Skip to content

feat(update-codeql-version): add optional release_bump input to publish in the same PR#167

Merged
felickz merged 2 commits into
mainfrom
feat/release-bump-in-cli-update
Jul 10, 2026
Merged

feat(update-codeql-version): add optional release_bump input to publish in the same PR#167
felickz merged 2 commits into
mainfrom
feat/release-bump-in-cli-update

Conversation

@felickz

@felickz felickz commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

What

Adds an optional release_bump input (patch/minor/major, default empty) to the Update CodeQL CLI Version workflow (update-codeql-version.yml).

  • Left empty (default): unchanged behavior — the workflow only bumps .codeqlversion, re-pins codeql/* library deps, and refreshes lock files. Nothing publishes.
  • Set to patch/minor/major: the workflow additionally runs the same 42ByteLabs/patch-release-me step update-release.yml uses, in this same run — bumping the repo release version and propagating it to every pack's own version: field, configs/*.yml references, and cross-pack -libs pins, all in the same PR as the CLI/library bump.

Since publish.yml's auto-trigger fires on any push to main that changes .release.yml, merging this combined PR is then enough by itself to kick off the real batch publish — no separate update-release.yml run needed afterward. This is meant for the common case of a same-series CLI patch release expected to be low-risk (e.g. 2.21.42.21.5); a minor/major CLI bump should probably still go through the two-step flow (fix breakage first, decide separately when to publish).

Why

Requested after landing PR #163/#166 (the CLI 2.21.4 bump): today, safely publishing a CLI bump requires two separate workflow_dispatch runs (update-codeql-version.yml then update-release.yml) even when the maintainer already knows the bump is safe to publish immediately. This collapses that into one optional flag.

Changes

  • .github/workflows/update-codeql-version.yml:
    • New release_bump string input + validation step (must be empty/patch/minor/major).
    • New conditional Bump release version (optional) step (42ByteLabs/patch-release-me, same pinned version update-release.yml uses).
    • New step to read the newly-bumped release version out of .release.yml.
    • PR title/body are now built dynamically (Build PR title and body step, writing pr-body.md) so the PR clearly documents whether merging it will publish, and what's left to do either way.
  • .release.yml: added /codeql_home/ to excludes — defensive parity fix, since this new code path runs patch-release-me in a job where codeql_home/ already exists (from the earlier Setup CodeQL step), a scenario update-release.yml run standalone never encountered.
  • CONTRIBUTING.md: documents the new release_bump input and the combined-PR flow under "Updating the pinned CodeQL CLI/library version".

Testing

  • Extracted every run: step from the workflow YAML and validated with bash -n — all pass.
  • Simulated the "Build PR title and body" step's shell logic locally (both with and without release_bump set) and confirmed the rendered PR title/body markdown is correct (proper backtick code-formatting, no stray backslashes, correct possessives) in both branches.
  • Cross-checked permissions (contents: read) match update-release.yml's existing, already-working use of the same patch-release-me action.
  • Not yet live-tested via workflow_dispatch with release_bump set — plan to do that as a follow-up once this merges, using a low-risk patch-level CLI bump.

Co-authored-by: Copilot App 223556219+Copilot@users.noreply.github.com

…a release into the same PR

Adds an optional 'release_bump' string input (patch/minor/major, default
empty) to update-codeql-version.yml. When set, the workflow runs the same
42ByteLabs/patch-release-me step update-release.yml uses, in the same run,
folding a full release bump (every pack's version:, configs/*.yml refs,
and cross-pack -libs pins) into the CLI/library dependency-refresh PR.

Since publish.yml's auto-trigger fires on any push to main that changes
.release.yml, merging this combined PR is then enough by itself to kick
off the real batch publish - no separate update-release.yml run needed
afterward for same-series patch bumps expected to be safe.

Also:
- Adds /codeql_home/ to .release.yml's excludes, since the new release_bump
  code path runs patch-release-me in a job where codeql_home/ already
  exists (from the earlier Setup CodeQL step) - a scenario update-release.yml,
  run standalone, never previously encountered.
- Rewrites the PR title/body generation to branch on whether release_bump
  was set, so the PR clearly documents whether merging it will publish.
- Documents the new input and combined-PR flow in CONTRIBUTING.md's
  'Updating the pinned CodeQL CLI/library version' section.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 10, 2026 19:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an optional “release bump” path to the existing CodeQL CLI version-bump automation so maintainers can (optionally) bump the repo/pack release versions in the same PR as the CLI/library refresh, and documents the combined flow.

Changes:

  • Add release_bump (patch/minor/major, default empty) to update-codeql-version.yml, conditionally running 42ByteLabs/patch-release-me and generating a dynamic PR title/body.
  • Update .release.yml excludes to ignore codeql_home/ when the release bump runs in the same job as CodeQL setup.
  • Update CONTRIBUTING.md to document the new one-PR “refresh + optional release bump” workflow.
Show a summary per file
File Description
CONTRIBUTING.md Documents the new optional combined flow and clarifies the post-PR checklist based on release_bump.
.release.yml Excludes codeql_home/ to avoid release-bump tooling touching the downloaded CLI directory.
.github/workflows/update-codeql-version.yml Adds the optional release-bump path and dynamically constructs PR title/body based on whether publishing will be triggered on merge.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 3/3 changed files
  • Comments generated: 1
  • Review effort level: Low

Comment thread .github/workflows/update-codeql-version.yml Outdated
…tree

Write the generated PR body to \ instead of the repo root, so
peter-evans/create-pull-request doesn't pick it up as an untracked file and
accidentally commit it into the PR it opens.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@felickz felickz merged commit a49e01a into main Jul 10, 2026
19 checks passed
@felickz felickz deleted the feat/release-bump-in-cli-update branch July 10, 2026 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants