Sync CodeQL Bundle #601
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Write a workflows that: | |
## worklow is triggered by cron job or manually | |
## run every day at 00:00 UTC | |
## - get current version of codeql bundle by command: curl --silent "https://api.github.com/repos/github/codeql-action/releases/latest" | grep -E -o -m 1 'v([0-9]+)\.([0-9]+)\.([0-9]+)' | head -n 1 | |
## - get current release tag of this repo | |
## - compare them | |
## - if not match, trigger new release | |
name: Sync CodeQL Bundle | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '0 0 * * *' | |
defaults: | |
run: | |
working-directory: . | |
jobs: | |
sync-with-codeql-bundle: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check CodeQL Bundle version | |
id: check | |
run: | | |
git fetch --prune --unshallow | |
CODEQL_BUNDLE_VERSION="$(curl --silent "https://api.github.com/repos/github/codeql-action/releases/latest" | grep -E -o -m 1 'v([0-9]+)\.([0-9]+)\.([0-9]+)' | head -n 1)" | |
CODEQL_AGENT_VERSION="$(git ls-remote --tags origin| awk -F/ '{print $3}' | sort -V | tail -1)" | |
echo "CodeQL Bundle version: $CODEQL_BUNDLE_VERSION" | |
echo "CodeQL Agent version: $CODEQL_AGENT_VERSION" | |
if [ "$CODEQL_BUNDLE_VERSION" = "$CODEQL_AGENT_VERSION" ]; then | |
echo "CodeQL Agent is up to date." | |
echo "update=false" >> $GITHUB_OUTPUT | |
else | |
echo "CodeQL Agent is outdated." | |
echo "update=true" >> $GITHUB_OUTPUT | |
echo "tag=$CODEQL_BUNDLE_VERSION" >> $GITHUB_OUTPUT | |
fi | |
- name: Create Release | |
if: ${{ steps.check.outputs.update == 'true' }} | |
run: gh release create ${{steps.check.outputs.tag}} --notes "Update to CodeQL version ${{steps.check.outputs.tag}}" -t "${{steps.check.outputs.tag}}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.PAT }} |