From 3bf2bd4ec6bb022549678c2743e3db7dc88bb95b Mon Sep 17 00:00:00 2001 From: Marco Ippolito Date: Tue, 9 May 2023 23:01:08 +0200 Subject: [PATCH] tools: automate icu-small update PR-URL: https://github.com/nodejs/node/pull/47727 Refs: https://github.com/nodejs/security-wg/issues/828 Reviewed-By: Steven R Loomis Reviewed-By: Rafael Gonzaga --- .github/workflows/tools.yml | 17 +++++ .../maintaining/maintaining-icu.md | 3 + tools/dep_updaters/update-icu.sh | 75 +++++++++++++++++++ tools/icu/shrink-icu-src.py | 0 4 files changed, 95 insertions(+) create mode 100755 tools/dep_updaters/update-icu.sh mode change 100644 => 100755 tools/icu/shrink-icu-src.py diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 69bd18ae9f6322..ab2afd9db9bad9 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -24,6 +24,7 @@ on: - doc - eslint - googletest + - icu - libuv - lint-md-dependencies - llhttp @@ -36,6 +37,9 @@ on: - undici - uvwasi +env: + PYTHON_VERSION: '3.11' + permissions: contents: read @@ -254,11 +258,24 @@ jobs: cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output + - id: icu + subsystem: deps + label: dependencies, test + run: | + ./tools/dep_updaters/update-icu.sh > temp-output + cat temp-output + tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true + rm temp-output steps: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 if: github.event_name == 'schedule' || inputs.id == 'all' || inputs.id == matrix.id with: persist-credentials: false + - name: Set up Python ${{ env.PYTHON_VERSION }} + if: matrix.id == 'icu' && (github.event_name == 'schedule' || inputs.id == 'all' || inputs.id == matrix.id) + uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # v4.5.0 + with: + python-version: ${{ env.PYTHON_VERSION }} - run: ${{ matrix.run }} if: github.event_name == 'schedule' || inputs.id == 'all' || inputs.id == matrix.id env: diff --git a/doc/contributing/maintaining/maintaining-icu.md b/doc/contributing/maintaining/maintaining-icu.md index a8ce43d3a3b4aa..00992258ae2611 100644 --- a/doc/contributing/maintaining/maintaining-icu.md +++ b/doc/contributing/maintaining/maintaining-icu.md @@ -101,6 +101,9 @@ Node.js is built. ## How to upgrade ICU +> The script `tools/dep_updaters/update-icu.sh` automates +> this process. + * Make sure your Node.js workspace is clean (`git status` should be sufficient). * Configure Node.js with the specific [ICU version](http://site.icu-project.org/download) diff --git a/tools/dep_updaters/update-icu.sh b/tools/dep_updaters/update-icu.sh new file mode 100755 index 00000000000000..1a5a57853f477c --- /dev/null +++ b/tools/dep_updaters/update-icu.sh @@ -0,0 +1,75 @@ +#!/bin/sh +set -e +# Shell script to update icu in the source tree to a specific version + +BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) +DEPS_DIR="$BASE_DIR/deps" +TOOLS_DIR="$BASE_DIR/tools" + +[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node" +[ -x "$NODE" ] || NODE=$(command -v node) + +NEW_VERSION="$("$NODE" --input-type=module <<'EOF' +const res = await fetch('https://api.github.com/repos/unicode-org/icu/releases/latest'); +if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res }); +const { tag_name } = await res.json(); +console.log(tag_name.replace('release-', '').replace('-','.')); +EOF +)" + +ICU_VERSION_H="$DEPS_DIR/icu-small/source/common/unicode/uvernum.h" + +CURRENT_VERSION="$(grep "#define U_ICU_VERSION " "$ICU_VERSION_H" | cut -d'"' -f2)" + +echo "Comparing $NEW_VERSION with $CURRENT_VERSION" + +if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then + echo "Skipped because icu is on the latest version." + exit 0 +fi + +DASHED_NEW_VERSION=$(echo "$NEW_VERSION" | sed 's/\./-/g') + +LOW_DASHED_NEW_VERSION=$(echo "$NEW_VERSION" | sed 's/\./_/g') + +NEW_VERSION_TGZ="icu4c-${LOW_DASHED_NEW_VERSION}-src.tgz" + +NEW_VERSION_TGZ_URL="https://github.com/unicode-org/icu/releases/download/release-${DASHED_NEW_VERSION}/$NEW_VERSION_TGZ" + +NEW_VERSION_MD5="https://github.com/unicode-org/icu/releases/download/release-${DASHED_NEW_VERSION}/icu4c-${LOW_DASHED_NEW_VERSION}-src.md5" + +./configure --with-intl=full-icu --with-icu-source="$NEW_VERSION_TGZ_URL" + +"$TOOLS_DIR/icu/shrink-icu-src.py" + +rm -rf "$DEPS_DIR/icu" + +CHECKSUM=$(curl -sL "$NEW_VERSION_MD5" | grep "$NEW_VERSION_TGZ" | grep -v "\.asc$" | awk '{print $1}') + +GENERATED_CHECKSUM=$( curl -sL "$NEW_VERSION_TGZ_URL" | md5sum | cut -d ' ' -f1) + +echo "Comparing checksums: deposited $CHECKSUM with $GENERATED_CHECKSUM" + +if [ "$CHECKSUM" != "$GENERATED_CHECKSUM" ]; then + echo "Skipped because checksums do not match." + exit 0 +fi + +sed -i '' -e "s|\"url\": \"\(.*\)\".*|\"url\": \"$NEW_VERSION_TGZ_URL\",|" "$TOOLS_DIR/icu/current_ver.dep" + +sed -i '' -e "s|\"md5\": \"\(.*\)\".*|\"md5\": \"$CHECKSUM\"|" "$TOOLS_DIR/icu/current_ver.dep" + +rm -rf out "$DEPS_DIR/icu" "$DEPS_DIR/icu4c*" + +echo "All done!" +echo "" +echo "Please git add icu, commit the new version:" +echo "" +echo "$ git add -A deps/icu-small" +echo "$ git add tools/icu/current_ver.dep" +echo "$ git commit -m \"deps: update icu to $NEW_VERSION\"" +echo "" + +# The last line of the script should always print the new version, +# as we need to add it to $GITHUB_ENV variable. +echo "NEW_VERSION=$NEW_VERSION" diff --git a/tools/icu/shrink-icu-src.py b/tools/icu/shrink-icu-src.py old mode 100644 new mode 100755