From 111428ce06b1d04488cf2bb08b39bc6ac3c85a55 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 7 Mar 2022 18:38:30 -0800
Subject: [PATCH 1/5] Add some instructions on how to regenerate required
 checks

---
 CONTRIBUTING.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f1393f315..013c616e1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -63,7 +63,7 @@ Here are a few things you can do that will increase the likelihood of your pull
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
     This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v1` release branch.
 
-    A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml). 
+    A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
 1. The workflow run will open a pull request titled "Merge main into v1". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
 1. Review the checklist items in the pull request description.
     Once you've checked off all but the last of these, approve the PR and automerge it.
@@ -72,6 +72,26 @@ Here are a few things you can do that will increase the likelihood of your pull
 
     Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.
 
+## Keeping the PR checks up to date (requires admin access)
+
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
+
+To regenerate the PR jobs for the action:
+
+1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):
+
+    ```sh
+    SHA= ####
+    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --compact-output --raw-output '[.["check_runs"] | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" | not)]')"
+    CHECKS="$(echo $CHECKS  | sed -E 's|\].*\[|,|g')" # Because the gh command is paginated, the results are multiple arrays
+    echo "{\"contexts\": ${CHECKS}}" > checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json
+    ````
+
+2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
+
+
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)

From 04d521d70560142c41136dc702bf028e2a88b5e3 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Wed, 9 Mar 2022 11:07:16 -0800
Subject: [PATCH 2/5] Avoid using `sed`, use `--slurp` instead

---
 CONTRIBUTING.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 013c616e1..d122b8c76 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -72,7 +72,7 @@ Here are a few things you can do that will increase the likelihood of your pull
 
     Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.
 
-## Keeping the PR checks up to date (requires admin access)
+## Keeping the PR checks up to date (admin access required)
 
 Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
 
@@ -82,8 +82,7 @@ To regenerate the PR jobs for the action:
 
     ```sh
     SHA= ####
-    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --compact-output --raw-output '[.["check_runs"] | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" | not)]')"
-    CHECKS="$(echo $CHECKS  | sed -E 's|\].*\[|,|g')" # Because the gh command is paginated, the results are multiple arrays
+    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" | not)]')"
     echo "{\"contexts\": ${CHECKS}}" > checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json

From 0b3acf68abf97ee769b706a98aa0681bf8b05613 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Fri, 11 Mar 2022 15:04:07 +0000
Subject: [PATCH 3/5] Bump ML-powered queries to v0.1.0

---
 lib/config-utils.test.js | 4 ++--
 lib/util.js              | 2 +-
 src/config-utils.test.ts | 4 ++--
 src/util.ts              | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/config-utils.test.js b/lib/config-utils.test.js
index 03b9ddb4c..cb46cf5c6 100644
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -914,7 +914,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.4", true, undefined, "security-extended", undefined);
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", false, undefined, "security-extended", undefined);
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, undefined, undefined);
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-extended", "~0.0.2");
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-and-quality", "~0.0.2");
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-extended", "~0.1.0");
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-and-quality", "~0.1.0");
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
 //# sourceMappingURL=config-utils.test.js.map
\ No newline at end of file
diff --git a/lib/util.js b/lib/util.js
index d51f43414..58abfb126 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -534,7 +534,7 @@ exports.isGoodVersion = isGoodVersion;
  */
 exports.ML_POWERED_JS_QUERIES_PACK = {
     packName: "codeql/javascript-experimental-atm-queries",
-    version: "~0.0.2",
+    version: "~0.1.0",
 };
 /**
  * Get information about ML-powered JS queries to populate status reports with.
diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts
index 23c723567..0174b47f4 100644
--- a/src/config-utils.test.ts
+++ b/src/config-utils.test.ts
@@ -1811,7 +1811,7 @@ test(
   true,
   undefined,
   "security-extended",
-  "~0.0.2"
+  "~0.1.0"
 );
 test(
   mlPoweredQueriesMacro,
@@ -1819,7 +1819,7 @@ test(
   true,
   undefined,
   "security-and-quality",
-  "~0.0.2"
+  "~0.1.0"
 );
 test(
   mlPoweredQueriesMacro,
diff --git a/src/util.ts b/src/util.ts
index 083cbcb00..1f9bc1341 100644
--- a/src/util.ts
+++ b/src/util.ts
@@ -636,7 +636,7 @@ export function isGoodVersion(versionSpec: string) {
  */
 export const ML_POWERED_JS_QUERIES_PACK: PackWithVersion = {
   packName: "codeql/javascript-experimental-atm-queries",
-  version: "~0.0.2",
+  version: "~0.1.0",
 };
 
 /**

From 8ecc1fcbc4065871d9905e9b70fb0095f7becdf3 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Fri, 11 Mar 2022 09:38:08 -0800
Subject: [PATCH 4/5] Ignore "Update Supported Enterprise Server Versions"

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d122b8c76..54f597b9b 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -82,7 +82,7 @@ To regenerate the PR jobs for the action:
 
     ```sh
     SHA= ####
-    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" | not)]')"
+    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
     echo "{\"contexts\": ${CHECKS}}" > checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json

From e64a215b419451886add7e5eaec36440936239a2 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Fri, 11 Mar 2022 10:16:34 -0800
Subject: [PATCH 5/5] Add name to workflow

---
 .../workflows/update-supported-enterprise-server-versions.yml    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml
index 86eae958d..9d6666d04 100644
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -6,6 +6,7 @@ on:
 
 jobs:
   update-supported-enterprise-server-versions:
+    name: Update Supported Enterprise Server Versions
     timeout-minutes: 30
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'github/codeql-action' }}