11name : Sync Main
2+
23on :
34 schedule :
45 - cron : ' 55 * * * *'
6+ workflow_dispatch :
7+
58jobs :
9+
610 sync-main :
11+
712 name : Sync-main
813 runs-on : ubuntu-latest
914 if : github.repository == 'microsoft/codeql'
1015 permissions :
1116 contents : write
17+ pull-requests : write
18+
1219 steps :
1320 - name : Checkout
1421 uses : actions/checkout@v3
@@ -20,14 +27,15 @@ jobs:
2027 run : |
2128 git config user.name Dilan Bhalla
2229 git config user.email dilanbhalla@microsoft.com
23- name : Sync Main
24- shell : bash
30+ name : Add and fetch upstream
2531 run : |
26- set -x
27- git fetch
2832 git remote add upstream https://github.com/github/codeql.git
2933 git fetch upstream --tags --force
30- git merge codeql-cli/latest
34+ name : Create or reset sync branch
35+ run : |
36+ git fetch origin sync-main-pr || true
37+ git checkout -B sync-main-pr origin/main
38+ git merge upstream/codeql-cli/latest --no-edit || true
3139name : Setup CodeQL
3240 shell : bash
3341 run : |
4149 - name : Compile PowerShell Queries
4250 run : |
4351 codeql query compile --check-only --keep-going powershell/ql/src
44- name : Complete Sync
45- shell : bash
52+ name : Push sync branch
4653 run : |
47- git push origin main
48- git push origin --tags --force
49-
54+ git push origin sync-main-pr --force
55+ name : Create or update PR
56+ run : |
57+ PR_URL=$(gh pr list --head sync-main-pr --json url --jq '.[0].url')
58+ if [ -z "$PR_URL" ]; then
59+ gh pr create \
60+ --title "Automated sync from upstream" \
61+ --body "This PR syncs the latest changes from \`codeql-cli/latest\` into \`main\`." \
62+ --head sync-main-pr \
63+ --base main
64+ else
65+ echo "PR already exists: $PR_URL"
66+ fi
67+ env :
68+ GITHUB_TOKEN : ${{ github.token }}
0 commit comments