diff --git a/.github/workflows/finalize-release.yml b/.github/workflows/finalize-release.yml index fbadfdb836..ca91b249f5 100644 --- a/.github/workflows/finalize-release.yml +++ b/.github/workflows/finalize-release.yml @@ -9,8 +9,12 @@ on: inputs: ref: description: | - The release branch to finalize. + The ref of release to finalize (e.g., 'rc/MAJOR.MINOR.PATCH'). required: true + tool-ref: + description: | + The ref to the tooling to use for the finalize (e.g., 'rc/MAJOR.MINOR.PATCH'). + required: false jobs: finalize-release: @@ -20,14 +24,17 @@ jobs: - name: Determine ref env: REF_FROM_INPUT: ${{ inputs.ref }} + TOOL_REF_FROM_INPUT: ${{ inputs.tool-ref }} REF_FROM_PR: ${{ github.event.pull_request.merge_commit_sha }} BASE_REF_FROM_PR: ${{ github.event.pull_request.base.ref }} run: | if [[ $GITHUB_EVENT_NAME == "workflow_dispatch" ]]; then echo "REF=$REF_FROM_INPUT" >> "$GITHUB_ENV" + echo "TOOL_REF=$TOOL_REF_FROM_INPUT" >> "$GITHUB_ENV" echo "BASE_REF=$REF_FROM_INPUT" >> "$GITHUB_ENV" else echo "REF=$REF_FROM_PR" >> "$GITHUB_ENV" + echo "TOOL_REF=$REF_FROM_PR" >> "$GITHUB_ENV" echo "BASE_REF=$BASE_REF_FROM_PR" >> "$GITHUB_ENV" fi @@ -35,19 +42,38 @@ jobs: uses: actions/checkout@v4 with: ref: ${{ env.REF }} + fetch-depth: 0 + path: release + + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ env.TOOL_REF }} + path: tooling + + - name: Install Python + uses: actions/setup-python@v4 + with: + python-version: "3.9" + + - name: Install dependencies + run: pip install -r scripts/release/requirements.txt + working-directory: tooling - name: Configure git run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + working-directory: release - name: Update release tag run: | version=${BASE_REF#rc/} echo "Creating release tag v$version" - git tag -a v$version -m "Release v$version" - git push -f origin v$version + git tag -f -a v$version -m "Release v$version" + git push --force origin v$version + working-directory: release - name: Finalize release env: @@ -57,30 +83,40 @@ jobs: echo "Finalizing release v$version" gh release edit "v$version" --draft=false --tag=v$version + working-directory: release - name: Determine if release was a hotfix release run: | version=${BASE_REF#rc/} - echo "HOTFIX_RELEASE=$(python scripts/release/is-hotfix.py $version)" >> "$GITHUB_ENV" + # We are running the script in the tooling directory with the release directory as the working directory + echo "HOTFIX_RELEASE=$(python ../tooling/scripts/release/is-hotfix-release.py $version)" >> "$GITHUB_ENV" + working-directory: release + + - name: Determine next release version + if: env.HOTFIX_RELEASE == 'false' + run: | + version=${BASE_REF#rc/} + next_version=$(python scripts/release/next-version.py --component minor --pre-release dev -- $version) + echo "NEXT_VERSION=$next_version" >> "$GITHUB_ENV" + working-directory: tooling - name: Bump main version - if: env.HOTFIX_RELEASE == 'false' env: GH_TOKEN: ${{ github.token }} run: | - version=${BASE_REF#rc/} - next_version="$version-dev" - echo "Bumping main version to $next_version" + echo "Bumping main version to $NEXT_VERSION" git switch main git pull --ff-only origin main git switch -c release-automation/bump-version - ./scripts/release/bump-version.sh "$next_version" + # We are running the script in the tooling directory with the release directory as the working directory + ../tooling/scripts/release/bump-version.sh "$NEXT_VERSION" git add -u . - git commit -m "Bump version to $next_version" + git commit -m "Bump version to $NEXT_VERSION" git push --set-upstream origin release-automation/bump-version - gh pr create --repo $GITHUB_REPOSITORY --base main --head release-automation/bump-version --body "Bump the version of main to the dev label of the just released version $next_version" --title "Bump version to $next_version" + gh pr create --repo $GITHUB_REPOSITORY --base main --head release-automation/bump-version --body "Bump the version of main to $NEXT_VERSION" --title "Bump version to $NEXT_VERSION" + working-directory: release diff --git a/.github/workflows/update-release.yml b/.github/workflows/update-release.yml index 67666bbf39..21838c1d9f 100644 --- a/.github/workflows/update-release.yml +++ b/.github/workflows/update-release.yml @@ -31,6 +31,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 # We need the full history to compute the changelog + ref: ${{ inputs.head-sha }} - name: Install Python uses: actions/setup-python@v4 @@ -59,7 +60,7 @@ jobs: --layout scripts/release/release-layout.yml \ --repo "$GITHUB_REPOSITORY" \ --github-token "$GITHUB_REPOSITORY:$GITHUB_TOKEN" "github/codeql-coding-standards-release-engineering:$RELEASE_ENGINEERING_TOKEN" \ - --skip-checkrun "release-status" + --skip-checkrun "release-status" "Update Release" - name: Update release notes env: diff --git a/docs/user_manual.md b/docs/user_manual.md index 188b88505a..16c8114e5b 100644 --- a/docs/user_manual.md +++ b/docs/user_manual.md @@ -496,7 +496,7 @@ This section describes known failure modes for "CodeQL Coding Standards" and des | | Ouf of space | Less output. Some files may be only be partially analyzed, or not analyzed at all. | Error reported on the command line. | Increase space. If it remains an issue report space consumption issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | | | False positives | More output. Results are reported which are not violations of the guidelines. | All reported results must be reviewed. | Report false positive issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | | | False negatives | Less output. Violations of the guidelines are not reported. | Other validation and verification processes during software development should be used to complement the analysis performed by CodeQL Coding Standards. | Report false negative issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). | -| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.25.0-dev.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. | +| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.25.0-dev.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. | | | Incorrect deviation record specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation records with a reason. Ensure that all deviation records are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. | | | Incorrect deviation permit specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation permits with a reason. Ensure that all deviation permits are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. | | | Unapproved use of a deviation record | Less output. Results for guideline violations are not reported. | Validate that the deviation record use is approved by verifying the approved-by attribute of the deviation record specification. | Ensure that each raised deviation record is approved by an independent approver through an auditable process. | diff --git a/scripts/release/is-hotfix-release.py b/scripts/release/is-hotfix-release.py index a496b63c27..aba957ea5f 100644 --- a/scripts/release/is-hotfix-release.py +++ b/scripts/release/is-hotfix-release.py @@ -9,7 +9,7 @@ def get_merge_base_of_ref() -> str: cp = run(["git", "merge-base", "HEAD", "origin/main"], capture_output=True, text=True) if cp.returncode != 0: - raise RuntimeError("Failed to get merge base") + raise RuntimeError(f"Failed to get merge base with reason '{cp.stderr.strip()}'") return cp.stdout.strip() def get_release_branches_containing(commit: str) -> List[Version]: diff --git a/scripts/release/next-version.py b/scripts/release/next-version.py new file mode 100644 index 0000000000..548371f0d9 --- /dev/null +++ b/scripts/release/next-version.py @@ -0,0 +1,28 @@ +from semantic_version import Version +import argparse + +parser = argparse.ArgumentParser(description='Prints the next release version') +parser.add_argument('-c', '--component', default="minor", help='The component to increment (major, minor, patch)') +parser.add_argument('-p', '--pre-release', nargs='*', help='The pre-release label(s) (e.g. alpha, dev). Multiple labels can be specified so separate the options and the version using `--`!') +parser.add_argument('-b', '--build', nargs='*', help='The build identifier(s). Multiple identifiers can be specified so separate the options and the version using `--`!') +parser.add_argument('current_version', type=Version, help='The current version') + +if __name__ == "__main__": + args = parser.parse_args() + version : Version = args.current_version + next_version = None + if args.component== "major": + next_version = version.next_major() + elif args.component == "minor": + next_version = version.next_minor() + elif args.component == "patch": + next_version = version.next_patch() + else: + raise ValueError(f"Invalid release type: {args.release_type}") + + if args.pre_release: + next_version.prerelease = args.pre_release + if args.build: + next_version.build = args.build + + print(next_version) \ No newline at end of file