github · simon-engledew · Nov 9, 2020 · Oct 26, 2020 · Nov 2, 2020 · Nov 2, 2020
@@ -15,7 +15,11 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - uses: ./init
+      id: init
       with:
         languages: javascript
         config-file: ./.github/codeql/codeql-config.yml
+    # confirm steps.init.outputs.codeql-path points to the codeql binary
+    - name: Print CodeQL Version
+      run: ${{steps.init.outputs.codeql-path}} version --format=json
     - uses: ./analyze
@@ -44,6 +44,7 @@ jobs:
 
     - name: Initialize CodeQL
       uses: ./init
+      id: init
       with:
         tools: latest
         languages: python
@@ -62,8 +63,7 @@ jobs:
         esac
         echo ${basePath}
 
-        codeql_version="0.0.0-$(cat "$GITHUB_WORKSPACE/src/defaults.json" | jq -r .bundleVersion | rev | cut -d - -f 1 | rev)"
-        $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "${basePath}/hostedtoolcache/CodeQL/$codeql_version/x64/codeql"
+        $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})"
     - name: Setup for extractor
       run: |
         echo $CODEQL_PYTHON

@@ -0,0 +1,43 @@
+name: Update Supported Enterprise Server Versions
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  update-supported-enterprise-server-versions:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: "3.7"
+      - name: Checkout CodeQL Action
+        uses: actions/checkout@v2
+      - name: Checkout Enterprise Releases
+        uses: actions/checkout@v2
+        with:
+          repository: github/enterprise-releases
+          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
+          path: ${{ github.workspace }}/enterprise-releases/
+      - name: Update Supported Enterprise Server Versions
+        run: |
+          cd ./.github/workflows/update-supported-enterprise-server-versions/
+          python3 -m pip install pipenv
+          pipenv install
+          pipenv run ./update.py
+          rm --recursive "$ENTERPRISE_RELEASES_PATH"
+          npm run build
+        env:
+          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
+      - name: Commit Changes
+        uses: peter-evans/create-pull-request@c7f493a8000b8aeb17a1332e326ba76b57cb83eb # v3.4.1
+        with:
+          commit-message: Update supported GitHub Enterprise Server versions.
+          title: Update supported GitHub Enterprise Server versions.
+          body: ""
+          author: GitHub <noreply@github.com>
+          branch: update-supported-enterprise-server-versions
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,9 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+semver = "*"
@@ -0,0 +1,43 @@
+#!/usr/bin/env python3
+import datetime
+import json
+import os
+import pathlib
+
+import semver
+
+_API_COMPATIBILITY_PATH = pathlib.Path(__file__).absolute().parents[3] / "src" / "api-compatibility.json"
+_ENTERPRISE_RELEASES_PATH = pathlib.Path(os.environ["ENTERPRISE_RELEASES_PATH"])
+_RELEASE_FILE_PATH = _ENTERPRISE_RELEASES_PATH / "releases.json"
+_FIRST_SUPPORTED_RELEASE = semver.VersionInfo.parse("2.22.0") # Versions older than this did not include Code Scanning.
+
+def main():
+	api_compatibility_data = json.loads(_API_COMPATIBILITY_PATH.read_text())
+
+	releases = json.loads(_RELEASE_FILE_PATH.read_text())
+	oldest_supported_release = None
+	newest_supported_release = semver.VersionInfo.parse(api_compatibility_data["maximumVersion"] + ".0")
+
+	for release_version_string, release_data in releases.items():
+		release_version = semver.VersionInfo.parse(release_version_string + ".0")
+		if release_version < _FIRST_SUPPORTED_RELEASE:
+			continue
+
+		if release_version > newest_supported_release:
+			feature_freeze_date = datetime.date.fromisoformat(release_data["feature_freeze"])
+			if feature_freeze_date < datetime.date.today() + datetime.timedelta(weeks=2):
+				newest_supported_release = release_version
+
+		if oldest_supported_release is None or release_version < oldest_supported_release:
+			end_of_life_date = datetime.date.fromisoformat(release_data["end"])
+			if end_of_life_date > datetime.date.today():
+				oldest_supported_release = release_version
+
+	api_compatibility_data = {
+		"minimumVersion": f"{oldest_supported_release.major}.{oldest_supported_release.minor}",
+		"maximumVersion": f"{newest_supported_release.major}.{newest_supported_release.minor}",
+	}
+	_API_COMPATIBILITY_PATH.write_text(json.dumps(api_compatibility_data, sort_keys=True) + "\n")
+
+if __name__ == "__main__":
+	main()
@@ -36,6 +36,7 @@ It is possible to run this action locally via [act](https://github.com/nektos/ac
 
   ```bash
   CODEQL_LOCAL_RUN=true
+  GITHUB_SERVER_URL=https://github.com
 
   # Optional, for better logging
   GITHUB_JOB=<ANY_JOB_NAME>

@@ -23,6 +23,9 @@ inputs:
     description: Try to auto-install your python dependencies
     required: true
     default: 'true'
+outputs:
+  codeql-path:
+    description: The path of the CodeQL binary used for analysis
 runs:
   using: 'node12'
   main: '../lib/init-action.js'