chore: kickoff release

Author: ameter

.github/codeql/config.yml

@@ -0,0 +1,11 @@
+name: "CodeQL config"
+
+queries: 
+  # - uses: security-and-quality
+  - uses: github/codeql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql@8cd261af0ed7edb7cd6b8ea6a0ffd99033b79783
+  # The following line will need to be changed if/when GitHub move UntrustedCheckout out of experimental
+  - uses: github/codeql/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql@8cd261af0ed7edb7cd6b8ea6a0ffd99033b79783
+
+paths:
+  - .github
+  - fastlane

.github/codeql/enable_codeql.js

@@ -0,0 +1,5 @@
+/* 
+GitHub CodeQL scanning is used to scan for errors in GitHub Actions workflows (.yml), 
+but currently requires a non-empty JavaScript file to work.
+*/
+const why = 'This is needed to run CodeQL on GitHub Actions files.';

.github/workflows/cleanup_labels_issue_close.yml

@@ -13,7 +13,7 @@ jobs:
   cleanup:
     name: Remove labels 
     runs-on: ubuntu-latest
-    if: ${{ !github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'pending-response') || contains(github.event.issue.labels.*.name, 'closing soon')) || contains(github.event.issue.labels.*.name, 'pending-release')) }}
+    if: ${{ !github.event.issue.pull_request && (contains(github.event.issue.labels.*.name, 'pending-response') || contains(github.event.issue.labels.*.name, 'closing soon') || contains(github.event.issue.labels.*.name, 'pending-release')) }}
 
     steps:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

.github/workflows/codeql.yml

@@ -0,0 +1,54 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: 
+      - main
+      - dev-preview
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches:
+      - main
+      - dev-preview
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: '30 1 * * 0'
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['javascript']
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@822fe5ef9a15bd752ef127e9ff6eac38ec37dd9c
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/config.yml
+        debug: true
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@822fe5ef9a15bd752ef127e9ff6eac38ec37dd9c
+

.github/workflows/block_manual_pr_release.yml renamed to .github/workflows/release_block_manual_pr.yml

@@ -0,0 +1,24 @@
+# Validates and merges release PRs after they have been approved. 
+name: Merge Release PR
+
+on:
+  pull_request_review:
+    types:
+      - submitted
+
+permissions:
+  contents: write
+
+jobs:
+  check:
+    name: Validate and Merge PR
+    runs-on: ubuntu-latest      
+    if: "${{ github.event.pull_request.base.ref == 'release' && github.event.pull_request.head.ref == 'main' && github.event.pull_request.title == 'chore: kickoff release' && github.event.review.state == 'approved' }}"
+    
+    steps:
+      - name: Merge PR
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR: ${{ github.event.pull_request.number }}
+        run: "gh pr merge $PR --repo aws-amplify/amplify-ios --merge --subject 'chore: kickoff release' --body ''"

.github/workflows/release.yml renamed to .github/workflows/release_kickoff.yml

@@ -25,9 +25,13 @@ extension Temporal {
         return calendar
     }()
 
-    /// Lock to ensure exclusive access
-    private static var lock = os_unfair_lock_s()
-
+    /// Pointer to lock to ensure exclusive access.
+    private static let lock: UnsafeMutablePointer<os_unfair_lock> = {
+        let pointer = UnsafeMutablePointer<os_unfair_lock>.allocate(capacity: 1)
+        pointer.initialize(to: os_unfair_lock())
+        return pointer
+    }()
+    
     /// Internal helper function to retrieve and/or create `DateFormatter`s
     /// - Parameters:
     ///   - format: The `DateFormatter().dateFormat`
@@ -37,10 +41,11 @@ extension Temporal {
         for format: String,
         in timeZone: TimeZone
     ) -> DateFormatter {
-        defer { os_unfair_lock_unlock(&lock) }
-
         // lock before read from cache
-        os_unfair_lock_lock(&lock)
+        os_unfair_lock_lock(lock)
+        
+        // unlock at return
+        defer { os_unfair_lock_unlock(lock) }
 
         // If the formatter is already in the cache and
         // the time zones match, we return it rather than

.github/workflows/release_merge_pr.yml

@@ -86,6 +86,15 @@
                <Test
                   Identifier = "DataStoreHubTests/testDataStoreDispatchesUpdateToHub()">
                </Test>
+               <Test
+                  Identifier = "MutationEventExtensionsTest/testSentModelVersionNewerThanResponseVersion_PendingEventNotReconciled()">
+               </Test>
+               <Test
+                  Identifier = "MutationEventExtensionsTest/testSentModelWithNilVersion_Reconciled()">
+               </Test>
+               <Test
+                  Identifier = "MutationEventExtensionsTest/testSentModelWithNilVersion_SecondPendingEventNotReconciled()">
+               </Test>
                <Test
                   Identifier = "OutgoingMutationQueueTests/testLocalMutationUnsubcsribesFromCloud()">
                </Test>