From a392194180c8aaec36b3affd8c73fc7a4a28ec78 Mon Sep 17 00:00:00 2001
From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
Date: Mon, 7 Nov 2022 13:19:22 +0100
Subject: [PATCH 1/3] tools: add automation for updating libuv dependency

Add a Github Action that checks for new versions of the `libuv` C
library, and creates a PR to update it if a newer version than the one
present in the repo is found.

Refs: https://github.com/nodejs/security-wg/issues/828
---
 .github/workflows/tools.yml | 16 ++++++++++++++
 tools/update-libuv.sh       | 44 +++++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100755 tools/update-libuv.sh

diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml
index 2b371c93cd7f5a..98dc8e08679c45 100644
--- a/.github/workflows/tools.yml
+++ b/.github/workflows/tools.yml
@@ -109,6 +109,22 @@ jobs:
                 echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
                 ./tools/update-acorn-walk.sh
               fi
+          - id: libuv
+            subsystem: deps
+            label: dependencies
+            run: |
+              NEW_VERSION=$(gh api repos/libuv/libuv/releases/latest -q '.tag_name|ltrimstr("v")')
+              VERSION_H="./deps/uv/include/uv/version.h"
+              CURRENT_MAJOR_VERSION=$(grep "#define UV_VERSION_MAJOR" $VERSION_H | sed -n "s/^.*MAJOR \(.*\)/\1/p")
+              CURRENT_MINOR_VERSION=$(grep "#define UV_VERSION_MINOR" $VERSION_H | sed -n "s/^.*MINOR \(.*\)/\1/p")
+              CURRENT_PATCH_VERSION=$(grep "#define UV_VERSION_PATCH" $VERSION_H | sed -n "s/^.*PATCH \(.*\)/\1/p")
+              CURRENT_SUFFIX_VERSION=$(grep "#define UV_VERSION_SUFFIX" $VERSION_H | sed -n "s/^.*SUFFIX \"\(.*\)\"/\1/p")
+              SUFFIX_STRING=$([[ -z "$CURRENT_SUFFIX_VERSION" ]] && echo "" || echo "-$CURRENT_SUFFIX_VERSION")
+              CURRENT_VERSION="$CURRENT_MAJOR_VERSION.$CURRENT_MINOR_VERSION.$CURRENT_PATCH_VERSION$SUFFIX_STRING"
+              if [ "$NEW_VERSION" != "$CURRENT_VERSION" ]; then
+                echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
+                ./tools/update-libuv.sh "$NEW_VERSION"
+              fi
     steps:
       - uses: actions/checkout@v3
         with:
diff --git a/tools/update-libuv.sh b/tools/update-libuv.sh
new file mode 100755
index 00000000000000..f15e687253b5e4
--- /dev/null
+++ b/tools/update-libuv.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+set -e
+# Shell script to update libuv in the source tree to a specific version
+
+BASE_DIR=$(cd "$(dirname "$0")/.." && pwd)
+DEPS_DIR="$BASE_DIR/deps"
+LIBUV_VERSION=$1
+
+if [ "$#" -le 0 ]; then
+  echo "Error: please provide an libuv version to update to"
+  echo "	e.g. $0 1.44.2"
+  exit 1
+fi
+
+echo "Making temporary workspace"
+
+WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')
+
+cleanup () {
+  EXIT_CODE=$?
+  [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE"
+  exit $EXIT_CODE
+}
+
+trap cleanup INT TERM EXIT
+
+cd "$WORKSPACE"
+
+echo "Fetching libuv source archive"
+curl -sL "https://api.github.com/repos/libuv/libuv/tarball/v$LIBUV_VERSION" | tar xzf -
+mv libuv-libuv-* uv
+
+echo "Replacing existing libuv (except GYP build files)"
+mv "$DEPS_DIR/uv/"*.gyp "$DEPS_DIR/uv/"*.gypi "$WORKSPACE/uv/"
+rm -rf "$DEPS_DIR/uv"
+mv "$WORKSPACE/uv" "$DEPS_DIR/"
+
+echo "All done!"
+echo ""
+echo "Please git add uv, commit the new version:"
+echo ""
+echo "$ git add -A deps/uv"
+echo "$ git commit -m \"deps: update libuv to $LIBUV_VERSION\""
+echo ""

From 6299a6a0ebcc505b52250ab37bdf5ed1e4dacbb0 Mon Sep 17 00:00:00 2001
From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
Date: Fri, 18 Nov 2022 11:05:10 +0100
Subject: [PATCH 2/3] tools: move libuv update script to dep_updaters folder

---
 .github/workflows/tools.yml              | 2 +-
 tools/{ => dep_updaters}/update-libuv.sh | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename tools/{ => dep_updaters}/update-libuv.sh (88%)

diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml
index 98dc8e08679c45..83457850302540 100644
--- a/.github/workflows/tools.yml
+++ b/.github/workflows/tools.yml
@@ -123,7 +123,7 @@ jobs:
               CURRENT_VERSION="$CURRENT_MAJOR_VERSION.$CURRENT_MINOR_VERSION.$CURRENT_PATCH_VERSION$SUFFIX_STRING"
               if [ "$NEW_VERSION" != "$CURRENT_VERSION" ]; then
                 echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
-                ./tools/update-libuv.sh "$NEW_VERSION"
+                ./tools/dep_updaters/update-libuv.sh "$NEW_VERSION"
               fi
     steps:
       - uses: actions/checkout@v3
diff --git a/tools/update-libuv.sh b/tools/dep_updaters/update-libuv.sh
similarity index 88%
rename from tools/update-libuv.sh
rename to tools/dep_updaters/update-libuv.sh
index f15e687253b5e4..ae7fe9a76cac4e 100755
--- a/tools/update-libuv.sh
+++ b/tools/dep_updaters/update-libuv.sh
@@ -2,7 +2,7 @@
 set -e
 # Shell script to update libuv in the source tree to a specific version
 
-BASE_DIR=$(cd "$(dirname "$0")/.." && pwd)
+BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
 DEPS_DIR="$BASE_DIR/deps"
 LIBUV_VERSION=$1
 
@@ -12,7 +12,7 @@ if [ "$#" -le 0 ]; then
   exit 1
 fi
 
-echo "Making temporary workspace"
+echo "Making temporary workspace..."
 
 WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')
 
@@ -26,7 +26,7 @@ trap cleanup INT TERM EXIT
 
 cd "$WORKSPACE"
 
-echo "Fetching libuv source archive"
+echo "Fetching libuv source archive..."
 curl -sL "https://api.github.com/repos/libuv/libuv/tarball/v$LIBUV_VERSION" | tar xzf -
 mv libuv-libuv-* uv
 

From 2de872c77f1d5b144cb3d18570e4229060e73576 Mon Sep 17 00:00:00 2001
From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
Date: Fri, 18 Nov 2022 11:06:22 +0100
Subject: [PATCH 3/3] tools: add README to dep_updaters folder

---
 tools/dep_updaters/README.md | 37 ++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 tools/dep_updaters/README.md

diff --git a/tools/dep_updaters/README.md b/tools/dep_updaters/README.md
new file mode 100644
index 00000000000000..afae95302766e5
--- /dev/null
+++ b/tools/dep_updaters/README.md
@@ -0,0 +1,37 @@
+# Dependency update scripts
+
+This folder contains scripts used to automatically update a Node.js dependency.
+These scripts are usually run by CI (see `.github/workflows/tools.yml`) in order
+to download a new dependency version, and replace the old version with it.
+
+Since these scripts only update to the upstream code, changes might be needed in
+this repository in order to successfully update (e.g: changing API calls to
+conform to upstream changes, updating GYP build files, etc.)
+
+## libuv
+
+The `update-libuv.sh` script takes the target version to update as its only
+argument, downloads it from the [GitHub repo](https://github.com/libuv/libuv)
+and uses it to replace the contents of `deps/uv/`. The contents are replaced
+entirely except for the `*.gyp` and `*.gypi` build files, which are part of the
+Node.js build definitions and are not present in the upstream repo.
+
+For example, in order to update to version `1.44.2`, the following command can
+be run:
+
+```bash
+./tools/dep_updaters/update-libuv.sh 1.44.2
+```
+
+Once the script has run (either manually, or by CI in which case a PR will have
+been created with the changes), do the following:
+
+1. Check the [changelog](https://github.com/libuv/libuv/blob/v1.x/ChangeLog) for
+   things that might require changes in Node.js.
+2. If necessary, update `common.gypi` and `uv.gyp` with build-related changes.
+3. Check that Node.js compiles without errors and the tests pass.
+4. Create a commit for the update and in the commit message include the
+   important/relevant items from the changelog (see [`c61870c`][] for an
+   example).
+
+[`c61870c`]: https://github.com/nodejs/node/commit/c61870c376e2f5b0dbaa939972c46745e21cdbdd