Skip to content

Commit

Permalink
Merge branch 'nodejs:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@samkenxstream
samkenxstream authored Jul 4, 2023
2 parents f4d5f66 + 586fcff commit 1c00cdf
Show file tree
Hide file tree
Showing 2,952 changed files with 572,984 additions and 571,424 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/scorecard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:

steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

Expand All @@ -43,7 +43,7 @@ jobs:
persist-credentials: false

- name: Run analysis
uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
with:
results_file: results.sarif
results_format: sarif
Expand Down Expand Up @@ -73,6 +73,6 @@ jobs:

# Upload the results to GitHub's code scanning dashboard.
- name: Upload to code-scanning
uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.3.6
uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
with:
sarif_file: results.sarif
77 changes: 57 additions & 20 deletions .github/workflows/update-openssl.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,35 +10,23 @@ permissions:
contents: read

jobs:
openssl-update:
openssl-v3-update:
if: github.repository == 'nodejs/node'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
persist-credentials: false
- name: Check if update branch already exists
run: |
BRANCH_EXISTS=$(git ls-remote --heads origin actions/tools-update-openssl)
echo "BRANCH_EXISTS=$BRANCH_EXISTS" >> $GITHUB_ENV
- name: Check and download new OpenSSL version
# Only run rest of the workflow if the update branch does not yet exist
if: ${{ env.BRANCH_EXISTS == '' }}
run: |
NEW_VERSION=$(gh api repos/quictls/openssl/releases -q '.[].tag_name|select(contains("openssl-3"))|ltrimstr("openssl-")' | head -n1)
NEW_VERSION_NO_RELEASE_1=$(case $NEW_VERSION in *quic1) echo ${NEW_VERSION%1};; *) echo $NEW_VERSION;; esac)
VERSION_H="./deps/openssl/config/archs/linux-x86_64/asm/include/openssl/opensslv.h"
CURRENT_VERSION=$(grep "OPENSSL_FULL_VERSION_STR" $VERSION_H | sed -n "s/^.*VERSION_STR \"\(.*\)\"/\1/p" | sed 's/+/-/g')
echo "comparing current version: $CURRENT_VERSION with $NEW_VERSION_NO_RELEASE_1"
if [ "$NEW_VERSION_NO_RELEASE_1" != "$CURRENT_VERSION" ]; then
echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
echo "HAS_UPDATE=true" >> $GITHUB_ENV
./tools/dep_updaters/update-openssl.sh download "$NEW_VERSION"
fi
./tools/dep_updaters/update-openssl.sh download_v3 > temp-output
cat temp-output
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
rm temp-output
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
- name: Create PR with first commit
if: env.HAS_UPDATE
if: env.NEW_VERSION
uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5
# Creates a PR with the new OpenSSL source code committed
env:
Expand All @@ -53,15 +41,15 @@ jobs:
path: deps/openssl
update-pull-request-title-and-body: true
- name: Regenerate platform specific files
if: env.HAS_UPDATE
if: env.NEW_VERSION
run: |
sudo apt install -y nasm libtext-template-perl
./tools/dep_updaters/update-openssl.sh regenerate
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
- name: Add second commit
# Adds a second commit to the PR with the generated platform-dependent files
if: env.HAS_UPDATE
if: env.NEW_VERSION
uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
Expand All @@ -70,3 +58,52 @@ jobs:
branch: actions/tools-update-openssl # Custom branch *just* for this Action.
commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}'
path: deps/openssl
openssl-v1-update:
if: github.repository == 'nodejs/node'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
with:
persist-credentials: false
ref: v16.x-staging
- name: Check and download new OpenSSL version
run: |
./tools/dep_updaters/update-openssl.sh download_v1 > temp-output
cat temp-output
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
rm temp-output
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
- name: Create PR with first commit
if: env.NEW_VERSION
uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329 # v1.9.2
# Creates a PR with the new OpenSSL source code committed
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:
author: Node.js GitHub Bot <[email protected]>
body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}.
branch: actions/tools-update-openssl-v1 # Custom branch *just* for this Action.
commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}'
labels: dependencies
title: '[v16.x] deps: update OpenSSL to ${{ env.NEW_VERSION }}'
path: deps/openssl
update-pull-request-title-and-body: true
- name: Regenerate platform specific files
if: env.NEW_VERSION
run: |
sudo apt install -y nasm libtext-template-perl
./tools/dep_updaters/update-openssl.sh regenerate
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
- name: Add second commit
# Adds a second commit to the PR with the generated platform-dependent files
if: env.NEW_VERSION
uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329 # v1.9.2
env:
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }}
with:
author: Node.js GitHub Bot <[email protected]>
branch: actions/tools-update-openssl-v1 # Custom branch *just* for this Action.
commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}'
path: deps/openssl
9 changes: 6 additions & 3 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,15 @@ release.
</tr>
<tr>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V20.md#20.3.0">20.3.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V20.md#20.3.1">20.3.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.3.0">20.3.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.2.0">20.2.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.1.0">20.1.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V20.md#20.0.0">20.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.16.0">18.16.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V18.md#18.16.1">18.16.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.16.0">18.16.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.15.0">18.15.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.14.2">18.14.2</a><br/>
<a href="doc/changelogs/CHANGELOG_V18.md#18.14.1">18.14.1</a><br/>
Expand All @@ -64,7 +66,8 @@ release.
<a href="doc/changelogs/CHANGELOG_V18.md#18.0.0">18.0.0</a><br/>
</td>
<td valign="top">
<b><a href="doc/changelogs/CHANGELOG_V16.md#16.20.0">16.20.0</a></b><br/>
<b><a href="doc/changelogs/CHANGELOG_V16.md#16.20.1">16.20.1</a></b><br/>
<a href="doc/changelogs/CHANGELOG_V16.md#16.20.0">16.20.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V16.md#16.19.1">16.19.1</a><br/>
<a href="doc/changelogs/CHANGELOG_V16.md#16.19.0">16.19.0</a><br/>
<a href="doc/changelogs/CHANGELOG_V16.md#16.18.1">16.18.1</a><br/>
Expand Down
Loading

0 comments on commit 1c00cdf

Please sign in to comment.