Merge pull request #163 from advanced-security/dependabot/github_acti… #141

Workflow file for this run

.github/workflows/publish.yml at b417a33

	name: Build and Publish Extractor Pack

	on:
	push:
	branches: ["main"]
	workflow_dispatch:

	permissions:
	contents: write
	packages: write

	jobs:
	release-check:
	runs-on: ubuntu-latest
	outputs:
	release: ${{ steps.get_version.outputs.release }}
	version: ${{ steps.get_version.outputs.version }}
	steps:
	- uses: actions/checkout@v4

	- name: "Check release version"
	id: get_version
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	set -e

	pip install yq
	current_version=$(cat .release.yml \| yq -r ".version")

	released_version=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/:owner/:repo/releases/latest \| jq -r ".tag_name")

	if [[ "$current_version" == "NA" \|\| "$current_version" == "$released_version" ]]; then
	echo "No new release found"
	echo "release=false" >> "$GITHUB_OUTPUT"
	else
	echo "New release found"
	echo "version=$current_version" >> "$GITHUB_OUTPUT"
	echo "release=true" >> "$GITHUB_OUTPUT"
	fi


	queries:
	runs-on: ubuntu-latest
	needs: [release-check]
	if: ${{ needs.release-check.outputs.release == 'true' }}

	permissions:
	contents: read
	packages: write

	strategy:
	fail-fast: false
	matrix:
	packs: ["lib", "src"]

	steps:
	- name: "Checkout"
	uses: actions/checkout@v4

	- name: "Check and Publish CodeQL Packs"
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	PACK_PATH=ql/${{ matrix.packs }}/qlpack.yml
	CURRENT_VERSION=$(grep version $PACK_PATH \| awk '{print $2}')
	PACK_FULLNAME=$(cat $PACK_PATH \| grep "name:" \| awk '{print $2}')
	PACK_NAME=$(echo $PACK_FULLNAME \| awk -F '/' '{print $2}')

	PUBLISHED_VERSION=$(gh api /orgs/advanced-security/packages/container/$PACK_NAME/versions --jq '.[0].metadata.container.tags[0]')
	echo "Packs :: ${CURRENT_VERSION} -> ${PUBLISHED_VERSION}"

	if [ "$PUBLISHED_VERSION" != "$CURRENT_VERSION" ]; then
	gh extension install github/gh-codeql
	gh codeql pack install "ql/${{ matrix.packs }}"
	gh codeql pack publish "ql/${{ matrix.packs }}"
	fi

	compile:
	runs-on: ubuntu-latest
	needs: [release-check]
	if: ${{ needs.release-check.outputs.release == 'true' }}

	steps:
	- uses: actions/checkout@v4

	- name: "Publish Extractor Pack"
	if: github.ref == 'refs/heads/main'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	./scripts/publish-extractor-pack.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #163 from advanced-security/dependabot/github_acti… #141

Workflow file

Merge pull request #163 from advanced-security/dependabot/github_acti… #141

Jobs

Run details

Workflow file for this run