github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-03 02:02:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql-action/.github/workflows/update-bundle.yml
Henry Mercer 353802f9f2 Move time-sensitive Actions workflows to ubuntu-latest 
We originally moved these to `ubuntu-slim`, but there is a significant performance difference.  Since we often find ourselves waiting on these jobs, let's use the faster runners.
2026-03-27 16:22:19 +00:00

119 lines
4.1 KiB
YAML
Raw Permalink Blame History

name: Update default CodeQL bundle
on:
release:
# From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
# Note: The prereleased type will not trigger for pre-releases published
# from draft releases, but the published type will trigger. If you want a
# workflow to run when stable and pre-releases publish, subscribe to
# published instead of released and prereleased.
#
# From https://github.com/orgs/community/discussions/26281
# As a work around, in published type workflow, you could add if condition
# to filter pre-release attribute.
types: [published]
defaults:
run:
shell: bash
jobs:
update-bundle:
if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
runs-on: ubuntu-latest
permissions:
contents: write # needed to push commits
pull-requests: write # needed to create pull requests
steps:
- name: Dump environment
run: env
- name: Dump GitHub context
env:
GITHUB_CONTEXT: '${{ toJson(github) }}'
run: echo "$GITHUB_CONTEXT"
- uses: actions/checkout@v6
- name: Update git config
run: |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"
- name: Set up Python
uses: actions/setup-python@v6
with:
python-version: '3.12'
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: 24
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Update bundle
uses: ./.github/actions/update-bundle
- name: Bump Action minor version if new CodeQL minor version series
id: bump-action-version
run: |
prior_cli_version=$(jq -r '.priorCliVersion' src/defaults.json)
cli_version=$(jq -r '.cliVersion' src/defaults.json)
prior_minor=$(echo "$prior_cli_version" | cut -d. -f2)
current_minor=$(echo "$cli_version" | cut -d. -f2)
if [[ "$current_minor" != "$prior_minor" ]]; then
echo "New CodeQL minor version series ($prior_cli_version -> $cli_version), bumping Action minor version"
npm version minor --no-git-tag-version
echo "bumped=true" >> "$GITHUB_OUTPUT"
else
echo "Same minor version series ($prior_cli_version -> $cli_version), skipping Action version bump"
echo "bumped=false" >> "$GITHUB_OUTPUT"
fi
- name: Rebuild Action
run: npm run build
- name: Commit and push changes
env:
RELEASE_TAG: "${{ github.event.release.tag_name }}"
run: |
git checkout -b "update-bundle/$RELEASE_TAG"
git commit -am "Update default bundle to $RELEASE_TAG"
git push --set-upstream origin "update-bundle/$RELEASE_TAG"
- name: Open pull request
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ACTION_VERSION_BUMPED: ${{ steps.bump-action-version.outputs.bumped }}
run: |
cli_version=$(jq -r '.cliVersion' src/defaults.json)
action_version=$(jq -r '.version' package.json)
pr_body="This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version."
if [[ "$ACTION_VERSION_BUMPED" == "true" ]]; then
pr_body+=$'\n\n'"Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version."
fi
pr_url=$(gh pr create \
--title "Update default bundle to $cli_version" \
--body "$pr_body" \
--assignee "$GITHUB_ACTOR" \
--draft \
)
echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
- name: Create changelog note
run: |
python .github/workflows/script/bundle_changelog.py
- name: Push changelog note
run: |
git commit -am "Add changelog note"
git push
Reference in New Issue View Git Blame Copy Permalink