diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py index 8e8bf37db5..664d016ed7 100644 --- a/.github/actions/release-branches/release-branches.py +++ b/.github/actions/release-branches/release-branches.py @@ -1,12 +1,19 @@ import argparse import json import os -import subprocess +import configparser # Name of the remote ORIGIN = 'origin' -OLDEST_SUPPORTED_MAJOR_VERSION = 2 +script_dir = os.path.dirname(os.path.realpath(__file__)) +grandparent_dir = os.path.dirname(os.path.dirname(script_dir)) + +config = configparser.ConfigParser() +with open(os.path.join(grandparent_dir, 'releases.ini')) as stream: + config.read_string('[default]\n' + stream.read()) + +OLDEST_SUPPORTED_MAJOR_VERSION = config['default']['OLDEST_SUPPORTED_MAJOR_VERSION'] def main(): diff --git a/.github/releases.ini b/.github/releases.ini new file mode 100644 index 0000000000..83aee4b155 --- /dev/null +++ b/.github/releases.ini @@ -0,0 +1 @@ +OLDEST_SUPPORTED_MAJOR_VERSION=2 diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh index a06e90a380..f55ee8256b 100755 --- a/.github/workflows/script/update-required-checks.sh +++ b/.github/workflows/script/update-required-checks.sh @@ -2,6 +2,11 @@ # Update the required checks based on the current branch. # Typically, this will be main. +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +REPO_DIR="$(dirname "$SCRIPT_DIR")" +GRANDPARENT_DIR="$(dirname "$REPO_DIR")" +source "$GRANDPARENT_DIR/releases.ini" + if ! gh auth status 2>/dev/null; then gh auth status echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI." @@ -29,7 +34,22 @@ echo "$CHECKS" | jq echo "{\"contexts\": ${CHECKS}}" > checks.json -for BRANCH in main releases/v2; do +echo "Updating main" +gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json + +# list all branchs on origin remote matching releases/v* +BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)" + +for BRANCH in $BRANCHES; do + + # strip exact 'releases/v' prefix from $BRANCH using count of characters + VERSION="${BRANCH:10}" + + if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then + echo "Skipping $BRANCH" + continue + fi + echo "Updating $BRANCH" gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json done diff --git a/CHANGELOG.md b/CHANGELOG.md index b3d0ac2c52..094ced112b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to 2.15.5. [#2047](https://github.com/github/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 67d435103c..3d2703dee1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -111,8 +111,8 @@ To deprecate an older version of the Action: - Add a changelog note announcing the deprecation. - Implement an Actions warning for customers using the deprecated version. 1. Wait for the deprecation period to pass. -1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. -1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py). Once this PR is merged, the release process will no longer backport changes to the deprecated release version. +1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. +1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [releases.ini](.github/releases.ini). Once this PR is merged, the release process will no longer backport changes to the deprecated release version. ## Resources diff --git a/lib/defaults.json b/lib/defaults.json index 8061083657..7178962c82 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.15.4", - "cliVersion": "2.15.4", - "priorBundleVersion": "codeql-bundle-v2.15.3", - "priorCliVersion": "2.15.3" + "bundleVersion": "codeql-bundle-v2.15.5", + "cliVersion": "2.15.5", + "priorBundleVersion": "codeql-bundle-v2.15.4", + "priorCliVersion": "2.15.4" } diff --git a/src/defaults.json b/src/defaults.json index 28d3d80334..5294fbaf25 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.15.4", - "cliVersion": "2.15.4", - "priorBundleVersion": "codeql-bundle-v2.15.3", - "priorCliVersion": "2.15.3" + "bundleVersion": "codeql-bundle-v2.15.5", + "cliVersion": "2.15.5", + "priorBundleVersion": "codeql-bundle-v2.15.4", + "priorCliVersion": "2.15.4" }