diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 393eb7ec9..3e0a4a9dc 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -19,15 +19,19 @@ # Value of the mode flag for a v2 release V2_MODE = 'v2-release' +SOURCE_BRANCH_FOR_MODE = { V1_MODE: 'releases/v2', V2_MODE: 'main' } +TARGET_BRANCH_FOR_MODE = { V1_MODE: 'releases/v1', V2_MODE: 'releases/v2' } + # Name of the remote ORIGIN = 'origin' # Runs git with the given args and returns the stdout. -# Raises an error if git does not exit successfully. -def run_git(*args): +# Raises an error if git does not exit successfully (unless passed +# allow_non_zero_exit_code=True). +def run_git(*args, allow_non_zero_exit_code=False): cmd = ['git', *args] p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if (p.returncode != 0): + if not allow_non_zero_exit_code and p.returncode != 0: raise Exception('Call to ' + ' '.join(cmd) + ' exited with code ' + str(p.returncode) + ' stderr:' + p.stderr.decode('ascii')) return p.stdout.decode('ascii') @@ -36,7 +40,9 @@ def branch_exists_on_remote(branch_name): return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != '' # Opens a PR from the given branch to the target branch -def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch, conductor, is_v2_release, labels): +def open_pr( + repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch, + conductor, is_v2_release, labels, conflicted_files): # Sort the commits into the pull requests that introduced them, # and any commits that don't have a pull request pull_requests = [] @@ -81,6 +87,10 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, source_ body.append('') body.append('Please review the following:') + if len(conflicted_files) > 0: + body.append(' - [ ] You have amended the merge commit appearing in this branch to resolve ' + + 'the merge conflicts in the following files:') + body.extend([f' - [ ] `{file}`' for file in conflicted_files]) body.append(' - [ ] The CHANGELOG displays the correct version and date.') body.append(' - [ ] The CHANGELOG includes all relevant, user-facing changes since the last release.') body.append(' - [ ] There are no unexpected commits being merged into the ' + target_branch + ' branch.') @@ -191,8 +201,10 @@ def main(): type=str, required=True, choices=[V2_MODE, V1_MODE], - help=f"Which release to perform. '{V2_MODE}' uses main as the source branch and v2 as the target branch. " + - f"'{V1_MODE}' uses v2 as the source branch and v1 as the target branch." + help=f"Which release to perform. '{V2_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V2_MODE]} as the source " + + f"branch and {TARGET_BRANCH_FOR_MODE[V2_MODE]} as the target branch. " + + f"'{V1_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V1_MODE]} as the source branch and " + + f"{TARGET_BRANCH_FOR_MODE[V1_MODE]} as the target branch." ) parser.add_argument( '--conductor', @@ -203,14 +215,8 @@ def main(): args = parser.parse_args() - if args.mode == V2_MODE: - source_branch = 'main' - target_branch = 'v2' - elif args.mode == V1_MODE: - source_branch = 'v2' - target_branch = 'v1' - else: - raise ValueError(f"Unexpected value for release mode: '{args.mode}'") + source_branch = SOURCE_BRANCH_FOR_MODE[args.mode] + target_branch = TARGET_BRANCH_FOR_MODE[args.mode] repo = Github(args.github_token).get_repo(args.repository_nwo) version = get_current_version() @@ -246,10 +252,15 @@ def main(): # Create the new branch and push it to the remote print('Creating branch ' + new_branch_name) + # The process of creating the v1 release can run into merge conflicts. We commit the unresolved + # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to + # reconstruct the release manually) + conflicted_files = [] + if args.mode == V1_MODE: - # If we're performing a backport, start from the v1 branch - print(f'Creating {new_branch_name} from the {ORIGIN}/v1 branch') - run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/v1') + # If we're performing a backport, start from the target branch + print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch') + run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}') # Revert the commit that we made as part of the last release that updated the version number and # changelog to refer to 1.x.x variants. This avoids merge conflicts in the changelog and @@ -274,7 +285,12 @@ def main(): print(' Nothing to revert.') print(f'Merging {ORIGIN}/{source_branch} into the release prep branch') - run_git('merge', f'{ORIGIN}/{source_branch}', '--no-edit') + # Commit any conflicts (see the comment for `conflicted_files`) + run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True) + conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines() + if len(conflicted_files) > 0: + run_git('add', '.') + run_git('commit', '--no-edit') # Migrate the package version number from a v2 version number to a v1 version number print(f'Setting version number to {version}') @@ -317,6 +333,7 @@ def main(): conductor=args.conductor, is_v2_release=args.mode == V2_MODE, labels=['Update dependencies'] if args.mode == V1_MODE else [], + conflicted_files=conflicted_files ) if __name__ == '__main__': diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 2c5367911..6549b9cf6 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__debug-artifacts.yml b/.github/workflows/__debug-artifacts.yml index a1537815e..e232a7190 100644 --- a/.github/workflows/__debug-artifacts.yml +++ b/.github/workflows/__debug-artifacts.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 98337a4e4..aba2644c3 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 49e7c0f28..fdb62f0b0 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__go-custom-tracing-autobuild.yml b/.github/workflows/__go-custom-tracing-autobuild.yml index a6c993819..a45375af4 100644 --- a/.github/workflows/__go-custom-tracing-autobuild.yml +++ b/.github/workflows/__go-custom-tracing-autobuild.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__go-custom-tracing.yml b/.github/workflows/__go-custom-tracing.yml index bf5e1e4a2..53f001983 100644 --- a/.github/workflows/__go-custom-tracing.yml +++ b/.github/workflows/__go-custom-tracing.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index 8dfe4ca1b..98bd6c049 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__ml-powered-queries.yml b/.github/workflows/__ml-powered-queries.yml index 14243f2b4..4e7ac04b4 100644 --- a/.github/workflows/__ml-powered-queries.yml +++ b/.github/workflows/__ml-powered-queries.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index eb04b2fcf..25548fbb7 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 805169b7c..fe3edc96e 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index d2ea6b669..37da28617 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 9a9b216b4..df598adc4 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 9ab7ce727..2ebc7f7ec 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 364688c73..dc12bb20e 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index a0ab24d08..b5bf5635c 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml new file mode 100644 index 000000000..716628d9e --- /dev/null +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -0,0 +1,67 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# pip install ruamel.yaml && python3 sync.py +# to regenerate this file. + +name: PR Check - Autobuild working directory +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - v1 + - v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + test-autobuild-working-dir: + strategy: + matrix: + include: + - os: ubuntu-latest + version: latest + name: Autobuild working directory + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - name: Test setup + shell: bash + run: | + # Make sure that Gradle build succeeds in autobuild-dir ... + cp -a ../action/tests/java-repo autobuild-dir + # ... and fails if attempted in the current directory + echo > build.gradle + - uses: ./../action/init + with: + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + - uses: ./../action/analyze + env: + TEST_MODE: true + - name: Check database + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d java ]]; then + echo "Did not find a Java database" + exit 1 + fi + env: + INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index 1929b0062..7b98a4675 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index 81ee4d3fb..7fa3f7011 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__test-ruby.yml b/.github/workflows/__test-ruby.yml index f6ecbfb05..97aaa1fc5 100644 --- a/.github/workflows/__test-ruby.yml +++ b/.github/workflows/__test-ruby.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index a7284dfd7..68b848131 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 73e009e92..663a3df80 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 8d13ca542..2da06c6f2 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -11,8 +11,8 @@ on: push: branches: - main - - v1 - - v2 + - releases/v1 + - releases/v2 pull_request: types: - opened diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 77ff8ed60..f780e1624 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL action" on: push: - branches: [main, v1, v2] + branches: [main, releases/v1, releases/v2] pull_request: - branches: [main, v1, v2] + branches: [main, releases/v1, releases/v2] # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index eb499f453..5a8f57ca7 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -1,7 +1,8 @@ -# This workflow runs after a release of the action. -# It merges any changes from the release back into the -# main branch. Typically, this is just a single commit -# that updates the changelog. +# This workflow runs after a release of the action. For v2 releases, it merges any changes from the +# release back into the main branch. Typically, this is just a single commit that updates the +# changelog. For v2 and v1 releases, it then (a) tags the merge commit on the release branch that +# represents the new release with an `vx.y.z` tag and (b) updates the `vx` tag to refer to this +# commit. name: Tag release and merge back on: @@ -14,13 +15,12 @@ on: push: branches: - - v1 - - v2 + - releases/v1 + - releases/v2 jobs: merge-back: runs-on: ubuntu-latest - if: github.repository == 'github/codeql-action' env: BASE_BRANCH: "${{ github.event.inputs.baseBranch || 'main' }}" HEAD_BRANCH: "${{ github.head_ref || github.ref }}" @@ -32,7 +32,7 @@ jobs: - name: Dump GitHub context env: GITHUB_CONTEXT: '${{ toJson(github) }}' - run: echo "$GITHUB_CONTEXT" + run: echo "${GITHUB_CONTEXT}" - uses: actions/checkout@v3 - uses: actions/setup-node@v3 @@ -46,25 +46,25 @@ jobs: id: getVersion run: | VERSION="v$(jq '.version' -r 'package.json')" - SHORT_SHA="${GITHUB_SHA:0:8}" - echo "::set-output name=version::$VERSION" - NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${SHORT_SHA}" - echo "::set-output name=newBranch::$NEW_BRANCH" + echo "::set-output name=version::${VERSION}" + short_sha="${GITHUB_SHA:0:8}" + NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}" + echo "::set-output name=newBranch::${NEW_BRANCH}" - name: Dump branches env: NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" run: | - echo "BASE_BRANCH $BASE_BRANCH" - echo "HEAD_BRANCH $HEAD_BRANCH" - echo "NEW_BRANCH $NEW_BRANCH" + echo "BASE_BRANCH ${BASE_BRANCH}" + echo "HEAD_BRANCH ${HEAD_BRANCH}" + echo "NEW_BRANCH ${NEW_BRANCH}" - name: Create mergeback branch env: NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" run: | - git checkout -b "$NEW_BRANCH" + git checkout -b "${NEW_BRANCH}" - name: Check for tag id: check @@ -72,13 +72,13 @@ jobs: VERSION: "${{ steps.getVersion.outputs.version }}" run: | set +e # don't fail on an errored command - git ls-remote --tags origin | grep "$VERSION" - EXISTS="$?" - if [ "$EXISTS" -eq 0 ]; then - echo "Tag $TAG exists. Not going to re-release." + git ls-remote --tags origin | grep "${VERSION}" + exists="$?" + if [ "${exists}" -eq 0 ]; then + echo "Tag ${VERSION} exists. Not going to re-release." echo "::set-output name=exists::true" else - echo "Tag $TAG does not exist yet." + echo "Tag ${VERSION} does not exist yet." fi # we didn't tag the release during the update-release-branch workflow because the @@ -89,20 +89,31 @@ jobs: env: VERSION: ${{ steps.getVersion.outputs.version }} run: | - git tag -a "$VERSION" -m "$VERSION" - git fetch --unshallow # unshallow the repo in order to allow pushes - git push origin --follow-tags "$VERSION" + # Unshallow the repo in order to allow pushes + git fetch --unshallow + # Create the `vx.y.z` tag + git tag --annotate "${VERSION}" --message "${VERSION}" + # Update the `vx` tag + major_version_tag=$(cut -d '.' -f1 <<< "${VERSION}") + # Use `--force` to overwrite the major version tag + git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force + # Push the tags, using: + # - `--atomic` to make sure we either update both tags or neither (an intermediate state, + # e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in + # unwanted Dependabot updates, e.g. from v2 to v2.x.y) + # - `--force` since we're overwriting the `vx` tag + git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}" - name: Create mergeback branch - if: steps.check.outputs.exists != 'true' && contains(github.ref, 'v2') + if: steps.check.outputs.exists != 'true' && contains(github.ref, 'releases/v2') env: VERSION: "${{ steps.getVersion.outputs.version }}" NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" run: | set -exu - PR_TITLE="Mergeback $VERSION $HEAD_BRANCH into $BASE_BRANCH" - PR_BODY="Updates version and changelog." + pr_title="Mergeback ${VERSION} ${HEAD_BRANCH} into ${BASE_BRANCH}" + pr_body="Updates version and changelog." # Update the version number ready for the next release npm version patch --no-git-tag-version @@ -110,16 +121,16 @@ jobs: # Update the changelog perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md git add . - git commit -m "Update changelog and version after $VERSION" + git commit -m "Update changelog and version after ${VERSION}" - git push origin "$NEW_BRANCH" + git push origin "${NEW_BRANCH}" # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft # so that a maintainer can take the PR out of draft, thereby triggering the PR checks. gh pr create \ - --head "$NEW_BRANCH" \ - --base "$BASE_BRANCH" \ - --title "$PR_TITLE" \ + --head "${NEW_BRANCH}" \ + --base "${BASE_BRANCH}" \ + --title "${pr_title}" \ --label "Update dependencies" \ - --body "$PR_BODY" \ + --body "${pr_body}" \ --draft diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 722c71f4d..53fca4a5a 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -2,7 +2,7 @@ name: PR Checks (Basic Checks and Runner) on: push: - branches: [main, v1, v2] + branches: [main, releases/v1, releases/v2] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/python-deps.yml b/.github/workflows/python-deps.yml index f9e35324b..3c616cf67 100644 --- a/.github/workflows/python-deps.yml +++ b/.github/workflows/python-deps.yml @@ -2,7 +2,7 @@ name: Test Python Package Installation on Linux and Mac on: push: - branches: [main, v1, v2] + branches: [main, releases/v1, releases/v2] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index b8bcb7fd4..90f2bafb5 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -8,7 +8,7 @@ jobs: name: Update dependencies timeout-minutes: 45 runs-on: macos-latest - if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action') + if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') steps: - name: Checkout repository uses: actions/checkout@v3 diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 831fd028e..d3570f47e 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -7,13 +7,12 @@ on: # When the v2 release is complete, this workflow will open a PR to update the v1 release branch. push: branches: - - v2 + - releases/v2 jobs: update: timeout-minutes: 45 runs-on: ubuntu-latest - if: github.repository == 'github/codeql-action' steps: - name: Dump environment run: env diff --git a/CHANGELOG.md b/CHANGELOG.md index 64046f805..df1b353f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CodeQL Action Changelog +## 2.1.9 - 14 Apr 2022 + +- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024) + ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014) diff --git a/CODEOWNERS b/CODEOWNERS index f084c0a25..6ee348a10 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1,3 @@ **/* @github/codeql-action-reviewers + +/python-setup/ @github/codeql-python @github/codeql-action-reviewers diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index d9cb6ce2a..1346a9aa3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -61,22 +61,22 @@ Here are a few things you can do that will increase the likelihood of your pull ## Releasing (write access required) 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow. - This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v2` release branch. + This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch. You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml). -1. The workflow run will open a pull request titled "Merge main into v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks. +1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks. 1. Review the checklist items in the pull request description. Once you've checked off all but the last two of these, approve the PR and automerge it. -1. When the "Merge main into v2" pull request is merged into the `v2` branch, the "Tag release and merge back" workflow will create a mergeback PR. - This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into v2" pull request, and bumps the patch version of the CodeQL Action. +1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR. + This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action. Approve the mergeback PR and automerge it. -1. When the "Merge main into v2" pull request is merged into the `v2` branch, the "Update release branch" workflow will create a "Merge v2 into v1" pull request to merge the changes since the last release into the `v1` release branch. - This ensures we keep both the `v1` and `v2` release branches up to date and fully supported. +1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch. + This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported. Review the checklist items in the pull request description. Once you've checked off all the items, approve the PR and automerge it. -1. Once the mergeback has been merged to `main` and the "Merge v2 into v1" PR has been merged to `v1`, the release is complete. +1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete. ## Keeping the PR checks up to date (admin access required) @@ -91,8 +91,8 @@ To regenerate the PR jobs for the action: CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')" echo "{\"contexts\": ${CHECKS}}" > checks.json gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json - gh api -X "PATCH" repos/github/codeql-action/branches/v2/protection/required_status_checks --input checks.json - gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json + gh api -X "PATCH" repos/github/codeql-action/branches/releases/v2/protection/required_status_checks --input checks.json + gh api -X "PATCH" repos/github/codeql-action/branches/releases/v1/protection/required_status_checks --input checks.json ```` 2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated. diff --git a/autobuild/action.yml b/autobuild/action.yml index 63b83f932..a6586e31f 100644 --- a/autobuild/action.yml +++ b/autobuild/action.yml @@ -6,6 +6,12 @@ inputs: default: ${{ github.token }} matrix: default: ${{ toJson(matrix) }} + working-directory: + description: >- + Run the autobuilder using this path (relative to $GITHUB_WORKSPACE) as + working directory. If this input is not set, the autobuilder runs with + $GITHUB_WORKSPACE as its working directory. + required: false runs: using: 'node16' - main: '../lib/autobuild-action.js' \ No newline at end of file + main: '../lib/autobuild-action.js' diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index cd767459f..e471683d0 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -52,6 +52,11 @@ async function run() { } language = (0, autobuild_1.determineAutobuildLanguage)(config, logger); if (language !== undefined) { + const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory"); + if (workingDirectory) { + logger.info(`Changing autobuilder working directory to ${workingDirectory}`); + process.chdir(workingDirectory); + } await (0, autobuild_1.runAutobuild)(language, config, logger); } } diff --git a/lib/autobuild-action.js.map b/lib/autobuild-action.js.map index 7f9fcc43c..74c7af4d6 100644 --- a/lib/autobuild-action.js.map +++ b/lib/autobuild-action.js.map @@ -1 +1 @@ -{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAMwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file +{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} \ No newline at end of file diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 843865f4c..560ededf4 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "2.1.8", + "version": "2.1.9", "lockfileVersion": 2, "requires": true, "packages": { diff --git a/package-lock.json b/package-lock.json index cf9dc3855..83a6d4c8b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "2.1.8", + "version": "2.1.9", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "codeql", - "version": "2.1.8", + "version": "2.1.9", "license": "MIT", "dependencies": { "@actions/artifact": "^1.0.0", diff --git a/package.json b/package.json index 03d8bd6a5..0a7b7cae4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "2.1.8", + "version": "2.1.9", "private": true, "description": "CodeQL action", "scripts": { diff --git a/pr-checks/checks/test-autobuild-working-dir.yml b/pr-checks/checks/test-autobuild-working-dir.yml new file mode 100644 index 000000000..8d75c9e31 --- /dev/null +++ b/pr-checks/checks/test-autobuild-working-dir.yml @@ -0,0 +1,30 @@ +name: "Autobuild working directory" +description: "Tests working-directory input of autobuild action" +versions: ["latest"] +os: ["ubuntu-latest"] +steps: + - name: Test setup + shell: bash + run: | + # Make sure that Gradle build succeeds in autobuild-dir ... + cp -a ../action/tests/java-repo autobuild-dir + # ... and fails if attempted in the current directory + echo > build.gradle + - uses: ./../action/init + with: + languages: java + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/autobuild + with: + working-directory: autobuild-dir + - uses: ./../action/analyze + env: + TEST_MODE: true + - name: Check database + shell: bash + run: | + cd "$RUNNER_TEMP/codeql_databases" + if [[ ! -d java ]]; then + echo "Did not find a Java database" + exit 1 + fi diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 0ed8a4ae5..f1d213635 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -108,7 +108,7 @@ def writeHeader(checkStream): }, 'on': { 'push': { - 'branches': ['main', 'v1', 'v2'] + 'branches': ['main', 'releases/v1', 'releases/v2'] }, 'pull_request': { 'types': ["opened", "synchronize", "reopened", "ready_for_review"] diff --git a/src/autobuild-action.ts b/src/autobuild-action.ts index 1a145c7b2..628026606 100644 --- a/src/autobuild-action.ts +++ b/src/autobuild-action.ts @@ -3,6 +3,7 @@ import * as core from "@actions/core"; import { createStatusReportBase, getActionsStatus, + getOptionalInput, getTemporaryDirectory, sendStatusReport, StatusReportBase, @@ -71,6 +72,13 @@ async function run() { } language = determineAutobuildLanguage(config, logger); if (language !== undefined) { + const workingDirectory = getOptionalInput("working-directory"); + if (workingDirectory) { + logger.info( + `Changing autobuilder working directory to ${workingDirectory}` + ); + process.chdir(workingDirectory); + } await runAutobuild(language, config, logger); } } catch (error) { diff --git a/tests/java-repo/build.gradle b/tests/java-repo/build.gradle new file mode 100644 index 000000000..591d77bda --- /dev/null +++ b/tests/java-repo/build.gradle @@ -0,0 +1,12 @@ +plugins { + id 'application' +} + +repositories { + mavenCentral() +} + +application { + mainClass = 'Main' +} + diff --git a/tests/java-repo/src/main/java/Main.java b/tests/java-repo/src/main/java/Main.java new file mode 100644 index 000000000..9c8b01654 --- /dev/null +++ b/tests/java-repo/src/main/java/Main.java @@ -0,0 +1,8 @@ +class Main { + public static void main(String args[]) { + if (true) { + System.out.println("Hello, World!"); + } + } +} +