github
diff --git a/‎.github/workflows/__packaging-config-inputs-js.yml‎
Lines changed: 24 additions & 6 deletions b/‎.github/workflows/__packaging-config-inputs-js.yml‎
Lines changed: 24 additions & 6 deletions
diff --git a/‎.github/workflows/__packaging-config-js.yml‎
Lines changed: 23 additions & 5 deletions b/‎.github/workflows/__packaging-config-js.yml‎
Lines changed: 23 additions & 5 deletions
diff --git a/‎.github/workflows/__packaging-inputs-js.yml‎
Lines changed: 24 additions & 6 deletions b/‎.github/workflows/__packaging-inputs-js.yml‎
Lines changed: 24 additions & 6 deletions
diff --git a/‎.github/workflows/__split-workflow.yml‎
Lines changed: 14 additions & 6 deletions b/‎.github/workflows/__split-workflow.yml‎
Lines changed: 14 additions & 6 deletions
diff --git a/‎.github/workflows/script/update-required-checks.sh‎
Lines changed: 35 additions & 0 deletions b/‎.github/workflows/script/update-required-checks.sh‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 6 additions & 5 deletions b/‎CONTRIBUTING.md‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎lib/actions-util.js‎
Lines changed: 1 addition & 2 deletions b/‎lib/actions-util.js‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎lib/actions-util.js.map‎
Lines changed: 1 addition & 1 deletion b/‎lib/actions-util.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/analyze-action.js‎
Lines changed: 6 additions & 1 deletion b/‎lib/analyze-action.js‎
Lines changed: 6 additions & 1 deletion
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# Update the required checks based on the current branch.
+# Typically, this will be main.
+
+if [ -z "$GITHUB_TOKEN" ]; then
+  echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
+  exit 1
+fi
+
+if [ "$#" -eq 1 ]; then
+  # If we were passed an argument, pass it as a query to fzf
+  GITHUB_SHA="$@"
+elif [ "$#" -gt 1 ]; then
+  echo "Usage: $0 [SHA]"
+  echo "Update the required checks based on the SHA, or main."
+elif [ -z "$GITHUB_SHA" ]; then
+  # If we don't have a SHA, use main
+  GITHUB_SHA="$(git rev-parse main)"
+fi
+
+echo "Getting checks for $GITHUB_SHA"
+
+# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
+CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')"
+
+echo "$CHECKS" | jq
+
+echo "{\"contexts\": ${CHECKS}}" > checks.json
+
+for BRANCH in main releases/v2 releases/v1; do
+  echo "Updating $BRANCH"
+  gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
+done
+
+rm checks.json
@@ -1,5 +1,10 @@
 # CodeQL Action Changelog
 
+## 2.1.10 - 10 May 2022
+
+- Update default CodeQL bundle version to 2.9.5. [#1056](https://github.com/github/codeql-action/pull/1056)
+- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.
+
 ## 2.1.9 - 27 Apr 2022
 
 - Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
 
@@ -80,22 +80,23 @@ Here are a few things you can do that will increase the likelihood of your pull
 
 ## Keeping the PR checks up to date (admin access required)
 
-Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [Update required checks](.github/workflows/update-required-checks.yml) workflow.
 
-To regenerate the PR jobs for the action:
+Or you can use this semi-automated approach:
 
-1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):
+1. In a terminal check out the `SHA` whose checks you want to use as the base. Typically, this will be `main`. 
+2. From a terminal, run the following commands:
 
     ```sh
-    SHA= ####
+    SHA="$(git rev-parse HEAD)"
     CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
     echo "{\"contexts\": ${CHECKS}}" > checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/releases/v2/protection/required_status_checks --input checks.json
     gh api -X "PATCH" repos/github/codeql-action/branches/releases/v1/protection/required_status_checks --input checks.json
     ````
 
-2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
+3. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
 
 ## Resources