diff --git a/.github/depandabot.yml b/.github/depandabot.yml new file mode 100644 index 0000000000..bd13bc61ec --- /dev/null +++ b/.github/depandabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "thursday" # Gives us a working day to merge this before our typical release + labels: + - "Update dependencies" diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index ff4911c054..18ae979141 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -27,7 +27,7 @@ jobs: run: .github/workflows/script/check-js.sh check-node-modules: - runs-on: ubuntu-latest + runs-on: macos-latest steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/script/check-node-modules.sh b/.github/workflows/script/check-node-modules.sh index 45e4385102..47d92ec2d1 100755 --- a/.github/workflows/script/check-node-modules.sh +++ b/.github/workflows/script/check-node-modules.sh @@ -7,6 +7,7 @@ if [ ! -z "$(git status --porcelain)" ]; then >&2 echo "Failed: Repo should be clean before testing!" exit 1 fi +sudo npm install --force -g npm@latest # Reinstall modules and then clean to remove absolute paths # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible npm ci diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml new file mode 100644 index 0000000000..afd20effb8 --- /dev/null +++ b/.github/workflows/update-dependencies.yml @@ -0,0 +1,39 @@ +name: Update dependencies +on: + pull_request_target: + types: [opened, synchronize, reopened, labeled] + +jobs: + update: + name: Update dependencies + runs-on: macos-latest + if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Remove PR label + env: + REPOSITORY: '${{ github.repository }}' + PR_NUMBER: '${{ github.event.pull_request.number }}' + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE + + - name: Push updated dependencies + env: + BRANCH: '${{ github.head_ref }}' + run: | + git fetch + git checkout $BRANCH + sudo npm install --force -g npm@latest + npm install + npm ci + npm run removeNPMAbsolutePaths + if [ ! -z "$(git status --porcelain)" ]; then + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions[bot]" + git add node_modules + git commit -am "Update checked-in dependencies" + git push origin "$BRANCH" + fi diff --git a/CHANGELOG.md b/CHANGELOG.md index a7689fa302..fd6a403813 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CodeQL Action and CodeQL Runner Changelog +## 1.0.8 - 26 Jul 2021 + +- Update default CodeQL bundle version to 2.5.8. [#631](https://github.com/github/codeql-action/pull/631) + ## 1.0.7 - 21 Jul 2021 No user facing changes. diff --git a/README.md b/README.md index 62b5fbce9c..f1bfdcaf82 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,9 @@ name: "Code Scanning - Action" on: push: + branches: [main] pull_request: + branches: [main] schedule: # ┌───────────── minute (0 - 59) # │ ┌───────────── hour (0 - 23) diff --git a/lib/defaults.json b/lib/defaults.json index 941ed9f010..57056c17db 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20210702" + "bundleVersion": "codeql-bundle-20210726" } diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 58f070d32e..692758e8d6 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.0.6", + "version": "1.0.8", "lockfileVersion": 2, "requires": true, "packages": { @@ -1243,7 +1243,6 @@ "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", - "fsevents": "~2.1.2", "glob-parent": "~5.1.0", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", @@ -3220,9 +3219,6 @@ "node_modules/jsonfile": { "version": "4.0.0", "license": "MIT", - "dependencies": { - "graceful-fs": "^4.1.6" - }, "optionalDependencies": { "graceful-fs": "^4.1.6" } diff --git a/package-lock.json b/package-lock.json index ad90919565..2bdee415aa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "1.0.7", + "version": "1.0.8", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "codeql", - "version": "1.0.6", + "version": "1.0.8", "license": "MIT", "dependencies": { "@actions/artifact": "^0.5.1", @@ -1297,7 +1297,6 @@ "dependencies": { "anymatch": "~3.1.1", "braces": "~3.0.2", - "fsevents": "~2.1.2", "glob-parent": "~5.1.0", "is-binary-path": "~2.1.0", "is-glob": "~4.0.1", @@ -3274,9 +3273,6 @@ "node_modules/jsonfile": { "version": "4.0.0", "license": "MIT", - "dependencies": { - "graceful-fs": "^4.1.6" - }, "optionalDependencies": { "graceful-fs": "^4.1.6" } diff --git a/package.json b/package.json index 83026a73a4..036656ab57 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "1.0.7", + "version": "1.0.8", "private": true, "description": "CodeQL action", "scripts": { diff --git a/runner/package-lock.json b/runner/package-lock.json index 9034aa1e11..b0eda5d79f 100644 --- a/runner/package-lock.json +++ b/runner/package-lock.json @@ -1,6 +1,6 @@ { "name": "codeql-runner", - "version": "1.0.7", + "version": "1.0.8", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/runner/package.json b/runner/package.json index fcc26e6e1c..6eed60b91c 100644 --- a/runner/package.json +++ b/runner/package.json @@ -1,6 +1,6 @@ { "name": "codeql-runner", - "version": "1.0.7", + "version": "1.0.8", "private": true, "description": "CodeQL runner", "scripts": { diff --git a/src/defaults.json b/src/defaults.json index 3d2d955c62..77c5fcd070 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,3 +1,3 @@ { - "bundleVersion": "codeql-bundle-20210702" + "bundleVersion": "codeql-bundle-20210726" }