From d8a975c349d4ee76ffc2dcde5806543282ba5140 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Mon, 25 Nov 2024 12:50:26 -0800 Subject: [PATCH 1/4] Remove pull request template Replace with an updated check-change-note.yml workflow. Add a comment whenever a pull request has changes that may need to be tested in autofix. Also, remove parts of the checklist that are not related to autofix. --- .github/pull_request_template.md | 14 ------------ .github/workflows/check-change-note.yml | 30 ++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 15 deletions(-) delete mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 3b31894b0f37..000000000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,14 +0,0 @@ -### Pull Request checklist - -#### All query authors - -- [ ] A change note is added if necessary. See [the documentation](https://github.com/github/codeql/blob/main/docs/change-notes.md) in this repository. -- [ ] All new queries have appropriate `.qhelp`. See [the documentation](https://github.com/github/codeql/blob/main/docs/query-help-style-guide.md) in this repository. -- [ ] QL tests are added if necessary. See [Testing custom queries](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/testing-custom-queries) in the GitHub documentation. -- [ ] New and changed queries have correct query metadata. See [the documentation](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md) in this repository. - -#### Internal query authors only - -- [ ] Autofixes generated based on these changes are valid, only needed if this PR makes significant changes to `.ql`, `.qll`, or `.qhelp` files. See [the documentation](https://github.com/github/codeql-team/blob/main/docs/best-practices/validating-autofix-for-query-changes.md) (internal access required). -- [ ] Changes are validated [at scale](https://github.com/github/codeql-dca/) (internal access required). -- [ ] Adding a new query? Consider also [adding the query to autofix](https://github.com/github/codeml-autofix/blob/main/docs/updating-query-support.md#adding-a-new-query-to-the-query-suite). diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note.yml index 3330e6e1136d..22ceed7c600d 100644 --- a/.github/workflows/check-change-note.yml +++ b/.github/workflows/check-change-note.yml @@ -1,4 +1,4 @@ -name: Check change note +name: Check change note and reminders permissions: pull-requests: read @@ -9,17 +9,45 @@ on: paths: - "*/ql/src/**/*.ql" - "*/ql/src/**/*.qll" + - "*/ql/src/**/*.qhelp" - "*/ql/lib/**/*.ql" - "*/ql/lib/**/*.qll" + - "*/ql/lib/**/*.qhelp" - "*/ql/lib/**/*.yml" - "shared/**/*.ql" - "shared/**/*.qll" + - "shared/**/*.qhelp" - "!**/experimental/**" - "!ql/**" - "!rust/**" - ".github/workflows/check-change-note.yml" jobs: + add-pr-reminders: + env: + REPO: ${{ github.repository }} + PULL_REQUEST_NUMBER: ${{ github.event.number }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + runs-on: ubuntu-latest + steps: + + - name: Check if the 'reminders' comment exists + run: | + checklist_comment=$(gh api "repos/$REPO/issues/$PULL_REQUEST_NUMBER/comments" --jq '.[] | select(.body | test("### Pull Request checklist"))') + + if [ -z "$checklist_comment" ]; then + echo "The checklist comment does not exist. Adding it." + comment_body="$(cat < Date: Mon, 25 Nov 2024 12:52:44 -0800 Subject: [PATCH 2/4] Rename workflow --- ...{check-change-note.yml => check-change-note-and-reminders.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{check-change-note.yml => check-change-note-and-reminders.yml} (100%) diff --git a/.github/workflows/check-change-note.yml b/.github/workflows/check-change-note-and-reminders.yml similarity index 100% rename from .github/workflows/check-change-note.yml rename to .github/workflows/check-change-note-and-reminders.yml From 85126447e840ca07cdbed4b23bfd5db78a06354f Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Mon, 25 Nov 2024 13:06:12 -0800 Subject: [PATCH 3/4] Extract reminders to a separate file --- .github/pr-comment-reminder.md | 7 +++++++ .../workflows/check-change-note-and-reminders.yml | 14 ++++---------- 2 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 .github/pr-comment-reminder.md diff --git a/.github/pr-comment-reminder.md b/.github/pr-comment-reminder.md new file mode 100644 index 000000000000..e2a19ebab427 --- /dev/null +++ b/.github/pr-comment-reminder.md @@ -0,0 +1,7 @@ +### Pull Request reminders for autofix + +(internal access required) + +- [ ] Autofixes generated based on these changes are valid, only needed if this PR makes significant changes to `.ql`, `.qll`, or `.qhelp` files. See [the documentation](https://github.com/github/codeql-team/blob/main/docs/best-practices/validating-autofix-for-query-changes.md). +- [ ] Changes to autofix are validated [at scale](https://github.com/github/codeql-dca/blob/main/doc/autofix.md). +- [ ] Adding a new query? Consider also [adding the query to autofix](https://github.com/github/codeml-autofix/blob/main/docs/updating-query-support.md#adding-a-new-query-to-the-query-suite). diff --git a/.github/workflows/check-change-note-and-reminders.yml b/.github/workflows/check-change-note-and-reminders.yml index 22ceed7c600d..6d139098b810 100644 --- a/.github/workflows/check-change-note-and-reminders.yml +++ b/.github/workflows/check-change-note-and-reminders.yml @@ -33,17 +33,11 @@ jobs: - name: Check if the 'reminders' comment exists run: | - checklist_comment=$(gh api "repos/$REPO/issues/$PULL_REQUEST_NUMBER/comments" --jq '.[] | select(.body | test("### Pull Request checklist"))') + reminder_comment=$(gh api "repos/$REPO/issues/$PULL_REQUEST_NUMBER/comments" --jq '.[] | select(.body | test("### Pull Request reminders for autofix"))') - if [ -z "$checklist_comment" ]; then - echo "The checklist comment does not exist. Adding it." - comment_body="$(cat < Date: Tue, 26 Nov 2024 08:07:27 +0100 Subject: [PATCH 4/4] chore(CI): s/github.repository/GITHUB_REPOSITORY/ --- .github/workflows/check-change-note-and-reminders.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-change-note-and-reminders.yml b/.github/workflows/check-change-note-and-reminders.yml index 6d139098b810..4829f0c9f02a 100644 --- a/.github/workflows/check-change-note-and-reminders.yml +++ b/.github/workflows/check-change-note-and-reminders.yml @@ -25,7 +25,6 @@ on: jobs: add-pr-reminders: env: - REPO: ${{ github.repository }} PULL_REQUEST_NUMBER: ${{ github.event.number }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} runs-on: ubuntu-latest @@ -33,18 +32,17 @@ jobs: - name: Check if the 'reminders' comment exists run: | - reminder_comment=$(gh api "repos/$REPO/issues/$PULL_REQUEST_NUMBER/comments" --jq '.[] | select(.body | test("### Pull Request reminders for autofix"))') + reminder_comment=$(gh api "repos/$GITHUB_REPOSITORY/issues/$PULL_REQUEST_NUMBER/comments" --jq '.[] | select(.body | test("### Pull Request reminders for autofix"))') if [ -z "$reminder_comment" ]; then echo "The reminder comment does not exist. Adding it." comment_body="$(cat .github/pr-comment-reminder.md)" - gh api "repos/$REPO/issues/$PULL_REQUEST_NUMBER/comments" -f body="$comment_body" + gh api "repos/$GITHUB_REPOSITORY/issues/$PULL_REQUEST_NUMBER/comments" -f body="$comment_body" fi check-change-note: env: - REPO: ${{ github.repository }} PULL_REQUEST_NUMBER: ${{ github.event.number }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} runs-on: ubuntu-latest @@ -55,7 +53,7 @@ jobs: github.event.pull_request.draft == false && !contains(github.event.pull_request.labels.*.name, 'no-change-note-required') run: | - change_note_files=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '.[].filename | select(test("/change-notes/.*[.]md$"))') + change_note_files=$(gh api "repos/$GITHUB_REPOSITORY/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '.[].filename | select(test("/change-notes/.*[.]md$"))') if [ -z "$change_note_files" ]; then echo "No change note found. Either add one, or add the 'no-change-note-required' label." @@ -67,7 +65,7 @@ jobs: - name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md', 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text, or released/x.y.z.md for released change-notes run: | - bad_change_note_file_names=$(gh api "repos/$REPO/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))][] | select((test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$")) | not)') + bad_change_note_file_names=$(gh api "repos/$GITHUB_REPOSITORY/pulls/$PULL_REQUEST_NUMBER/files" --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))][] | select((test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$") or test("/change-notes/released/[0-9]*[.][0-9]*[.][0-9]*[.]md$")) | not)') if [ -n "$bad_change_note_file_names" ]; then echo "The following change note file names are invalid:"