From b7f289ef4d859aab73395afff73db9f727805d25 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Mon, 4 Dec 2023 14:28:55 +0000 Subject: [PATCH 01/11] update release process to support multiple version --- .github/actions/release-branches/action.yml | 25 +++ .../release-branches/release-branches.py | 57 ++++++ .github/actions/release-initialise/action.yml | 33 ++++ .github/update-release-branch.py | 167 +++++++++++++++--- .github/workflows/post-release-mergeback.yml | 28 +-- .github/workflows/update-release-branch.yml | 129 +++++++++++--- CONTRIBUTING.md | 4 + 7 files changed, 383 insertions(+), 60 deletions(-) create mode 100644 .github/actions/release-branches/action.yml create mode 100644 .github/actions/release-branches/release-branches.py create mode 100644 .github/actions/release-initialise/action.yml diff --git a/.github/actions/release-branches/action.yml b/.github/actions/release-branches/action.yml new file mode 100644 index 000000000..6dee85a65 --- /dev/null +++ b/.github/actions/release-branches/action.yml @@ -0,0 +1,25 @@ +name: 'Release branches' +description: 'Determine branches for release & backport' +inputs: + major_version: + description: 'The version as extracted from the package.json file' + required: true + latest_tag: + description: 'The most recent tag published to the repository' + required: true +outputs: + backport_source_branch: + description: "The release branch for the given tag" + value: ${{ steps.branches.outputs.backport_source_branch }} + backport_target_branches: + description: "JSON encoded list of branches to target with backports" + value: ${{ steps.branches.outputs.backport_target_branches }} +runs: + using: "composite" + steps: + - id: branches + run: | + python ${{ github.action_path }}/release-branches.py \ + --major-version ${{ inputs.major_version }} \ + --latest-tag ${{ inputs.latest_tag }} + shell: bash diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py new file mode 100644 index 000000000..f38d2ec37 --- /dev/null +++ b/.github/actions/release-branches/release-branches.py @@ -0,0 +1,57 @@ +import argparse +import os, json +import subprocess + +# Name of the remote +ORIGIN = 'origin' + +OLDEST_SUPPORTED_MAJOR_VERSION = 2 + +# Runs git with the given args and returns the stdout. +# Raises an error if git does not exit successfully (unless passed +# allow_non_zero_exit_code=True). +def run_git(*args, allow_non_zero_exit_code=False): + cmd = ['git', *args] + p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + if not allow_non_zero_exit_code and p.returncode != 0: + raise Exception(f'Call to {" ".join(cmd)} exited with code {p.returncode} stderr: {p.stderr.decode("ascii")}.') + return p.stdout.decode('ascii') + +def main(): + + parser = argparse.ArgumentParser() + parser.add_argument("--major-version", required=True, type=str, help="The major version of the release") + parser.add_argument("--latest-tag", required=True, type=str, help="The most recent tag published to the repository") + args = parser.parse_args() + + major_version = args.major_version + latest_tag = args.latest_tag + + print("major_version: " + major_version) + print("latest_tag: " + latest_tag) + + # If this is a primary release, we backport to all supported branches, + # so we check whether the major_version taken from the package.json + # is greater than or equal to the latest tag pulled from the repo. + # For example... + # 'v1' >= 'v2' is False # we're operating from an older release branch and should not backport + # 'v2' >= 'v2' is True # the normal case where we're updating the current version + # 'v3' >= 'v2' is True # in this case we are making the first release of a new major version + consider_backports = ( major_version >= latest_tag.split(".")[0] ) + + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + + f.write(f"backport_source_branch=releases/{major_version}\n") + + backport_target_branches = [] + + if consider_backports: + for i in range(int(major_version.strip("v"))-1, 0, -1): + branch_name = f"releases/v{i}" + if i >= OLDEST_SUPPORTED_MAJOR_VERSION: + backport_target_branches.append(branch_name) + + f.write("backport_target_branches="+json.dumps(backport_target_branches)+"\n") + +if __name__ == "__main__": + main() diff --git a/.github/actions/release-initialise/action.yml b/.github/actions/release-initialise/action.yml new file mode 100644 index 000000000..c914435fe --- /dev/null +++ b/.github/actions/release-initialise/action.yml @@ -0,0 +1,33 @@ +name: 'Prepare release job' +description: 'Executed preparatory steps before update a release branch' + +runs: + using: "composite" + steps: + + - name: Dump environment + run: env + shell: bash + + - name: Dump GitHub context + env: + GITHUB_CONTEXT: '${{ toJson(github) }}' + run: echo "$GITHUB_CONTEXT" + shell: bash + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: 3.8 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install PyGithub==1.55 requests + shell: bash + + - name: Update git config + run: | + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + shell: bash diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 1d19c30ee..94d416c41 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -13,8 +13,6 @@ """ -SOURCE_BRANCH = 'main' -TARGET_BRANCH = 'releases/v2' # Name of the remote ORIGIN = 'origin' @@ -34,7 +32,9 @@ def branch_exists_on_remote(branch_name): return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != '' # Opens a PR from the given branch to the target branch -def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conductor): +def open_pr( + repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch, + conductor, is_primary_release, conflicted_files): # Sort the commits into the pull requests that introduced them, # and any commits that don't have a pull request pull_requests = [] @@ -56,7 +56,7 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct # Start constructing the body text body = [] - body.append(f'Merging {source_branch_short_sha} into {TARGET_BRANCH}.') + body.append(f'Merging {source_branch_short_sha} into {target_branch}.') body.append('') body.append(f'Conductor for this PR is @{conductor}.') @@ -79,20 +79,38 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct body.append('') body.append('Please do the following:') + if len(conflicted_files) > 0: + body.append(' - [ ] Ensure `package.json` file contains the correct version.') + body.append(' - [ ] Add commits to this branch to resolve the merge conflicts ' + + 'in the following files:') + body.extend([f' - [ ] `{file}`' for file in conflicted_files]) + body.append(' - [ ] Ensure another maintainer has reviewed the additional commits you added to this ' + + 'branch to resolve the merge conflicts.') body.append(' - [ ] Ensure the CHANGELOG displays the correct version and date.') body.append(' - [ ] Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.') - body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {TARGET_BRANCH} branch.') + body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {target_branch} branch.') body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.') + + if not is_primary_release: + body.append(' - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.') + body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.') + body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.') + body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.') - body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.') - title = f'Merge {SOURCE_BRANCH} into {TARGET_BRANCH}' + if is_primary_release: + body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.') + body.append(' - [ ] Merge the v1 release PR that will automatically be created once this PR is merged.') + + title = f'Merge {source_branch} into {target_branch}' + labels = ['Update dependencies'] if not is_primary_release else [] # Create the pull request # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that # a maintainer can take the PR out of draft, thereby triggering the PR checks. - pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=TARGET_BRANCH, draft=True) - print(f'Created PR #{pr.number}') + pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=target_branch, draft=True) + pr.add_to_labels(*labels) + print(f'Created PR #{str(pr.number)}') # Assign the conductor pr.add_to_assignees(conductor) @@ -102,10 +120,10 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct # since the last release to the target branch. # This will not include any commits that exist on the target branch # that aren't on the source branch. -def get_commit_difference(repo): +def get_commit_difference(repo, source_branch, target_branch): # Passing split nothing means that the empty string splits to nothing: compare `''.split() == []` # to `''.split('\n') == ['']`. - commits = run_git('log', '--pretty=format:%H', f'{ORIGIN}/{TARGET_BRANCH}..{ORIGIN}/{SOURCE_BRANCH}').strip().split() + commits = run_git('log', '--pretty=format:%H', f'{ORIGIN}/{target_branch}..{ORIGIN}/{source_branch}').strip().split() # Convert to full-fledged commit objects commits = [repo.get_commit(c) for c in commits] @@ -182,6 +200,24 @@ def main(): required=True, help='The nwo of the repository, for example github/codeql-action.' ) + parser.add_argument( + '--source-branch', + type=str, + required=True, + help='Source branch for release branch update.' + ) + parser.add_argument( + '--target-branch', + type=str, + required=True, + help='Target branch for release branch update.' + ) + parser.add_argument( + '--is-primary-release', + action='store_true', + default=False, + help='Whether this update is the primary release for the current major version.' + ) parser.add_argument( '--conductor', type=str, @@ -191,18 +227,29 @@ def main(): args = parser.parse_args() + source_branch = args.source_branch + target_branch = args.target_branch + is_primary_release = args.is_primary_release + repo = Github(args.github_token).get_repo(args.repository_nwo) - version = get_current_version() + + # the target branch will be of the form releases/vN, where N is the major version number + target_branch_major_version = target_branch.strip('releases/v') + + # split version into major, minor, patch + _, v_minor, v_patch = get_current_version().split('.') + + version = f"{target_branch_major_version}.{v_minor}.{v_patch}" # Print what we intend to go - print(f'Considering difference between {SOURCE_BRANCH} and {TARGET_BRANCH}...') - source_branch_short_sha = run_git('rev-parse', '--short', f'{ORIGIN}/{SOURCE_BRANCH}').strip() - print(f'Current head of {SOURCE_BRANCH} is {source_branch_short_sha}.') + print(f'Considering difference between {source_branch} and {target_branch}...') + source_branch_short_sha = run_git('rev-parse', '--short', f'{ORIGIN}/{source_branch}').strip() + print(f'Current head of {source_branch} is {source_branch_short_sha}.') # See if there are any commits to merge in - commits = get_commit_difference(repo=repo) + commits = get_commit_difference(repo=repo, source_branch=source_branch, target_branch=target_branch) if len(commits) == 0: - print(f'No commits to merge from {SOURCE_BRANCH} to {TARGET_BRANCH}.') + print(f'No commits to merge from {source_branch} to {target_branch}.') return # The branch name is based off of the name of branch being merged into @@ -220,17 +267,81 @@ def main(): # Create the new branch and push it to the remote print(f'Creating branch {new_branch_name}.') - # If we're performing a standard release, there won't be any new commits on the target branch, - # as these will have already been merged back into the source branch. Therefore we can just - # start from the source branch. - run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{SOURCE_BRANCH}') + # The process of creating the v{Older} release can run into merge conflicts. We commit the unresolved + # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to + # reconstruct the release manually) + conflicted_files = [] + + if not is_primary_release: + + # the source branch will be of the form releases/vN, where N is the major version number + source_branch_major_version = source_branch.strip('releases/v') + + # If we're performing a backport, start from the target branch + print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch') + run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}') + + # Revert the commit that we made as part of the last release that updated the version number and + # changelog to refer to {older}.x.x variants. This avoids merge conflicts in the changelog and + # package.json files when we merge in the v{latest} branch. + # This commit will not exist the first time we release the v{N-1} branch from the v{N} branch, so we + # use `git log --grep` to conditionally revert the commit. + print('Reverting the version number and changelog updates from the last release to avoid conflicts') + vOlder_update_commits = run_git('log', '--grep', '^Update version and changelog for v', '--format=%H').split() + + if len(vOlder_update_commits) > 0: + print(f' Reverting {vOlder_update_commits[0]}') + # Only revert the newest commit as older ones will already have been reverted in previous + # releases. + run_git('revert', vOlder_update_commits[0], '--no-edit') + + # Also revert the "Update checked-in dependencies" commit created by Actions. + update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0] + # TODO: why is this failing for the v2 branch currently...? + print(f' Reverting {update_dependencies_commit}') + run_git('revert', update_dependencies_commit, '--no-edit') + + else: + print(' Nothing to revert.') + + print(f'Merging {ORIGIN}/{source_branch} into the release prep branch') + # Commit any conflicts (see the comment for `conflicted_files`) + run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True) + conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines() + if len(conflicted_files) > 0: + run_git('add', '.') + run_git('commit', '--no-edit') + + # Migrate the package version number from a vLatest version number to a vOlder version number + print(f'Setting version number to {version}') + subprocess.check_output(['npm', 'version', version, '--no-git-tag-version']) + run_git('add', 'package.json', 'package-lock.json') + + # Migrate the changelog notes from v2 version numbers to v1 version numbers + print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}') + subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md']) + + # Remove changelog notes from all versions that do not apply to the vOlder branch + print(f'Removing changelog notes that do not apply to v{target_branch_major_version}') + for v in range(int(target_branch_major_version)+1, int(source_branch_major_version)+1): + print(f'Removing changelog notes that are tagged [v{v}+ only\]') + subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md']) + + # Amend the commit generated by `npm version` to update the CHANGELOG + run_git('add', 'CHANGELOG.md') + run_git('commit', '-m', f'Update version and changelog for v{version}') + else: + # If we're performing a standard release, there won't be any new commits on the target branch, + # as these will have already been merged back into the source branch. Therefore we can just + # start from the source branch. + run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{source_branch}') - print('Updating changelog') - update_changelog(version) + print('Updating changelog') + update_changelog(version) - # Create a commit that updates the CHANGELOG - run_git('add', 'CHANGELOG.md') - run_git('commit', '-m', f'Update changelog for v{version}') + # Create a commit that updates the CHANGELOG + run_git('add', 'CHANGELOG.md') + run_git('commit', '-m', f'Update changelog for v{version}') run_git('push', ORIGIN, new_branch_name) @@ -240,7 +351,11 @@ def main(): commits, source_branch_short_sha, new_branch_name, + source_branch=source_branch, + target_branch=target_branch, conductor=args.conductor, + is_primary_release=is_primary_release, + conflicted_files=conflicted_files ) if __name__ == '__main__': diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 0f5c49417..696f57aba 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -1,9 +1,9 @@ -# This workflow runs after a release of the action. It: -# 1. Merges any changes from the release back into the main branch. Typically, this is just a single -# commit that updates the changelog. -# 2. Tags the merge commit on the release branch that represents the new release with an `v2.x.y` +# This workflow runs after a merge to any release branch of the action. It: +# 1. Tags the merge commit on the release branch that represents the new release with n `vN.x.y` # tag -# 3. Updates the `v2` tag to refer to this merge commit. +# 2. Updates the `vN` tag to refer to this merge commit. +# 3. Iff vN == vLatest, merges any changes from the release back into the main branch. +# Typically, this is just a single commit that updates the changelog. name: Tag release and merge back on: @@ -16,7 +16,7 @@ on: push: branches: - - releases/v2 + - releases/v* jobs: merge-back: @@ -36,6 +36,8 @@ jobs: run: echo "${GITHUB_CONTEXT}" - uses: actions/checkout@v4 + with: + fetch-depth: 0 # ensure we have all tags and can push commits - uses: actions/setup-node@v4 - name: Update git config @@ -51,6 +53,8 @@ jobs: short_sha="${GITHUB_SHA:0:8}" NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}" echo "newBranch=${NEW_BRANCH}" >> $GITHUB_OUTPUT + LATEST_RELEASE_BRANCH=$(git branch -r | grep -E "origin/releases/v[0-9]+$" | sed 's/origin\///g' | sort -V | tail -1 | xargs) + echo "latest_release_branch=${LATEST_RELEASE_BRANCH}" >> $GITHUB_OUTPUT - name: Dump branches env: @@ -59,6 +63,8 @@ jobs: echo "BASE_BRANCH ${BASE_BRANCH}" echo "HEAD_BRANCH ${HEAD_BRANCH}" echo "NEW_BRANCH ${NEW_BRANCH}" + echo "LATEST_RELEASE_BRANCH ${LATEST_RELEASE_BRANCH}" + echo "GITHUB_REF ${GITHUB_REF}" - name: Create mergeback branch env: @@ -89,8 +95,6 @@ jobs: env: VERSION: ${{ steps.getVersion.outputs.version }} run: | - # Unshallow the repo in order to allow pushes - git fetch --unshallow # Create the `vx.y.z` tag git tag --annotate "${VERSION}" --message "${VERSION}" # Update the `vx` tag @@ -99,13 +103,13 @@ jobs: git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force # Push the tags, using: # - `--atomic` to make sure we either update both tags or neither (an intermediate state, - # e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in - # unwanted Dependabot updates, e.g. from v2 to v2.x.y) - # - `--force` since we're overwriting the `vx` tag + # e.g. where we update the vN.x.y tag on the remote but not the vN tag, could result in + # unwanted Dependabot updates, e.g. from vN to vN.x.y) + # - `--force` since we're overwriting the `vN` tag git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}" - name: Create mergeback branch - if: steps.check.outputs.exists != 'true' + if: ${{ steps.check.outputs.exists != 'true' && endsWith(github.ref_name, steps.getVersion.outputs.latest_release_branch) }} env: VERSION: "${{ steps.getVersion.outputs.version }}" NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 2f95d4054..f5ab2cda8 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -1,46 +1,131 @@ name: Update release branch on: # You can trigger this workflow via workflow dispatch to start a release. - # This will open a PR to update the v2 release branch. + # This will open a PR to update the latest release branch. workflow_dispatch: + # When a release is complete this workflow will open up backport PRs to older release branches. + # NB while it will trigger on any release branch update, the backport job will not proceed for + # anything other than than releases/v{latest} + push: + branches: + - releases/* + jobs: - update: - timeout-minutes: 45 + + prepare: runs-on: ubuntu-latest if: github.repository == 'github/codeql-action' + outputs: + version: ${{ steps.versions.outputs.version }} + major_version: ${{ steps.versions.outputs.major_version }} + latest_tag: ${{ steps.versions.outputs.latest_tag }} + backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }} + backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }} steps: - - name: Dump environment - run: env + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history for calculation of diffs + - uses: ./.github/actions/release-initialise - - name: Dump GitHub context - env: - GITHUB_CONTEXT: '${{ toJson(github) }}' - run: echo "$GITHUB_CONTEXT" + - name: Get version tags + id: versions + run: | + VERSION="v$(jq '.version' -r 'package.json')" + echo "version=${VERSION}" >> $GITHUB_OUTPUT + MAJOR_VERSION=$(cut -d '.' -f1 <<< "${VERSION}") + echo "major_version=${MAJOR_VERSION}" >> $GITHUB_OUTPUT + LATEST_TAG=$(git tag --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+' | head -1) + echo "latest_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT - - uses: actions/checkout@v4 + - id: branches + name: Determine older release branches + uses: ./.github/actions/release-branches with: - # Need full history so we calculate diffs - fetch-depth: 0 + major_version: ${{ steps.versions.outputs.major_version }} + latest_tag: ${{ steps.versions.outputs.latest_tag }} + + - name: debug logging + run: | + echo 'version: ${{ steps.versions.outputs.version }}' + echo 'major_version: ${{ steps.versions.outputs.major_version }}' + echo 'latest_tag: ${{ steps.versions.outputs.latest_tag }}' + echo 'backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }}' + echo 'backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }}' - - name: Set up Python - uses: actions/setup-python@v4 + update: + timeout-minutes: 45 + runs-on: ubuntu-latest + if: github.event_name == 'workflow_dispatch' + needs: [prepare] + env: + REF_NAME: "${{ github.ref_name }}" + REPOSITORY: "${{ github.repository }}" + MAJOR_VERSION: "${{ needs.prepare.outputs.major_version }}" + LATEST_TAG: "${{ needs.prepare.outputs.latest_tag }}" + steps: + - uses: actions/checkout@v4 with: - python-version: 3.8 + fetch-depth: 0 # Need full history for calculation of diffs + - uses: ./.github/actions/release-initialise - - name: Install dependencies + # when the workflow has been manually triggered on main, + # we know that we definitely want the release branch to exist + - name: Ensure release branch exists run: | - python -m pip install --upgrade pip - pip install PyGithub==1.55 requests + echo "MAJOR_VERSION ${MAJOR_VERSION}" + RELEASE_BRANCH=releases/${MAJOR_VERSION} + if git checkout $RELEASE_BRANCH > /dev/null 2>&1; then + echo "Branch $RELEASE_BRANCH already exists" + echo "" + else + echo "Creating $RELEASE_BRANCH branch" + git checkout -b ${RELEASE_BRANCH} ${LATEST_TAG} + git push --set-upstream origin ${RELEASE_BRANCH} + git branch --show-current + echo "" + fi + echo "Returning to branch: ${REF_NAME}" + git checkout ${REF_NAME} - - name: Update git config + - name: Update current release branch + if: github.event_name == 'workflow_dispatch' run: | - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" + echo SOURCE_BRANCH=${REF_NAME} + echo TARGET_BRANCH=releases/${MAJOR_VERSION} + python .github/update-release-branch.py \ + --github-token ${{ secrets.GITHUB_TOKEN }} \ + --repository-nwo ${{ github.repository }} \ + --source-branch '${{ env.REF_NAME }}' \ + --target-branch 'releases/${{ env.MAJOR_VERSION }}' \ + --is-primary-release \ + --conductor ${GITHUB_ACTOR} + + backport: + timeout-minutes: 45 + runs-on: ubuntu-latest + needs: [prepare] + if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' && needs.prepare.outputs.backport_target_branches != '' }} + strategy: + fail-fast: false + matrix: + target_branch: ${{ fromJson(needs.prepare.outputs.backport_target_branches) }} + env: + SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }} + TARGET_BRANCH: ${{ matrix.target_branch }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history for calculation of diffs + - uses: ./.github/actions/release-initialise - - name: Update release branch + - name: Update older release branch run: | + echo SOURCE_BRANCH=${SOURCE_BRANCH} + echo TARGET_BRANCH=${TARGET_BRANCH} python .github/update-release-branch.py \ --github-token ${{ secrets.GITHUB_TOKEN }} \ --repository-nwo ${{ github.repository }} \ + --source-branch ${SOURCE_BRANCH} \ + --target-branch ${TARGET_BRANCH} \ --conductor ${GITHUB_ACTOR} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0537bd207..862baf121 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -99,6 +99,10 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH - Add a changelog note announcing the new minimum version of CodeQL that is now required. - Example PR: https://github.com/github/codeql-action/pull/1907 +## Deprecating a CodeQL-Action version (write access required) + +TODO: fill this section in! + ## Resources - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) From 2dbffae187d3c18b125104eec9ebcf7c94fb30a7 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Mon, 4 Dec 2023 22:15:47 +0000 Subject: [PATCH 02/11] add note in CONTRIBUTING.md on how to deprecate an action version --- CONTRIBUTING.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 862baf121..642ec412a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -101,7 +101,14 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH ## Deprecating a CodeQL-Action version (write access required) -TODO: fill this section in! +When necessary we maintain multiple versions of the CodeQL action, for example to support older version of NodeJS as required by GHES versions that are still supported. The automated release process opens backport PRs to update older versions once the primary release is merged. Deprecation of older versions of the action will generally happen once a particular older GHES version is no longer supported, and hence we can stop maintainin the action for a particular NodeJS version. + +The backport process is controlled by setting the minimum version number of the action that is still supported, defined at the in the [release-branches](.github/actions/release-branches/release-branches.py) action. To stop udpating an older version of the action: + +1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the action. + - Add a changelog note announcing the deprecation. +2. Bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py) +3. Merge this change to main and the next release will not backport changes to the deprecated release version. ## Resources From 784783de17428b664b2610a601be0e7cfd171e17 Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Tue, 5 Dec 2023 13:08:58 -0800 Subject: [PATCH 03/11] Update supported GitHub Enterprise Server versions --- lib/api-compatibility.json | 2 +- src/api-compatibility.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/api-compatibility.json b/lib/api-compatibility.json index 911936898..81b325696 100644 --- a/lib/api-compatibility.json +++ b/lib/api-compatibility.json @@ -1 +1 @@ -{ "maximumVersion": "3.11", "minimumVersion": "3.7" } +{ "maximumVersion": "3.12", "minimumVersion": "3.7" } diff --git a/src/api-compatibility.json b/src/api-compatibility.json index 4266cf458..10e4f3a19 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.11", "minimumVersion": "3.7"} +{"maximumVersion": "3.12", "minimumVersion": "3.7"} From 3537bea5807bc605478c9ff7af7f7af948b6025e Mon Sep 17 00:00:00 2001 From: Nick Fyson Date: Wed, 6 Dec 2023 11:40:07 +0000 Subject: [PATCH 04/11] Apply suggestions from code review Co-authored-by: Henry Mercer --- .../actions/release-branches/release-branches.py | 3 ++- .github/actions/release-initialise/action.yml | 2 +- .github/update-release-branch.py | 2 +- .github/workflows/post-release-mergeback.yml | 2 +- CONTRIBUTING.md | 16 ++++++++++------ 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py index f38d2ec37..fcadd808d 100644 --- a/.github/actions/release-branches/release-branches.py +++ b/.github/actions/release-branches/release-branches.py @@ -1,5 +1,6 @@ import argparse -import os, json +import json +import os import subprocess # Name of the remote diff --git a/.github/actions/release-initialise/action.yml b/.github/actions/release-initialise/action.yml index c914435fe..7e554cce1 100644 --- a/.github/actions/release-initialise/action.yml +++ b/.github/actions/release-initialise/action.yml @@ -1,5 +1,5 @@ name: 'Prepare release job' -description: 'Executed preparatory steps before update a release branch' +description: 'Prepare for updating a release branch' runs: using: "composite" diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 94d416c41..d5ba6c925 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -317,7 +317,7 @@ def main(): subprocess.check_output(['npm', 'version', version, '--no-git-tag-version']) run_git('add', 'package.json', 'package-lock.json') - # Migrate the changelog notes from v2 version numbers to v1 version numbers + # Migrate the changelog notes from vLatest version numbers to vOlder version numbers print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}') subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md']) diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 696f57aba..f4cba080c 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -1,5 +1,5 @@ # This workflow runs after a merge to any release branch of the action. It: -# 1. Tags the merge commit on the release branch that represents the new release with n `vN.x.y` +# 1. Tags the merge commit on the release branch that represents the new release with an `vN.x.y` # tag # 2. Updates the `vN` tag to refer to this merge commit. # 3. Iff vN == vLatest, merges any changes from the release back into the main branch. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 642ec412a..67d435103 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -99,16 +99,20 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH - Add a changelog note announcing the new minimum version of CodeQL that is now required. - Example PR: https://github.com/github/codeql-action/pull/1907 -## Deprecating a CodeQL-Action version (write access required) +## Deprecating a CodeQL Action version (write access required) -When necessary we maintain multiple versions of the CodeQL action, for example to support older version of NodeJS as required by GHES versions that are still supported. The automated release process opens backport PRs to update older versions once the primary release is merged. Deprecation of older versions of the action will generally happen once a particular older GHES version is no longer supported, and hence we can stop maintainin the action for a particular NodeJS version. +We sometimes maintain multiple versions of the CodeQL Action to enable customers on older but still supported versions of GitHub Enterprise Server (GHES) to continue to benefit from the latest CodeQL improvements. To accomplish this, the release process automation listens to updates to the release branch for the newest supported version. When this branch is updated, the release process automatically opens backport PRs to update the release branches for older versions. -The backport process is controlled by setting the minimum version number of the action that is still supported, defined at the in the [release-branches](.github/actions/release-branches/release-branches.py) action. To stop udpating an older version of the action: +We typically deprecate older versions of the Action once all supported GHES versions are compatible with the version of Node.js we are using on `main`. -1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the action. +To deprecate an older version of the Action: + +1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the Action, giving as much notice as is practical. - Add a changelog note announcing the deprecation. -2. Bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py) -3. Merge this change to main and the next release will not backport changes to the deprecated release version. + - Implement an Actions warning for customers using the deprecated version. +1. Wait for the deprecation period to pass. +1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. +1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py). Once this PR is merged, the release process will no longer backport changes to the deprecated release version. ## Resources From a6ea3c5a45b53ef29985956a67d19aa9db1fc2ef Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 11:41:27 +0000 Subject: [PATCH 05/11] define backport commit message in constant --- .github/update-release-branch.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index d5ba6c925..90d3c995b 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -13,6 +13,9 @@ """ +# NB: This exact commit message is used to find commits for reverting during backports. +# Changing it requires a transition period where both old and new versions are supported. +BACKPORT_COMMIT_MESSAGE = 'Update version and changelog for v' # Name of the remote ORIGIN = 'origin' @@ -287,7 +290,7 @@ def main(): # This commit will not exist the first time we release the v{N-1} branch from the v{N} branch, so we # use `git log --grep` to conditionally revert the commit. print('Reverting the version number and changelog updates from the last release to avoid conflicts') - vOlder_update_commits = run_git('log', '--grep', '^Update version and changelog for v', '--format=%H').split() + vOlder_update_commits = run_git('log', '--grep', f'^{BACKPORT_COMMIT_MESSAGE}', '--format=%H').split() if len(vOlder_update_commits) > 0: print(f' Reverting {vOlder_update_commits[0]}') @@ -329,7 +332,7 @@ def main(): # Amend the commit generated by `npm version` to update the CHANGELOG run_git('add', 'CHANGELOG.md') - run_git('commit', '-m', f'Update version and changelog for v{version}') + run_git('commit', '-m', f'{BACKPORT_COMMIT_MESSAGE}{version}') else: # If we're performing a standard release, there won't be any new commits on the target branch, # as these will have already been merged back into the source branch. Therefore we can just From 57932be6d40f2cd95e2c7b6690bea3b6e58762cf Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 11:49:17 +0000 Subject: [PATCH 06/11] remove unused function --- .github/actions/release-branches/release-branches.py | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py index fcadd808d..8e8bf37db 100644 --- a/.github/actions/release-branches/release-branches.py +++ b/.github/actions/release-branches/release-branches.py @@ -8,16 +8,6 @@ OLDEST_SUPPORTED_MAJOR_VERSION = 2 -# Runs git with the given args and returns the stdout. -# Raises an error if git does not exit successfully (unless passed -# allow_non_zero_exit_code=True). -def run_git(*args, allow_non_zero_exit_code=False): - cmd = ['git', *args] - p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if not allow_non_zero_exit_code and p.returncode != 0: - raise Exception(f'Call to {" ".join(cmd)} exited with code {p.returncode} stderr: {p.stderr.decode("ascii")}.') - return p.stdout.decode('ascii') - def main(): parser = argparse.ArgumentParser() From ee748cf360358684ead808cff8f4a0e9d1cca895 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 12:22:12 +0000 Subject: [PATCH 07/11] respond to more review comments --- .github/update-release-branch.py | 7 +++---- .github/workflows/post-release-mergeback.yml | 2 +- .github/workflows/update-release-branch.yml | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 90d3c995b..ff65abe84 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -97,13 +97,13 @@ def open_pr( if not is_primary_release: body.append(' - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.') body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.') - body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.') + body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.') body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.') if is_primary_release: body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.') - body.append(' - [ ] Merge the v1 release PR that will automatically be created once this PR is merged.') + body.append(' - [ ] Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.') title = f'Merge {source_branch} into {target_branch}' labels = ['Update dependencies'] if not is_primary_release else [] @@ -300,7 +300,6 @@ def main(): # Also revert the "Update checked-in dependencies" commit created by Actions. update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0] - # TODO: why is this failing for the v2 branch currently...? print(f' Reverting {update_dependencies_commit}') run_git('revert', update_dependencies_commit, '--no-edit') @@ -326,7 +325,7 @@ def main(): # Remove changelog notes from all versions that do not apply to the vOlder branch print(f'Removing changelog notes that do not apply to v{target_branch_major_version}') - for v in range(int(target_branch_major_version)+1, int(source_branch_major_version)+1): + for v in range(int(source_branch_major_version), int(target_branch_major_version), -1): print(f'Removing changelog notes that are tagged [v{v}+ only\]') subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md']) diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index f4cba080c..c3d0b291a 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -3,7 +3,7 @@ # tag # 2. Updates the `vN` tag to refer to this merge commit. # 3. Iff vN == vLatest, merges any changes from the release back into the main branch. -# Typically, this is just a single commit that updates the changelog. +# Typically, this is two commits – one to update the version number and one to update dependencies. name: Tag release and merge back on: diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index f5ab2cda8..05fc4c43c 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -105,7 +105,7 @@ jobs: timeout-minutes: 45 runs-on: ubuntu-latest needs: [prepare] - if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' && needs.prepare.outputs.backport_target_branches != '' }} + if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }} strategy: fail-fast: false matrix: From 0e9a210226d6fd1008805163b449ed40fb6bd191 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 15:54:23 +0000 Subject: [PATCH 08/11] update workflows to run on all release branches --- .github/workflows/__all-platform-bundle.yml | 2 +- .github/workflows/__analyze-ref-input.yml | 2 +- .github/workflows/__autobuild-action.yml | 2 +- .github/workflows/__config-export.yml | 2 +- .github/workflows/__cpp-deptrace-disabled.yml | 2 +- .github/workflows/__cpp-deptrace-enabled-on-macos.yml | 2 +- .github/workflows/__cpp-deptrace-enabled.yml | 2 +- .github/workflows/__diagnostics-export.yml | 2 +- .github/workflows/__export-file-baseline-information.yml | 2 +- .github/workflows/__extractor-ram-threads.yml | 2 +- .github/workflows/__go-custom-queries.yml | 2 +- .../workflows/__go-indirect-tracing-workaround-diagnostic.yml | 2 +- .github/workflows/__go-indirect-tracing-workaround.yml | 2 +- .github/workflows/__go-tracing-autobuilder.yml | 2 +- .github/workflows/__go-tracing-custom-build-steps.yml | 2 +- .github/workflows/__go-tracing-legacy-workflow.yml | 2 +- .github/workflows/__init-with-registries.yml | 2 +- .github/workflows/__javascript-source-root.yml | 2 +- .github/workflows/__language-aliases.yml | 2 +- .github/workflows/__multi-language-autodetect.yml | 2 +- .../workflows/__packaging-codescanning-config-inputs-js.yml | 2 +- .github/workflows/__packaging-config-inputs-js.yml | 2 +- .github/workflows/__packaging-config-js.yml | 2 +- .github/workflows/__packaging-inputs-js.yml | 2 +- .github/workflows/__remote-config.yml | 2 +- .github/workflows/__resolve-environment-action.yml | 2 +- .github/workflows/__rubocop-multi-language.yml | 2 +- .github/workflows/__ruby.yml | 2 +- .github/workflows/__scaling-reserved-ram.yml | 2 +- .github/workflows/__split-workflow.yml | 2 +- .github/workflows/__submit-sarif-failure.yml | 2 +- .github/workflows/__swift-custom-build.yml | 2 +- .github/workflows/__test-autobuild-working-dir.yml | 2 +- .github/workflows/__test-local-codeql.yml | 2 +- .github/workflows/__test-proxy.yml | 2 +- .github/workflows/__unset-environment.yml | 2 +- .github/workflows/__upload-ref-sha-input.yml | 2 +- .github/workflows/__with-checkout-path.yml | 2 +- .github/workflows/codeql.yml | 4 ++-- .github/workflows/codescanning-config-cli.yml | 2 +- .github/workflows/debug-artifacts-failure.yml | 2 +- .github/workflows/debug-artifacts.yml | 2 +- .github/workflows/expected-queries-runs.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- .github/workflows/python-deps.yml | 2 +- .github/workflows/python312-windows.yml | 2 +- .github/workflows/query-filters.yml | 2 +- .github/workflows/test-codeql-bundle-all.yml | 4 ++-- pr-checks/sync.py | 2 +- 49 files changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index bdeec0d73..e3259fc21 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index b6a8e7345..5460fe4eb 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 505fe9cb6..234f4df08 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index 7d2ce0a35..addaabdf6 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 926d5937d..0194e50ac 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index d7b44159e..ce5f20e9d 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 4eb4a3b8c..1b0d1dab4 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index d1c179255..50a9d1a0d 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 441832e74..80416657a 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 002d54b8f..26a3a360f 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 1c675864c..9dafaffbc 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index ff27ee9ec..6dae25e8c 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 0fed7975e..0b88c9dc3 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 1637f9fff..628cbc9dc 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 1e8a1793c..2d7456e8f 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index c492f73f4..0104176c7 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 519903727..d4b024b22 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index d97ea8fa5..1e16e038c 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index ad09ba50f..cd7328f77 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 3f0abc055..ee0232898 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 5f6df119e..693e8735b 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 301ed9364..7266f7875 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 1ad522c4c..11cf41fa2 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 70107fbcc..02bcbd616 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 2fe580d64..21f119f2d 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index cd09e77e7..4f8eccef6 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 5212739e7..8118023b8 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 494ea3c97..d936ff7d6 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index a05bf4fe4..02d4c006a 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 2a1de694c..b616ff391 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 6e0547ce5..09f686d2b 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index f7e46a896..ff48104a3 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index bb3313795..bd5d65b51 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index dbe401e8c..769a74226 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index aefaaf630..84f6b752b 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index fa0583f4a..23e0c9c68 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index a0823442c..2d6396f50 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index cf225e6e7..d72c4f4da 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index daf14f753..378aa9f30 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL action" on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: - branches: [main, releases/v2] + branches: [main, releases/v*] # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 801324ecc..bde425f22 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -9,7 +9,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index c15d92c00..8ac02581e 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -10,7 +10,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 5ce95784c..8f38343db 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -9,7 +9,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml index c195245b9..59c36b7da 100644 --- a/.github/workflows/expected-queries-runs.yml +++ b/.github/workflows/expected-queries-runs.yml @@ -4,7 +4,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 508f3292a..bfddd8b35 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -2,7 +2,7 @@ name: PR Checks on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/python-deps.yml b/.github/workflows/python-deps.yml index 540194a02..4d054a31a 100644 --- a/.github/workflows/python-deps.yml +++ b/.github/workflows/python-deps.yml @@ -2,7 +2,7 @@ name: Test Python Package Installation on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index 95bd74740..d4ab319be 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -2,7 +2,7 @@ name: Test that the workaround for python 3.12 on windows works on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 81ddb9102..b13e26577 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -4,7 +4,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 43bab7d24..0ea140261 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -9,7 +9,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened @@ -53,4 +53,4 @@ jobs: with: upload-database: false env: - CODEQL_ACTION_TEST_MODE: true \ No newline at end of file + CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 3b9f69202..31454dde4 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -162,7 +162,7 @@ def writeHeader(checkStream): }, 'on': { 'push': { - 'branches': ['main', 'releases/v2'] + 'branches': ['main', 'releases/v*'] }, 'pull_request': { 'types': ["opened", "synchronize", "reopened", "ready_for_review"] From c6e24c94be1c0836c1f80e4ee2c5ae88f37cb55e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 10:49:40 +0000 Subject: [PATCH 09/11] Update changelog for v2.22.9 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 875784f48..a2c0bb145 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 2.22.9 - 07 Dec 2023 No user facing changes. From 5e0f9dbc48f564b68392e465dcdacd74eab63e25 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 11:33:23 +0000 Subject: [PATCH 10/11] Update changelog and version after v2.22.9 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2c0bb145..612d91c26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 2.22.9 - 07 Dec 2023 No user facing changes. diff --git a/package-lock.json b/package-lock.json index 31cc45a54..4a58b5418 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "license": "MIT", "dependencies": { "@actions/artifact": "^1.1.2", diff --git a/package.json b/package.json index b0113149e..fe4e353c0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "private": true, "description": "CodeQL action", "scripts": { From 458b4226ad8e38f90ff6a4ad1e18ab2593e7e3dc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 11:37:26 +0000 Subject: [PATCH 11/11] Update checked-in dependencies --- node_modules/.package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 6d3c1aaad..63536577c 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "lockfileVersion": 3, "requires": true, "packages": {