Skip to content

Bump the Action minor version number on new CodeQL minor version series #3427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
henrymercer merged 3 commits into from
Jan 26, 2026
Merged

Bump the Action minor version number on new CodeQL minor version series #3427

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b748848
Bump the Action minor version number on new CodeQL minor version series
henrymercer Jan 26, 2026
80e1425
Bump minor version for CLI v2.24.0
henrymercer Jan 26, 2026
8a01181
Compare minor version number
henrymercer Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion .github/workflows/update-bundle.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,20 @@ jobs:
- name: Update bundle
uses: ./.github/actions/update-bundle

- name: Bump action minor version for new CodeQL minor version series
id: bump-action-version
run: |
cli_version=$(jq -r '.cliVersion' src/defaults.json)
# Check if this is a new minor version series (patch version is 0)
if [[ "$cli_version" =~ ^[0-9]+\.[0-9]+\.0$ ]]; then
Copy link
Copy Markdown
Member

@mbg mbg Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic breaks if we ever need to skip a .0 CLI release and go straight to .1 or higher. I think ideally we'd extract the minor CLI version from src/defaults.json before the ./.github/actions/update-bundle step and then compare it to the one here. Not urgent, so feel free to do that in a follow-up PR.

echo "New CodeQL minor version series detected ($cli_version), bumping action minor version"
npm version minor --no-git-tag-version
echo "bumped=true" >> "$GITHUB_OUTPUT"
else
echo "Not a new minor version series ($cli_version), skipping action version bump"
echo "bumped=false" >> "$GITHUB_OUTPUT"
fi

- name: Rebuild Action
run: npm run build

Expand All @@ -71,11 +85,21 @@ jobs:
- name: Open pull request
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ACTION_VERSION_BUMPED: ${{ steps.bump-action-version.outputs.bumped }}
run: |
cli_version=$(jq -r '.cliVersion' src/defaults.json)
action_version=$(jq -r '.version' package.json)

pr_body="This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version."
if [[ "$ACTION_VERSION_BUMPED" == "true" ]]; then
pr_body="$pr_body

Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version."
Copy link

Copilot AI Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The multi-line pr_body assignment includes leading indentation spaces on the second paragraph (from the YAML indentation), which will be preserved in the string and can render as a Markdown code block in the created PR body. Build the second paragraph without leading spaces (e.g., concatenate with explicit \n\n... or use a heredoc/printf that does not include YAML indentation) so the PR description renders as intended.

Suggested change
pr_body="$pr_body
Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version."
pr_body="$pr_body"$'\n\n'"Since this is a new CodeQL minor version series, this PR also bumps the Action version to $action_version."

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member

@mbg mbg Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: This is a bit horrible. Perhaps in a follow-up, see if you can make this nicer

fi

pr_url=$(gh pr create \
--title "Update default bundle to $cli_version" \
--body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
--body "$pr_body" \
--assignee "$GITHUB_ACTOR" \
--draft \
)
Expand Down
2 changes: 1 addition & 1 deletion lib/analyze-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/analyze-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/autobuild-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/init-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/init-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/resolve-environment-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/setup-codeql-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/start-proxy-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/start-proxy-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/upload-lib.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/upload-sarif-action-post.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/upload-sarif-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "4.31.12",
"version": "4.32.0",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down
Loading