From b7ad0fef54c17a52aab48fbb86cbb143c4e45117 Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Thu, 30 May 2024 10:18:25 +0100 Subject: [PATCH 01/11] feat: Add Release file --- .release.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .release.yml diff --git a/.release.yml b/.release.yml new file mode 100644 index 00000000..7f4f5c5e --- /dev/null +++ b/.release.yml @@ -0,0 +1,16 @@ +name: "CodeQL Community Packs" +default: false + +locations: + - name: "CodeQL Packs" + paths: + - "**/qlpack.yml" + patterns: + - version:\s*([0-9]+\.[0-9]+\.[0-9]) + + - name: "CodeQL Pack Libaries" + paths: + - "**/qlpack.yml" + patterns: + - githubsecuritylab/codeql-[a-zA-Z]*-libs:\s*([0-9]+\.[0-9]+\.[0-9]) + From dfde6eeb0b06e497b393115fb9a1a0e6db88cd24 Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Thu, 30 May 2024 11:24:03 +0100 Subject: [PATCH 02/11] feat: Add config to release --- .release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.release.yml b/.release.yml index 7f4f5c5e..ffcb4412 100644 --- a/.release.yml +++ b/.release.yml @@ -7,6 +7,12 @@ locations: - "**/qlpack.yml" patterns: - version:\s*([0-9]+\.[0-9]+\.[0-9]) + + - name: "CodeQL Configurations" + paths: + - "configs/*.yml" + patterns: + - githubsecuritylab/codeql-[a-zA-Z]*-queries@([0-9]+\.[0-9]+\.[0-9]) - name: "CodeQL Pack Libaries" paths: From ccf96472c1626a130d0d75da4425ef37fdb306bd Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Thu, 30 May 2024 13:08:43 +0100 Subject: [PATCH 03/11] feat: Update release file --- .release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.release.yml b/.release.yml index ffcb4412..eb67f126 100644 --- a/.release.yml +++ b/.release.yml @@ -1,5 +1,5 @@ name: "CodeQL Community Packs" -default: false +version: "0.2.0" locations: - name: "CodeQL Packs" From 9474f09d4b6c2cb5e5ec33c621d687613431da28 Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Thu, 30 May 2024 13:18:25 +0100 Subject: [PATCH 04/11] feat: Add Patch Release workflow --- .github/workflows/patch-release.yml | 44 +++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/patch-release.yml diff --git a/.github/workflows/patch-release.yml b/.github/workflows/patch-release.yml new file mode 100644 index 00000000..75a22393 --- /dev/null +++ b/.github/workflows/patch-release.yml @@ -0,0 +1,44 @@ +name: CodeQL Patch Release + +on: + workflow_dispatch: + inputs: + mode: + description: "Auto-release mode" + required: false + type: string + default: "patch" + +jobs: + patch-release: + runs-on: ubuntu-latest + + steps: + - name: "Checkout" + uses: actions/checkout@v4 + + - name: Get Token + id: get_workflow_token + uses: peter-murray/workflow-application-token-action@v3 + with: + application_id: ${{ secrets.BYTELABS_APP_ID }} + application_private_key: ${{ secrets.BYTELABS_APP_KEY }} + + - name: "Patch Release Me" + run: | + cargo install patch-release-me + + patch-release-me bump -m "${{ inputs.mode }}" + + - name: Create Pull Request + uses: peter-evans/create-pull-request@v6 + with: + token: ${{ steps.get_workflow_token.outputs.token }} + title: "Chore: Auto Update new Release" + commit-message: "[chore]: Auto Patch new Release" + body: | + This is automatically created as a chore to patch and update the release. + branch: "auto-patch-release" + labels: "version" + delete-branch: true + From 6f729a67a9e9b6bf51e0bfdde759774c16377333 Mon Sep 17 00:00:00 2001 From: GeekMasher Date: Thu, 30 May 2024 13:19:37 +0100 Subject: [PATCH 05/11] fix: Update App Tokens --- .github/workflows/patch-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/patch-release.yml b/.github/workflows/patch-release.yml index 75a22393..5b029eaf 100644 --- a/.github/workflows/patch-release.yml +++ b/.github/workflows/patch-release.yml @@ -21,8 +21,8 @@ jobs: id: get_workflow_token uses: peter-murray/workflow-application-token-action@v3 with: - application_id: ${{ secrets.BYTELABS_APP_ID }} - application_private_key: ${{ secrets.BYTELABS_APP_KEY }} + application_id: ${{ secrets.SECLABS_APP_ID }} + application_private_key: ${{ secrets.SECLABS_APP_KEY }} - name: "Patch Release Me" run: | From 3f0f59683a6360cff39e3ad0c23662b6d284e10c Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:56:16 +0100 Subject: [PATCH 06/11] feat(ci): Update patch-release to add choices --- .github/workflows/patch-release.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/patch-release.yml b/.github/workflows/patch-release.yml index 5b029eaf..e5c194c2 100644 --- a/.github/workflows/patch-release.yml +++ b/.github/workflows/patch-release.yml @@ -6,8 +6,12 @@ on: mode: description: "Auto-release mode" required: false - type: string + type: choice default: "patch" + options: + - patch + - minor + - major jobs: patch-release: From fd64708442de2687303a24544f76a76958bb25f4 Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Wed, 5 Jun 2024 17:42:25 +0100 Subject: [PATCH 07/11] fix(ci): Update patch-release and mark as required --- .github/workflows/patch-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/patch-release.yml b/.github/workflows/patch-release.yml index e5c194c2..9ecf662d 100644 --- a/.github/workflows/patch-release.yml +++ b/.github/workflows/patch-release.yml @@ -5,7 +5,7 @@ on: inputs: mode: description: "Auto-release mode" - required: false + required: true type: choice default: "patch" options: From 5b35e9af65d34287eae8558329a553313b191fc8 Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Wed, 4 Dec 2024 08:41:39 +0000 Subject: [PATCH 08/11] feat(ci): Update to update release --- .../{patch-release.yml => update-release.yml} | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) rename .github/workflows/{patch-release.yml => update-release.yml} (77%) diff --git a/.github/workflows/patch-release.yml b/.github/workflows/update-release.yml similarity index 77% rename from .github/workflows/patch-release.yml rename to .github/workflows/update-release.yml index 9ecf662d..daed515b 100644 --- a/.github/workflows/patch-release.yml +++ b/.github/workflows/update-release.yml @@ -1,10 +1,10 @@ -name: CodeQL Patch Release +name: CodeQL Update Release on: workflow_dispatch: inputs: mode: - description: "Auto-release mode" + description: "Please select the bump version" required: true type: choice default: "patch" @@ -14,7 +14,7 @@ on: - major jobs: - patch-release: + update-release: runs-on: ubuntu-latest steps: @@ -29,20 +29,19 @@ jobs: application_private_key: ${{ secrets.SECLABS_APP_KEY }} - name: "Patch Release Me" - run: | - cargo install patch-release-me - - patch-release-me bump -m "${{ inputs.mode }}" + uses: 42ByteLabs/patch-release-me@0.4.0 + with: + # Bump (patch) + mode: ${{ inputs.mode }} - name: Create Pull Request uses: peter-evans/create-pull-request@v6 with: token: ${{ steps.get_workflow_token.outputs.token }} title: "Chore: Auto Update new Release" - commit-message: "[chore]: Auto Patch new Release" + commit-message: "[chore]: Auto Patch new Release" body: | This is automatically created as a chore to patch and update the release. branch: "auto-patch-release" labels: "version" delete-branch: true - From 34b685aaafc8352970d21fa28921036a1c5aa17a Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Wed, 4 Dec 2024 08:43:35 +0000 Subject: [PATCH 09/11] fix(ci): Add v for version --- .github/workflows/update-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-release.yml b/.github/workflows/update-release.yml index daed515b..85f2080c 100644 --- a/.github/workflows/update-release.yml +++ b/.github/workflows/update-release.yml @@ -29,7 +29,7 @@ jobs: application_private_key: ${{ secrets.SECLABS_APP_KEY }} - name: "Patch Release Me" - uses: 42ByteLabs/patch-release-me@0.4.0 + uses: 42ByteLabs/patch-release-me@v0.4.0 with: # Bump (patch) mode: ${{ inputs.mode }} From 4ed05e726185b83c39ddc06707a975320d8f8c4c Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:39:49 +0000 Subject: [PATCH 10/11] feat: Update release workflow --- .github/workflows/update-release.yml | 2 +- .release.yml | 20 +++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.github/workflows/update-release.yml b/.github/workflows/update-release.yml index 85f2080c..530ab2b3 100644 --- a/.github/workflows/update-release.yml +++ b/.github/workflows/update-release.yml @@ -29,7 +29,7 @@ jobs: application_private_key: ${{ secrets.SECLABS_APP_KEY }} - name: "Patch Release Me" - uses: 42ByteLabs/patch-release-me@v0.4.0 + uses: 42ByteLabs/patch-release-me@v0.4.1 with: # Bump (patch) mode: ${{ inputs.mode }} diff --git a/.release.yml b/.release.yml index eb67f126..ad3daf78 100644 --- a/.release.yml +++ b/.release.yml @@ -1,22 +1,20 @@ name: "CodeQL Community Packs" +repository: "githubsecuritylab/codeql-community-packs" version: "0.2.0" +ecosystem: CodeQL +excludes: + - "/.codeql/" + - "/codeql/" + locations: - - name: "CodeQL Packs" - paths: - - "**/qlpack.yml" - patterns: - - version:\s*([0-9]+\.[0-9]+\.[0-9]) - - name: "CodeQL Configurations" paths: - "configs/*.yml" patterns: - - githubsecuritylab/codeql-[a-zA-Z]*-queries@([0-9]+\.[0-9]+\.[0-9]) - - - name: "CodeQL Pack Libaries" + - "{owner}/codeql-[a-zA-Z]*-queries@{version}" + - name: "CodeQL Pack Libraries" paths: - "**/qlpack.yml" patterns: - - githubsecuritylab/codeql-[a-zA-Z]*-libs:\s*([0-9]+\.[0-9]+\.[0-9]) - + - '{owner}/codeql-[a-zA-Z]*-libs:\s*{version}' From 92b39f20c27f37a567fe2e39e07bbadc40f2b816 Mon Sep 17 00:00:00 2001 From: Mathew Payne <2772944+GeekMasher@users.noreply.github.com> Date: Wed, 8 Jan 2025 11:48:54 +0000 Subject: [PATCH 11/11] feat(ci): Pin all non-GitHub actions --- .github/workflows/update-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-release.yml b/.github/workflows/update-release.yml index 530ab2b3..c51ae551 100644 --- a/.github/workflows/update-release.yml +++ b/.github/workflows/update-release.yml @@ -23,19 +23,19 @@ jobs: - name: Get Token id: get_workflow_token - uses: peter-murray/workflow-application-token-action@v3 + uses: peter-murray/workflow-application-token-action@8e4e6fbf6fcc8a272781d97597969d21b3812974 # v4.0.0 with: application_id: ${{ secrets.SECLABS_APP_ID }} application_private_key: ${{ secrets.SECLABS_APP_KEY }} - name: "Patch Release Me" - uses: 42ByteLabs/patch-release-me@v0.4.1 + uses: 42ByteLabs/patch-release-me@1e802ecb51cf4c5869cb77563df59b2fbe6f584c # 0.4.1 with: # Bump (patch) mode: ${{ inputs.mode }} - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6 with: token: ${{ steps.get_workflow_token.outputs.token }} title: "Chore: Auto Update new Release"