-
Notifications
You must be signed in to change notification settings - Fork 249
72 lines (64 loc) · 2.41 KB
/
update-codeql-submodule.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Ensures the `ql` submodule is up to date, creating a PR if necessary.
name: Update CodeQL submodule
on:
workflow_dispatch:
jobs:
update-codeql-submodule:
name: Update CodeQL submodule
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
# Unique branch name for each run of this workflow.
BRANCH_NAME: 'update-codeql-submodule-${{ github.run_id }}-${{ github.run_attempt }}'
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: recursive
- name: Git config
shell: bash
run: |
set -exu
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
echo "Creating a new branch: ${BRANCH_NAME}"
git checkout -b "${BRANCH_NAME}"
echo "Fetching refs"
# Explicitly unshallow and fetch to ensure the submodule's remote ref is available.
pushd ql
git fetch --unshallow origin +lgtm.com:refs/remotes/origin/lgtm.com # must match branch name in gitmodules
popd
- name: Update submodule
id: update
shell: bash
run: |
echo "CODEQL_SHA_BEFORE=$(git rev-parse @:./ql)" | tee -a "$GITHUB_ENV"
echo "Updating CodeQL submodule"
git submodule update --init --remote
# Stage changes
git add ql
# Only commit if the working tree is not empty
if [[ -n "$(git diff --stat --cached)" ]]; then
echo "changed=true" | tee -a "$GITHUB_OUTPUT"
echo "::notice::Submodule has changes to commit. Will create a PR."
else
echo "::notice::No changes to commit."
fi
- name: Commit change and create PR
if: steps.update.outputs.changed == 'true'
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git commit -m "Update CodeQL submodule"
CODEQL_SHA_AFTER="$(git rev-parse @:./ql)"
echo "CODEQL_SHA_AFTER=$CODEQL_SHA_AFTER"
git push origin "$BRANCH_NAME"
gh pr create \
--title "Update CodeQL submodule" \
--body "Submodule pointer updated from github/codeql@${CODEQL_SHA_BEFORE} to github/codeql@${CODEQL_SHA_AFTER}." \
--draft \
--head "$BRANCH_NAME"