-
Notifications
You must be signed in to change notification settings - Fork 47.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move @generated from build to sync #29799
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -52,6 +52,7 @@ jobs: | |
CIRCLECI_TOKEN: ${{secrets.CIRCLECI_TOKEN_DIFFTRAIN}} | ||
with: | ||
script: | | ||
// TODO: Move this to a script file. | ||
const cp = require('child_process'); | ||
|
||
function sleep(ms) { | ||
|
@@ -250,14 +251,18 @@ jobs: | |
grep -rl "$CURRENT_VERSION_MODERN" ./compiled || echo "No files found with $CURRENT_VERSION_MODERN" | ||
grep -rl "$CURRENT_VERSION_MODERN" ./compiled | xargs -r sed -i -e "s/$CURRENT_VERSION_MODERN/$LAST_VERSION_MODERN/g" | ||
grep -rl "$CURRENT_VERSION_MODERN" ./compiled || echo "Modern version reverted" | ||
- name: Check if only the REVISION file has changed | ||
- name: Check for changes | ||
id: check_should_commit | ||
run: | | ||
echo "Full git status" | ||
git add . | ||
git status | ||
echo "====================" | ||
if git status --porcelain | grep -qv '/REVISION'; then | ||
echo "Changes detected" | ||
echo "===== Changes =====" | ||
git --no-pager diff -U0 | grep '^[+-]' | head -n 50 | ||
echo "===================" | ||
echo "should_commit=true" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "No Changes detected" | ||
|
@@ -322,17 +327,109 @@ jobs: | |
grep -rl "$CURRENT_VERSION" ./compiled-rn || echo "No files found with $CURRENT_VERSION" | ||
grep -rl "$CURRENT_VERSION" ./compiled-rn | xargs -r sed -i -e "s/$CURRENT_VERSION/$LAST_VERSION/g" | ||
grep -rl "$CURRENT_VERSION" ./compiled-rn || echo "Version reverted" | ||
- name: Check if only the REVISION file has changed | ||
id: check_should_commit | ||
- name: Check changes before signing | ||
run: | | ||
echo "Full git status" | ||
git add . | ||
git status | ||
echo "====================" | ||
echo "Checking for changes" | ||
# Check if there are changes in the files other than REVISION or @generated headers | ||
# We also filter out the file name lines with "---" and "+++". | ||
if git diff -- . ':(exclude)*REVISION' | grep -vE "^(@@|diff|index|\-\-\-|\+\+\+|@generated SignedSource)" | grep "^[+-]" > /dev/null; then | ||
if git status --porcelain | grep -qv '/REVISION'; then | ||
echo "Changes detected" | ||
echo "===== Changes =====" | ||
git --no-pager diff -U0 --cached | grep '^[+-]' | head -n 50 | ||
echo "===================" | ||
else | ||
echo "No Changes detected" | ||
fi | ||
- name: Revert signatures | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So this is the clever bit. Once we've reverted the version strings, then we can re-generate the headers. If the only difference in the file was the version string, then this will output the same |
||
uses: actions/github-script@v6 | ||
with: | ||
script: | | ||
// TODO: Move this to a script file. | ||
// We currently can't call scripts from the repo because | ||
// at this point in the workflow, we're on the compiled | ||
// artifact branch (so the scripts don't exist). | ||
// We can fix this with a composite action in the main repo. | ||
// This script is duplicated below. | ||
const fs = require('fs'); | ||
const crypto = require('crypto'); | ||
const {execSync} = require('child_process'); | ||
|
||
// TODO: when we move this to a script, we can use this from npm. | ||
// Copy of signedsource since we can't install deps on this branch | ||
const GENERATED = '@' + 'generated'; | ||
const NEWTOKEN = '<<SignedSource::*O*zOeWoEQle#+L!plEphiEmie@IsG>>'; | ||
const PATTERN = new RegExp(`${GENERATED} (?:SignedSource<<([a-f0-9]{32})>>)`); | ||
|
||
const TokenNotFoundError = new Error( | ||
`SignedSource.signFile(...): Cannot sign file without token: ${NEWTOKEN}` | ||
); | ||
|
||
function hash(data, encoding) { | ||
const md5sum = crypto.createHash('md5'); | ||
md5sum.update(data, encoding); | ||
return md5sum.digest('hex'); | ||
} | ||
|
||
const SignedSource = { | ||
getSigningToken() { | ||
return `${GENERATED} ${NEWTOKEN}`; | ||
}, | ||
isSigned(data) { | ||
return PATTERN.exec(data) != null; | ||
}, | ||
signFile(data) { | ||
if (!data.includes(NEWTOKEN)) { | ||
if (SignedSource.isSigned(data)) { | ||
// Signing a file that was previously signed. | ||
data = data.replace(PATTERN, SignedSource.getSigningToken()); | ||
} else { | ||
throw TokenNotFoundError; | ||
} | ||
} | ||
return data.replace(NEWTOKEN, `SignedSource<<${hash(data, 'utf8')}>>`); | ||
}, | ||
}; | ||
|
||
const directory = './compiled-rn'; | ||
console.log('Signing files in directory:', directory); | ||
try { | ||
const result = execSync(`git status --porcelain ${directory}`, {encoding: 'utf8'}); | ||
|
||
// Parse the git status output to get file paths | ||
const files = result.split('\n').filter(file => file.endsWith('.js')); | ||
|
||
if (files.length === 0) { | ||
throw new Error( | ||
'git status returned no files to sign. this job should not have run.' | ||
); | ||
} else { | ||
files.forEach(line => { | ||
const file = line.slice(3).trim(); | ||
if (file) { | ||
console.log(' Signing file:', file); | ||
const originalContents = fs.readFileSync(file, 'utf8'); | ||
const signedContents = SignedSource.signFile(originalContents); | ||
fs.writeFileSync(file, signedContents, 'utf8'); | ||
} | ||
}); | ||
} | ||
} catch (e) { | ||
process.exitCode = 1; | ||
console.error('Error signing files:', e); | ||
rickhanlonii marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
- name: Check for changes | ||
id: check_should_commit | ||
run: | | ||
echo "Full git status" | ||
git add . | ||
git status --porcelain | ||
echo "====================" | ||
if git status --porcelain | grep -qv '/REVISION'; then | ||
echo "Changes detected" | ||
echo "===== Changes =====" | ||
git --no-pager diff -U0 --cached | grep '^[+-]' | head -n 50 | ||
echo "===================" | ||
echo "should_commit=true" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "No Changes detected" | ||
|
@@ -348,10 +445,92 @@ jobs: | |
grep -rl "$LAST_VERSION" ./compiled-rn || echo "No files found with $LAST_VERSION" | ||
grep -rl "$LAST_VERSION" ./compiled-rn | xargs -r sed -i -e "s/$LAST_VERSION/$CURRENT_VERSION/g" | ||
grep -rl "$LAST_VERSION" ./compiled-rn || echo "Version re-applied" | ||
- name: Will commit these changes | ||
- name: Add files | ||
if: steps.check_should_commit.outputs.should_commit == 'true' | ||
run: | | ||
echo ":" | ||
git add . | ||
- name: Signing files | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Now that the version has been switched back to the new version, we also need to re-sign the files. |
||
if: steps.check_should_commit.outputs.should_commit == 'true' | ||
uses: actions/github-script@v6 | ||
with: | ||
script: | | ||
// TODO: Move this to a script file. | ||
// We currently can't call scripts from the repo because | ||
// at this point in the workflow, we're on the compiled | ||
// artifact branch (so the scripts don't exist). | ||
// We can fix this with a composite action in the main repo. | ||
// This script is duplicated above. | ||
const fs = require('fs'); | ||
const crypto = require('crypto'); | ||
const {execSync} = require('child_process'); | ||
|
||
// TODO: when we move this to a script, we can use this from npm. | ||
// Copy of signedsource since we can't install deps on this branch. | ||
const GENERATED = '@' + 'generated'; | ||
const NEWTOKEN = '<<SignedSource::*O*zOeWoEQle#+L!plEphiEmie@IsG>>'; | ||
const PATTERN = new RegExp(`${GENERATED} (?:SignedSource<<([a-f0-9]{32})>>)`); | ||
|
||
const TokenNotFoundError = new Error( | ||
`SignedSource.signFile(...): Cannot sign file without token: ${NEWTOKEN}` | ||
); | ||
|
||
function hash(data, encoding) { | ||
const md5sum = crypto.createHash('md5'); | ||
md5sum.update(data, encoding); | ||
return md5sum.digest('hex'); | ||
} | ||
|
||
const SignedSource = { | ||
getSigningToken() { | ||
return `${GENERATED} ${NEWTOKEN}`; | ||
}, | ||
isSigned(data) { | ||
return PATTERN.exec(data) != null; | ||
}, | ||
signFile(data) { | ||
if (!data.includes(NEWTOKEN)) { | ||
if (SignedSource.isSigned(data)) { | ||
// Signing a file that was previously signed. | ||
data = data.replace(PATTERN, SignedSource.getSigningToken()); | ||
} else { | ||
throw TokenNotFoundError; | ||
} | ||
} | ||
return data.replace(NEWTOKEN, `SignedSource<<${hash(data, 'utf8')}>>`); | ||
}, | ||
}; | ||
|
||
const directory = './compiled-rn'; | ||
console.log('Signing files in directory:', directory); | ||
try { | ||
const result = execSync(`git status --porcelain ${directory}`, {encoding: 'utf8'}); | ||
|
||
// Parse the git status output to get file paths | ||
const files = result.split('\n').filter(file => file.endsWith('.js')); | ||
|
||
if (files.length === 0) { | ||
throw new Error( | ||
'git status returned no files to sign. this job should not have run.' | ||
); | ||
} else { | ||
files.forEach(line => { | ||
const file = line.slice(3).trim(); | ||
if (file) { | ||
console.log(' Signing file:', file); | ||
const originalContents = fs.readFileSync(file, 'utf8'); | ||
const signedContents = SignedSource.signFile(originalContents); | ||
fs.writeFileSync(file, signedContents, 'utf8'); | ||
} | ||
}); | ||
} | ||
} catch (e) { | ||
process.exitCode = 1; | ||
console.error('Error signing files:', e); | ||
rickhanlonii marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
- name: Will commit these changes | ||
if: steps.check_should_commit.outputs.should_commit == 'true' | ||
run: | | ||
git status -u | ||
- name: Commit changes to branch | ||
if: steps.check_should_commit.outputs.should_commit == 'true' | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,8 @@ | |
* This source code is licensed under the MIT license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
* | ||
* @format | ||
* @noformat | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There was some login in the build switch to flip these files to |
||
* @nolint | ||
* @flow strict | ||
*/ | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added this so that if we ever create diffs we shouldn't, it's easy to debug in the workflow output. I truncate after 50 lines because that's enough to see that there are more than just hash / version changes.