From f27680e37ca1c1a5d8525bd5aa116a5970562544 Mon Sep 17 00:00:00 2001 From: Marco Ippolito Date: Wed, 5 Apr 2023 15:55:28 +0200 Subject: [PATCH] tools: fix update-openssl.yml compare version PR-URL: https://github.com/nodejs/node/pull/47384 Refs: https://github.com/nodejs/node/pull/46957 Reviewed-By: Rafael Gonzaga Reviewed-By: Richard Lau Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Luigi Pinca --- .github/workflows/update-openssl.yml | 71 ++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 .github/workflows/update-openssl.yml diff --git a/.github/workflows/update-openssl.yml b/.github/workflows/update-openssl.yml new file mode 100644 index 00000000000000..f79ea550b42818 --- /dev/null +++ b/.github/workflows/update-openssl.yml @@ -0,0 +1,71 @@ +name: OpenSSL update +on: + schedule: + # Run once a week at 00:05 AM UTC on Sunday. + - cron: 5 0 * * 0 + + workflow_dispatch: + +permissions: + contents: read + +jobs: + openssl-update: + if: github.repository == 'nodejs/node' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + persist-credentials: false + - name: Check if update branch already exists + run: | + BRANCH_EXISTS=$(git ls-remote --heads origin actions/tools-update-openssl) + echo "BRANCH_EXISTS=$BRANCH_EXISTS" >> $GITHUB_ENV + - name: Check and download new OpenSSL version + # Only run rest of the workflow if the update branch does not yet exist + if: ${{ env.BRANCH_EXISTS == '' }} + run: | + NEW_VERSION=$(gh api repos/quictls/openssl/releases -q '.[].tag_name|select(contains("openssl-3"))|ltrimstr("openssl-")' | head -n1) + NEW_VERSION_NO_RELEASE_1=$(case $NEW_VERSION in *quic1) echo ${NEW_VERSION%1};; *) echo $NEW_VERSION;; esac) + VERSION_H="./deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h" + CURRENT_VERSION=$(grep "OPENSSL_FULL_VERSION_STR" $VERSION_H | sed -n "s/^.*VERSION_STR \"\(.*\)\"/\1/p" | sed 's/+/-/g') + echo "comparing current version: $CURRENT_VERSION with $NEW_VERSION_NO_RELEASE_1" + if [ "$NEW_VERSION_NO_RELEASE_1" != "$CURRENT_VERSION" ]; then + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + echo "HAS_UPDATE=true" >> $GITHUB_ENV + ./tools/dep_updaters/update-openssl.sh download "$NEW_VERSION" + fi + env: + GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} + - name: Create PR with first commit + if: env.HAS_UPDATE + uses: gr2m/create-or-update-pull-request-action@v1 + # Creates a PR with the new OpenSSL source code committed + env: + GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} + with: + author: Node.js GitHub Bot + body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}. + branch: actions/tools-update-openssl # Custom branch *just* for this Action. + commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}' + labels: dependencies + title: 'deps: update OpenSSL to ${{ env.NEW_VERSION }}' + path: deps/openssl + - name: Regenerate platform specific files + if: env.HAS_UPDATE + run: | + sudo apt install -y nasm libtext-template-perl + ./tools/dep_updaters/update-openssl.sh regenerate + env: + GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} + - name: Add second commit + # Adds a second commit to the PR with the generated platform-dependent files + if: env.HAS_UPDATE + uses: gr2m/create-or-update-pull-request-action@v1 + env: + GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} + with: + author: Node.js GitHub Bot + branch: actions/tools-update-openssl # Custom branch *just* for this Action. + commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}' + path: deps/openssl