check JS (") | not)) + ["Check JS"] | unique | sort' )" + echo "{\"contexts\": ${PROCESSED_CHECKS}}" > checks.json + fi gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json + # cat checks.json | jq > checks-"${BRANCH//\//-}".json done rm checks.json diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 67d435103..c13664706 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -72,11 +72,13 @@ Once the mergeback has been merged to `main`, the release is complete. ## Keeping the PR checks up to date (admin access required) -Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script: +Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the required checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script: 1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date. 2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument. -3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated. +3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v2`, and `v2` have been updated. + +Note that the `update-required-checks.sh` script should be updated when there are new diversions between the checks on different release branches. ## Deprecating a CodeQL version (write access required) @@ -111,7 +113,7 @@ To deprecate an older version of the Action: - Add a changelog note announcing the deprecation. - Implement an Actions warning for customers using the deprecated version. 1. Wait for the deprecation period to pass. -1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. +1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. 1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py). Once this PR is merged, the release process will no longer backport changes to the deprecated release version. ## Resources