Actions: Add workflow to publish packages

aeisenberg · aeisenberg · commit a42430d1078c · 2021-11-09T14:50:09.000-08:00
diff --git a/.github/actions/fetch-codeql/action.yml b/.github/actions/fetch-codeql/action.yml
@@ -1,14 +1,29 @@
 name: Fetch CodeQL
 description: Fetches the latest version of CodeQL
+inputs:
+  use-bundle:
+    description: Set to `true` to download the CodeQL CLI bundle that also includes compiled queries.
+    default: 'false'
+    required: false
+
 runs:
   using: composite
   steps:
     - name: Fetch CodeQL
       shell: bash
       run: |
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
+        LATEST=$(gh release list --repo $REPO | cut -f 3 | grep -v beta | sort --version-sort | tail -1)
+        gh release download --repo $REPO --pattern "$PATTERN" "$LATEST"
+
+        if [ "$USE_BUNDLE" == 'true' ]; then
+          tar -xzf "$PATTERN" -C "${RUNNER_TEMP}"
+        else
+          unzip -q -d "${RUNNER_TEMP}" "$PATTERN"
+        fi
         echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
       env:
         GITHUB_TOKEN: ${{ github.token }}
+        USE_BUNDLE: '${{ inputs.use-bundle == ''true'' }}'
+        REPO: '${{ inputs.use-bundle == ''true'' && ''https://github.com/dsp-testing/codeql-cli-nightlies'' || ''https://github.com/github/codeql-cli-binaries''}}'
+        # REPO: '${{ inputs.use-bundle == ''true'' && ''https://github.com/github/codeql-action'' || ''https://github.com/github/codeql-cli-binaries''}}'
+        PATTERN: '${{ inputs.use-bundle == ''true'' && ''codeql-bundle-linux64.tar.gz'' || ''codeql-linux64.zip''}}'
diff --git a/.github/workflows/pack-publisher.yml b/.github/workflows/pack-publisher.yml
@@ -0,0 +1,86 @@
+# Publishes the core libraries to the CodeQL package registry.
+name: Publish CodeQL core libraries
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/pack-publisher.yml' # for testing changes to this workflow
+
+  workflow_dispatch:
+    # the cli to use, or blank to build it again
+    # the pre-built packs, or blank to build again
+    inputs:
+      packages-build-number:
+        description: |
+          A CodeQL CLI workflow run number to download the packages artifacts from.
+          Leave blank to build packages from this repository.
+        default: ''
+        required: false
+
+permissions:
+  contents: write
+
+jobs:
+  codeql-package-publish:
+    environment: codeql-package-publish
+    name: CodeQL Package - Publish
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Dump environment
+        run: env
+      - name: Dump GitHub event context
+        env:
+          GITHUB_CONTEXT: '${{ toJson(github.event) }}'
+        run: echo "$GITHUB_CONTEXT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # TODO add a way to specify different versions of the CLI
+      - name: Download CLI
+        uses: ./.github/actions/fetch-codeql
+        with:
+          use-bundle: 'true'
+
+      - name: Publish packs
+        run: |
+          set -exu
+          # do not publish go or suite-helpers
+          # `ls` all directories in the bundle remove suite-helpers and go
+          PACK_FOLDERS_TO_PUBLISH="$(ls -d $RUNNER_TEMP/codeql/qlpacks/codeql/*/* | grep -v suite | grep -v "\-go")"
+          ARCHIVES="$RUNNER_TEMP/archives"
+
+          mkdir -p "$ARCHIVES"
+
+          echo "Running on: $PACK_FOLDERS_TO_PUBLISH"
+
+          # tgz each folder
+          # then run pack publish on it
+          for folder in $PACK_FOLDERS_TO_PUBLISH
+          do
+            echo "Archiving $folder for publishing"
+            tar cfz "$ARCHIVES/archive.tgz" -C "$folder" .
+            echo "Publishing $ARCHIVES/archive.tgz"
+            echo "Would have run: 'codeql pack publish --file "$ARCHIVES/archive.tgz"'"
+          done
+
+      - name: Bump versions
+        run: |
+          echo "Would have run 'codeql pack release'"
+
+      - name: Update git config
+        run: |
+          git config --global user.email "github-actions@github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Create PR
+        run: |
+          git add .
+          git commit -m "Post-release preparation"
+          NEW_BRANCH="post-release-prep-$(git show -s --format=%h)"
+          git checkout -b $NEW_BRANCH
+          gh pr create
+            --head "$NEW_BRANCH" \
+            --base "$GITHUB_BASE_REF" \
+            --fill
+            --draft
