11name : Sync Main
2+
23on :
34 schedule :
45 - cron : ' 55 * * * *'
6+
57jobs :
8+
69 sync-main :
10+
711 name : Sync-main
812 runs-on : ubuntu-latest
913 if : github.repository == 'microsoft/codeql'
1014 permissions :
1115 contents : write
16+ pull-requests : write
17+
1218 steps :
1319 - name : Checkout
1420 uses : actions/checkout@v3
@@ -18,16 +24,17 @@ jobs:
1824 - name : Git config
1925 shell : bash
2026 run : |
21- git config user.name Dilan Bhalla
22- git config user.email [email protected] 23- name : Sync Main
24- shell : bash
27+ git config user.name "github-actions[bot]"
28+ git config user.email "github-actions[bot]@users.noreply.github.com"
29+ name : Add and fetch upstream
2530 run : |
26- set -x
27- git fetch
2831 git remote add upstream https://github.com/github/codeql.git
2932 git fetch upstream --tags --force
30- git merge codeql-cli/latest
33+ name : Create or reset sync branch
34+ run : |
35+ git fetch origin sync-main-pr || true
36+ git checkout -B sync-main-pr origin/main
37+ git merge upstream/codeql-cli/latest --no-edit || true
3138name : Setup CodeQL
3239 shell : bash
3340 run : |
4148 - name : Compile PowerShell Queries
4249 run : |
4350 codeql query compile --check-only --keep-going powershell/ql/src
44- name : Complete Sync
45- shell : bash
51+ name : Push sync branch
4652 run : |
47- git push origin main
48- git push origin --tags --force
49-
53+ git push origin sync-main-pr --force
54+ name : Create or update PR
55+ run : |
56+ PR_URL=$(gh pr list --head sync-main-pr --json url --jq '.[0].url')
57+ if [ -z "$PR_URL" ]; then
58+ gh pr create \
59+ --title "Automated sync from upstream" \
60+ --body "This PR syncs the latest changes from \`codeql-cli/latest\` into \`main\`." \
61+ --head sync-main-pr \
62+ --base main
63+ else
64+ echo "PR already exists: $PR_URL"
65+ fi
66+ env :
67+ GITHUB_TOKEN : ${{ github.token }}
0 commit comments