Automate the bundle upgrade

.github/query-filter-test/action.yml → .github/actions/query-filter-test/action.yml

@@ -44,7 +44,7 @@ runs:
       env:
         CODEQL_ACTION_TEST_MODE: "true"
     - name: Check SARIF
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file:  ${{ inputs.sarif-file }}
         queries-run: ${{ inputs.queries-run}}

.github/actions/update-bundle/action.yml

@@ -0,0 +1,14 @@
+name: Update default CodeQL bundle
+description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
+
+runs:
+  using: composite
+  steps:
+    - name: Install ts-node
+      shell: bash
+      run: npm install -g ts-node
+
+    - name: Run update script
+      working-directory: ${{ github.action_path }}
+      shell: bash
+      run: ts-node ./index.ts

.github/actions/update-bundle/index.ts

@@ -0,0 +1,64 @@
+import * as fs from 'fs';
+import * as github from '@actions/github';
+
+interface BundleInfo {
+    bundleVersion: string;
+    cliVersion: string;
+}
+
+interface Defaults {
+    bundleVersion: string;
+    cliVersion: string;
+    priorBundleVersion: string;
+    priorCliVersion: string;
+}
+
+const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
+
+function getCodeQLCliVersionForRelease(release): string {
+    const cliVersionsFromMarkerFiles = release.assets
+      .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+      .filter((v) => v)
+      .map((v) => v as string);
+    if (cliVersionsFromMarkerFiles.length > 1) {
+      throw new Error(
+        `Release ${release.tag_name} has multiple CLI version marker files.`
+      );
+    } else if (cliVersionsFromMarkerFiles.length === 0) {
+      throw new Error(
+        `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+      );
+    }
+    return cliVersionsFromMarkerFiles[0];
+  }
+
+async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+    return {
+        bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
+        cliVersion: getCodeQLCliVersionForRelease(release)
+    };
+}
+
+async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+    const release = github.context.payload.release;
+    console.log('Updating default bundle as a result of the following release: ' +
+        `${JSON.stringify(release)}.`)
+
+    const bundleInfo = await getBundleInfoFromRelease(release);
+    return {
+        bundleVersion: bundleInfo.bundleVersion,
+        cliVersion: bundleInfo.cliVersion,
+        priorBundleVersion: currentDefaults.bundleVersion,
+        priorCliVersion: currentDefaults.cliVersion
+    };
+}
+
+async function main() {
+  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+  const newDefaults = await getNewDefaults(previousDefaults);
+  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+}
+
+// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+// So instead we rely on the fact that Node won't exit until the event loop is empty.
+main();

.github/dependabot.yml

@@ -16,6 +16,6 @@ updates:
     schedule:
       interval: weekly
   - package-ecosystem: github-actions
-    directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
     schedule:
       interval: weekly