From d61e3fdf0243a8a0c309df6eb18122999df7fe56 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Tue, 12 Jul 2022 17:31:31 +0100
Subject: [PATCH 1/4] Fix shellcheck errors

Avoid trying to evaluate `github/codeql-action`.
---
 .github/workflows/script/update-required-checks.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh
index 5545984e7e..bc69be9931 100755
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -3,16 +3,17 @@
 # Typically, this will be main.
 
 if [ -z "$GITHUB_TOKEN" ]; then
-  echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
+  echo "Failed: No GitHub token found. This script requires admin access to github/codeql-action."
   exit 1
 fi
 
 if [ "$#" -eq 1 ]; then
-  # If we were passed an argument, pass it as a query to fzf
-  GITHUB_SHA="$@"
+  # If we were passed an argument, use that as the SHA
+  GITHUB_SHA="$0"
 elif [ "$#" -gt 1 ]; then
   echo "Usage: $0 [SHA]"
   echo "Update the required checks based on the SHA, or main."
+  exit 1
 elif [ -z "$GITHUB_SHA" ]; then
   # If we don't have a SHA, use main
   GITHUB_SHA="$(git rev-parse main)"
@@ -21,7 +22,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == ""CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 

From 0a5dad3c83b0f0549451307bb8d03f8e63109cf9 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Tue, 12 Jul 2022 17:33:24 +0100
Subject: [PATCH 2/4] Allow authenticating via the GitHub CLI

We no longer run this script within Actions for security reasons, and
when running locally we can authenticate with the GitHub CLI instead
of a PAT.
---
 .github/workflows/script/update-required-checks.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh
index bc69be9931..1082347fe3 100755
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -2,7 +2,8 @@
 # Update the required checks based on the current branch.
 # Typically, this will be main.
 
-if [ -z "$GITHUB_TOKEN" ]; then
+if ! gh auth status 2>/dev/null; then
+  gh auth status
   echo "Failed: No GitHub token found. This script requires admin access to github/codeql-action."
   exit 1
 fi

From fbbd1dcd5294ba1ab279dc35e4a61b21ed805290 Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Tue, 12 Jul 2022 17:44:51 +0100
Subject: [PATCH 3/4] Fix extra double quote

Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
---
 .github/workflows/script/update-required-checks.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh
index 1082347fe3..c54e3c26c2 100755
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -23,7 +23,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == ""CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 

From 816b3e91bca9dcdd4438770f882f5cda2a003e4d Mon Sep 17 00:00:00 2001
From: Henry Mercer <henrymercer@github.com>
Date: Tue, 12 Jul 2022 17:52:15 +0100
Subject: [PATCH 4/4] Update failure message

Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
---
 .github/workflows/script/update-required-checks.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/script/update-required-checks.sh b/.github/workflows/script/update-required-checks.sh
index c54e3c26c2..e8e1460343 100755
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -4,7 +4,7 @@
 
 if ! gh auth status 2>/dev/null; then
   gh auth status
-  echo "Failed: No GitHub token found. This script requires admin access to github/codeql-action."
+  echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
   exit 1
 fi