Skip to content

Add workflow for updating release used by start-proxy #2941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mbg merged 17 commits into from
Jun 24, 2025
Merged

Add workflow for updating release used by start-proxy #2941

Changes from 9 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
6b9b66d
Add workflow for updating release used by `start-proxy`
mbg Jun 23, 2025
0180811
Use environment variable to store release tag
mbg Jun 23, 2025
e8ad3af
Add `push` trigger for testing
mbg Jun 23, 2025
286556a
Fix `pr_title` quotes
mbg Jun 23, 2025
7ca4105
Fix branch name
mbg Jun 23, 2025
37a3fcc
Improve PR title formatting
mbg Jun 23, 2025
c55fb0a
Fix `pr_body` contents
mbg Jun 23, 2025
fcd0ad4
Start with `main`
mbg Jun 23, 2025
46cafbc
Add missing `v` to regex
mbg Jun 23, 2025
e044b15
Check that the release tag has the expected format
mbg Jun 23, 2025
cce0287
Check that the release exists
mbg Jun 23, 2025
9ee60a6
Run on Ubuntu
mbg Jun 23, 2025
6a3692d
Construct target branch name in `checks` step
mbg Jun 23, 2025
0cec254
Use `--dry-run` for non-`workflow_dispatch` events
mbg Jun 23, 2025
6e22e41
Add reminder to mark PR as ready for review to trigger CI
mbg Jun 23, 2025
bbfc5be
Replace inline expressions with environment variables
mbg Jun 24, 2025
2e3b93f
Remove push trigger that was used for testing
mbg Jun 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions .github/workflows/update-proxy-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Update dependency proxy release assets
on:
push:
branches:
- mbg/update-proxy-binaries # for testing
workflow_dispatch:
inputs:
tag:
description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
type: string
required: true

jobs:
update:
name: Update code and create PR
timeout-minutes: 15
runs-on: macos-latest
Comment thread
mbg marked this conversation as resolved.
Outdated
permissions:
contents: write # needed to push the updated files
pull-requests: write # needed to create the PR
env:
RELEASE_TAG: ${{ inputs.tag || 'codeql-bundle-v2.22.0' }}
Comment thread
mbg marked this conversation as resolved.
Outdated
steps:
- name: Install Node
uses: actions/setup-node@v4

- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # ensure we have all tags and can push commits
ref: main
Comment on lines +42 to +46
Copy link
Copy Markdown
Contributor

@esbena esbena Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we move this checkout earlier than the Check that the release exists step, then gh will pick up the repository to query automatically, allowing us to drop the --repo. Checkout is fast enough that it can go before the error checking IMO.

Copy link
Copy Markdown
Member Author

@mbg mbg Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had considered that, but explicitly adding the --repo argument isn't much of an inconvenience so it makes more sense to me to perform the check first.


- name: Update git config
shell: bash
run: |
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global user.name "github-actions[bot]"

- name: Update release tag and version
shell: bash
run: |
NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
sed -i '' "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]*/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
sed -i '' "s/\"v2.0.[0-9]*\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts

- name: Push changes and open PR
shell: bash
env:
BRANCH: "dependency-proxy/${{ env.RELEASE_TAG }}"
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: |
set -exu
pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
pr_body=$(cat << EOF
This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
are attached as release assets to the \`$RELEASE_TAG\` release.


Please do the following before merging:

- [ ] Verify that the changes to the code are correct.
EOF
)

git checkout -b "$BRANCH"

npm run build
git add ./src/start-proxy-action.ts
git add ./lib
git commit -m "$pr_title"

git push origin "$BRANCH"
gh pr create \
--head "$BRANCH" \
--base "main" \
--title "${pr_title}" \
--body "${pr_body}" \
--draft
Loading