Cirrus: Detect when dependency versions need a bump
Jeremy Rand
3 years ago
parent
cb78a383cc
commit
d4129e0124
@ -0,0 +1,200 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
shopt -s nullglob globstar
|
||||
|
||||
UPDATE_NEEDED=0
|
||||
|
||||
git branch bump-deps
|
||||
git checkout bump-deps
|
||||
|
||||
# project Git hashes
|
||||
|
||||
for PROJECTPATH in ./projects/*
|
||||
do
|
||||
PROJECT=$(basename ${PROJECTPATH})
|
||||
|
||||
# Tor devs are in charge of their dependencies that we load via symlink
|
||||
if [[ -L "${PROJECTPATH}" || "${PROJECT}" = goxcrypto* || "${PROJECT}" = goxnet* || "${PROJECT}" = goxsys* ]]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
|
||||
# Electrum devs are in charge of their dependencies
|
||||
PROJECT_IS_ELECTRUM_DEP=1
|
||||
grep "project: ${PROJECT}" ./projects/electrum-nmc/config > /dev/null || PROJECT_IS_ELECTRUM_DEP=0
|
||||
if [ "$PROJECT_IS_ELECTRUM_DEP" = 1 ]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
|
||||
# x509-signature-splice branch depends on Go version, so it won't always be the latest
|
||||
if [ "${PROJECT}" = "gox509signaturesplice" ]
|
||||
then
|
||||
continue
|
||||
fi
|
||||
|
||||
# rbm showconf will fail for projects that don't have a git_hash variable,
|
||||
# so we catch the failure and move on to the next project.
|
||||
GIT_REV=$(./rbm/rbm showconf ${PROJECT} git_hash) || continue
|
||||
|
||||
VERSION=$(./rbm/rbm showconf ${PROJECT} version)
|
||||
VERSION_IS_NUMBER=1
|
||||
if (echo "${GIT_REV}" | grep "^${VERSION}")
|
||||
then
|
||||
# The version is a Git hash rather than a number.
|
||||
VERSION_IS_NUMBER=0
|
||||
fi
|
||||
|
||||
GIT_URL=$(./rbm/rbm showconf ${PROJECT} git_url)
|
||||
|
||||
REMOTE_TAGS=$(git ls-remote --tags "${GIT_URL}")
|
||||
if [ "${REMOTE_TAGS}" = "" ] || [ "${VERSION_IS_NUMBER}" = 0 ]
|
||||
then
|
||||
# Either there are no tags on the remote Git repo, or this project does
|
||||
# not use a tagged version. Use HEAD instead of a tag.
|
||||
LATEST_TAG=HEAD
|
||||
LATEST_TAG_HASH=$(git ls-remote "${GIT_URL}" HEAD | awk '{print $1}')
|
||||
else
|
||||
LATEST_TAG=$(git ls-remote --tags "${GIT_URL}" | grep -v '\^{}' | awk '{print $2}' | awk -F"/" '{print $3}' | sort -V | grep -v "weekly" | tail --lines=1)
|
||||
|
||||
# We use tail here because we want ${LATEST_TAG}^{} if it exists (it's
|
||||
# the one that the GitHub UI shows).
|
||||
LATEST_TAG_HASH=$(git ls-remote "${GIT_URL}" ${LATEST_TAG} ${LATEST_TAG}^{} | tail --lines=1 | awk '{print $1}')
|
||||
fi
|
||||
LATEST_INFO=$(git ls-remote "${GIT_URL}" HEAD ${LATEST_TAG} ${LATEST_TAG}^{})
|
||||
|
||||
PROJECT_UPDATE_NEEDED=0
|
||||
echo "${LATEST_INFO}" | grep ${GIT_REV} > /dev/null || PROJECT_UPDATE_NEEDED=1
|
||||
if [ "${PROJECT_UPDATE_NEEDED}" = 1 ]
|
||||
then
|
||||
UPDATE_NEEDED=1
|
||||
echo "${PROJECT}: rbm uses ${GIT_REV}, latest at remote ${GIT_URL} are:
|
||||
${LATEST_INFO}"
|
||||
|
||||
sed --in-place "s/${GIT_REV}/${LATEST_TAG_HASH}/g" "./projects/${PROJECT}/config"
|
||||
if [ "${VERSION_IS_NUMBER}" = 1 ]
|
||||
then
|
||||
VERSION_STRIPPED=$(echo ${VERSION} | grep --only-matching -E '[0-9\.]+')
|
||||
LATEST_VERSION_STRIPPED=$(echo ${LATEST_TAG} | grep --only-matching -E '[0-9\.]+')
|
||||
sed --in-place "s/${VERSION_STRIPPED}/${LATEST_VERSION_STRIPPED}/g" "./projects/${PROJECT}/config"
|
||||
fi
|
||||
git add "./projects/${PROJECT}/config"
|
||||
fi
|
||||
done
|
||||
|
||||
# ncdns-nsis dependencies
|
||||
|
||||
# ncdns-nsis isn't merged yet.
|
||||
if false
|
||||
then
|
||||
|
||||
BIND_VERSION=$(./rbm/rbm showconf ncdns-nsis var/bind_version)
|
||||
LATEST_BIND_VERSION=$(curl https://ftp.isc.org/isc/bind/ | grep --only-matching '"[0-9]*\.[0-9]*\.[0-9]*/"' | tail --lines=1 | grep --only-matching '[0-9]*\.[0-9]*\.[0-9]*')
|
||||
|
||||
if [ "${BIND_VERSION}" != "(${LATEST_BIND_VERSION})" ]
|
||||
then
|
||||
UPDATE_NEEDED=1
|
||||
echo "BIND: ncdns-nsis uses ${BIND_VERSION}, latest tag is ${LATEST_BIND_VERSION}"
|
||||
|
||||
echo sed --in-place "s/${BIND_VERSION}/${LATEST_BIND_VERSION}/g" "./projects/ncdns-nsis/config"
|
||||
git add "./projects/ncdns-nsis/config"
|
||||
fi
|
||||
|
||||
CONSENSUSJ_VERSION=$(./rbm/rbm showconf ncdns-nsis var/consensusj_namecoin_version)
|
||||
LATEST_CONSENSUSJ_VERSION=$(curl https://www.namecoin.org/download/betas/ | grep --only-matching 'ConsensusJ-Namecoin/[0-9\.]*' | tail --lines=1 | grep --only-matching '[0-9\.]*')
|
||||
|
||||
if [ "${CONSENSUSJ_VERSION}" != "(${LATEST_CONSENSUSJ_VERSION})" ]
|
||||
then
|
||||
UPDATE_NEEDED=1
|
||||
echo "ConsensusJ: ncdns-nsis uses ${CONSENSUSJ_VERSION}, latest tag is ${LATEST_CONSENSUSJ_VERSION}"
|
||||
|
||||
echo sed --in-place "s/${CONSENSUSJ_VERSION}/${LATEST_CONSENSUSJ_VERSION}/g" "./projects/ncdns-nsis/config"
|
||||
git add "./projects/ncdns-nsis/config"
|
||||
fi
|
||||
|
||||
NAMECOIN_VERSION=$(./rbm/rbm showconf ncdns-nsis var/namecoin_core_version)
|
||||
LATEST_NAMECOIN_VERSION=$(curl https://www.namecoin.org/download/ | grep --only-matching -E 'namecoin-core-[0-9\.]+' | head --lines=1 | grep --only-matching -E '[0-9\.]+')
|
||||
|
||||
if [ "${NAMECOIN_VERSION}" != "(${LATEST_NAMECOIN_VERSION})" ]
|
||||
then
|
||||
UPDATE_NEEDED=1
|
||||
echo "Namecoin Core: ncdns-nsis uses ${NAMECOIN_VERSION}, latest tag is ${LATEST_NAMECOIN_VERSION}"
|
||||
|
||||
sed --in-place "s/${NAMECOIN_VERSION}/${LATEST_NAMECOIN_VERSION}/g" "./projects/ncdns-nsis/config"
|
||||
git add "./projects/ncdns-nsis/config"
|
||||
fi
|
||||
|
||||
DNSSEC_TRIGGER_VERSION=$(./rbm/rbm showconf ncdns-nsis var/dnssec_trigger_version)
|
||||
LATEST_DNSSEC_TRIGGER_VERSION=$(curl https://www.nlnetlabs.nl/downloads/dnssec-trigger/ | grep --only-matching -E 'dnssec_trigger_setup_[0-9\.]+.exe' | tail --lines=1 | grep --only-matching -E '[0-9\.]+[0-9]')
|
||||
|
||||
if [ "${DNSSEC_TRIGGER_VERSION}" != "(${LATEST_DNSSEC_TRIGGER_VERSION})" ]
|
||||
then
|
||||
UPDATE_NEEDED=1
|
||||
echo "DNSSEC-Trigger: ncdns-nsis uses ${DNSSEC_TRIGGER_VERSION}, latest tag is ${DNSSEC_TRIGGER_VERSION}"
|
||||
|
||||
echo sed --in-place "s/${DNSSEC_TRIGGER_VERSION}/${LATEST_DNSSEC_TRIGGER_VERSION}/g" "./projects/ncdns-nsis/config"
|
||||
git add "./projects/ncdns-nsis/config"
|
||||
fi
|
||||
|
||||
# ncdns-nsis
|
||||
fi
|
||||
|
||||
# tor-browser-build submodule
|
||||
# We do this step last so that if upstream tor-browser-build breaks things,
|
||||
# we're already done invoking rbm.
|
||||
|
||||
GIT_TAG=$(git submodule status tor-browser-build | awk '{print $3}')
|
||||
|
||||
GIT_URL=https://git.torproject.org/builders/tor-browser-build.git
|
||||
|
||||
LATEST_TAG=$(git ls-remote --tags "${GIT_URL}" | grep 'tbb' | grep -v 'android' | grep -v '\^{}' | awk '{print $2}' | awk -F"/" '{print $3}' | grep 'a' | sort -V | tail --lines=1)
|
||||
if [ "${GIT_TAG}" != "(${LATEST_TAG})" ]
|
||||
then
|
||||
UPDATE_NEEDED=1
|
||||
echo "tor-browser-build: submodule uses ${GIT_TAG}, latest tag is ${LATEST_TAG}"
|
||||
|
||||
pushd tor-browser-build
|
||||
# Undo any patches we did to tor-browser-build
|
||||
git reset --hard HEAD
|
||||
git clean -dfx
|
||||
|
||||
# Bump the tor-browser-build version
|
||||
git fetch origin
|
||||
git checkout "${LATEST_TAG}"
|
||||
popd
|
||||
|
||||
git add "tor-browser-build"
|
||||
fi
|
||||
|
||||
if [ "$UPDATE_NEEDED" = 1 ]
|
||||
then
|
||||
echo "An update is required."
|
||||
|
||||
(curl -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/${CIRRUS_REPO_FULL_NAME}/pulls?state=open&head=NamecoinBot:bump-deps" | grep -i "NamecoinBot:bump-deps") && (echo "A bump PR is already open; exiting."; exit 0)
|
||||
|
||||
echo "No bump PR is currently open; proceeding."
|
||||
|
||||
echo "Configuring username/email..."
|
||||
git config user.name "NamecoinBot"
|
||||
git config user.email "ncdns-repro-bump-bot@namecoin.org"
|
||||
|
||||
echo "Committing changes..."
|
||||
git commit --message="Bump dependencies"
|
||||
|
||||
set +x
|
||||
echo "Adding deploy key..."
|
||||
mkdir -p ~/.ssh
|
||||
touch ~/.ssh/id_ed25519
|
||||
chmod 0600 ~/.ssh/id_ed25519
|
||||
echo "${DEPLOY_KEY}" > ~/.ssh/id_ed25519
|
||||
|
||||
echo "Pinning GitHub SSH public key..."
|
||||
echo '|1|x91VhqWighPtR2VjK37WcX5AUBM=|eLqicTE1vy85GxLqGTY1T2o3aTk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' >> ~/.ssh/known_hosts
|
||||
|
||||
echo "Adding deploy remote..."
|
||||
git remote add deploy "git@github.com:NamecoinBot/ncdns-repro.git"
|
||||
|
||||
echo "Pushing branch..."
|
||||
git push --force deploy bump-deps
|
||||
fi
|
||||
Loading…
Reference in New Issue