diff --git a/.github/workflows/csv-coverage.yml b/.devcontainer/csv-coverage.yml similarity index 100% rename from .github/workflows/csv-coverage.yml rename to .devcontainer/csv-coverage.yml diff --git a/.github/workflows/autofix-label-manager.yml b/.github/workflows/autofix-label-manager.yml new file mode 100644 index 0000000000000..1e0d05b47c5c6 --- /dev/null +++ b/.github/workflows/autofix-label-manager.yml @@ -0,0 +1,36 @@ +name: Autofix Label Manager + +on: + pull_request_target: + types: [labeled] + +jobs: + check-to-remove-autofix-label: + env: + GITHUB_REPOSITORY: ${{ github.repository }} + PR_NUMBER: ${{ github.event.number }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REQUIRES_AUTOFIX_LABEL: "Autofix Validation Required" + DOES_NOT_REQUIRE_AUTOFIX_LABEL: "No Autofix Validation Required" + LABEL_ADDED: ${{ github.event.label.name }} + + runs-on: ubuntu-latest + steps: + - name: Check if label "No Autofix Validation Required" is added + shell: bash + run: | + if [ "$LABEL_ADDED" != "$DOES_NOT_REQUIRE_AUTOFIX_LABEL" ]; then + echo "Label $DOES_NOT_REQUIRE_AUTOFIX_LABEL was not added." + exit 0 + fi + + echo "Label $DOES_NOT_REQUIRE_AUTOFIX_LABEL was added." + + # Check if Label $REQUIRES_AUTOFIX_LABEL exists and remove it + REQUIRES_AUTOFIX_LABEL_EXISTS=$(gh api /repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/labels | jq --arg label "Autofix Validation Required" '.[] | select(.name==$label) | .name') + if [ "$REQUIRES_AUTOFIX_LABEL_EXISTS" == "$REQUIRES_AUTOFIX_LABEL" ]; then + gh api -X DELETE "/repos/$GITHUB_REPOSITORY/issues/$PR_NUMBER/labels/$REQUIRES_AUTOFIX_LABEL" + echo "$REQUIRES_AUTOFIX_LABEL Label removed." + else + echo "$REQUIRES_AUTOFIX_LABEL Label does not exist or was already removed." + fi diff --git a/.github/workflows/autofix-reminder.yml b/.github/workflows/autofix-reminder.yml new file mode 100644 index 0000000000000..60afb4f827758 --- /dev/null +++ b/.github/workflows/autofix-reminder.yml @@ -0,0 +1,53 @@ +# This workflow creates a reminder to query authors to test their queries +# in autofix. +name: Autofix reminder + +permissions: + contents: read + pull-requests: read + issues: write + +on: + pull_request: + branches: + - main + - "rc/*" + paths: + - "**/*.qhelp" + - "**/*.ql" + - "**/*.qll" + # This workflow + - ".github/workflows/autofix-reminder.yml" + +jobs: + autofix-reminder: + env: + GITHUB_REPOSITORY: ${{ github.repository }} + PR_NUMBER: ${{ github.event.number }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REQUIRES_AUTOFIX_LABEL: "Autofix Validation Required" + DOES_NOT_REQUIRE_AUTOFIX_LABEL: "No Autofix Validation Required" + + runs-on: ubuntu-latest + steps: + - name: Check existing labels + id: label_check + shell: bash + run: | + gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" | jq -r '.[].name' > labels.txt + + if grep -q -x -e "${REQUIRES_AUTOFIX_LABEL}" labels.txt || grep -q -x -e "${DOES_NOT_REQUIRE_AUTOFIX_LABEL}" labels.txt; then + echo "Stopping workflow due to label presence." + echo "should_continue=false" >> $GITHUB_OUTPUT + else + echo "Add $REQUIRES_AUTOFIX_LABEL label." + echo "should_continue=true" >> $GITHUB_OUTPUT + fi + + - name: Add label + if: steps.label_check.outputs.should_continue == 'true' + run: gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/labels" -X POST -F labels="${REQUIRES_AUTOFIX_LABEL}" + + - name: Comment on PR + if: steps.label_check.outputs.should_continue == 'true' + run: gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" -X POST --field body="This pull request updates `.ql`, `.qll`, or `.qhelp` files, Please validate that autofixes generated based on these changes are valid. See [the documentation](https://github.com/github/codeql-team/blob/main/docs/best-practices/validating-autofix-for-query-changes.md) (internal access required). If autofix validation is not required, please add the label '${DOES_NOT_REQUIRE_AUTOFIX_LABEL}' to this pull request." diff --git a/.github/workflows/deleteme.ql b/.github/workflows/deleteme.ql new file mode 100644 index 0000000000000..50dc99e4f830a --- /dev/null +++ b/.github/workflows/deleteme.ql @@ -0,0 +1 @@ +select "Adding this file temporarily to make sure the associated workflow behaves as expected"