Update default CodeQL bundle #194
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update default CodeQL bundle | |
| on: | |
| release: | |
| # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release | |
| # Note: The prereleased type will not trigger for pre-releases published | |
| # from draft releases, but the published type will trigger. If you want a | |
| # workflow to run when stable and pre-releases publish, subscribe to | |
| # published instead of released and prereleased. | |
| # | |
| # From https://github.com/orgs/community/discussions/26281 | |
| # As a work around, in published type workflow, you could add if condition | |
| # to filter pre-release attribute. | |
| types: [published] | |
| jobs: | |
| update-bundle: | |
| if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Dump environment | |
| run: env | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: '${{ toJson(github) }}' | |
| run: echo "$GITHUB_CONTEXT" | |
| - uses: actions/checkout@v4 | |
| - name: Update git config | |
| run: | | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| - name: Update bundle | |
| uses: ./.github/actions/update-bundle | |
| - name: Rebuild Action | |
| run: npm run build | |
| - name: Commit and push changes | |
| env: | |
| RELEASE_TAG: "${{ github.event.release.tag_name }}" | |
| run: | | |
| git checkout -b "update-bundle/$RELEASE_TAG" | |
| git commit -am "Update default bundle to $RELEASE_TAG" | |
| git push --set-upstream origin "update-bundle/$RELEASE_TAG" | |
| - name: Open pull request | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| cli_version=$(jq -r '.cliVersion' src/defaults.json) | |
| pr_url=$(gh pr create \ | |
| --title "Update default bundle to $cli_version" \ | |
| --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \ | |
| --assignee "$GITHUB_ACTOR" \ | |
| --draft \ | |
| ) | |
| echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV" | |
| echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV" | |
| - name: Create changelog note | |
| shell: python | |
| run: | | |
| import os | |
| import re | |
| # Get the PR number from the PR URL. | |
| pr_number = os.environ['PR_URL'].split('/')[-1] | |
| changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})" | |
| # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line. | |
| # Use perl to avoid having to escape the newline character. | |
| with open('CHANGELOG.md', 'r') as f: | |
| changelog = f.read() | |
| changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n') | |
| # Add the changelog note to the bottom of the "[UNRELEASED]" section. | |
| changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1) | |
| with open('CHANGELOG.md', 'w') as f: | |
| f.write(changelog) | |
| - name: Push changelog note | |
| run: | | |
| git commit -am "Add changelog note" | |
| git push |