Skip to content

ci(deps): update github/codeql-action action to v3.27.9 #3363

ci(deps): update github/codeql-action action to v3.27.9

ci(deps): update github/codeql-action action to v3.27.9 #3363

Workflow file for this run

---
name: CI
'on':
merge_group:
push:
branches: [main, 'renovate/**']
pull_request:
types: [opened, synchronize, ready_for_review, reopened]
workflow_dispatch:
inputs:
dry_run:
description: 'Dry run'
default: false
required: false
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
release:
env:
DRY_RUN: ${{ github.event_name == 'pull_request' || github.event.inputs.dry_run && 'true' || 'false' }}
FORCE_COLOR: true
name: Release
runs-on: ubuntu-latest
steps:
- id: get-workflow-access-token
name: Get Workflow Access Token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ secrets.APPLICATION_ID }}
private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
token: ${{ steps.get-workflow-access-token.outputs.token }}
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.node-version'
- name: Get Release Options
env:
IS_DEFAULT_BRANCH: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
run: |
if [[ $DRY_RUN != 'true' || $IS_DEFAULT_BRANCH == 'true' ]]; then
echo "DRY_RUN=false" >> $GITHUB_ENV
fi
- name: Semantic Release
id: semantic-release
env:
CI_FLAG: ${{ env.DRY_RUN == 'true' && 'false' || 'true' }}
GIT_AUTHOR_EMAIL: '118100583+bfra-me[bot]@users.noreply.github.com'
GIT_AUTHOR_NAME: 'bfra-me[bot]'
GIT_COMMITTER_EMAIL: '118100583+bfra-me[bot]@users.noreply.github.com'
GIT_COMMITTER_NAME: 'bfra-me[bot]'
GITHUB_TOKEN: ${{ steps.get-workflow-access-token.outputs.token }}
run: |
# Run `semantic-release`
npm install [email protected]
npm install [email protected]
npx [email protected] --dry-run ${{ env.DRY_RUN }} --ci ${{ env.CI_FLAG }}
- name: Push Release Branch To Major Branch
if: ${{ env.DRY_RUN != 'true' && steps.semantic-release.outputs.new-release-published == 'true' }}
env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ steps.get-workflow-access-token.outputs.token }}
run: |
# Update the major branch reference to the new release tag
version=${{ steps.semantic-release.outputs.new-release-version }}
sha=$(git rev-parse HEAD)
branch_name=v$(echo ${version} | cut -d . -f 1)
ref=refs/heads/${branch_name}
if [[ "$(gh api repos/{owner}/{repo}/git/ref/heads/${branch_name} 2>&1)" =~ "Not Found" ]]; then
gh api -X POST repos/{owner}/{repo}/git/refs -f ref=${ref} -f sha=$sha
else
gh api -X PATCH repos/{owner}/{repo}/git/${ref} -f sha=$sha -F force=true
fi