From a068a286e645225e42fdb1f01d0b2249a9da871d Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Wed, 11 Aug 2021 17:50:47 +0100
Subject: [PATCH 1/4] Add brief instructions on creating a release

---
 CONTRIBUTING.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 1b61be1f9..2f5c2220a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -58,6 +58,12 @@ Here are a few things you can do that will increase the likelihood of your pull
 - Keep your change as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
 - Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
 
+## Releasing (write access required)
+
+1. Trigger a run of the "Update release branch" workflow using [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
+1. The workflow run will open a pull request titled "Merge main into v1". [Mark](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) the pull request as ready for review to trigger the PR checks.
+1. Review the checklist items in the pull request description. Once the mergeback PR is merged back into main, the release is complete.
+
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)

From 4e477f1b951588d9824a5c34c6a77a5a61afdb21 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Wed, 11 Aug 2021 18:11:25 +0100
Subject: [PATCH 2/4] Add more details on the workflows involved in the release
 process

---
 CONTRIBUTING.md | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 2f5c2220a..f1393f315 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -60,9 +60,17 @@ Here are a few things you can do that will increase the likelihood of your pull
 
 ## Releasing (write access required)
 
-1. Trigger a run of the "Update release branch" workflow using [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into v1". [Mark](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) the pull request as ready for review to trigger the PR checks.
-1. Review the checklist items in the pull request description. Once the mergeback PR is merged back into main, the release is complete.
+1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v1` release branch.
+
+    A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml). 
+1. The workflow run will open a pull request titled "Merge main into v1". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
+1. Review the checklist items in the pull request description.
+    Once you've checked off all but the last of these, approve the PR and automerge it.
+1. When the "Merge main into v1" pull request is merged into the `v1` branch, the "Tag release and merge back" workflow will create a mergeback PR.
+    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into v1" pull request, and bumps the patch version of the CodeQL Action.
+
+    Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.
 
 ## Resources
 

From c7203c94d9154dc8d6e72709005656806bbcb41d Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Wed, 11 Aug 2021 18:27:35 +0100
Subject: [PATCH 3/4] Fix conditional in PR checks

---
 .github/workflows/pr-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index c540a7130..ccc34dae6 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -357,7 +357,7 @@ jobs:
         #
         # If we're running on push, then we can skip running with `tools: latest` when it would be
         # the same as running with `tools: null`.
-        if [[ "$GITHUB_EVENT_NAME" == "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
+        if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
           VERSIONS_JSON="[null, \"$NIGHTLY_URL\"]"
         else
           VERSIONS_JSON="[null, \"$NIGHTLY_URL\", \"latest\"]"

From bc33041cc228a614067213cf318b63741b5a9561 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Wed, 11 Aug 2021 18:42:29 +0100
Subject: [PATCH 4/4] Always run `codeql (latest)` job on PRs so we can make it
 required

---
 .github/workflows/codeql.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3d5ccade2..320a790e8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -46,13 +46,19 @@ jobs:
         CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
         echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
         echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
-        if [[ "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
-          # Just use `tools: null` to avoid duplication in the analysis job.
+
+        # If we're running on a pull request, run with both bundles, even if `tools: latest` would
+        # be the same as `tools: null`. This allows us to make the job for each of the bundles a
+        # required status check.
+        #
+        # If we're running on push, then we can skip running with `tools: latest` when it would be
+        # the same as running with `tools: null`.
+        if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
           VERSIONS_JSON='[null]'
         else
-          # Use both `tools: null` and `tools: latest` in the analysis job.
           VERSIONS_JSON='[null, "latest"]'
         fi
+
         # Output a JSON-encoded list with the distinct versions to test against.
         echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
         echo "::set-output name=versions::${VERSIONS_JSON}"