Skip to content

Merge pull request #166 from advanced-security/dependabot/cargo/extra… #144

Merge pull request #166 from advanced-security/dependabot/cargo/extra…

Merge pull request #166 from advanced-security/dependabot/cargo/extra… #144

Workflow file for this run

name: Build and Publish Extractor Pack
on:
push:
branches: ["main"]
workflow_dispatch:
permissions:
contents: write
packages: write
jobs:
release-check:
runs-on: ubuntu-latest
outputs:
release: ${{ steps.get_version.outputs.release }}
version: ${{ steps.get_version.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: "Check release version"
id: get_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -e
pip install yq
current_version=$(cat .release.yml | yq -r ".version")
released_version=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/:owner/:repo/releases/latest | jq -r ".tag_name")
if [[ "$current_version" == "NA" || "$current_version" == "$released_version" ]]; then
echo "No new release found"
echo "release=false" >> "$GITHUB_OUTPUT"
else
echo "New release found"
echo "version=$current_version" >> "$GITHUB_OUTPUT"
echo "release=true" >> "$GITHUB_OUTPUT"
fi
queries:
runs-on: ubuntu-latest
needs: [release-check]
if: ${{ needs.release-check.outputs.release == 'true' }}
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
packs: ["lib", "src"]
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Check and Publish CodeQL Packs"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
PACK_PATH=ql/${{ matrix.packs }}/qlpack.yml
CURRENT_VERSION=$(grep version $PACK_PATH | awk '{print $2}')
PACK_FULLNAME=$(cat $PACK_PATH | grep "name:" | awk '{print $2}')
PACK_NAME=$(echo $PACK_FULLNAME | awk -F '/' '{print $2}')
PUBLISHED_VERSION=$(gh api /orgs/advanced-security/packages/container/$PACK_NAME/versions --jq '.[0].metadata.container.tags[0]')
echo "Packs :: ${CURRENT_VERSION} -> ${PUBLISHED_VERSION}"
if [ "$PUBLISHED_VERSION" != "$CURRENT_VERSION" ]; then
gh extension install github/gh-codeql
gh codeql pack install "ql/${{ matrix.packs }}"
gh codeql pack publish "ql/${{ matrix.packs }}"
fi
compile:
runs-on: ubuntu-latest
needs: [release-check]
if: ${{ needs.release-check.outputs.release == 'true' }}
steps:
- uses: actions/checkout@v4
- name: "Publish Extractor Pack"
if: github.ref == 'refs/heads/main'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
./scripts/publish-extractor-pack.sh