From 0d0f0ef80ee09bea09bf140a1bf2727ad8d58ff5 Mon Sep 17 00:00:00 2001 From: Robin Neatherway Date: Thu, 15 Jul 2021 17:20:13 +0100 Subject: [PATCH 01/10] Suggest limiting push/pull_request triggers Bring the template in line with the one used by the UI. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 62b5fbce9c..b7b3a0e9b4 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,8 @@ To get code scanning results from CodeQL analysis on your repo you can use the f name: "Code Scanning - Action" on: - push: - pull_request: + push: [main] + pull_request: [main] schedule: # ┌───────────── minute (0 - 59) # │ ┌───────────── hour (0 - 23) From 2a20b15eca35e52f082a7082cb7384bce13f825b Mon Sep 17 00:00:00 2001 From: Robin Neatherway Date: Fri, 16 Jul 2021 10:08:37 +0100 Subject: [PATCH 02/10] Update README.md Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b7b3a0e9b4..f1bfdcaf82 100644 --- a/README.md +++ b/README.md @@ -21,8 +21,10 @@ To get code scanning results from CodeQL analysis on your repo you can use the f name: "Code Scanning - Action" on: - push: [main] - pull_request: [main] + push: + branches: [main] + pull_request: + branches: [main] schedule: # ┌───────────── minute (0 - 59) # │ ┌───────────── hour (0 - 23) From bf54da2db0b58b467215afc11e881e633eea7706 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 21 Jul 2021 14:22:29 +0000 Subject: [PATCH 03/10] Update changelog and version after v1.0.7 --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a7689fa302..6c76949d7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CodeQL Action and CodeQL Runner Changelog +## [UNRELEASED] + +No user facing changes. + ## 1.0.7 - 21 Jul 2021 No user facing changes. From 63603427efe0c718180e12c77f970146dc75b32f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 21 Jul 2021 14:22:34 +0000 Subject: [PATCH 04/10] 1.0.8 --- package-lock.json | 2 +- package.json | 2 +- runner/package-lock.json | 2 +- runner/package.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index ad90919565..8bbafa10fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.0.7", + "version": "1.0.8", "lockfileVersion": 2, "requires": true, "packages": { diff --git a/package.json b/package.json index 83026a73a4..036656ab57 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.0.7", + "version": "1.0.8", "private": true, "description": "CodeQL action", "scripts": { diff --git a/runner/package-lock.json b/runner/package-lock.json index 9034aa1e11..b0eda5d79f 100644 --- a/runner/package-lock.json +++ b/runner/package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql-runner", - "version": "1.0.7", + "version": "1.0.8", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/runner/package.json b/runner/package.json index fcc26e6e1c..6eed60b91c 100644 --- a/runner/package.json +++ b/runner/package.json @@ -1,6 +1,6 @@ { "name": "codeql-runner", - "version": "1.0.7", + "version": "1.0.8", "private": true, "description": "CodeQL runner", "scripts": { From e145aa414e3d4113718827f753e1873dc51e9ffb Mon Sep 17 00:00:00 2001 From: Edoardo Pirovano Date: Mon, 26 Jul 2021 09:49:42 +0100 Subject: [PATCH 05/10] Enable dependabot automatic updates --- .github/depandabot.yml | 9 ++++++ .github/workflows/update-dependencies.yml | 37 +++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .github/depandabot.yml create mode 100644 .github/workflows/update-dependencies.yml diff --git a/.github/depandabot.yml b/.github/depandabot.yml new file mode 100644 index 0000000000..bd13bc61ec --- /dev/null +++ b/.github/depandabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "thursday" # Gives us a working day to merge this before our typical release + labels: + - "Update dependencies" diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml new file mode 100644 index 0000000000..ddf76a98ec --- /dev/null +++ b/.github/workflows/update-dependencies.yml @@ -0,0 +1,37 @@ +name: Update dependencies +on: + pull_request: + +jobs: + update: + name: Update dependencies + runs-on: macos-latest + if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Remove PR label + env: + REPOSITORY: '${{ github.repository }}' + PR_NUMBER: '${{ github.event.pull_request.number }}' + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE + + - name: Push updated dependencies + env: + BRANCH: '${{ github.head_ref }}' + run: | + git fetch + git checkout $BRANCH + sudo npm install --force -g npm@latest + npm install + npm ci + npm run removeNPMAbsolutePaths + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions[bot]" + git add node_modules + git commit -am "Update checked-in dependencies" + git push + From 934fb86c580816d8f762fb2bf9c0904086054516 Mon Sep 17 00:00:00 2001 From: Edoardo Pirovano Date: Mon, 26 Jul 2021 13:46:10 +0100 Subject: [PATCH 06/10] Address PR comments from @robertbrignull --- .github/workflows/pr-checks.yml | 2 +- .github/workflows/script/check-node-modules.sh | 1 + .github/workflows/update-dependencies.yml | 10 +++++++--- node_modules/.package-lock.json | 6 +----- package-lock.json | 6 +----- 5 files changed, 11 insertions(+), 14 deletions(-) diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index ff4911c054..18ae979141 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -27,7 +27,7 @@ jobs: run: .github/workflows/script/check-js.sh check-node-modules: - runs-on: ubuntu-latest + runs-on: macos-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/script/check-node-modules.sh b/.github/workflows/script/check-node-modules.sh index 45e4385102..47d92ec2d1 100755 --- a/.github/workflows/script/check-node-modules.sh +++ b/.github/workflows/script/check-node-modules.sh @@ -7,6 +7,7 @@ if [ ! -z "$(git status --porcelain)" ]; then >&2 echo "Failed: Repo should be clean before testing!" exit 1 fi +sudo npm install --force -g npm@latest # Reinstall modules and then clean to remove absolute paths # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible npm ci diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index ddf76a98ec..4391cd2d56 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -1,6 +1,7 @@ name: Update dependencies on: - pull_request: + pull_request_target: + types: [opened, synchronize, reopened, labeled] jobs: update: @@ -32,6 +33,9 @@ jobs: git config --global user.email "github-actions@github.com" git config --global user.name "github-actions[bot]" git add node_modules - git commit -am "Update checked-in dependencies" - git push + if ! git commit -am "Update checked-in dependencies" ; then + echo "No changes detected, skipping pushing..." + exit 0 + fi + git push origin "$BRANCH" diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 58f070d32e..692758e8d6 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.0.6", + "version": "1.0.8", "lockfileVersion": 2, "requires": true, "packages": { @@ -1243,7 +1243,6 @@ "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", - "fsevents": "~2.1.2", "glob-parent": "~5.1.0", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", @@ -3220,9 +3219,6 @@ "node_modules/jsonfile": { "version": "4.0.0", "license": "MIT", - "dependencies": { - "graceful-fs": "^4.1.6" - }, "optionalDependencies": { "graceful-fs": "^4.1.6" } diff --git a/package-lock.json b/package-lock.json index 8bbafa10fe..2bdee415aa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6,7 +6,7 @@ "packages": { "": { "name": "codeql", - "version": "1.0.6", + "version": "1.0.8", "license": "MIT", "dependencies": { "@actions/artifact": "^0.5.1", @@ -1297,7 +1297,6 @@ "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", - "fsevents": "~2.1.2", "glob-parent": "~5.1.0", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", @@ -3274,9 +3273,6 @@ "node_modules/jsonfile": { "version": "4.0.0", "license": "MIT", - "dependencies": { - "graceful-fs": "^4.1.6" - }, "optionalDependencies": { "graceful-fs": "^4.1.6" } From 554f1b3765e67ae4fe99e71026b1f4322177ab56 Mon Sep 17 00:00:00 2001 From: Edoardo Pirovano Date: Mon, 26 Jul 2021 15:14:35 +0100 Subject: [PATCH 07/10] Address further PR comment --- .github/workflows/update-dependencies.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 4391cd2d56..afd20effb8 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -30,12 +30,10 @@ jobs: npm install npm ci npm run removeNPMAbsolutePaths - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - git add node_modules - if ! git commit -am "Update checked-in dependencies" ; then - echo "No changes detected, skipping pushing..." - exit 0 + if [ ! -z "$(git status --porcelain)" ]; then + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions[bot]" + git add node_modules + git commit -am "Update checked-in dependencies" + git push origin "$BRANCH" fi - git push origin "$BRANCH" - From fb8602423dd15dfe8778d6e4320c3822aafbe2a1 Mon Sep 17 00:00:00 2001 From: alexet Date: Mon, 26 Jul 2021 18:07:55 +0100 Subject: [PATCH 08/10] Update codeql bunde to 20210726 / 2.5.8 --- lib/defaults.json | 2 +- src/defaults.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/defaults.json b/lib/defaults.json index 941ed9f010..57056c17db 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20210702" + "bundleVersion": "codeql-bundle-20210726" } diff --git a/src/defaults.json b/src/defaults.json index 3d2d955c62..77c5fcd070 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20210702" + "bundleVersion": "codeql-bundle-20210726" } From dd1c95359bfd57020ba6b8e7af3daebd7eb37945 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 26 Jul 2021 23:09:46 +0000 Subject: [PATCH 09/10] 1.0.8 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c76949d7b..779718d36d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # CodeQL Action and CodeQL Runner Changelog -## [UNRELEASED] +## 1.0.8 - 26 Jul 2021 No user facing changes. From 57a865e201710d57ef8f7188071faf55db81e491 Mon Sep 17 00:00:00 2001 From: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> Date: Mon, 26 Jul 2021 16:19:22 -0700 Subject: [PATCH 10/10] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 779718d36d..fd6a403813 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ ## 1.0.8 - 26 Jul 2021 -No user facing changes. +- Update default CodeQL bundle version to 2.5.8. [#631](https://github.com/github/codeql-action/pull/631) ## 1.0.7 - 21 Jul 2021