When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.
Only runs when the PR base is github/codeql, to prevent notifications from forks.
- Fail the CI check if change note is missing.
- Disregards changes outside of `*/ql/src`.
- Runs the workflow on label changes, and upon moving the PR out of
draft mode.
- Only fails the CI check if the PR is out of draft.
- Changes label to `no-change-note-required`.
Analysing all branches on both 'push' and 'pull request' events causes
duplicate analysis. It is only necessary to analyse the _target_
branches of pull requests on push.
Bring the CodeQL workflow up to date with the latest recommended
configuration, which analyses the merge commit of pull requests (not the
head of the PR branch).
* Create a PowerShell script that can be used to report on the set of queries inside of a particular QL Suite.
* Translate PowerShell script into Python
* support running this script from anywhere within the CodeQL git repo
* print non-fatal error if metadata is not available
* make sure warning about missing pack is printed to stderr
* only run on pushes against main and rcs
* detect repo by checking remote, rather than first SHA
* specify full sha of dsaltares/fetch-gh-release-asset
* trigger workflow on PR that modifies paths of interest
Co-authored-by: Justin Hutchings <jhutchings1@users.noreply.github.com>
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
