From 7478ed014e17bdae49eab291a096d4bb3c76f99b Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 29 May 2023 06:53:28 +0200 Subject: [PATCH] tools: order dependency jobs alphabetically Refs: https://github.com/nodejs/security-wg/issues/973 PR-URL: https://github.com/nodejs/node/pull/48184 Reviewed-By: Marco Ippolito Reviewed-By: Mestery Reviewed-By: Luigi Pinca Reviewed-By: Debadree Chatterjee --- .github/workflows/tools.yml | 188 ++++++++++++++++++------------------ 1 file changed, 95 insertions(+), 93 deletions(-) diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index eea4c81c9feb0c..c6e09a04d3f8b7 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -28,6 +28,7 @@ on: - libuv - lint-md-dependencies - llhttp + - minimatch - nghttp2 - nghttp3 - ngtcp2 @@ -36,6 +37,7 @@ on: - simdutf - undici - uvwasi + - zlib env: PYTHON_VERSION: '3.11' @@ -51,67 +53,27 @@ jobs: fail-fast: false # Prevent other jobs from aborting if one fails matrix: include: - - id: eslint - subsystem: tools - label: tools + - id: acorn + subsystem: deps + label: dependencies run: | - ./tools/dep_updaters/update-eslint.sh > temp-output + ./tools/dep_updaters/update-acorn.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: corepack - subsystem: deps - label: dependencies - run: | - make corepack-update - echo "NEW_VERSION=$(node deps/corepack/dist/corepack.js --version)" >> $GITHUB_ENV - - id: lint-md-dependencies - subsystem: tools - label: tools - run: | - cd tools/lint-md - npm ci - NEW_VERSION=$(npm outdated --parseable | cut -d: -f4 | xargs) - if [ "$NEW_VERSION" != "" ]; then - echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV - rm -rf package-lock.json node_modules - # Include $NEW_VERSION to explicitly update the package.json - # entry for the dependency and also so that semver-major updates - # are not skipped. - npm install --ignore-scripts $NEW_VERSION - npm install --ignore-scripts - cd ../.. - make lint-md-rollup - fi - - id: doc - subsystem: tools - label: tools - run: | - cd tools/doc - npm ci - NEW_VERSION=$(npm outdated --parseable | cut -d: -f4 | xargs) - if [ "$NEW_VERSION" != "" ]; then - echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV - rm -rf package-lock.json node_modules - # Include $NEW_VERSION to explicitly update the package.json - # entry for the dependency and also so that semver-major updates - # are not skipped. - npm install --ignore-scripts $NEW_VERSION - npm install --ignore-scripts - fi - - id: undici + - id: acorn-walk subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-undici.sh > temp-output + ./tools/dep_updaters/update-acorn-walk.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: postject - subsystem: deps,test - label: test + - id: ada + subsystem: deps + label: dependencies run: | - ./tools/dep_updaters/update-postject.sh > temp-output + ./tools/dep_updaters/update-ada.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output @@ -123,96 +85,131 @@ jobs: cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: acorn + - id: brotli subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-acorn.sh > temp-output + ./tools/dep_updaters/update-brotli.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: acorn-walk + - id: c-ares subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-acorn-walk.sh > temp-output + ./tools/dep_updaters/update-c-ares.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: libuv + - id: cjs-module-lexer subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-libuv.sh > temp-output + ./tools/dep_updaters/update-cjs-module-lexer.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: simdutf + - id: corepack subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-simdutf.sh > temp-output + make corepack-update + echo "NEW_VERSION=$(node deps/corepack/dist/corepack.js --version)" >> $GITHUB_ENV + - id: doc + subsystem: tools + label: tools + run: | + cd tools/doc + npm ci + NEW_VERSION=$(npm outdated --parseable | cut -d: -f4 | xargs) + if [ "$NEW_VERSION" != "" ]; then + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + rm -rf package-lock.json node_modules + # Include $NEW_VERSION to explicitly update the package.json + # entry for the dependency and also so that semver-major updates + # are not skipped. + npm install --ignore-scripts $NEW_VERSION + npm install --ignore-scripts + fi + - id: eslint + subsystem: tools + label: tools + run: | + ./tools/dep_updaters/update-eslint.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: ada + - id: googletest subsystem: deps - label: dependencies + label: dependencies, test run: | - ./tools/dep_updaters/update-ada.sh > temp-output + ./tools/dep_updaters/update-googletest.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: nghttp2 + - id: icu subsystem: deps - label: dependencies + label: dependencies, test run: | - ./tools/dep_updaters/update-nghttp2.sh > temp-output + ./tools/dep_updaters/update-icu.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: llhttp + - id: libuv subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-llhttp.sh > temp-output + ./tools/dep_updaters/update-libuv.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: c-ares + - id: lint-md-dependencies + subsystem: tools + label: tools + run: | + cd tools/lint-md + npm ci + NEW_VERSION=$(npm outdated --parseable | cut -d: -f4 | xargs) + if [ "$NEW_VERSION" != "" ]; then + echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV + rm -rf package-lock.json node_modules + # Include $NEW_VERSION to explicitly update the package.json + # entry for the dependency and also so that semver-major updates + # are not skipped. + npm install --ignore-scripts $NEW_VERSION + npm install --ignore-scripts + cd ../.. + make lint-md-rollup + fi + - id: llhttp subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-c-ares.sh > temp-output + ./tools/dep_updaters/update-llhttp.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: brotli + - id: minimatch subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-brotli.sh > temp-output + ./tools/dep_updaters/update-minimatch.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: minimatch + - id: nghttp2 subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-minimatch.sh > temp-output + ./tools/dep_updaters/update-nghttp2.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: root-certificates - subsystem: crypto - label: crypto, notable-change - run: | - node ./tools/dep_updaters/update-root-certs.mjs -v -f "$GITHUB_ENV" - - id: cjs-module-lexer + - id: nghttp3 subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-cjs-module-lexer.sh > temp-output + ./tools/dep_updaters/update-nghttp3.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output @@ -224,43 +221,48 @@ jobs: cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: nghttp3 - subsystem: deps - label: dependencies + - id: postject + subsystem: deps,test + label: test run: | - ./tools/dep_updaters/update-nghttp3.sh > temp-output + ./tools/dep_updaters/update-postject.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: uvwasi + - id: root-certificates + subsystem: crypto + label: crypto, notable-change + run: | + node ./tools/dep_updaters/update-root-certs.mjs -v -f "$GITHUB_ENV" + - id: simdutf subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-uvwasi.sh > temp-output + ./tools/dep_updaters/update-simdutf.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: zlib + - id: undici subsystem: deps label: dependencies run: | - ./tools/dep_updaters/update-zlib.sh > temp-output + ./tools/dep_updaters/update-undici.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: googletest + - id: uvwasi subsystem: deps - label: dependencies, test + label: dependencies run: | - ./tools/dep_updaters/update-googletest.sh > temp-output + ./tools/dep_updaters/update-uvwasi.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output - - id: icu + - id: zlib subsystem: deps - label: dependencies, test + label: dependencies run: | - ./tools/dep_updaters/update-icu.sh > temp-output + ./tools/dep_updaters/update-zlib.sh > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output