diff --git a/.github/workflows/sync-main.yml b/.github/workflows/sync-main.yml index 99526286026b..7c929d3832fe 100644 --- a/.github/workflows/sync-main.yml +++ b/.github/workflows/sync-main.yml @@ -1,14 +1,20 @@ name: Sync Main + on: schedule: - cron: '55 * * * *' + jobs: + sync-main: + name: Sync-main runs-on: ubuntu-latest if: github.repository == 'microsoft/codeql' permissions: contents: write + pull-requests: write + steps: - name: Checkout uses: actions/checkout@v3 @@ -18,16 +24,17 @@ jobs: - name: Git config shell: bash run: | - git config user.name Dilan Bhalla - git config user.email dilanbhalla@microsoft.com - - name: Sync Main - shell: bash + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + - name: Add and fetch upstream run: | - set -x - git fetch git remote add upstream https://github.com/github/codeql.git git fetch upstream --tags --force - git merge codeql-cli/latest + - name: Create or reset sync branch + run: | + git fetch origin sync-main-pr || true + git checkout -B sync-main-pr origin/main + git merge upstream/codeql-cli/latest --no-edit || true - name: Setup CodeQL shell: bash run: | @@ -41,9 +48,20 @@ jobs: - name: Compile PowerShell Queries run: | codeql query compile --check-only --keep-going powershell/ql/src - - name: Complete Sync - shell: bash + - name: Push sync branch run: | - git push origin main - git push origin --tags --force - + git push origin sync-main-pr --force + - name: Create or update PR + run: | + PR_URL=$(gh pr list --head sync-main-pr --json url --jq '.[0].url') + if [ -z "$PR_URL" ]; then + gh pr create \ + --title "Automated sync from upstream" \ + --body "This PR syncs the latest changes from \`codeql-cli/latest\` into \`main\`." \ + --head sync-main-pr \ + --base main + else + echo "PR already exists: $PR_URL" + fi + env: + GITHUB_TOKEN: ${{ github.token }}