From f362496fd14319a30b771fb8905c44ff24694939 Mon Sep 17 00:00:00 2001
From: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Date: Thu, 29 Apr 2021 18:24:30 +0100
Subject: [PATCH 1/5] Automatically update submodule pointers

---
 .../workflows/check-submodule-pointers.yml    | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/check-submodule-pointers.yml

diff --git a/.github/workflows/check-submodule-pointers.yml b/.github/workflows/check-submodule-pointers.yml
new file mode 100644
index 0000000..2ff7311
--- /dev/null
+++ b/.github/workflows/check-submodule-pointers.yml
@@ -0,0 +1,38 @@
+name: Check submodule pointers
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  check-submodules:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Check ql submodule
+        env: 
+          GITHUB_TOKEN: ${{ github.token }}
+        run: |
+          # Tip of the lgtm.com branch
+          target_sha=$(gh api repos/github/codeql/git/ref/heads/lgtm.com --jq '.object.sha')
+          
+          if [ $(git rev-parse @:./ql) == $target_sha ]; then
+            echo "The ql submodule already points to the tip of the lgtm.com branch. Nothing to do."
+          else
+            cd ql
+            git fetch origin $target_sha
+            git checkout $target_sha
+            cd ..
+            git add ql
+            git config user.name "github-actions[bot]"
+            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git commit -m "Bump ql submodule to latest lgtm.com"
+            git push origin $GITHUB_REF
+          fi 
+# Do similar thing for codeql-go

From ac8bde0aa6719dc4cd99251f2b27af9950516d95 Mon Sep 17 00:00:00 2001
From: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Date: Thu, 29 Apr 2021 19:51:42 +0100
Subject: [PATCH 2/5] Just check submodule pointers

---
 .../workflows/check-submodule-pointers.yml    | 27 +++++--------------
 1 file changed, 7 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/check-submodule-pointers.yml b/.github/workflows/check-submodule-pointers.yml
index 2ff7311..ff17e59 100644
--- a/.github/workflows/check-submodule-pointers.yml
+++ b/.github/workflows/check-submodule-pointers.yml
@@ -12,27 +12,14 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
-        with:
-          submodules: true
 
-      - name: Check ql submodule
+      - name: Compare submodule pointers to lgtm.com branch
         env: 
           GITHUB_TOKEN: ${{ github.token }}
         run: |
-          # Tip of the lgtm.com branch
-          target_sha=$(gh api repos/github/codeql/git/ref/heads/lgtm.com --jq '.object.sha')
-          
-          if [ $(git rev-parse @:./ql) == $target_sha ]; then
-            echo "The ql submodule already points to the tip of the lgtm.com branch. Nothing to do."
-          else
-            cd ql
-            git fetch origin $target_sha
-            git checkout $target_sha
-            cd ..
-            git add ql
-            git config user.name "github-actions[bot]"
-            git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-            git commit -m "Bump ql submodule to latest lgtm.com"
-            git push origin $GITHUB_REF
-          fi 
-# Do similar thing for codeql-go
+            if [ $(git rev-parse @:./ql) != $(gh api repos/github/codeql/git/ref/heads/lgtm.com --jq '.object.sha') ] || \
+               [ $(git rev-parse @:./codeql-go) != $(gh api repos/github/codeql-go/git/ref/heads/lgtm.com --jq '.object.sha') ]
+            then
+              echo "Submodules are out-of-date. Please update submodule pointers to the latest lgtm.com branch."
+              exit 1
+            fi

From 54ed69d323e9618db8078129824d5181d4f5018e Mon Sep 17 00:00:00 2001
From: shati-patel <42641846+shati-patel@users.noreply.github.com>
Date: Thu, 29 Apr 2021 20:50:04 +0100
Subject: [PATCH 3/5] Tidy error messages and split up checks

---
 .../workflows/check-submodule-pointers.yml    | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/check-submodule-pointers.yml b/.github/workflows/check-submodule-pointers.yml
index ff17e59..8051060 100644
--- a/.github/workflows/check-submodule-pointers.yml
+++ b/.github/workflows/check-submodule-pointers.yml
@@ -3,23 +3,28 @@ name: Check submodule pointers
 on:
   push:
     branches: [ main ]
-  pull_request:
-    branches: [ main ]
 
 jobs:
   check-submodules:
     runs-on: ubuntu-latest
-
+    if: github.repository == 'github/vscode-codeql-starter'
     steps:
       - uses: actions/checkout@v2
 
       - name: Compare submodule pointers to lgtm.com branch
         env: 
-          GITHUB_TOKEN: ${{ github.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-            if [ $(git rev-parse @:./ql) != $(gh api repos/github/codeql/git/ref/heads/lgtm.com --jq '.object.sha') ] || \
-               [ $(git rev-parse @:./codeql-go) != $(gh api repos/github/codeql-go/git/ref/heads/lgtm.com --jq '.object.sha') ]
-            then
-              echo "Submodules are out-of-date. Please update submodule pointers to the latest lgtm.com branch."
+            CODEQL_ACTUAL_SHA="$(git rev-parse @:./ql)"
+            CODEQL_EXPECTED_SHA="$(gh api repos/github/codeql/git/ref/heads/lgtm.com --jq '.object.sha')"
+            if [ "$CODEQL_EXPECTED_SHA" != "$CODEQL_ACTUAL_SHA" ]; then 
+              echo "::error:: The ql submodule is out of date with the lgtm.com branch of github/codeql. Expected $CODEQL_EXPECTED_SHA, found $CODEQL_ACTUAL_SHA."
+              exit 1
+            fi
+
+            CODEQL_GO_ACTUAL_SHA="$(git rev-parse @:./codeql-go)"
+            CODEQL_GO_EXPECTED_SHA="$(gh api repos/github/codeql-go/git/ref/heads/lgtm.com --jq '.object.sha')"
+            if [ "$CODEQL_GO_EXPECTED_SHA" != "$CODEQL_GO_ACTUAL_SHA" ]; then 
+              echo "::error:: The codeql-go submodule is out of date with the lgtm.com branch of github/codeql-go. Expected $CODEQL_GO_EXPECTED_SHA, found $CODEQL_GO_ACTUAL_SHA."
               exit 1
             fi

From bb07caa1cbc15718c10713d6231e2e514a2b355b Mon Sep 17 00:00:00 2001
From: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Date: Thu, 29 Apr 2021 22:11:56 +0100
Subject: [PATCH 4/5] Run on schedule

---
 .github/workflows/check-submodule-pointers.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/check-submodule-pointers.yml b/.github/workflows/check-submodule-pointers.yml
index 8051060..8996b16 100644
--- a/.github/workflows/check-submodule-pointers.yml
+++ b/.github/workflows/check-submodule-pointers.yml
@@ -3,6 +3,8 @@ name: Check submodule pointers
 on:
   push:
     branches: [ main ]
+  schedule:
+    - cron: '42 12 * * *'
 
 jobs:
   check-submodules:

From 4572d051a8c7a973931e72cd5e8abdd5aa698354 Mon Sep 17 00:00:00 2001
From: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Date: Thu, 29 Apr 2021 22:36:13 +0100
Subject: [PATCH 5/5] Add workflow_dispatch

Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
---
 .github/workflows/check-submodule-pointers.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/check-submodule-pointers.yml b/.github/workflows/check-submodule-pointers.yml
index 8996b16..f4683b3 100644
--- a/.github/workflows/check-submodule-pointers.yml
+++ b/.github/workflows/check-submodule-pointers.yml
@@ -1,6 +1,7 @@
 name: Check submodule pointers
 
 on:
+  workflow_dispatch:
   push:
     branches: [ main ]
   schedule: