From 1c25f6740ca9c34d123ca1abcc5b79d6996b9bf1 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Mon, 21 Jul 2025 13:23:14 -0700 Subject: [PATCH 1/3] Enable core version publish check, as dry run --- .github/workflows/publish.yml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d1548d2..ddeb3d2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -19,30 +19,30 @@ jobs: steps: - uses: actions/checkout@v4 - #- name: Check core qtil (src) pack - # id: check_version - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # run: | - # PUBLISHED_VERSION=$(gh api /orgs/advanced-security/packages/container/qtil/versions --jq '.[0].metadata.container.tags[0]') - # CURRENT_VERSION=$(grep version src/qlpack.yml | awk '{print $2}') - # echo "Published version: $PUBLISHED_VERSION" - # echo "Local version: $CURRENT_VERSION" - # if [ "$PUBLISHED_VERSION" != "$CURRENT_VERSION" ]; then - # echo "publish=true" >> $GITHUB_OUTPUT - # fi + - name: Check core qtil (src) pack + id: check_version + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + PUBLISHED_VERSION=$(gh api /orgs/advanced-security/packages/container/qtil/versions --jq '.[0].metadata.container.tags[0]') + CURRENT_VERSION=$(grep version src/qlpack.yml | awk '{print $2}') + echo "Published version: $PUBLISHED_VERSION" + echo "Local version: $CURRENT_VERSION" + if [ "$PUBLISHED_VERSION" != "$CURRENT_VERSION" ]; then + echo "publish=true" >> $GITHUB_OUTPUT + fi - name: Setup CodeQL - # if: steps.check_version.outputs.publish == 'true' + if: steps.check_version.outputs.publish == 'true' uses: ./.github/actions/install-codeql - name: Publish core qtil (src) pack - # if: steps.check_version.outputs.publish == 'true' + if: steps.check_version.outputs.publish == 'true' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Publishing pack 'qtil'." codeql pack install "src" - codeql pack publish "src" + codeql pack publish --dry-run "src" publish_langs: runs-on: ubuntu-latest From 14cc0b328a9870bd6183ad9ea93ffbca3d1c0c01 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Mon, 21 Jul 2025 13:34:59 -0700 Subject: [PATCH 2/3] Ensure publish is always set to true or false. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/publish.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ddeb3d2..aed02f0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -30,6 +30,8 @@ jobs: echo "Local version: $CURRENT_VERSION" if [ "$PUBLISHED_VERSION" != "$CURRENT_VERSION" ]; then echo "publish=true" >> $GITHUB_OUTPUT + else + echo "publish=false" >> $GITHUB_OUTPUT fi - name: Setup CodeQL if: steps.check_version.outputs.publish == 'true' From 30d751d4562646ee81cb7ed3a72351f11f6160c0 Mon Sep 17 00:00:00 2001 From: Michael R Fairhurst Date: Mon, 21 Jul 2025 13:37:49 -0700 Subject: [PATCH 3/3] Log when publishing is skipped Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/publish.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index aed02f0..b6f1978 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -33,6 +33,9 @@ jobs: else echo "publish=false" >> $GITHUB_OUTPUT fi + - name: Log skipped publishing + if: steps.check_version.outputs.publish == 'false' + run: echo "Publishing is skipped as the local version matches the published version." - name: Setup CodeQL if: steps.check_version.outputs.publish == 'true' uses: ./.github/actions/install-codeql