diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 98c9b8e410ca0a..edd63eddf7479a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -64,7 +64,6 @@ /lib/tls.js @nodejs/crypto @nodejs/net /src/crypto/* @nodejs/crypto /src/node_crypto* @nodejs/crypto -/deps/ncrypto/* @nodejs/crypto # http diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 4136af15cd0771..c320ff2673026b 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -30,6 +30,7 @@ on: - llhttp - minimatch - nbytes + - ncrypto - nixpkgs-unstable - nghttp2 - nghttp3 @@ -191,6 +192,14 @@ jobs: cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output + - id: ncrypto + subsystem: deps + label: dependencies + run: | + ./tools/dep_updaters/update-ncrypto.sh > temp-output + cat temp-output + tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true + rm temp-output - id: nixpkgs-unstable subsystem: tools # dont-land labels are there so we can guarantee released versions of diff --git a/Makefile b/Makefile index cad6fb029387d0..1ecba30e9602c8 100644 --- a/Makefile +++ b/Makefile @@ -1491,10 +1491,7 @@ LINT_CPP_EXCLUDE += $(LINT_CPP_ADDON_DOC_FILES) # These files were copied more or less verbatim from V8. LINT_CPP_EXCLUDE += src/tracing/trace_event.h src/tracing/trace_event_common.h -# deps/ncrypto is included in this list, as it is maintained in -# this repository, and should be linted. Eventually it should move -# to its own repo, at which point we should remove it from this list. -LINT_CPP_DEPS = deps/ncrypto/*.cc deps/ncrypto/*.h +LINT_CPP_DEPS = LINT_CPP_FILES = $(filter-out $(LINT_CPP_EXCLUDE), $(wildcard \ benchmark/napi/*/*.cc \ diff --git a/tools/dep_updaters/update-ncrypto.sh b/tools/dep_updaters/update-ncrypto.sh new file mode 100755 index 00000000000000..3a84e07f92806b --- /dev/null +++ b/tools/dep_updaters/update-ncrypto.sh @@ -0,0 +1,60 @@ +#!/bin/sh +set -ex +# Shell script to update ncrypto in the source tree to a specific version + +BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) +DEPS_DIR="$BASE_DIR/deps" +[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node" +[ -x "$NODE" ] || NODE=$(command -v node) + +# shellcheck disable=SC1091 +. "$BASE_DIR/tools/dep_updaters/utils.sh" + +NEW_VERSION="$("$NODE" --input-type=module <<'EOF' +const res = await fetch('https://api.github.com/repos/nodejs/ncrypto/releases/latest', + process.env.GITHUB_TOKEN && { + headers: { + "Authorization": `Bearer ${process.env.GITHUB_TOKEN}` + }, + }); +if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res }); +const { tag_name } = await res.json(); +console.log(tag_name.replace('v', '')); +EOF +)" + +CURRENT_VERSION=$(awk -F'"' '/^#define NCRYPTO_VERSION /{ print $2 }' "$DEPS_DIR/ncrypto/ncrypto/version.h" || true) + +# This function exit with 0 if new version and current version are the same +compare_dependency_version "ncrypto" "$NEW_VERSION" "$CURRENT_VERSION" + +echo "Making temporary workspace..." + +WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') + +cleanup () { + EXIT_CODE=$? + [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE" + exit $EXIT_CODE +} + +trap cleanup INT TERM EXIT + +echo "Fetching ncrypto source archive..." +curl -sL "https://api.github.com/repos/nodejs/ncrypto/tarball/v$NEW_VERSION" \ +| tar xz --strip-components=1 -C "$WORKSPACE" --wildcards \ + '*/README.md' \ + '*/src/engine.cpp' \ + '*/src/ncrypto.cpp' \ + '*/include/ncrypto.h' \ + '*/include/ncrypto/version.h' + +mv "$WORKSPACE/README.md" "$DEPS_DIR/ncrypto/." +mv "$WORKSPACE/src/engine.cpp" "$DEPS_DIR/ncrypto/engine.cc" +mv "$WORKSPACE/src/ncrypto.cpp" "$DEPS_DIR/ncrypto/ncrypto.cc" +mv "$WORKSPACE/include/"* "$DEPS_DIR/ncrypto/." + +# Update the version number on maintaining-dependencies.md +# and print the new version as the last line of the script as we need +# to add it to $GITHUB_ENV variable +finalize_version_update "ncrypto" "$NEW_VERSION"