mirror of
https://github.com/github/codeql-action.git
synced 2026-05-22 05:18:35 +00:00
Michael B. Gale
100 lines
3.1 KiB
TypeScript
Executable File
100 lines
3.1 KiB
TypeScript
Executable File
#!/usr/bin/env npx tsx
|
|
|
|
/*
|
|
Sync-back script to automatically update action versions in source templates
|
|
from the generated workflow files after Dependabot updates.
|
|
|
|
This script scans the generated workflow files (.github/workflows/__*.yml) to find
|
|
all external action versions used, then updates:
|
|
1. Hardcoded action versions in pr-checks/sync.ts
|
|
2. Action version references in template files in pr-checks/checks/
|
|
|
|
The script automatically detects all actions used in generated workflows and
|
|
preserves version comments (e.g., # v1.2.3) when syncing versions.
|
|
|
|
This ensures that when Dependabot updates action versions in generated workflows,
|
|
those changes are properly synced back to the source templates. Regular workflow
|
|
files are updated directly by Dependabot and don't need sync-back.
|
|
*/
|
|
|
|
import { parseArgs } from "node:util";
|
|
|
|
import * as fs from "fs";
|
|
import * as path from "path";
|
|
|
|
const THIS_DIR = __dirname;
|
|
const CHECKS_DIR = path.join(THIS_DIR, "checks");
|
|
const WORKFLOW_DIR = path.join(THIS_DIR, "..", ".github", "workflows");
|
|
const SYNC_TS_PATH = path.join(THIS_DIR, "sync.ts");
|
|
|
|
/**
|
|
* Scan generated workflow files to extract the latest action versions.
|
|
*
|
|
* @param workflowDir - Path to .github/workflows directory
|
|
* @returns Map from action names to their latest versions (including comments)
|
|
*/
|
|
function scanGeneratedWorkflows(workflowDir: string): Record<string, string> {
|
|
const actionVersions: Record<string, string> = {};
|
|
|
|
const generatedFiles = fs
|
|
.readdirSync(workflowDir)
|
|
.filter((f) => f.startsWith("__") && f.endsWith(".yml"))
|
|
.map((f) => path.join(workflowDir, f));
|
|
|
|
for (const filePath of generatedFiles) {
|
|
const content = fs.readFileSync(filePath, "utf8");
|
|
|
|
// Find all action uses in the file, including potential comments
|
|
// This pattern captures: action_name@version_with_possible_comment
|
|
const pattern = /uses:\s+([^/\s]+\/[^@\s]+)@([^@\n]+)/g;
|
|
let match: RegExpExecArray | null;
|
|
|
|
while ((match = pattern.exec(content)) !== null) {
|
|
const actionName = match[1];
|
|
const versionWithComment = match[2].trimEnd();
|
|
|
|
// Only track non-local actions (those with / but not starting with ./)
|
|
if (!actionName.startsWith("./")) {
|
|
// Assume that version numbers are consistent (this should be the case on a Dependabot update PR)
|
|
actionVersions[actionName] = versionWithComment;
|
|
}
|
|
}
|
|
}
|
|
|
|
return actionVersions;
|
|
}
|
|
|
|
function main(): number {
|
|
const { values } = parseArgs({
|
|
options: {
|
|
verbose: {
|
|
type: "boolean",
|
|
short: "v",
|
|
default: false,
|
|
},
|
|
},
|
|
strict: true,
|
|
});
|
|
|
|
const verbose = values.verbose ?? false;
|
|
|
|
console.info("Scanning generated workflows for latest action versions...");
|
|
const actionVersions = scanGeneratedWorkflows(WORKFLOW_DIR);
|
|
|
|
if (verbose) {
|
|
console.info("Found action versions:");
|
|
for (const [action, version] of Object.entries(actionVersions)) {
|
|
console.info(` ${action}@${version}`);
|
|
}
|
|
}
|
|
|
|
if (Object.keys(actionVersions).length === 0) {
|
|
console.error("No action versions found in generated workflows");
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
process.exit(main());
|