Merge pull request #346 from rvermeulen/rvermeulen/incomplete-codeql-…

…dep-upgrade Address incomplete CodeQL dependency upgrade workflow
github · Sep 26, 2023 · 7c50f5b · 7c50f5b
2 parents 9a9927c + 1c676b3
commit 7c50f5b
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 12 deletions.
diff --git a/.github/workflows/upgrade_codeql_dependencies.yml b/.github/workflows/upgrade_codeql_dependencies.yml
@@ -7,10 +7,6 @@ on:
         description: |
           The version of the CodeQL CLI to be set as the default.
         required: true
-      codeql_standard_library_commit:
-        description: |
-          The tag or commit to use from the CodeQL Standard Library
-        required: true
 
 env:
   XARGS_MAX_PROCS: 4
@@ -19,20 +15,25 @@ jobs:
   say_hello:
     env:
       CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
-      CODEQL_LIB_COMMIT: ${{ github.event.inputs.codeql_standard_library_commit }}
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.9"
+
+      - name: Install upgrade-codeql-dependencies.py dependencies
+        run: pip install -r scripts/upgrade-codeql-dependencies/requirements.txt
+
       - name: Update the supported environment
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          CODEQL_CLI_VERSION: ${{ github.event.inputs.codeql_cli_version }}
         run: |
-          jq \
-            --arg cli_version "$CODEQL_CLI_VERSION" \
-            --arg standard_library_commit "$CODEQL_LIB_COMMIT" \
-            --raw-output \
-            '.supported_environment | .[0] | .codeql_cli = $cli_version | .codeql_standard_library = $standard_library_commit' \
-            supported_codeql_configs.json
+          scripts/upgrade-codeql-dependencies/upgrade_codeql_dependencies.py --cli-version "$CODEQL_CLI_VERSION"
 
       - name: Fetch CodeQL
         env:
@@ -54,4 +55,4 @@ jobs:
           commit-message: "Upgrading `github/codeql` dependency to ${{ github.event.inputs.codeql_standard_library_commit }}"
           team-reviewers: github/codeql-coding-standards
           delete-branch: true
-          branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_standard_library_commit }}-${{ github.event.inputs.codeql_cli_version }}"
+          branch: "codeql/upgrade-to-${{ github.event.inputs.codeql_cli_version }}"
diff --git a/scripts/upgrade-codeql-dependencies/requirements.txt b/scripts/upgrade-codeql-dependencies/requirements.txt
@@ -0,0 +1,6 @@
+certifi==2023.7.22
+charset-normalizer==3.2.0
+idna==3.4
+requests==2.31.0
+semantic-version==2.10.0
+urllib3==2.0.4
diff --git a/scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py b/scripts/upgrade-codeql-dependencies/upgrade-codeql-dependencies.py
@@ -0,0 +1,82 @@
+import json
+import requests
+from typing import Optional, Dict, List
+from semantic_version import Version
+from pathlib import Path
+
+SCRIPT_PATH = Path(__file__)
+SUPPORTED_VERSIONS_PATH = SCRIPT_PATH.parent.parent.parent / "supported_codeql_configs.json"
+
+def get_compatible_stdlib(version: Version) -> Optional[str]:
+    tag = f"codeql-cli/v{version}"
+    response = requests.get(f"https://raw.githubusercontent.com/github/codeql/{tag}/cpp/ql/lib/qlpack.yml")
+
+    if response.status_code == 200:
+        return tag
+    return None
+
+def get_compatible_bundle(version: Version, token: str) -> Optional[str]:
+    tag = f"codeql-bundle-v{version}"
+    response = requests.get(f"https://api.github.com/repos/github/codeql-action/releases/tags/{tag}", headers={
+        "Accept": "application/vnd.github+json",
+        "Authorization": f"Bearer {token}",
+        "X-GitHub-Api-Version": "2022-11-28"
+    })
+
+    if response.status_code == 200:
+        return tag
+    return None
+
+def main(cli_version : str, github_token: str) -> None:
+    try:
+        parsed_cli_version = Version(cli_version)
+        compatible_stdlib = get_compatible_stdlib(parsed_cli_version)
+        if compatible_stdlib is None:
+            print(f"Unable to find compatible standard library for: {parsed_cli_version}")
+            exit(1)
+        compatible_bundle = get_compatible_bundle(parsed_cli_version, github_token)
+        if compatible_bundle is None:
+            print(f"Unable to find compatible bundle for: {parsed_cli_version}")
+            exit(1)
+
+        with SUPPORTED_VERSIONS_PATH.open("r") as f:
+            supported_versions = json.load(f)
+
+        supported_envs: List[Dict[str, str]] = supported_versions["supported_environment"]
+        if len(supported_envs) != 1:
+            print("Expected exactly one supported environment, cannot upgrade!")
+            exit(1)
+        supported_env = supported_envs[0]
+        supported_env["codeql_cli"] = str(parsed_cli_version)
+        supported_env["codeql_cli_bundle"] = compatible_bundle
+        supported_env["codeql_standard_library"] = compatible_stdlib
+
+        with SUPPORTED_VERSIONS_PATH.open("w") as f:
+            json.dump(supported_versions, f, indent=2)
+    except ValueError as e:
+        print(e)
+        exit(1)
+
+if __name__ == '__main__':
+    import sys
+    import argparse
+    import os
+
+    parser = argparse.ArgumentParser(description='Upgrade CodeQL dependencies')
+
+    parser.add_argument('--cli-version', type=str, required=True, help='CodeQL CLI version')
+    parser.add_argument('--github-auth-stdin', action='store_true', help='Authenticate to the GitHub API by providing a GitHub token via standard input.')
+
+    args = parser.parse_args()
+    if args.github_auth_stdin:
+        token = sys.stdin.read()
+    else:
+        if "GITHUB_TOKEN" not in os.environ:
+            print("GITHUB_TOKEN environment variable not set")
+            exit(1)
+        token = os.environ["GITHUB_TOKEN"]
+
+    main(args.cli_version, token)
+
+
+