actions/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action synced 2026-05-25 15:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into mbg/ci/fix-concurrency-ignores-inputs

Browse Source
This commit is contained in:
Michael B. Gale
2026-01-21 12:28:09 +00:00
parent 90f4ffcc7e 32d41f36fe
commit 51975ff7b7
29 changed files with 2543 additions and 1667 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/__ccr.yml
Generated
+87
View File
@@ -0,0 +1,87 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# pr-checks/sync.sh
# to regenerate this file.
name: PR Check - CCR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch:
inputs: {}
workflow_call:
inputs: {}
defaults:
run:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
ccr:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: ubuntu-latest
version: stable-v2.20.7
- os: ubuntu-latest
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: CCR
if: github.triggering_actor != 'dependabot[bot]'
permissions:
contents: read
security-events: read
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository
uses: actions/checkout@v6
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: 'true'
- uses: ./../action/init
id: init
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
id: analysis
with:
upload-database: false
env:
CODEQL_ACTION_ANALYSIS_KEY: dynamic/copilot-pull-request-reviewer/codeql-action-test
CODEQL_ACTION_TEST_MODE: true
.github/workflows/__rubocop-multi-language.yml
Generated
+1 -1
View File
@@ -56,7 +56,7 @@ jobs:
use-all-platform-bundle: 'false'
setup-kotlin: 'true'
- name: Set up Ruby
uses: ruby/setup-ruby@675dd7ba1b06c8786a1480d89c384f5620a42647 # v1.281.0
uses: ruby/setup-ruby@80740b3b13bf9857e28854481ca95a84e78a2bdf # v1.284.0
with:
ruby-version: 2.6
- name: Install Code Scanning integration
.github/workflows/post-release-mergeback.yml
+1 -2
View File
@@ -123,9 +123,8 @@ jobs:
- name: Prepare partial Changelog
env:
PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
VERSION: "${{ steps.getVersion.outputs.version }}"
run: |
python .github/workflows/script/prepare_changelog.py CHANGELOG.md "$VERSION" > $PARTIAL_CHANGELOG
python .github/workflows/script/prepare_changelog.py CHANGELOG.md > $PARTIAL_CHANGELOG
echo "::group::Partial CHANGELOG"
cat $PARTIAL_CHANGELOG
.github/workflows/rollback-release.yml
+1 -2
View File
@@ -127,9 +127,8 @@ jobs:
env:
NEW_CHANGELOG: "${{ runner.temp }}/new_changelog.md"
PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
VERSION: "${{ needs.prepare.outputs.version }}"
run: |
python .github/workflows/script/prepare_changelog.py $NEW_CHANGELOG "$VERSION" > $PARTIAL_CHANGELOG
python .github/workflows/script/prepare_changelog.py $NEW_CHANGELOG > $PARTIAL_CHANGELOG
echo "::group::Partial CHANGELOG"
cat $PARTIAL_CHANGELOG
.github/workflows/script/bundle_changelog.py
Regular → Executable
+6 -1
View File
@@ -1,9 +1,14 @@
#!/usr/bin/env python3
import os
import re
cli_version = os.environ['CLI_VERSION']
# The GitHub Release for the new bundle version.
bundle_release_url = f"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v{cli_version}"
# Get the PR number from the PR URL.
pr_number = os.environ['PR_URL'].split('/')[-1]
changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
changelog_note = f"- Update default CodeQL bundle version to [{cli_version}]({bundle_release_url}). [#{pr_number}]({os.environ['PR_URL']})"
# If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
with open('CHANGELOG.md', 'r') as f:
.github/workflows/script/prepare_changelog.py
Regular → Executable
+10 -12
View File
@@ -1,3 +1,4 @@
#!/usr/bin/env python3
import os
import sys
@@ -6,7 +7,7 @@ EMPTY_CHANGELOG = 'No changes.\n\n'
# Prepare the changelog for the new release
# This function will extract the part of the changelog that
# we want to include in the new release.
def extract_changelog_snippet(changelog_file, version_tag):
def extract_changelog_snippet(changelog_file):
output = ''
if (not os.path.exists(changelog_file)):
output = EMPTY_CHANGELOG
@@ -15,23 +16,20 @@ def extract_changelog_snippet(changelog_file, version_tag):
with open(changelog_file, 'r') as f:
lines = f.readlines()
# Include everything up to, but excluding the second heading
# Include only the contents of the first section
found_first_section = False
for i, line in enumerate(lines):
for line in lines:
if line.startswith('## '):
if found_first_section:
break
found_first_section = True
output += line
elif found_first_section:
output += line
output += f"See the full [CHANGELOG.md](https://github.com/github/codeql-action/blob/{version_tag}/CHANGELOG.md) for more information."
return output
return output.strip()
if len(sys.argv) < 3:
raise Exception('Expecting argument: changelog_file version_tag')
if len(sys.argv) < 2:
raise Exception('Expecting argument: changelog_file')
changelog_file = sys.argv[1]
version_tag = sys.argv[2]
print(extract_changelog_snippet(changelog_file, version_tag))
print(extract_changelog_snippet(changelog_file))