mirror of
https://github.com/github/codeql.git
synced 2026-05-25 00:27:09 +02:00
68 lines
2.1 KiB
YAML
68 lines
2.1 KiB
YAML
name: Sync Main
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '55 * * * *'
|
|
|
|
jobs:
|
|
|
|
sync-main:
|
|
|
|
name: Sync-main
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'microsoft/codeql'
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
token: ${{ secrets.WORKFLOW_TOKEN }}
|
|
- name: Git config
|
|
shell: bash
|
|
run: |
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
- name: Add and fetch upstream
|
|
run: |
|
|
git remote add upstream https://github.com/github/codeql.git
|
|
git fetch upstream --tags --force
|
|
- name: Create or reset sync branch
|
|
run: |
|
|
git fetch origin sync-main-pr || true
|
|
git checkout -B sync-main-pr origin/main
|
|
git merge upstream/codeql-cli/latest --no-edit || true
|
|
- name: Setup CodeQL
|
|
shell: bash
|
|
run: |
|
|
gh extension install github/gh-codeql
|
|
gh codeql version
|
|
printf "CODEQL_FETCHED_CODEQL_PATH=" >> "${GITHUB_ENV}"
|
|
gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_ENV}"
|
|
gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}"
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|
|
- name: Compile PowerShell Queries
|
|
run: |
|
|
codeql query compile --check-only --keep-going powershell/ql/src
|
|
- name: Push sync branch
|
|
run: |
|
|
git push origin sync-main-pr --force
|
|
- name: Create or update PR
|
|
run: |
|
|
PR_URL=$(gh pr list --head sync-main-pr --json url --jq '.[0].url')
|
|
if [ -z "$PR_URL" ]; then
|
|
gh pr create \
|
|
--title "Automated sync from upstream" \
|
|
--body "This PR syncs the latest changes from \`codeql-cli/latest\` into \`main\`." \
|
|
--head sync-main-pr \
|
|
--base main
|
|
else
|
|
echo "PR already exists: $PR_URL"
|
|
fi
|
|
env:
|
|
GITHUB_TOKEN: ${{ github.token }}
|