diff --git a/.github/workflows/update-proxy-release.yml b/.github/workflows/update-proxy-release.yml deleted file mode 100644 index f693ac9397..0000000000 --- a/.github/workflows/update-proxy-release.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Update dependency proxy release assets -on: - workflow_dispatch: - inputs: - tag: - description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets" - type: string - required: true - -defaults: - run: - shell: bash - -jobs: - update: - name: Update code and create PR - timeout-minutes: 15 - runs-on: ubuntu-latest - permissions: - contents: write # needed to push the updated files - pull-requests: write # needed to create the PR - env: - RELEASE_TAG: ${{ inputs.tag }} - steps: - - name: Check release tag format - id: checks - run: | - if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format." - exit 1 - fi - - echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT - - - name: Check that the release exists - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - (gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1 - - - name: Install Node - uses: actions/setup-node@v5 - - - name: Checkout repository - uses: actions/checkout@v5 - with: - fetch-depth: 0 # ensure we have all tags and can push commits - ref: main - - - name: Update git config - run: | - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - - - name: Update release tag and version - run: | - NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache - sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts - sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts - - - name: Compile TypeScript and commit changes - env: - TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} - run: | - set -exu - git checkout -b "$TARGET_BRANCH" - - npm run build - git add ./src/start-proxy-action.ts - git add ./lib - git commit -m "Update release used by \`start-proxy\` action" - - - name: Push changes and open PR - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }} - PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }} - run: | - set -exu - pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`" - pr_body=$(cat << EOF - This PR updates the \`start-proxy\` action to use the private registry proxy binaries that - are attached as release assets to the \`$RELEASE_TAG\` release. - - - Please do the following before merging: - - - [ ] Verify that the changes to the code are correct. - - [ ] Mark the PR as ready for review to trigger the CI. - EOF - ) - - git push origin "$TARGET_BRANCH" - gh pr create \ - --head "$TARGET_BRANCH" \ - --base "main" \ - --title "${pr_title}" \ - --body "${pr_body}" \ - $PR_FLAG