From 62b450696f4805f9c2d2580c8d8c686479c6ca76 Mon Sep 17 00:00:00 2001 From: Evan Downing <2077950+evandowning@users.noreply.github.com> Date: Fri, 17 Apr 2026 12:30:50 -0400 Subject: [PATCH 1/6] automatically update qlpacks with tag. --- .github/workflows/publish.yml | 46 +++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5e0e07c..e99efd7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,9 +3,18 @@ name: Publish CodeQL packs on: release: types: [published] + workflow_dispatch: + inputs: + version: + description: "Pack version to publish (e.g. 0.3.1)" + required: true + type: string permissions: {} +env: + REGISTRY: ghcr.io + jobs: publish: runs-on: ubuntu-latest @@ -21,7 +30,44 @@ jobs: version: '2.25.1' platform: 'linux64' checksum: '4f070e6cc7009e75aec307ed109c2fcf0501e579c20a31080b893e31209523d5' + - name: Log in to the Container registry + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Resolve pack version + run: | + if [ -n "${{ inputs.version }}" ]; then + echo "PACK_VERSION=${{ inputs.version }}" >> "$GITHUB_ENV" + else + TAG="${{ github.event.release.tag_name }}" + echo "PACK_VERSION=${TAG#v}" >> "$GITHUB_ENV" + fi + - name: Set pack versions + run: | + for f in cpp/lib/qlpack.yml cpp/src/qlpack.yml go/src/qlpack.yml java/src/qlpack.yml; do + sed -i "s/^version: .*/version: $PACK_VERSION/" "$f" + done - run: make test - run: make publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Generate manifest + run: | + cat > manifest.json < Date: Fri, 17 Apr 2026 12:49:31 -0400 Subject: [PATCH 2/6] add script for updating qlpack versions --- .github/workflows/publish.yml | 29 +++++------------------------ README.md | 9 +++++++++ scripts/update-version.sh | 29 +++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 24 deletions(-) create mode 100755 scripts/update-version.sh diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e99efd7..df40089 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -3,12 +3,6 @@ name: Publish CodeQL packs on: release: types: [published] - workflow_dispatch: - inputs: - version: - description: "Pack version to publish (e.g. 0.3.1)" - required: true - type: string permissions: {} @@ -36,33 +30,20 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Resolve pack version - run: | - if [ -n "${{ inputs.version }}" ]; then - echo "PACK_VERSION=${{ inputs.version }}" >> "$GITHUB_ENV" - else - TAG="${{ github.event.release.tag_name }}" - echo "PACK_VERSION=${TAG#v}" >> "$GITHUB_ENV" - fi - - name: Set pack versions - run: | - for f in cpp/lib/qlpack.yml cpp/src/qlpack.yml go/src/qlpack.yml java/src/qlpack.yml; do - sed -i "s/^version: .*/version: $PACK_VERSION/" "$f" - done - run: make test - run: make publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Generate manifest run: | + version() { grep '^version:' "$1" | cut -d' ' -f2; } cat > manifest.json < + ``` +1. Create a release on GitHub, create a new tag, and autogenerate release notes. + diff --git a/scripts/update-version.sh b/scripts/update-version.sh new file mode 100755 index 0000000..5963bc0 --- /dev/null +++ b/scripts/update-version.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -euo pipefail + +if [[ $# -ne 1 ]]; then + echo "Usage: $0 " >&2 + echo "Example: $0 0.4.0" >&2 + exit 1 +fi + +version="$1" + +if [[ ! "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Error: version must be semver (X.Y.Z), got: $version" >&2 + exit 1 +fi + +packs=( + cpp/lib/qlpack.yml + cpp/src/qlpack.yml + go/src/qlpack.yml + java/src/qlpack.yml +) + +for f in "${packs[@]}"; do + tmp="$(mktemp)" + sed "s/^version: .*/version: $version/" "$f" >"$tmp" + mv "$tmp" "$f" + echo "Updated $f -> $version" +done From 8392e77650f2efb6a5120161e3ebb237945aa9fa Mon Sep 17 00:00:00 2001 From: Evan Downing <2077950+evandowning@users.noreply.github.com> Date: Fri, 17 Apr 2026 14:14:45 -0400 Subject: [PATCH 3/6] update versions and readme --- .github/workflows/publish.yml | 14 +++++++++----- README.md | 3 ++- go/src/qlpack.yml | 2 +- java/src/qlpack.yml | 2 +- scripts/update-version.sh | 11 +++++++++++ 5 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index df40089..a39307f 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -36,14 +36,18 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Generate manifest run: | - version() { grep '^version:' "$1" | cut -d' ' -f2; } + version() { grep -m1 '^version: ' "$1" | cut -d' ' -f2; } + cpp_all="$(version cpp/lib/qlpack.yml)" + cpp_queries="$(version cpp/src/qlpack.yml)" + go_queries="$(version go/src/qlpack.yml)" + java_queries="$(version java/src/qlpack.yml)" cat > manifest.json < ``` -1. Create a release on GitHub, create a new tag, and autogenerate release notes. +1. Create a release on GitHub, create a new tag, and autogenerate release notes. diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index fe2fb0e..be7ca7c 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/go-queries description: CodeQL queries for Go developed by Trail of Bits authors: Trail of Bits -version: 0.2.1 +version: 0.3.0 license: AGPL library: false extractor: go diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index 0ec638e..e613be7 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/java-queries description: CodeQL queries for Java developed by Trail of Bits authors: Trail of Bits -version: 0.0.1 +version: 0.3.0 license: AGPL library: false extractor: java-kotlin diff --git a/scripts/update-version.sh b/scripts/update-version.sh index 5963bc0..42c1dc6 100755 --- a/scripts/update-version.sh +++ b/scripts/update-version.sh @@ -21,6 +21,17 @@ packs=( java/src/qlpack.yml ) +for f in "${packs[@]}"; do + if [[ ! -f "$f" ]]; then + echo "Error: file not found: $f (run from repo root)" >&2 + exit 1 + fi + if ! grep -q '^version: ' "$f"; then + echo "Error: no 'version:' line in $f" >&2 + exit 1 + fi +done + for f in "${packs[@]}"; do tmp="$(mktemp)" sed "s/^version: .*/version: $version/" "$f" >"$tmp" From 6a6bec6f827484ff3cd3088e8435c983410cbe29 Mon Sep 17 00:00:00 2001 From: Evan Downing <2077950+evandowning@users.noreply.github.com> Date: Fri, 17 Apr 2026 15:41:57 -0400 Subject: [PATCH 4/6] remove manifest --- .github/workflows/publish.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a39307f..48f3ec6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -34,25 +34,3 @@ jobs: - run: make publish env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Generate manifest - run: | - version() { grep -m1 '^version: ' "$1" | cut -d' ' -f2; } - cpp_all="$(version cpp/lib/qlpack.yml)" - cpp_queries="$(version cpp/src/qlpack.yml)" - go_queries="$(version go/src/qlpack.yml)" - java_queries="$(version java/src/qlpack.yml)" - cat > manifest.json < Date: Fri, 17 Apr 2026 15:44:00 -0400 Subject: [PATCH 5/6] update version --- cpp/lib/qlpack.yml | 2 +- cpp/src/qlpack.yml | 2 +- go/src/qlpack.yml | 2 +- java/src/qlpack.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/lib/qlpack.yml b/cpp/lib/qlpack.yml index ef8dd2f..b8f7d3e 100644 --- a/cpp/lib/qlpack.yml +++ b/cpp/lib/qlpack.yml @@ -1,7 +1,7 @@ --- name: trailofbits/cpp-all authors: Trail of Bits -version: 0.3.0 +version: 0.3.1 license: AGPL library: true extractor: cpp diff --git a/cpp/src/qlpack.yml b/cpp/src/qlpack.yml index ed95979..9f5b890 100644 --- a/cpp/src/qlpack.yml +++ b/cpp/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/cpp-queries description: CodeQL queries for C and C++ developed by Trail of Bits authors: Trail of Bits -version: 0.3.0 +version: 0.3.1 license: AGPL library: false extractor: cpp diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index be7ca7c..ad9e7d1 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/go-queries description: CodeQL queries for Go developed by Trail of Bits authors: Trail of Bits -version: 0.3.0 +version: 0.3.1 license: AGPL library: false extractor: go diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index e613be7..9ac57e6 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/java-queries description: CodeQL queries for Java developed by Trail of Bits authors: Trail of Bits -version: 0.3.0 +version: 0.3.1 license: AGPL library: false extractor: java-kotlin From 5f4eba6c2024df4f57d46a0f6fe341828b7057da Mon Sep 17 00:00:00 2001 From: Evan Downing <2077950+evandowning@users.noreply.github.com> Date: Fri, 17 Apr 2026 15:45:19 -0400 Subject: [PATCH 6/6] revert version --- cpp/lib/qlpack.yml | 2 +- cpp/src/qlpack.yml | 2 +- go/src/qlpack.yml | 2 +- java/src/qlpack.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/lib/qlpack.yml b/cpp/lib/qlpack.yml index b8f7d3e..ef8dd2f 100644 --- a/cpp/lib/qlpack.yml +++ b/cpp/lib/qlpack.yml @@ -1,7 +1,7 @@ --- name: trailofbits/cpp-all authors: Trail of Bits -version: 0.3.1 +version: 0.3.0 license: AGPL library: true extractor: cpp diff --git a/cpp/src/qlpack.yml b/cpp/src/qlpack.yml index 9f5b890..ed95979 100644 --- a/cpp/src/qlpack.yml +++ b/cpp/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/cpp-queries description: CodeQL queries for C and C++ developed by Trail of Bits authors: Trail of Bits -version: 0.3.1 +version: 0.3.0 license: AGPL library: false extractor: cpp diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index ad9e7d1..be7ca7c 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/go-queries description: CodeQL queries for Go developed by Trail of Bits authors: Trail of Bits -version: 0.3.1 +version: 0.3.0 license: AGPL library: false extractor: go diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index 9ac57e6..e613be7 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -2,7 +2,7 @@ name: trailofbits/java-queries description: CodeQL queries for Java developed by Trail of Bits authors: Trail of Bits -version: 0.3.1 +version: 0.3.0 license: AGPL library: false extractor: java-kotlin