Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-o…
…n-windows
  • Loading branch information
Henry Mercer committed May 11, 2022
2 parents 395afb1 + ace076b commit 533ce91
Show file tree
Hide file tree
Showing 59 changed files with 630 additions and 465 deletions.
2 changes: 1 addition & 1 deletion .github/update-release-branch.py
Expand Up @@ -292,7 +292,7 @@ def main():
conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines()
if len(conflicted_files) > 0:
run_git('add', '.')
run_git('commit', '--no-edit')
run_git('commit', '--no-edit')

# Migrate the package version number from a v2 version number to a v1 version number
print(f'Setting version number to {version}')
Expand Down
30 changes: 24 additions & 6 deletions .github/workflows/__packaging-config-inputs-js.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 23 additions & 5 deletions .github/workflows/__packaging-config-js.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 24 additions & 6 deletions .github/workflows/__packaging-inputs-js.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 14 additions & 6 deletions .github/workflows/__split-workflow.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

35 changes: 35 additions & 0 deletions .github/workflows/script/update-required-checks.sh
@@ -0,0 +1,35 @@
#!/usr/bin/env bash
# Update the required checks based on the current branch.
# Typically, this will be main.

if [ -z "$GITHUB_TOKEN" ]; then
echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
exit 1
fi

if [ "$#" -eq 1 ]; then
# If we were passed an argument, pass it as a query to fzf
GITHUB_SHA="$@"
elif [ "$#" -gt 1 ]; then
echo "Usage: $0 [SHA]"
echo "Update the required checks based on the SHA, or main."
elif [ -z "$GITHUB_SHA" ]; then
# If we don't have a SHA, use main
GITHUB_SHA="$(git rev-parse main)"
fi

echo "Getting checks for $GITHUB_SHA"

# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')"

echo "$CHECKS" | jq

echo "{\"contexts\": ${CHECKS}}" > checks.json

for BRANCH in main releases/v2 releases/v1; do
echo "Updating $BRANCH"
gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
done

rm checks.json
5 changes: 5 additions & 0 deletions CHANGELOG.md
Expand Up @@ -4,6 +4,11 @@

No user facing changes.

## 2.1.10 - 10 May 2022

- Update default CodeQL bundle version to 2.9.5. [#1056](https://github.com/github/codeql-action/pull/1056)
- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.

## 2.1.9 - 27 Apr 2022

- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
Expand Down
19 changes: 4 additions & 15 deletions CONTRIBUTING.md
Expand Up @@ -80,22 +80,11 @@ Here are a few things you can do that will increase the likelihood of your pull

## Keeping the PR checks up to date (admin access required)

Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:

To regenerate the PR jobs for the action:

1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):

```sh
SHA= ####
CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
echo "{\"contexts\": ${CHECKS}}" > checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/releases/v2/protection/required_status_checks --input checks.json
gh api -X "PATCH" repos/github/codeql-action/branches/releases/v1/protection/required_status_checks --input checks.json
````

2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.

## Resources

Expand Down
3 changes: 1 addition & 2 deletions lib/actions-util.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/actions-util.js.map

Large diffs are not rendered by default.

10 changes: 7 additions & 3 deletions lib/analyze-action-env.test.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action-env.test.js.map

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 533ce91

Please sign in to comment.