Merge pull request #2054 from github/backport-v2.22.12-012739e50

* Bump the npm group with 4 updates Bumps the npm group with 4 updates: [@octokit/types](https://github.com/octokit/types.ts), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [typescript](https://github.com/Microsoft/TypeScript). Updates `@octokit/types` from 12.3.0 to 12.4.0 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v12.3.0...v12.4.0) Updates `@typescript-eslint/eslint-plugin` from 6.13.2 to 6.14.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.14.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 6.13.2 to 6.14.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.14.0/packages/parser) Updates `typescript` from 5.3.2 to 5.3.3 - [Release notes](https://github.com/Microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.3.2...v5.3.3) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: typescript dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> * Update checked-in dependencies * Update changelog and version after v3.22.11 * Update checked-in dependencies * improve handling of changelog processing for backports * change version numbers inside processing function as well * Apply suggestions from code review Co-authored-by: Henry Mercer <henry.mercer@me.com> * rename regex for clarity * preserve trailing whitespace when transforming CHANGELOG * raise explicit exception if EOF found when looking for changelog sections * add note on versioning approach to changelog * Bump the npm group with 2 updates (#2045) * Bump the npm group with 2 updates Bumps the npm group with 2 updates: [eslint](https://github.com/eslint/eslint) and [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import). Updates `eslint` from 8.55.0 to 8.56.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.55.0...v8.56.0) Updates `eslint-plugin-import` from 2.29.0 to 2.29.1 - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](import-js/eslint-plugin-import@v2.29.0...v2.29.1) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: eslint-plugin-import dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com> * Update checked-in dependencies --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * clarify comment on versions in the changelog * clarify comment on versions in the changelog * Update default bundle to codeql-bundle-v2.15.5 * Add changelog note * update required checks script to handle release branches * add note about backporting check changes to v2 branch * Fix type error * Typecast `OLDEST_SUPPORTED_MAJOR_VERSION` when defined * Update changelog for v3.22.12 * Revert "Update version and changelog for v2.22.11" This reverts commit e763762. * Revert "Update checked-in dependencies" This reverts commit 20d1a9b. * Update version and changelog for v2.22.12 * Update checked-in dependencies * Resolve conflicts in v3->v2.22.12 merge --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Henry Mercer <henry.mercer@me.com> Co-authored-by: Nick Fyson <nickfyson@github.com> Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> Co-authored-by: Angela P Wen <angelapwen@github.com> Co-authored-by: Aditya Sharad <adityasharad@github.com>
github · Dec 22, 2023 · 1500a13 · 1500a13
2 parents 5a201ef + 0d318c9
commit 1500a13
Show file tree

Hide file tree

Showing 71 changed files with 1,816 additions and 1,230 deletions.
diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py
@@ -1,12 +1,19 @@
 import argparse
 import json
 import os
-import subprocess
+import configparser
 
 # Name of the remote
 ORIGIN = 'origin'
 
-OLDEST_SUPPORTED_MAJOR_VERSION = 2
+script_dir = os.path.dirname(os.path.realpath(__file__))
+grandparent_dir = os.path.dirname(os.path.dirname(script_dir))
+
+config = configparser.ConfigParser()
+with open(os.path.join(grandparent_dir, 'releases.ini')) as stream:
+    config.read_string('[default]\n' + stream.read())
+
+OLDEST_SUPPORTED_MAJOR_VERSION = int(config['default']['OLDEST_SUPPORTED_MAJOR_VERSION'])
 
 def main():
 

diff --git a/.github/releases.ini b/.github/releases.ini
@@ -0,0 +1 @@
+OLDEST_SUPPORTED_MAJOR_VERSION=2
diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py
@@ -1,5 +1,6 @@
 import argparse
 import datetime
+import re
 from github import Github
 import json
 import os
@@ -174,6 +175,60 @@ def get_today_string():
   today = datetime.datetime.today()
   return '{:%d %b %Y}'.format(today)
 
+def process_changelog_for_backports(source_branch_major_version, target_branch_major_version):
+
+  # changelog entries can use the following format to indicate
+  # that they only apply to newer versions
+  some_versions_only_regex = re.compile(r'\[v(\d+)\+ only\]')
+
+  output = ''
+
+  with open('CHANGELOG.md', 'r') as f:
+
+    # until we find the first section, just duplicate all lines
+    while True:
+      line = f.readline()
+      if not line:
+        raise Exception('Could not find any change sections in CHANGELOG.md') # EOF
+
+      output += line
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        # we have found the first section, so now handle things differently
+        break
+
+    # found_content tracks whether we hit two headings in a row
+    found_content = False
+    output += '\n'
+    while True:
+      line = f.readline()
+      if not line:
+        break # EOF
+      line = line.rstrip('\n')
+
+      # filter out changenote entries that apply only to newer versions
+      match = some_versions_only_regex.search(line)
+      if match:
+        if int(target_branch_major_version) < int(match.group(1)):
+          continue
+
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        if found_content == False:
+          # we have found two headings in a row, so we need to add the placeholder message.
+          output += 'No user facing changes.\n'
+        found_content = False
+        output += f'\n{line}\n\n'
+      else:
+        if line.strip() != '':
+          found_content = True
+          # we use the original line here, rather than the stripped version
+          # so that we preserve indentation
+          output += line + '\n'
+
+    with open('CHANGELOG.md', 'w') as f:
+      f.write(output)
+
 def update_changelog(version):
   if (os.path.exists('CHANGELOG.md')):
     content = ''
@@ -324,13 +379,7 @@ def main():
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
     print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')
-    subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md'])
-
-    # Remove changelog notes from all versions that do not apply to the vOlder branch
-    print(f'Removing changelog notes that do not apply to v{target_branch_major_version}')
-    for v in range(int(source_branch_major_version), int(target_branch_major_version), -1):
-      print(f'Removing changelog notes that are tagged [v{v}+ only\]')
-      subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md'])
+    process_changelog_for_backports(source_branch_major_version, target_branch_major_version)
 
     # Amend the commit generated by `npm version` to update the CHANGELOG
     run_git('add', 'CHANGELOG.md')

diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml
@@ -133,8 +133,8 @@ jobs:
           # Update the version number ready for the next release
           npm version patch --no-git-tag-version
 
-          # Update the changelog
-          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==5)' CHANGELOG.md
+          # Update the changelog, adding a new version heading directly above the most recent existing one
+          awk '!f && /##/{print "'"## [UNRELEASED]\n\nNo user facing changes.\n"'"; f=1}1' CHANGELOG.md > temp && mv temp CHANGELOG.md
           git add .
           git commit -m "Update changelog and version after ${VERSION}"
 

diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh
@@ -2,6 +2,11 @@
 # Update the required checks based on the current branch.
 # Typically, this will be main.
 
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+REPO_DIR="$(dirname "$SCRIPT_DIR")"
+GRANDPARENT_DIR="$(dirname "$REPO_DIR")"
+source "$GRANDPARENT_DIR/releases.ini"
+
 if ! gh auth status 2>/dev/null; then
   gh auth status
   echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
@@ -29,7 +34,22 @@ echo "$CHECKS" | jq
 
 echo "{\"contexts\": ${CHECKS}}" > checks.json
 
-for BRANCH in main releases/v2; do
+echo "Updating main"
+gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json
+
+# list all branchs on origin remote matching releases/v*
+BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)"
+
+for BRANCH in $BRANCHES; do
+
+  # strip exact 'releases/v' prefix from $BRANCH using count of characters
+  VERSION="${BRANCH:10}"
+
+  if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then
+    echo "Skipping $BRANCH"
+    continue
+  fi
+
   echo "Updating $BRANCH"
   gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
 done

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
+
+## 2.22.12 - 22 Dec 2023
+
+- Update default CodeQL bundle version to 2.15.5. [#2047](https://github.com/github/codeql-action/pull/2047)
+
 ## 2.22.11 - 13 Dec 2023
 
 No user facing changes.

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -114,7 +114,7 @@ To deprecate an older version of the Action:
    - Implement an Actions warning for customers using the deprecated version.
 1. Wait for the deprecation period to pass.
 1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
-1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
+1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [releases.ini](.github/releases.ini).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
 
 ## Resources
 

diff --git a/lib/defaults.json b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.15.4",
-    "cliVersion": "2.15.4",
-    "priorBundleVersion": "codeql-bundle-v2.15.3",
-    "priorCliVersion": "2.15.3"
+    "bundleVersion": "codeql-bundle-v2.15.5",
+    "cliVersion": "2.15.5",
+    "priorBundleVersion": "codeql-bundle-v2.15.4",
+    "priorCliVersion": "2.15.4"
 }