diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml new file mode 100644 index 000000000..bbbc29bb6 --- /dev/null +++ b/.github/workflows/automatic-updates.yml @@ -0,0 +1,54 @@ +name: Automatically update Docker image versions + +on: + schedule: + - cron: "*/15 * * * *" + +jobs: + build: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' + + steps: + - uses: actions/checkout@v3 + + - name: Run automation script + uses: actions/github-script@v6 + id: updt + with: + script: | + const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/build-automation.mjs`); + await script(github); + + - name: Create update PR + id: cpr + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + branch: update-branch + base: main + commit-message: "Update to ${{ steps.updt.outputs.updated-versions }}" + title: "Update to ${{ steps.updt.outputs.updated-versions }}" + delete-branch: true + team-reviewers: | + @nodejs/docker + + - name: Check CI status periodically + uses: actions/github-script@v6 + with: + script: | + const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/check-pr-status.mjs`); + await script(github, '${{ github.repository }}', ${{ steps.cpr.outputs.pull-request-number }}); + + - name: Auto-approve the PR + uses: juliangruber/approve-pull-request-action@v1 + with: + # Cannot use `GITHUB_TOKEN` as it's not allowed to approve own PR + github-token: ${{ secrets.GH_API_TOKEN }} + number: ${{ steps.cpr.outputs.pull-request-number }} + + - name: Merge PR + uses: juliangruber/merge-pull-request-action@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + number: ${{ steps.cpr.outputs.pull-request-number }} diff --git a/build-automation.mjs b/build-automation.mjs new file mode 100644 index 000000000..952f3b8e9 --- /dev/null +++ b/build-automation.mjs @@ -0,0 +1,104 @@ +import { promisify } from "util"; + +import child_process from "child_process"; + +const exec = promisify(child_process.exec); + +// a function that queries the Node.js release website for new versions, +// compare the available ones with the ones we use in this repo +// and returns whether we should update or not +const checkIfThereAreNewVersions = async (github) => { + try { + const { stdout: versionsOutput } = await exec(". ./functions.sh && get_versions", { shell: "bash" }); + + const supportedVersions = versionsOutput.trim().split(" "); + + let latestSupportedVersions = {}; + + for (let supportedVersion of supportedVersions) { + const { stdout } = await exec(`ls ${supportedVersion}`); + + const { stdout: fullVersionOutput } = await exec(`. ./functions.sh && get_full_version ./${supportedVersion}/${stdout.trim().split("\n")[0]}`, { shell: "bash" }); + + console.log(fullVersionOutput); + + latestSupportedVersions[supportedVersion] = { fullVersion: fullVersionOutput.trim() }; + } + + const { data: availableVersionsJson } = await github.request('https://nodejs.org/download/release/index.json'); + + // filter only more recent versions of availableVersionsJson for each major version in latestSupportedVersions' keys + // e.g. if latestSupportedVersions = { "12": "12.22.10", "14": "14.19.0", "16": "16.14.0", "17": "17.5.0" } + // and availableVersions = ["Node.js 12.22.10", "Node.js 12.24.0", "Node.js 14.19.0", "Node.js 14.22.0", "Node.js 16.14.0", "Node.js 16.16.0", "Node.js 17.5.0", "Node.js 17.8.0"] + // return { "12": "12.24.0", "14": "14.22.0", "16": "16.16.0", "17": "17.8.0" } + + let filteredNewerVersions = {}; + + for (let availableVersion of availableVersionsJson) { + const [availableMajor, availableMinor, availablePatch] = availableVersion.version.split("v")[1].split("."); + if (latestSupportedVersions[availableMajor] == null) { + continue; + } + const [_latestMajor, latestMinor, latestPatch] = latestSupportedVersions[availableMajor].fullVersion.split("."); + if (latestSupportedVersions[availableMajor] && (Number(availableMinor) > Number(latestMinor) || (availableMinor === latestMinor && Number(availablePatch) > Number(latestPatch)))) { + filteredNewerVersions[availableMajor] = { fullVersion: `${availableMajor}.${availableMinor}.${availablePatch}` }; + } + } + + return { + shouldUpdate: Object.keys(filteredNewerVersions).length > 0 && JSON.stringify(filteredNewerVersions) !== JSON.stringify(latestSupportedVersions), + versions: filteredNewerVersions, + } + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +// a function that queries the Node.js unofficial release website for new musl versions and security releases, +// and returns relevant information +const checkForMuslVersionsAndSecurityReleases = async (github, versions) => { + try { + const { data: unofficialBuildsIndexText } = await github.request('https://unofficial-builds.nodejs.org/download/release/index.json'); + + for (let version of Object.keys(versions)) { + const { data: unofficialBuildsWebsiteText } = await github.request(`https://unofficial-builds.nodejs.org/download/release/v${versions[version].fullVersion}`); + + versions[version].muslBuildExists = unofficialBuildsWebsiteText.includes("musl"); + versions[version].isSecurityRelease = unofficialBuildsIndexText.find(indexVersion => indexVersion.version === `v${versions[version].fullVersion}`)?.security; + } + return versions; + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +export default async function(github) { +// if there are no new versions, exit gracefully +// if there are new versions, +// check for musl builds +// then run update.sh + const { shouldUpdate, versions } = await checkIfThereAreNewVersions(github); + + if (!shouldUpdate) { + console.log("No new versions found. No update required."); + process.exit(0); + } else { + const newVersions = await checkForMuslVersionsAndSecurityReleases(github, versions); + let updatedVersions = []; + for (let version of Object.keys(newVersions)) { + if (newVersions[version].muslBuildExists) { + const { stdout } = await exec(`./update.sh ${newVersions[version].isSecurityRelease ? "-s " : ""}${version}`); + console.log(stdout); + updatedVersions.push(newVersions[version].fullVersion); + } else { + console.log(`There's no musl build for version ${newVersions[version].fullVersion} yet.`); + process.exit(0); + } + } + console.log(`::set-output name=updated-versions::${updatedVersions.join(',')}`); + const { stdout } = (await exec(`git diff`)); + console.log(stdout); + } +} diff --git a/check-pr-status.mjs b/check-pr-status.mjs new file mode 100644 index 000000000..799c0e35d --- /dev/null +++ b/check-pr-status.mjs @@ -0,0 +1,29 @@ +// fetch /repos/{owner}/{repo}/pulls/{pull_number} +// and check its mergeable_state +// if "clean", exit with status code 0 +// else exit with error +import { setTimeout } from 'timers/promises'; + +const tries = 10; +const retryDelay = 30000; + +export default async function(github, repository, pull_number) { + const [owner, repo] = repository.split('/'); + await setTimeout(retryDelay); + + for (let t = 0; t < tries; t++) { + try { + const { data } = await github.rest.pulls.get({owner, repo, pull_number}) + + console.log(data); + if (data.mergeable_state === 'clean') { + process.exit(0); + } + await setTimeout(retryDelay); + } catch (error) { + console.error(error); + process.exit(1); + } + } + process.exit(1); +} diff --git a/functions.sh b/functions.sh index be9c57539..df1883f73 100755 --- a/functions.sh +++ b/functions.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash # # Utlity functions +# Don't change this file unless needed +# The GitHub Action for automating new builds rely on this file info() { printf "%s\\n" "$@"