diff --git a/.github/actions/prepare-test/action.yml b/.github/actions/prepare-test/action.yml index 2cbe4626e9..85a012c94a 100644 --- a/.github/actions/prepare-test/action.yml +++ b/.github/actions/prepare-test/action.yml @@ -49,7 +49,7 @@ runs: echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version-manual/$artifact_name" >> $GITHUB_OUTPUT elif [[ ${{ inputs.version }} == *"stable"* ]]; then version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'` - echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT + echo "tools-url=https://github.com/nickfyson-org/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT elif [[ ${{ inputs.version }} == "latest" ]]; then echo "tools-url=latest" >> $GITHUB_OUTPUT elif [[ ${{ inputs.version }} == "default" ]]; then diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index cc7067d6f4..95f6195c84 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,5 +1,5 @@ ### Merge / deployment checklist - [ ] Confirm this change is backwards compatible with existing workflows. -- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) has been updated if necessary. -- [ ] Confirm the [changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) has been updated if necessary. +- [ ] Confirm the [readme](https://github.com/nickfyson-org/codeql-action/blob/main/README.md) has been updated if necessary. +- [ ] Confirm the [changelog](https://github.com/nickfyson-org/codeql-action/blob/main/CHANGELOG.md) has been updated if necessary. diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index b17cafc7a7..02dc17bcf6 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -1,5 +1,6 @@ import argparse import datetime +import re from github import Github import json import os @@ -174,6 +175,59 @@ def get_today_string(): today = datetime.datetime.today() return '{:%d %b %Y}'.format(today) +def process_changelog_for_backports(source_branch_major_version, target_branch_major_version): + + # changelog entries can use the following format to indicate + # that they only apply to newer versions + some_versions_only_regex = re.compile(r'\[v(\d+)\+ only\]') + + output = '' + + with open('CHANGELOG.md', 'r') as f: + + # until we find the first section, just duplicate all lines + while True: + line = f.readline() + if not line: + raise Exception('Could not find the first changed section in CHANGELOG') # EOF + + if line.startswith('## '): + line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}') + # we have found the first section, so now handle things differently + break + + # found_content tracks whether we hit two headings in a row + found_content = False + output += '\n' + while True: + line = f.readline() + if not line: + break # EOF + line = line.rstrip('\n') + + # filter out changenote entries that apply only to newer versions + match = some_versions_only_regex.search(line) + if match: + if int(target_branch_major_version) < int(match.group(1)): + continue + + if line.startswith('## '): + line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}') + if found_content == False: + # we have found two headings in a row, so we need to add the placeholder message. + output += 'No user facing changes.\n' + found_content = False + output += f'\n{line}\n\n' + else: + if line.strip() != '': + found_content = True + # we use the original line here, rather than the stripped version + # so that we preserve indentation + output += line + '\n' + + with open('CHANGELOG.md', 'w') as f: + f.write(output) + def update_changelog(version): if (os.path.exists('CHANGELOG.md')): content = '' @@ -201,7 +255,7 @@ def main(): '--repository-nwo', type=str, required=True, - help='The nwo of the repository, for example github/codeql-action.' + help='The nwo of the repository, for example nickfyson-org/codeql-action.' ) parser.add_argument( '--source-branch', @@ -324,13 +378,7 @@ def main(): # Migrate the changelog notes from vLatest version numbers to vOlder version numbers print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}') - subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md']) - - # Remove changelog notes from all versions that do not apply to the vOlder branch - print(f'Removing changelog notes that do not apply to v{target_branch_major_version}') - for v in range(int(source_branch_major_version), int(target_branch_major_version), -1): - print(f'Removing changelog notes that are tagged [v{v}+ only\]') - subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md']) + process_changelog_for_backports(source_branch_major_version, target_branch_major_version) # Amend the commit generated by `npm version` to update the CHANGELOG run_git('add', 'CHANGELOG.md') diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index c5d225b410..4bb9cbfea6 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -21,5 +21,5 @@ jobs: bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")" set -x for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz"; do - curl --location --fail --head --request GET "https://github.com/github/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null + curl --location --fail --head --request GET "https://github.com/nickfyson-org/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null done diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index c3d0b291a4..f4434fa78a 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -21,7 +21,7 @@ on: jobs: merge-back: runs-on: ubuntu-latest - if: github.repository == 'github/codeql-action' + if: github.repository == 'nickfyson-org/codeql-action' env: BASE_BRANCH: "${{ github.event.inputs.baseBranch || 'main' }}" HEAD_BRANCH: "${{ github.head_ref || github.ref }}" diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index 3ce62baefb..4263657763 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -21,7 +21,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_NUMBER: ${{ github.event.pull_request.number }} run: | - gh pr edit --repo github/codeql-action "$PR_NUMBER" \ + gh pr edit --repo nickfyson-org/codeql-action "$PR_NUMBER" \ --remove-label "Rebuild" - name: Compile TypeScript @@ -55,6 +55,6 @@ jobs: git push origin "HEAD:$BRANCH" echo "Pushed a commit to rebuild the Action." \ "Please mark the PR as ready for review to trigger PR checks." | - gh pr comment --body-file - --repo github/codeql-action "$PR_NUMBER" - gh pr ready --undo --repo github/codeql-action "$PR_NUMBER" + gh pr comment --body-file - --repo nickfyson-org/codeql-action "$PR_NUMBER" + gh pr ready --undo --repo nickfyson-org/codeql-action "$PR_NUMBER" fi diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh index a06e90a380..b8809e2880 100755 --- a/.github/workflows/script/update-required-checks.sh +++ b/.github/workflows/script/update-required-checks.sh @@ -4,7 +4,7 @@ if ! gh auth status 2>/dev/null; then gh auth status - echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI." + echo "Failed: Not authorized. This script requires admin access to nickfyson-org/codeql-action through the gh CLI." exit 1 fi @@ -23,7 +23,7 @@ fi echo "Getting checks for $GITHUB_SHA" # Ignore any checks with "https://", CodeQL, LGTM, and Update checks. -CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')" +CHECKS="$(gh api repos/nickfyson-org/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')" echo "$CHECKS" | jq @@ -31,7 +31,7 @@ echo "{\"contexts\": ${CHECKS}}" > checks.json for BRANCH in main releases/v2; do echo "Updating $BRANCH" - gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json + gh api --silent -X "PATCH" "repos/nickfyson-org/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json done rm checks.json diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml index 0d24650e05..ba6177b842 100644 --- a/.github/workflows/update-dependencies.yml +++ b/.github/workflows/update-dependencies.yml @@ -8,7 +8,7 @@ jobs: name: Update dependencies timeout-minutes: 45 runs-on: macos-latest - if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action') + if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'nickfyson-org/codeql-action') steps: - name: Checkout repository uses: actions/checkout@v4 @@ -37,6 +37,6 @@ jobs: git push origin "HEAD:$BRANCH" echo "Pushed a commit to update the checked-in dependencies." \ "Please mark the PR as ready for review to trigger PR checks." | - gh pr comment --body-file - --repo github/codeql-action "${{ github.event.pull_request.number }}" - gh pr ready --undo --repo github/codeql-action "${{ github.event.pull_request.number }}" + gh pr comment --body-file - --repo nickfyson-org/codeql-action "${{ github.event.pull_request.number }}" + gh pr ready --undo --repo nickfyson-org/codeql-action "${{ github.event.pull_request.number }}" fi diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 05fc4c43c1..f48967ed21 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -15,7 +15,7 @@ jobs: prepare: runs-on: ubuntu-latest - if: github.repository == 'github/codeql-action' + if: github.repository == 'nickfyson-org/codeql-action' outputs: version: ${{ steps.versions.outputs.version }} major_version: ${{ steps.versions.outputs.major_version }} diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml index 25f72f0096..84cfaa9a62 100644 --- a/.github/workflows/update-supported-enterprise-server-versions.yml +++ b/.github/workflows/update-supported-enterprise-server-versions.yml @@ -10,7 +10,7 @@ jobs: name: Update Supported Enterprise Server Versions timeout-minutes: 45 runs-on: ubuntu-latest - if: ${{ github.repository == 'github/codeql-action' }} + if: ${{ github.repository == 'nickfyson-org/codeql-action' }} steps: - name: Setup Python