github · alexet · Apr 5, 2023 · Mar 27, 2023 · Mar 27, 2023 · Mar 27, 2023
@@ -44,7 +44,7 @@ runs:
       env:
         CODEQL_ACTION_TEST_MODE: "true"
     - name: Check SARIF
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file:  ${{ inputs.sarif-file }}
         queries-run: ${{ inputs.queries-run}}

@@ -0,0 +1,14 @@
+name: Update default CodeQL bundle
+description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
+
+runs:
+  using: composite
+  steps:
+    - name: Install ts-node
+      shell: bash
+      run: npm install -g ts-node
+
+    - name: Run update script
+      working-directory: ${{ github.action_path }}
+      shell: bash
+      run: ts-node ./index.ts
@@ -0,0 +1,69 @@
+import * as fs from 'fs';
+import * as github from '@actions/github';
+
+interface BundleInfo {
+  bundleVersion: string;
+  cliVersion: string;
+}
+
+interface Defaults {
+  bundleVersion: string;
+  cliVersion: string;
+  priorBundleVersion: string;
+  priorCliVersion: string;
+}
+
+const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
+
+function getCodeQLCliVersionForRelease(release): string {
+  // We do not currently tag CodeQL bundles based on the CLI version they contain.
+  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
+  // This marker file is uploaded as a release asset for all new CodeQL bundles.
+  const cliVersionsFromMarkerFiles = release.assets
+  .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+  .filter((v) => v)
+  .map((v) => v as string);
+  if (cliVersionsFromMarkerFiles.length > 1) {
+    throw new Error(
+      `Release ${release.tag_name} has multiple CLI version marker files.`
+      );
+    } else if (cliVersionsFromMarkerFiles.length === 0) {
+      throw new Error(
+        `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+        );
+      }
+      return cliVersionsFromMarkerFiles[0];
+    }
+
+    async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+      return {
+        bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
+        cliVersion: getCodeQLCliVersionForRelease(release)
+      };
+    }
+
+    async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+      const release = github.context.payload.release;
+      console.log('Updating default bundle as a result of the following release: ' +
+      `${JSON.stringify(release)}.`)
+
+      const bundleInfo = await getBundleInfoFromRelease(release);
+      return {
+        bundleVersion: bundleInfo.bundleVersion,
+        cliVersion: bundleInfo.cliVersion,
+        priorBundleVersion: currentDefaults.bundleVersion,
+        priorCliVersion: currentDefaults.cliVersion
+      };
+    }
+
+    async function main() {
+      const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+      const newDefaults = await getNewDefaults(previousDefaults);
+      // Update the source file in the repository. Calling workflows should subsequently rebuild
+      // the Action to update `lib/defaults.json`.
+      fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+    }
+
+    // Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+    // So instead we rely on the fact that Node won't exit until the event loop is empty.
+    main();
@@ -16,6 +16,6 @@ updates:
     schedule:
       interval: weekly
   - package-ecosystem: github-actions
-    directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
     schedule:
       interval: weekly