LizardByte · ReenigneArcher · Jun 9, 2024 · May 24, 2024 · May 24, 2024 · May 26, 2024
diff --git a/.github/pr_release_template.md b/.github/pr_release_template.md
diff --git a/.github/workflows/auto-create-pr.yml b/.github/workflows/auto-create-pr.yml
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml
@@ -22,10 +22,10 @@ name: CI Docker
 
 on:
   pull_request:
-    branches: [master, nightly]
+    branches: [master]
     types: [opened, synchronize, reopened]
   push:
-    branches: [master, nightly]
+    branches: [master]
   workflow_dispatch:
 
 concurrency:
@@ -103,8 +103,9 @@ jobs:
       - check_dockerfiles
     outputs:
       publish_release: ${{ steps.setup_release.outputs.publish_release }}
-      release_build: ${{ steps.setup_release.outputs.release_build }}
+      release_body: ${{ steps.setup_release.outputs.release_body }}
       release_commit: ${{ steps.setup_release.outputs.release_commit }}
+      release_generate_release_notes: ${{ steps.setup_release.outputs.release_generate_release_notes }}
       release_tag: ${{ steps.setup_release.outputs.release_tag }}
       release_version: ${{ steps.setup_release.outputs.release_version }}
     runs-on: ubuntu-latest
@@ -114,7 +115,7 @@ jobs:
 
       - name: Setup Release
         id: setup_release
-        uses: LizardByte/setup-release-action@v2024.520.181643
+        uses: LizardByte/setup-release-action@v2024.608.210128
         with:
           dotnet: ${{ needs.check_dockerfiles.outputs.dotnet }}
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -211,8 +212,6 @@ jobs:
           if [[ $GITHUB_REF == refs/heads/master ]]; then
             TAGS="${TAGS},${BASE_TAG}:latest${{ matrix.tag }},ghcr.io/${BASE_TAG}:latest${{ matrix.tag }}"
             TAGS="${TAGS},${BASE_TAG}:master${{ matrix.tag }},ghcr.io/${BASE_TAG}:master${{ matrix.tag }}"
-          elif [[ $GITHUB_REF == refs/heads/nightly ]]; then
-            TAGS="${TAGS},${BASE_TAG}:nightly${{ matrix.tag }},ghcr.io/${BASE_TAG}:nightly${{ matrix.tag }}"
           else
             TAGS="${TAGS},${BASE_TAG}:test${{ matrix.tag }},ghcr.io/${BASE_TAG}:test${{ matrix.tag }}"
           fi
@@ -363,12 +362,13 @@ jobs:
 
       - name: Create/Update GitHub Release
         if: ${{ needs.setup_release.outputs.publish_release == 'true' && steps.prepare.outputs.artifacts == 'true' }}
-        uses: LizardByte/create-release-action@v2024.520.180003
+        uses: LizardByte/create-release-action@v2024.609.5014
         with:
           allowUpdates: true
           artifacts: "*artifacts/*"
+          body: ${{ needs.setup_release.outputs.release_body }}
           discussionCategory: announcements
-          generateReleaseNotes: true
+          generateReleaseNotes: ${{ needs.setup_release.outputs.release_generate_release_notes }}
           name: ${{ needs.setup_release.outputs.release_tag }}
           prerelease: true
           tag: ${{ needs.setup_release.outputs.release_tag }}

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -9,9 +9,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: ["master", "nightly"]
+    branches: ["master"]
   pull_request:
-    branches: ["master", "nightly"]
+    branches: ["master"]
   schedule:
     - cron: '00 12 * * 0'  # every Sunday at 12:00 UTC
 
@@ -140,9 +140,12 @@ jobs:
           submodules: recursive
 
       - name: Setup msys2
-        if: runner.os == 'Windows'
+        if: >-
+          runner.os == 'Windows' &&
+          matrix.language == 'cpp'
         uses: msys2/setup-msys2@v2
         with:
+          msystem: ucrt64
           update: true
 
       # Initializes the CodeQL tools for scanning.
@@ -157,6 +160,10 @@ jobs:
           # yamllint disable-line rule:line-length
           # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # queries: security-extended,security-and-quality
+          config: |
+            paths-ignore:
+              - node_modules
+              - third-party
 
       # Pre autobuild
       # create a file named .codeql-prebuild-${{ matrix.language }}.sh in the root of your repository
@@ -180,3 +187,26 @@ jobs:
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{matrix.language}}"
+          output: sarif-results
+          upload: failure-only
+
+      - name: filter-sarif
+        uses: advanced-security/filter-sarif@v1
+        with:
+          input: sarif-results/${{ matrix.language }}.sarif
+          output: sarif-results/${{ matrix.language }}.sarif
+          patterns: |
+            -node_modules/**
+            -third\-party/**
+
+      - name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: sarif-results/${{ matrix.language }}.sarif
+
+      - name: Upload loc as a Build Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sarif-results-${{ matrix.language }}-${{ runner.os }}
+          path: sarif-results
+          retention-days: 1
diff --git a/.github/workflows/python-flake8.yml b/.github/workflows/python-flake8.yml
@@ -9,11 +9,11 @@ name: flake8
 
 on:
   pull_request:
-    branches: [master, nightly]
+    branches: [master]
     types: [opened, synchronize, reopened]
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: "${{ github.workflow }}-${{ github.ref }}"
   cancel-in-progress: true
 
 jobs:

diff --git a/.github/workflows/yaml-lint.yml b/.github/workflows/yaml-lint.yml
@@ -9,11 +9,11 @@ name: yaml lint
 
 on:
   pull_request:
-    branches: [master, nightly]
+    branches: [master]
     types: [opened, synchronize, reopened]
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: "${{ github.workflow }}-${{ github.ref }}"
   cancel-in-progress: true
 
 jobs: