From b7f289ef4d859aab73395afff73db9f727805d25 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Mon, 4 Dec 2023 14:28:55 +0000 Subject: [PATCH 01/11] update release process to support multiple version --- .github/actions/release-branches/action.yml | 25 +++ .../release-branches/release-branches.py | 57 ++++++ .github/actions/release-initialise/action.yml | 33 ++++ .github/update-release-branch.py | 167 +++++++++++++++--- .github/workflows/post-release-mergeback.yml | 28 +-- .github/workflows/update-release-branch.yml | 129 +++++++++++--- CONTRIBUTING.md | 4 + 7 files changed, 383 insertions(+), 60 deletions(-) create mode 100644 .github/actions/release-branches/action.yml create mode 100644 .github/actions/release-branches/release-branches.py create mode 100644 .github/actions/release-initialise/action.yml diff --git a/.github/actions/release-branches/action.yml b/.github/actions/release-branches/action.yml new file mode 100644 index 0000000000..6dee85a65e --- /dev/null +++ b/.github/actions/release-branches/action.yml @@ -0,0 +1,25 @@ +name: 'Release branches' +description: 'Determine branches for release & backport' +inputs: + major_version: + description: 'The version as extracted from the package.json file' + required: true + latest_tag: + description: 'The most recent tag published to the repository' + required: true +outputs: + backport_source_branch: + description: "The release branch for the given tag" + value: ${{ steps.branches.outputs.backport_source_branch }} + backport_target_branches: + description: "JSON encoded list of branches to target with backports" + value: ${{ steps.branches.outputs.backport_target_branches }} +runs: + using: "composite" + steps: + - id: branches + run: | + python ${{ github.action_path }}/release-branches.py \ + --major-version ${{ inputs.major_version }} \ + --latest-tag ${{ inputs.latest_tag }} + shell: bash diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py new file mode 100644 index 0000000000..f38d2ec370 --- /dev/null +++ b/.github/actions/release-branches/release-branches.py @@ -0,0 +1,57 @@ +import argparse +import os, json +import subprocess + +# Name of the remote +ORIGIN = 'origin' + +OLDEST_SUPPORTED_MAJOR_VERSION = 2 + +# Runs git with the given args and returns the stdout. +# Raises an error if git does not exit successfully (unless passed +# allow_non_zero_exit_code=True). +def run_git(*args, allow_non_zero_exit_code=False): + cmd = ['git', *args] + p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + if not allow_non_zero_exit_code and p.returncode != 0: + raise Exception(f'Call to {" ".join(cmd)} exited with code {p.returncode} stderr: {p.stderr.decode("ascii")}.') + return p.stdout.decode('ascii') + +def main(): + + parser = argparse.ArgumentParser() + parser.add_argument("--major-version", required=True, type=str, help="The major version of the release") + parser.add_argument("--latest-tag", required=True, type=str, help="The most recent tag published to the repository") + args = parser.parse_args() + + major_version = args.major_version + latest_tag = args.latest_tag + + print("major_version: " + major_version) + print("latest_tag: " + latest_tag) + + # If this is a primary release, we backport to all supported branches, + # so we check whether the major_version taken from the package.json + # is greater than or equal to the latest tag pulled from the repo. + # For example... + # 'v1' >= 'v2' is False # we're operating from an older release branch and should not backport + # 'v2' >= 'v2' is True # the normal case where we're updating the current version + # 'v3' >= 'v2' is True # in this case we are making the first release of a new major version + consider_backports = ( major_version >= latest_tag.split(".")[0] ) + + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + + f.write(f"backport_source_branch=releases/{major_version}\n") + + backport_target_branches = [] + + if consider_backports: + for i in range(int(major_version.strip("v"))-1, 0, -1): + branch_name = f"releases/v{i}" + if i >= OLDEST_SUPPORTED_MAJOR_VERSION: + backport_target_branches.append(branch_name) + + f.write("backport_target_branches="+json.dumps(backport_target_branches)+"\n") + +if __name__ == "__main__": + main() diff --git a/.github/actions/release-initialise/action.yml b/.github/actions/release-initialise/action.yml new file mode 100644 index 0000000000..c914435fe4 --- /dev/null +++ b/.github/actions/release-initialise/action.yml @@ -0,0 +1,33 @@ +name: 'Prepare release job' +description: 'Executed preparatory steps before update a release branch' + +runs: + using: "composite" + steps: + + - name: Dump environment + run: env + shell: bash + + - name: Dump GitHub context + env: + GITHUB_CONTEXT: '${{ toJson(github) }}' + run: echo "$GITHUB_CONTEXT" + shell: bash + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: 3.8 + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install PyGithub==1.55 requests + shell: bash + + - name: Update git config + run: | + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + shell: bash diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 1d19c30ee9..94d416c41a 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -13,8 +13,6 @@ """ -SOURCE_BRANCH = 'main' -TARGET_BRANCH = 'releases/v2' # Name of the remote ORIGIN = 'origin' @@ -34,7 +32,9 @@ def branch_exists_on_remote(branch_name): return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != '' # Opens a PR from the given branch to the target branch -def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conductor): +def open_pr( + repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch, + conductor, is_primary_release, conflicted_files): # Sort the commits into the pull requests that introduced them, # and any commits that don't have a pull request pull_requests = [] @@ -56,7 +56,7 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct # Start constructing the body text body = [] - body.append(f'Merging {source_branch_short_sha} into {TARGET_BRANCH}.') + body.append(f'Merging {source_branch_short_sha} into {target_branch}.') body.append('') body.append(f'Conductor for this PR is @{conductor}.') @@ -79,20 +79,38 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct body.append('') body.append('Please do the following:') + if len(conflicted_files) > 0: + body.append(' - [ ] Ensure `package.json` file contains the correct version.') + body.append(' - [ ] Add commits to this branch to resolve the merge conflicts ' + + 'in the following files:') + body.extend([f' - [ ] `{file}`' for file in conflicted_files]) + body.append(' - [ ] Ensure another maintainer has reviewed the additional commits you added to this ' + + 'branch to resolve the merge conflicts.') body.append(' - [ ] Ensure the CHANGELOG displays the correct version and date.') body.append(' - [ ] Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.') - body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {TARGET_BRANCH} branch.') + body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {target_branch} branch.') body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.') + + if not is_primary_release: + body.append(' - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.') + body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.') + body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.') + body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.') - body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.') - title = f'Merge {SOURCE_BRANCH} into {TARGET_BRANCH}' + if is_primary_release: + body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.') + body.append(' - [ ] Merge the v1 release PR that will automatically be created once this PR is merged.') + + title = f'Merge {source_branch} into {target_branch}' + labels = ['Update dependencies'] if not is_primary_release else [] # Create the pull request # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that # a maintainer can take the PR out of draft, thereby triggering the PR checks. - pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=TARGET_BRANCH, draft=True) - print(f'Created PR #{pr.number}') + pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=target_branch, draft=True) + pr.add_to_labels(*labels) + print(f'Created PR #{str(pr.number)}') # Assign the conductor pr.add_to_assignees(conductor) @@ -102,10 +120,10 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct # since the last release to the target branch. # This will not include any commits that exist on the target branch # that aren't on the source branch. -def get_commit_difference(repo): +def get_commit_difference(repo, source_branch, target_branch): # Passing split nothing means that the empty string splits to nothing: compare `''.split() == []` # to `''.split('\n') == ['']`. - commits = run_git('log', '--pretty=format:%H', f'{ORIGIN}/{TARGET_BRANCH}..{ORIGIN}/{SOURCE_BRANCH}').strip().split() + commits = run_git('log', '--pretty=format:%H', f'{ORIGIN}/{target_branch}..{ORIGIN}/{source_branch}').strip().split() # Convert to full-fledged commit objects commits = [repo.get_commit(c) for c in commits] @@ -182,6 +200,24 @@ def main(): required=True, help='The nwo of the repository, for example github/codeql-action.' ) + parser.add_argument( + '--source-branch', + type=str, + required=True, + help='Source branch for release branch update.' + ) + parser.add_argument( + '--target-branch', + type=str, + required=True, + help='Target branch for release branch update.' + ) + parser.add_argument( + '--is-primary-release', + action='store_true', + default=False, + help='Whether this update is the primary release for the current major version.' + ) parser.add_argument( '--conductor', type=str, @@ -191,18 +227,29 @@ def main(): args = parser.parse_args() + source_branch = args.source_branch + target_branch = args.target_branch + is_primary_release = args.is_primary_release + repo = Github(args.github_token).get_repo(args.repository_nwo) - version = get_current_version() + + # the target branch will be of the form releases/vN, where N is the major version number + target_branch_major_version = target_branch.strip('releases/v') + + # split version into major, minor, patch + _, v_minor, v_patch = get_current_version().split('.') + + version = f"{target_branch_major_version}.{v_minor}.{v_patch}" # Print what we intend to go - print(f'Considering difference between {SOURCE_BRANCH} and {TARGET_BRANCH}...') - source_branch_short_sha = run_git('rev-parse', '--short', f'{ORIGIN}/{SOURCE_BRANCH}').strip() - print(f'Current head of {SOURCE_BRANCH} is {source_branch_short_sha}.') + print(f'Considering difference between {source_branch} and {target_branch}...') + source_branch_short_sha = run_git('rev-parse', '--short', f'{ORIGIN}/{source_branch}').strip() + print(f'Current head of {source_branch} is {source_branch_short_sha}.') # See if there are any commits to merge in - commits = get_commit_difference(repo=repo) + commits = get_commit_difference(repo=repo, source_branch=source_branch, target_branch=target_branch) if len(commits) == 0: - print(f'No commits to merge from {SOURCE_BRANCH} to {TARGET_BRANCH}.') + print(f'No commits to merge from {source_branch} to {target_branch}.') return # The branch name is based off of the name of branch being merged into @@ -220,17 +267,81 @@ def main(): # Create the new branch and push it to the remote print(f'Creating branch {new_branch_name}.') - # If we're performing a standard release, there won't be any new commits on the target branch, - # as these will have already been merged back into the source branch. Therefore we can just - # start from the source branch. - run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{SOURCE_BRANCH}') + # The process of creating the v{Older} release can run into merge conflicts. We commit the unresolved + # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to + # reconstruct the release manually) + conflicted_files = [] + + if not is_primary_release: + + # the source branch will be of the form releases/vN, where N is the major version number + source_branch_major_version = source_branch.strip('releases/v') + + # If we're performing a backport, start from the target branch + print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch') + run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}') + + # Revert the commit that we made as part of the last release that updated the version number and + # changelog to refer to {older}.x.x variants. This avoids merge conflicts in the changelog and + # package.json files when we merge in the v{latest} branch. + # This commit will not exist the first time we release the v{N-1} branch from the v{N} branch, so we + # use `git log --grep` to conditionally revert the commit. + print('Reverting the version number and changelog updates from the last release to avoid conflicts') + vOlder_update_commits = run_git('log', '--grep', '^Update version and changelog for v', '--format=%H').split() + + if len(vOlder_update_commits) > 0: + print(f' Reverting {vOlder_update_commits[0]}') + # Only revert the newest commit as older ones will already have been reverted in previous + # releases. + run_git('revert', vOlder_update_commits[0], '--no-edit') + + # Also revert the "Update checked-in dependencies" commit created by Actions. + update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0] + # TODO: why is this failing for the v2 branch currently...? + print(f' Reverting {update_dependencies_commit}') + run_git('revert', update_dependencies_commit, '--no-edit') + + else: + print(' Nothing to revert.') + + print(f'Merging {ORIGIN}/{source_branch} into the release prep branch') + # Commit any conflicts (see the comment for `conflicted_files`) + run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True) + conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines() + if len(conflicted_files) > 0: + run_git('add', '.') + run_git('commit', '--no-edit') + + # Migrate the package version number from a vLatest version number to a vOlder version number + print(f'Setting version number to {version}') + subprocess.check_output(['npm', 'version', version, '--no-git-tag-version']) + run_git('add', 'package.json', 'package-lock.json') + + # Migrate the changelog notes from v2 version numbers to v1 version numbers + print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}') + subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md']) + + # Remove changelog notes from all versions that do not apply to the vOlder branch + print(f'Removing changelog notes that do not apply to v{target_branch_major_version}') + for v in range(int(target_branch_major_version)+1, int(source_branch_major_version)+1): + print(f'Removing changelog notes that are tagged [v{v}+ only\]') + subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md']) + + # Amend the commit generated by `npm version` to update the CHANGELOG + run_git('add', 'CHANGELOG.md') + run_git('commit', '-m', f'Update version and changelog for v{version}') + else: + # If we're performing a standard release, there won't be any new commits on the target branch, + # as these will have already been merged back into the source branch. Therefore we can just + # start from the source branch. + run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{source_branch}') - print('Updating changelog') - update_changelog(version) + print('Updating changelog') + update_changelog(version) - # Create a commit that updates the CHANGELOG - run_git('add', 'CHANGELOG.md') - run_git('commit', '-m', f'Update changelog for v{version}') + # Create a commit that updates the CHANGELOG + run_git('add', 'CHANGELOG.md') + run_git('commit', '-m', f'Update changelog for v{version}') run_git('push', ORIGIN, new_branch_name) @@ -240,7 +351,11 @@ def main(): commits, source_branch_short_sha, new_branch_name, + source_branch=source_branch, + target_branch=target_branch, conductor=args.conductor, + is_primary_release=is_primary_release, + conflicted_files=conflicted_files ) if __name__ == '__main__': diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 0f5c494171..696f57aba6 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -1,9 +1,9 @@ -# This workflow runs after a release of the action. It: -# 1. Merges any changes from the release back into the main branch. Typically, this is just a single -# commit that updates the changelog. -# 2. Tags the merge commit on the release branch that represents the new release with an `v2.x.y` +# This workflow runs after a merge to any release branch of the action. It: +# 1. Tags the merge commit on the release branch that represents the new release with n `vN.x.y` # tag -# 3. Updates the `v2` tag to refer to this merge commit. +# 2. Updates the `vN` tag to refer to this merge commit. +# 3. Iff vN == vLatest, merges any changes from the release back into the main branch. +# Typically, this is just a single commit that updates the changelog. name: Tag release and merge back on: @@ -16,7 +16,7 @@ on: push: branches: - - releases/v2 + - releases/v* jobs: merge-back: @@ -36,6 +36,8 @@ jobs: run: echo "${GITHUB_CONTEXT}" - uses: actions/checkout@v4 + with: + fetch-depth: 0 # ensure we have all tags and can push commits - uses: actions/setup-node@v4 - name: Update git config @@ -51,6 +53,8 @@ jobs: short_sha="${GITHUB_SHA:0:8}" NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}" echo "newBranch=${NEW_BRANCH}" >> $GITHUB_OUTPUT + LATEST_RELEASE_BRANCH=$(git branch -r | grep -E "origin/releases/v[0-9]+$" | sed 's/origin\///g' | sort -V | tail -1 | xargs) + echo "latest_release_branch=${LATEST_RELEASE_BRANCH}" >> $GITHUB_OUTPUT - name: Dump branches env: @@ -59,6 +63,8 @@ jobs: echo "BASE_BRANCH ${BASE_BRANCH}" echo "HEAD_BRANCH ${HEAD_BRANCH}" echo "NEW_BRANCH ${NEW_BRANCH}" + echo "LATEST_RELEASE_BRANCH ${LATEST_RELEASE_BRANCH}" + echo "GITHUB_REF ${GITHUB_REF}" - name: Create mergeback branch env: @@ -89,8 +95,6 @@ jobs: env: VERSION: ${{ steps.getVersion.outputs.version }} run: | - # Unshallow the repo in order to allow pushes - git fetch --unshallow # Create the `vx.y.z` tag git tag --annotate "${VERSION}" --message "${VERSION}" # Update the `vx` tag @@ -99,13 +103,13 @@ jobs: git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force # Push the tags, using: # - `--atomic` to make sure we either update both tags or neither (an intermediate state, - # e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in - # unwanted Dependabot updates, e.g. from v2 to v2.x.y) - # - `--force` since we're overwriting the `vx` tag + # e.g. where we update the vN.x.y tag on the remote but not the vN tag, could result in + # unwanted Dependabot updates, e.g. from vN to vN.x.y) + # - `--force` since we're overwriting the `vN` tag git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}" - name: Create mergeback branch - if: steps.check.outputs.exists != 'true' + if: ${{ steps.check.outputs.exists != 'true' && endsWith(github.ref_name, steps.getVersion.outputs.latest_release_branch) }} env: VERSION: "${{ steps.getVersion.outputs.version }}" NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 2f95d40540..f5ab2cda85 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -1,46 +1,131 @@ name: Update release branch on: # You can trigger this workflow via workflow dispatch to start a release. - # This will open a PR to update the v2 release branch. + # This will open a PR to update the latest release branch. workflow_dispatch: + # When a release is complete this workflow will open up backport PRs to older release branches. + # NB while it will trigger on any release branch update, the backport job will not proceed for + # anything other than than releases/v{latest} + push: + branches: + - releases/* + jobs: - update: - timeout-minutes: 45 + + prepare: runs-on: ubuntu-latest if: github.repository == 'github/codeql-action' + outputs: + version: ${{ steps.versions.outputs.version }} + major_version: ${{ steps.versions.outputs.major_version }} + latest_tag: ${{ steps.versions.outputs.latest_tag }} + backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }} + backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }} steps: - - name: Dump environment - run: env + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history for calculation of diffs + - uses: ./.github/actions/release-initialise - - name: Dump GitHub context - env: - GITHUB_CONTEXT: '${{ toJson(github) }}' - run: echo "$GITHUB_CONTEXT" + - name: Get version tags + id: versions + run: | + VERSION="v$(jq '.version' -r 'package.json')" + echo "version=${VERSION}" >> $GITHUB_OUTPUT + MAJOR_VERSION=$(cut -d '.' -f1 <<< "${VERSION}") + echo "major_version=${MAJOR_VERSION}" >> $GITHUB_OUTPUT + LATEST_TAG=$(git tag --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+' | head -1) + echo "latest_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT - - uses: actions/checkout@v4 + - id: branches + name: Determine older release branches + uses: ./.github/actions/release-branches with: - # Need full history so we calculate diffs - fetch-depth: 0 + major_version: ${{ steps.versions.outputs.major_version }} + latest_tag: ${{ steps.versions.outputs.latest_tag }} + + - name: debug logging + run: | + echo 'version: ${{ steps.versions.outputs.version }}' + echo 'major_version: ${{ steps.versions.outputs.major_version }}' + echo 'latest_tag: ${{ steps.versions.outputs.latest_tag }}' + echo 'backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }}' + echo 'backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }}' - - name: Set up Python - uses: actions/setup-python@v4 + update: + timeout-minutes: 45 + runs-on: ubuntu-latest + if: github.event_name == 'workflow_dispatch' + needs: [prepare] + env: + REF_NAME: "${{ github.ref_name }}" + REPOSITORY: "${{ github.repository }}" + MAJOR_VERSION: "${{ needs.prepare.outputs.major_version }}" + LATEST_TAG: "${{ needs.prepare.outputs.latest_tag }}" + steps: + - uses: actions/checkout@v4 with: - python-version: 3.8 + fetch-depth: 0 # Need full history for calculation of diffs + - uses: ./.github/actions/release-initialise - - name: Install dependencies + # when the workflow has been manually triggered on main, + # we know that we definitely want the release branch to exist + - name: Ensure release branch exists run: | - python -m pip install --upgrade pip - pip install PyGithub==1.55 requests + echo "MAJOR_VERSION ${MAJOR_VERSION}" + RELEASE_BRANCH=releases/${MAJOR_VERSION} + if git checkout $RELEASE_BRANCH > /dev/null 2>&1; then + echo "Branch $RELEASE_BRANCH already exists" + echo "" + else + echo "Creating $RELEASE_BRANCH branch" + git checkout -b ${RELEASE_BRANCH} ${LATEST_TAG} + git push --set-upstream origin ${RELEASE_BRANCH} + git branch --show-current + echo "" + fi + echo "Returning to branch: ${REF_NAME}" + git checkout ${REF_NAME} - - name: Update git config + - name: Update current release branch + if: github.event_name == 'workflow_dispatch' run: | - git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" + echo SOURCE_BRANCH=${REF_NAME} + echo TARGET_BRANCH=releases/${MAJOR_VERSION} + python .github/update-release-branch.py \ + --github-token ${{ secrets.GITHUB_TOKEN }} \ + --repository-nwo ${{ github.repository }} \ + --source-branch '${{ env.REF_NAME }}' \ + --target-branch 'releases/${{ env.MAJOR_VERSION }}' \ + --is-primary-release \ + --conductor ${GITHUB_ACTOR} + + backport: + timeout-minutes: 45 + runs-on: ubuntu-latest + needs: [prepare] + if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' && needs.prepare.outputs.backport_target_branches != '' }} + strategy: + fail-fast: false + matrix: + target_branch: ${{ fromJson(needs.prepare.outputs.backport_target_branches) }} + env: + SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }} + TARGET_BRANCH: ${{ matrix.target_branch }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 # Need full history for calculation of diffs + - uses: ./.github/actions/release-initialise - - name: Update release branch + - name: Update older release branch run: | + echo SOURCE_BRANCH=${SOURCE_BRANCH} + echo TARGET_BRANCH=${TARGET_BRANCH} python .github/update-release-branch.py \ --github-token ${{ secrets.GITHUB_TOKEN }} \ --repository-nwo ${{ github.repository }} \ + --source-branch ${SOURCE_BRANCH} \ + --target-branch ${TARGET_BRANCH} \ --conductor ${GITHUB_ACTOR} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0537bd2070..862baf1219 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -99,6 +99,10 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH - Add a changelog note announcing the new minimum version of CodeQL that is now required. - Example PR: https://github.com/github/codeql-action/pull/1907 +## Deprecating a CodeQL-Action version (write access required) + +TODO: fill this section in! + ## Resources - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/) From 2dbffae187d3c18b125104eec9ebcf7c94fb30a7 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Mon, 4 Dec 2023 22:15:47 +0000 Subject: [PATCH 02/11] add note in CONTRIBUTING.md on how to deprecate an action version --- CONTRIBUTING.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 862baf1219..642ec412a6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -101,7 +101,14 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH ## Deprecating a CodeQL-Action version (write access required) -TODO: fill this section in! +When necessary we maintain multiple versions of the CodeQL action, for example to support older version of NodeJS as required by GHES versions that are still supported. The automated release process opens backport PRs to update older versions once the primary release is merged. Deprecation of older versions of the action will generally happen once a particular older GHES version is no longer supported, and hence we can stop maintainin the action for a particular NodeJS version. + +The backport process is controlled by setting the minimum version number of the action that is still supported, defined at the in the [release-branches](.github/actions/release-branches/release-branches.py) action. To stop udpating an older version of the action: + +1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the action. + - Add a changelog note announcing the deprecation. +2. Bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py) +3. Merge this change to main and the next release will not backport changes to the deprecated release version. ## Resources From 784783de17428b664b2610a601be0e7cfd171e17 Mon Sep 17 00:00:00 2001 From: Chuan-kai Lin Date: Tue, 5 Dec 2023 13:08:58 -0800 Subject: [PATCH 03/11] Update supported GitHub Enterprise Server versions --- lib/api-compatibility.json | 2 +- src/api-compatibility.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/api-compatibility.json b/lib/api-compatibility.json index 9119368988..81b3256964 100644 --- a/lib/api-compatibility.json +++ b/lib/api-compatibility.json @@ -1 +1 @@ -{ "maximumVersion": "3.11", "minimumVersion": "3.7" } +{ "maximumVersion": "3.12", "minimumVersion": "3.7" } diff --git a/src/api-compatibility.json b/src/api-compatibility.json index 4266cf4581..10e4f3a195 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.11", "minimumVersion": "3.7"} +{"maximumVersion": "3.12", "minimumVersion": "3.7"} From 3537bea5807bc605478c9ff7af7f7af948b6025e Mon Sep 17 00:00:00 2001 From: Nick Fyson Date: Wed, 6 Dec 2023 11:40:07 +0000 Subject: [PATCH 04/11] Apply suggestions from code review Co-authored-by: Henry Mercer --- .../actions/release-branches/release-branches.py | 3 ++- .github/actions/release-initialise/action.yml | 2 +- .github/update-release-branch.py | 2 +- .github/workflows/post-release-mergeback.yml | 2 +- CONTRIBUTING.md | 16 ++++++++++------ 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py index f38d2ec370..fcadd808d2 100644 --- a/.github/actions/release-branches/release-branches.py +++ b/.github/actions/release-branches/release-branches.py @@ -1,5 +1,6 @@ import argparse -import os, json +import json +import os import subprocess # Name of the remote diff --git a/.github/actions/release-initialise/action.yml b/.github/actions/release-initialise/action.yml index c914435fe4..7e554cce1c 100644 --- a/.github/actions/release-initialise/action.yml +++ b/.github/actions/release-initialise/action.yml @@ -1,5 +1,5 @@ name: 'Prepare release job' -description: 'Executed preparatory steps before update a release branch' +description: 'Prepare for updating a release branch' runs: using: "composite" diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 94d416c41a..d5ba6c925e 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -317,7 +317,7 @@ def main(): subprocess.check_output(['npm', 'version', version, '--no-git-tag-version']) run_git('add', 'package.json', 'package-lock.json') - # Migrate the changelog notes from v2 version numbers to v1 version numbers + # Migrate the changelog notes from vLatest version numbers to vOlder version numbers print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}') subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md']) diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 696f57aba6..f4cba080cc 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -1,5 +1,5 @@ # This workflow runs after a merge to any release branch of the action. It: -# 1. Tags the merge commit on the release branch that represents the new release with n `vN.x.y` +# 1. Tags the merge commit on the release branch that represents the new release with an `vN.x.y` # tag # 2. Updates the `vN` tag to refer to this merge commit. # 3. Iff vN == vLatest, merges any changes from the release back into the main branch. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 642ec412a6..67d435103c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -99,16 +99,20 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH - Add a changelog note announcing the new minimum version of CodeQL that is now required. - Example PR: https://github.com/github/codeql-action/pull/1907 -## Deprecating a CodeQL-Action version (write access required) +## Deprecating a CodeQL Action version (write access required) -When necessary we maintain multiple versions of the CodeQL action, for example to support older version of NodeJS as required by GHES versions that are still supported. The automated release process opens backport PRs to update older versions once the primary release is merged. Deprecation of older versions of the action will generally happen once a particular older GHES version is no longer supported, and hence we can stop maintainin the action for a particular NodeJS version. +We sometimes maintain multiple versions of the CodeQL Action to enable customers on older but still supported versions of GitHub Enterprise Server (GHES) to continue to benefit from the latest CodeQL improvements. To accomplish this, the release process automation listens to updates to the release branch for the newest supported version. When this branch is updated, the release process automatically opens backport PRs to update the release branches for older versions. -The backport process is controlled by setting the minimum version number of the action that is still supported, defined at the in the [release-branches](.github/actions/release-branches/release-branches.py) action. To stop udpating an older version of the action: +We typically deprecate older versions of the Action once all supported GHES versions are compatible with the version of Node.js we are using on `main`. -1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the action. +To deprecate an older version of the Action: + +1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the Action, giving as much notice as is practical. - Add a changelog note announcing the deprecation. -2. Bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py) -3. Merge this change to main and the next release will not backport changes to the deprecated release version. + - Implement an Actions warning for customers using the deprecated version. +1. Wait for the deprecation period to pass. +1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. +1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py). Once this PR is merged, the release process will no longer backport changes to the deprecated release version. ## Resources From a6ea3c5a45b53ef29985956a67d19aa9db1fc2ef Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 11:41:27 +0000 Subject: [PATCH 05/11] define backport commit message in constant --- .github/update-release-branch.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index d5ba6c925e..90d3c995b7 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -13,6 +13,9 @@ """ +# NB: This exact commit message is used to find commits for reverting during backports. +# Changing it requires a transition period where both old and new versions are supported. +BACKPORT_COMMIT_MESSAGE = 'Update version and changelog for v' # Name of the remote ORIGIN = 'origin' @@ -287,7 +290,7 @@ def main(): # This commit will not exist the first time we release the v{N-1} branch from the v{N} branch, so we # use `git log --grep` to conditionally revert the commit. print('Reverting the version number and changelog updates from the last release to avoid conflicts') - vOlder_update_commits = run_git('log', '--grep', '^Update version and changelog for v', '--format=%H').split() + vOlder_update_commits = run_git('log', '--grep', f'^{BACKPORT_COMMIT_MESSAGE}', '--format=%H').split() if len(vOlder_update_commits) > 0: print(f' Reverting {vOlder_update_commits[0]}') @@ -329,7 +332,7 @@ def main(): # Amend the commit generated by `npm version` to update the CHANGELOG run_git('add', 'CHANGELOG.md') - run_git('commit', '-m', f'Update version and changelog for v{version}') + run_git('commit', '-m', f'{BACKPORT_COMMIT_MESSAGE}{version}') else: # If we're performing a standard release, there won't be any new commits on the target branch, # as these will have already been merged back into the source branch. Therefore we can just From 57932be6d40f2cd95e2c7b6690bea3b6e58762cf Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 11:49:17 +0000 Subject: [PATCH 06/11] remove unused function --- .github/actions/release-branches/release-branches.py | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/actions/release-branches/release-branches.py b/.github/actions/release-branches/release-branches.py index fcadd808d2..8e8bf37db5 100644 --- a/.github/actions/release-branches/release-branches.py +++ b/.github/actions/release-branches/release-branches.py @@ -8,16 +8,6 @@ OLDEST_SUPPORTED_MAJOR_VERSION = 2 -# Runs git with the given args and returns the stdout. -# Raises an error if git does not exit successfully (unless passed -# allow_non_zero_exit_code=True). -def run_git(*args, allow_non_zero_exit_code=False): - cmd = ['git', *args] - p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - if not allow_non_zero_exit_code and p.returncode != 0: - raise Exception(f'Call to {" ".join(cmd)} exited with code {p.returncode} stderr: {p.stderr.decode("ascii")}.') - return p.stdout.decode('ascii') - def main(): parser = argparse.ArgumentParser() From ee748cf360358684ead808cff8f4a0e9d1cca895 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 12:22:12 +0000 Subject: [PATCH 07/11] respond to more review comments --- .github/update-release-branch.py | 7 +++---- .github/workflows/post-release-mergeback.yml | 2 +- .github/workflows/update-release-branch.yml | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index 90d3c995b7..ff65abe84d 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -97,13 +97,13 @@ def open_pr( if not is_primary_release: body.append(' - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.') body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.') - body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.') + body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.') body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.') if is_primary_release: body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.') - body.append(' - [ ] Merge the v1 release PR that will automatically be created once this PR is merged.') + body.append(' - [ ] Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.') title = f'Merge {source_branch} into {target_branch}' labels = ['Update dependencies'] if not is_primary_release else [] @@ -300,7 +300,6 @@ def main(): # Also revert the "Update checked-in dependencies" commit created by Actions. update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0] - # TODO: why is this failing for the v2 branch currently...? print(f' Reverting {update_dependencies_commit}') run_git('revert', update_dependencies_commit, '--no-edit') @@ -326,7 +325,7 @@ def main(): # Remove changelog notes from all versions that do not apply to the vOlder branch print(f'Removing changelog notes that do not apply to v{target_branch_major_version}') - for v in range(int(target_branch_major_version)+1, int(source_branch_major_version)+1): + for v in range(int(source_branch_major_version), int(target_branch_major_version), -1): print(f'Removing changelog notes that are tagged [v{v}+ only\]') subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md']) diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index f4cba080cc..c3d0b291a4 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -3,7 +3,7 @@ # tag # 2. Updates the `vN` tag to refer to this merge commit. # 3. Iff vN == vLatest, merges any changes from the release back into the main branch. -# Typically, this is just a single commit that updates the changelog. +# Typically, this is two commits – one to update the version number and one to update dependencies. name: Tag release and merge back on: diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index f5ab2cda85..05fc4c43c1 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -105,7 +105,7 @@ jobs: timeout-minutes: 45 runs-on: ubuntu-latest needs: [prepare] - if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' && needs.prepare.outputs.backport_target_branches != '' }} + if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }} strategy: fail-fast: false matrix: From 0e9a210226d6fd1008805163b449ed40fb6bd191 Mon Sep 17 00:00:00 2001 From: nickfyson Date: Wed, 6 Dec 2023 15:54:23 +0000 Subject: [PATCH 08/11] update workflows to run on all release branches --- .github/workflows/__all-platform-bundle.yml | 2 +- .github/workflows/__analyze-ref-input.yml | 2 +- .github/workflows/__autobuild-action.yml | 2 +- .github/workflows/__config-export.yml | 2 +- .github/workflows/__cpp-deptrace-disabled.yml | 2 +- .github/workflows/__cpp-deptrace-enabled-on-macos.yml | 2 +- .github/workflows/__cpp-deptrace-enabled.yml | 2 +- .github/workflows/__diagnostics-export.yml | 2 +- .github/workflows/__export-file-baseline-information.yml | 2 +- .github/workflows/__extractor-ram-threads.yml | 2 +- .github/workflows/__go-custom-queries.yml | 2 +- .../workflows/__go-indirect-tracing-workaround-diagnostic.yml | 2 +- .github/workflows/__go-indirect-tracing-workaround.yml | 2 +- .github/workflows/__go-tracing-autobuilder.yml | 2 +- .github/workflows/__go-tracing-custom-build-steps.yml | 2 +- .github/workflows/__go-tracing-legacy-workflow.yml | 2 +- .github/workflows/__init-with-registries.yml | 2 +- .github/workflows/__javascript-source-root.yml | 2 +- .github/workflows/__language-aliases.yml | 2 +- .github/workflows/__multi-language-autodetect.yml | 2 +- .../workflows/__packaging-codescanning-config-inputs-js.yml | 2 +- .github/workflows/__packaging-config-inputs-js.yml | 2 +- .github/workflows/__packaging-config-js.yml | 2 +- .github/workflows/__packaging-inputs-js.yml | 2 +- .github/workflows/__remote-config.yml | 2 +- .github/workflows/__resolve-environment-action.yml | 2 +- .github/workflows/__rubocop-multi-language.yml | 2 +- .github/workflows/__ruby.yml | 2 +- .github/workflows/__scaling-reserved-ram.yml | 2 +- .github/workflows/__split-workflow.yml | 2 +- .github/workflows/__submit-sarif-failure.yml | 2 +- .github/workflows/__swift-custom-build.yml | 2 +- .github/workflows/__test-autobuild-working-dir.yml | 2 +- .github/workflows/__test-local-codeql.yml | 2 +- .github/workflows/__test-proxy.yml | 2 +- .github/workflows/__unset-environment.yml | 2 +- .github/workflows/__upload-ref-sha-input.yml | 2 +- .github/workflows/__with-checkout-path.yml | 2 +- .github/workflows/codeql.yml | 4 ++-- .github/workflows/codescanning-config-cli.yml | 2 +- .github/workflows/debug-artifacts-failure.yml | 2 +- .github/workflows/debug-artifacts.yml | 2 +- .github/workflows/expected-queries-runs.yml | 2 +- .github/workflows/pr-checks.yml | 2 +- .github/workflows/python-deps.yml | 2 +- .github/workflows/python312-windows.yml | 2 +- .github/workflows/query-filters.yml | 2 +- .github/workflows/test-codeql-bundle-all.yml | 4 ++-- pr-checks/sync.py | 2 +- 49 files changed, 51 insertions(+), 51 deletions(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index bdeec0d733..e3259fc218 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index b6a8e73454..5460fe4ebd 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 505fe9cb6d..234f4df081 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index 7d2ce0a355..addaabdf6f 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 926d5937dd..0194e50ac4 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index d7b44159e0..ce5f20e9de 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index 4eb4a3b8cf..1b0d1dab4f 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index d1c1792552..50a9d1a0d3 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 441832e741..80416657a7 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 002d54b8f3..26a3a360f2 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index 1c675864c5..9dafaffbcc 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index ff27ee9ecc..6dae25e8ce 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index 0fed7975e5..0b88c9dc36 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 1637f9fffc..628cbc9dc9 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 1e8a1793c5..2d7456e8ff 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index c492f73f44..0104176c7c 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 5199037270..d4b024b229 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index d97ea8fa57..1e16e038cd 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index ad09ba50ff..cd7328f770 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 3f0abc055d..ee02328988 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 5f6df119ea..693e8735b4 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 301ed93644..7266f7875e 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 1ad522c4cf..11cf41fa2d 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 70107fbcc7..02bcbd616c 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 2fe580d64d..21f119f2de 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index cd09e77e73..4f8eccef6b 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 5212739e78..8118023b8c 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 494ea3c970..d936ff7d68 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__scaling-reserved-ram.yml b/.github/workflows/__scaling-reserved-ram.yml index a05bf4fe42..02d4c006a6 100644 --- a/.github/workflows/__scaling-reserved-ram.yml +++ b/.github/workflows/__scaling-reserved-ram.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 2a1de694ca..b616ff391c 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 6e0547ce5d..09f686d2be 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index f7e46a8964..ff48104a3a 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__test-autobuild-working-dir.yml b/.github/workflows/__test-autobuild-working-dir.yml index bb33137958..bd5d65b514 100644 --- a/.github/workflows/__test-autobuild-working-dir.yml +++ b/.github/workflows/__test-autobuild-working-dir.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml index dbe401e8cb..769a74226c 100644 --- a/.github/workflows/__test-local-codeql.yml +++ b/.github/workflows/__test-local-codeql.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml index aefaaf6307..84f6b752b6 100644 --- a/.github/workflows/__test-proxy.yml +++ b/.github/workflows/__test-proxy.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index fa0583f4a4..23e0c9c684 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index a0823442cb..2d6396f503 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index cf225e6e75..d72c4f4da6 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -12,7 +12,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index daf14f7539..378aa9f305 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,9 +2,9 @@ name: "CodeQL action" on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: - branches: [main, releases/v2] + branches: [main, releases/v*] # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 801324ecca..bde425f220 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -9,7 +9,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/debug-artifacts-failure.yml b/.github/workflows/debug-artifacts-failure.yml index c15d92c00f..8ac02581eb 100644 --- a/.github/workflows/debug-artifacts-failure.yml +++ b/.github/workflows/debug-artifacts-failure.yml @@ -10,7 +10,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/debug-artifacts.yml b/.github/workflows/debug-artifacts.yml index 5ce95784c1..8f38343db2 100644 --- a/.github/workflows/debug-artifacts.yml +++ b/.github/workflows/debug-artifacts.yml @@ -9,7 +9,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml index c195245b9f..59c36b7dad 100644 --- a/.github/workflows/expected-queries-runs.yml +++ b/.github/workflows/expected-queries-runs.yml @@ -4,7 +4,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 508f3292a0..bfddd8b35f 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -2,7 +2,7 @@ name: PR Checks on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/python-deps.yml b/.github/workflows/python-deps.yml index 540194a027..4d054a31aa 100644 --- a/.github/workflows/python-deps.yml +++ b/.github/workflows/python-deps.yml @@ -2,7 +2,7 @@ name: Test Python Package Installation on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index 95bd747408..d4ab319be7 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -2,7 +2,7 @@ name: Test that the workaround for python 3.12 on windows works on: push: - branches: [main, releases/v2] + branches: [main, releases/v*] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 81ddb91027..b13e26577b 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -4,7 +4,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 43bab7d243..0ea140261b 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -9,7 +9,7 @@ on: push: branches: - main - - releases/v2 + - releases/v* pull_request: types: - opened @@ -53,4 +53,4 @@ jobs: with: upload-database: false env: - CODEQL_ACTION_TEST_MODE: true \ No newline at end of file + CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 3b9f69202f..31454dde45 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -162,7 +162,7 @@ def writeHeader(checkStream): }, 'on': { 'push': { - 'branches': ['main', 'releases/v2'] + 'branches': ['main', 'releases/v*'] }, 'pull_request': { 'types': ["opened", "synchronize", "reopened", "ready_for_review"] From c6e24c94be1c0836c1f80e4ee2c5ae88f37cb55e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 10:49:40 +0000 Subject: [PATCH 09/11] Update changelog for v2.22.9 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 875784f48c..a2c0bb145d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 2.22.9 - 07 Dec 2023 No user facing changes. From 5e0f9dbc48f564b68392e465dcdacd74eab63e25 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 11:33:23 +0000 Subject: [PATCH 10/11] Update changelog and version after v2.22.9 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2c0bb145d..612d91c269 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 2.22.9 - 07 Dec 2023 No user facing changes. diff --git a/package-lock.json b/package-lock.json index 31cc45a544..4a58b5418f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "license": "MIT", "dependencies": { "@actions/artifact": "^1.1.2", diff --git a/package.json b/package.json index b0113149e0..fe4e353c0e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "private": true, "description": "CodeQL action", "scripts": { From 458b4226ad8e38f90ff6a4ad1e18ab2593e7e3dc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 11:37:26 +0000 Subject: [PATCH 11/11] Update checked-in dependencies --- node_modules/.package-lock.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 6d3c1aaad1..63536577ca 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "2.22.9", + "version": "2.22.10", "lockfileVersion": 3, "requires": true, "packages": {