apply changes to test PR

Author: nickfyson

.github/actions/prepare-test/action.yml

@@ -49,7 +49,7 @@ runs:
           echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version-manual/$artifact_name" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == *"stable"* ]]; then
           version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
-          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
+          echo "tools-url=https://github.com/nickfyson-org/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == "latest" ]]; then
           echo "tools-url=latest" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == "default" ]]; then

.github/pull_request_template.md

@@ -1,5 +1,5 @@
 ### Merge / deployment checklist
 
 - [ ] Confirm this change is backwards compatible with existing workflows.
-- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) has been updated if necessary.
-- [ ] Confirm the [changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) has been updated if necessary.
+- [ ] Confirm the [readme](https://github.com/nickfyson-org/codeql-action/blob/main/README.md) has been updated if necessary.
+- [ ] Confirm the [changelog](https://github.com/nickfyson-org/codeql-action/blob/main/CHANGELOG.md) has been updated if necessary.

.github/update-release-branch.py

@@ -1,5 +1,6 @@
 import argparse
 import datetime
+import re
 from github import Github
 import json
 import os
@@ -174,6 +175,59 @@ def get_today_string():
   today = datetime.datetime.today()
   return '{:%d %b %Y}'.format(today)
 
+def process_changelog_for_backports(source_branch_major_version, target_branch_major_version):
+
+  # changelog entries can use the following format to indicate
+  # that they only apply to newer versions
+  some_versions_only_regex = re.compile(r'\[v(\d+)\+ only\]')
+
+  output = ''
+
+  with open('CHANGELOG.md', 'r') as f:
+
+    # until we find the first section, just duplicate all lines
+    while True:
+      line = f.readline()
+      if not line:
+        raise Exception('Could not find the first changed section in CHANGELOG') # EOF
+
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        # we have found the first section, so now handle things differently
+        break
+
+    # found_content tracks whether we hit two headings in a row
+    found_content = False
+    output += '\n'
+    while True:
+      line = f.readline()
+      if not line:
+        break # EOF
+      line = line.rstrip('\n')
+
+      # filter out changenote entries that apply only to newer versions
+      match = some_versions_only_regex.search(line)
+      if match:
+        if int(target_branch_major_version) < int(match.group(1)):
+          continue
+
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        if found_content == False:
+          # we have found two headings in a row, so we need to add the placeholder message.
+          output += 'No user facing changes.\n'
+        found_content = False
+        output += f'\n{line}\n\n'
+      else:
+        if line.strip() != '':
+          found_content = True
+          # we use the original line here, rather than the stripped version
+          # so that we preserve indentation
+          output += line + '\n'
+
+    with open('CHANGELOG.md', 'w') as f:
+      f.write(output)
+
 def update_changelog(version):
   if (os.path.exists('CHANGELOG.md')):
     content = ''
@@ -201,7 +255,7 @@ def main():
     '--repository-nwo',
     type=str,
     required=True,
-    help='The nwo of the repository, for example github/codeql-action.'
+    help='The nwo of the repository, for example nickfyson-org/codeql-action.'
   )
   parser.add_argument(
     '--source-branch',
@@ -324,13 +378,7 @@ def main():
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
     print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')
-    subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md'])
-
-    # Remove changelog notes from all versions that do not apply to the vOlder branch
-    print(f'Removing changelog notes that do not apply to v{target_branch_major_version}')
-    for v in range(int(source_branch_major_version), int(target_branch_major_version), -1):
-      print(f'Removing changelog notes that are tagged [v{v}+ only\]')
-      subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md'])
+    process_changelog_for_backports(source_branch_major_version, target_branch_major_version)
 
     # Amend the commit generated by `npm version` to update the CHANGELOG
     run_git('add', 'CHANGELOG.md')

.github/workflows/check-expected-release-files.yml

@@ -21,5 +21,5 @@ jobs:
           bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
           set -x
           for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz"; do
-            curl --location --fail --head --request GET "https://github.com/github/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null
+            curl --location --fail --head --request GET "https://github.com/nickfyson-org/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null
           done

.github/workflows/post-release-mergeback.yml

@@ -21,7 +21,7 @@ on:
 jobs:
   merge-back:
     runs-on: ubuntu-latest
-    if: github.repository == 'github/codeql-action'
+    if: github.repository == 'nickfyson-org/codeql-action'
     env:
       BASE_BRANCH: "${{ github.event.inputs.baseBranch || 'main' }}"
       HEAD_BRANCH: "${{ github.head_ref || github.ref }}"

.github/workflows/rebuild.yml

@@ -21,7 +21,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
         run: |
-          gh pr edit --repo github/codeql-action "$PR_NUMBER" \
+          gh pr edit --repo nickfyson-org/codeql-action "$PR_NUMBER" \
             --remove-label "Rebuild"
 
       - name: Compile TypeScript
@@ -55,6 +55,6 @@ jobs:
             git push origin "HEAD:$BRANCH"
             echo "Pushed a commit to rebuild the Action." \
               "Please mark the PR as ready for review to trigger PR checks." |
-              gh pr comment --body-file - --repo github/codeql-action "$PR_NUMBER"
-            gh pr ready --undo --repo github/codeql-action "$PR_NUMBER"
+              gh pr comment --body-file - --repo nickfyson-org/codeql-action "$PR_NUMBER"
+            gh pr ready --undo --repo nickfyson-org/codeql-action "$PR_NUMBER"
           fi

.github/workflows/script/update-required-checks.sh

@@ -4,7 +4,7 @@
 
 if ! gh auth status 2>/dev/null; then
   gh auth status
-  echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
+  echo "Failed: Not authorized. This script requires admin access to nickfyson-org/codeql-action through the gh CLI."
   exit 1
 fi
 
@@ -23,15 +23,15 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
+CHECKS="$(gh api repos/nickfyson-org/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 
 echo "{\"contexts\": ${CHECKS}}" > checks.json
 
 for BRANCH in main releases/v2; do
   echo "Updating $BRANCH"
-  gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
+  gh api --silent -X "PATCH" "repos/nickfyson-org/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
 done
 
 rm checks.json

.github/workflows/update-dependencies.yml

@@ -8,7 +8,7 @@ jobs:
     name: Update dependencies
     timeout-minutes: 45
     runs-on: macos-latest
-    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
+    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'nickfyson-org/codeql-action')
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -37,6 +37,6 @@ jobs:
           git push origin "HEAD:$BRANCH"
           echo "Pushed a commit to update the checked-in dependencies." \
             "Please mark the PR as ready for review to trigger PR checks." |
-            gh pr comment --body-file - --repo github/codeql-action "${{ github.event.pull_request.number }}"
-          gh pr ready --undo --repo github/codeql-action "${{ github.event.pull_request.number }}"
+            gh pr comment --body-file - --repo nickfyson-org/codeql-action "${{ github.event.pull_request.number }}"
+          gh pr ready --undo --repo nickfyson-org/codeql-action "${{ github.event.pull_request.number }}"
         fi

.github/workflows/update-release-branch.yml

@@ -15,7 +15,7 @@ jobs:
 
   prepare:
     runs-on: ubuntu-latest
-    if: github.repository == 'github/codeql-action'
+    if: github.repository == 'nickfyson-org/codeql-action'
     outputs:
       version: ${{ steps.versions.outputs.version }}
       major_version: ${{ steps.versions.outputs.major_version }}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -10,7 +10,7 @@ jobs:
     name: Update Supported Enterprise Server Versions
     timeout-minutes: 45
     runs-on: ubuntu-latest
-    if: ${{ github.repository == 'github/codeql-action' }}
+    if: ${{ github.repository == 'nickfyson-org/codeql-action' }}
 
     steps:
       - name: Setup Python