From c7b898d4e48366a086fabbba42e5644b5fd252fe Mon Sep 17 00:00:00 2001 From: Marco Ippolito Date: Wed, 12 Apr 2023 15:18:02 +0200 Subject: [PATCH] tools: automate ngtcp2 and nghttp3 update PR-URL: https://github.com/nodejs/node/pull/47402 Refs: https://github.com/nodejs/security-wg/issues/828 Reviewed-By: Paolo Insogna Reviewed-By: Rafael Gonzaga Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: Trivikram Kamat Reviewed-By: Luigi Pinca --- .github/workflows/tools.yml | 16 ++++++ doc/contributing/maintaining-ngtpc2.md | 62 ++++++++++++++++++++++ tools/dep_updaters/update-nghttp3.sh | 67 +++++++++++++++++++++++ tools/dep_updaters/update-ngtcp2.sh | 73 ++++++++++++++++++++++++++ 4 files changed, 218 insertions(+) create mode 100644 doc/contributing/maintaining-ngtpc2.md create mode 100755 tools/dep_updaters/update-nghttp3.sh create mode 100755 tools/dep_updaters/update-ngtcp2.sh diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index c04b190d25a167..1434e1c1e21e83 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -176,6 +176,22 @@ jobs: cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output + - id: ngtcp2 + subsystem: deps + label: dependencies + run: | + ./tools/dep_updaters/update-ngtcp2.sh > temp-output + cat temp-output + tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true + rm temp-output + - id: nghttp3 + subsystem: deps + label: dependencies + run: | + ./tools/dep_updaters/update-nghttp3.sh > temp-output + cat temp-output + tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true + rm temp-output steps: - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: diff --git a/doc/contributing/maintaining-ngtpc2.md b/doc/contributing/maintaining-ngtpc2.md new file mode 100644 index 00000000000000..504e0dccc9bed4 --- /dev/null +++ b/doc/contributing/maintaining-ngtpc2.md @@ -0,0 +1,62 @@ +# ngtcp2 and nghttp3 + +The ngtcp2 and nghttp3 dependencies provide the core functionality for +QUIC and HTTP/3. + +The sources are pulled from: + +* ngtcp2: +* nghttp3: + +In both the `ngtcp2` and `nghttp3` git repos, the active development occurs +in the default branch (currently named `main` in each). Tagged versions do not +always point to the default branch. + +We only use a subset of the sources for each. + +## Updating + +The `nghttp3` library depends on `ngtcp2`. Both should always be updated +together. From `ngtcp2` we only want the contents of the `lib` and `crypto` +directories; from `nghttp3` we only want the contents of the `lib` directory. + +After updating either dependency, check if any source files or include +directories have been added or removed and update `ngtcp2.gyp` accordingly. + +### Updating ngtcp2 + +The `tools/dep_updaters/update-ngtcp2.sh` script automates the update of the +ngtcp2 source files. + +Check that Node.js still builds and tests. + +1. Add ngtcp2: + ```console + $ git add deps/ngtcp2 + ``` +2. Commit the changes: `git commit`. +3. Add a message like: + ```text + deps: update ngtcp2 to + + Updated as described in doc/contributing/maintaining-ngtcp2.md. + ``` + +### Updating nghttp3 + +The `tools/dep_updaters/update-nghttp3.sh` script automates the update of the +nghttp3 source files. + +Check that Node.js still builds and tests. + +1. Add nghttp3: + ```console + $ git add deps/ngtcp2 + ``` +2. Commit the changes: `git commit`. +3. Add a message like: + ```text + deps: update nghttp3 to + + Updated as described in doc/contributing/maintaining-ngtcp2.md. + ``` diff --git a/tools/dep_updaters/update-nghttp3.sh b/tools/dep_updaters/update-nghttp3.sh new file mode 100755 index 00000000000000..cc140969778d03 --- /dev/null +++ b/tools/dep_updaters/update-nghttp3.sh @@ -0,0 +1,67 @@ +#!/bin/sh +set -e +# Shell script to update nghttp3 in the source tree to a specific version + +BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) +DEPS_DIR="$BASE_DIR/deps" +[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node" +[ -x "$NODE" ] || NODE=$(command -v node) + +NEW_VERSION="$("$NODE" --input-type=module <<'EOF' +const res = await fetch('https://api.github.com/repos/ngtcp2/nghttp3/releases'); +if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res }); +const releases = await res.json() +const { tag_name } = releases.at(0); +console.log(tag_name.replace('v', '')); +EOF +)" + +NGHTTP3_VERSION_H="$DEPS_DIR/ngtcp2/nghttp3/lib/includes/nghttp3/version.h" + +CURRENT_VERSION=$(grep "#define NGHTTP3_VERSION" "$NGHTTP3_VERSION_H" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p") + +if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then + echo "Skipped because http3 is on the latest version." + exit 0 +fi + +WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') + +cleanup () { + EXIT_CODE=$? + [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE" + exit $EXIT_CODE +} + +trap cleanup INT TERM EXIT + +NGHTTP3_REF="v$NEW_VERSION" +NGHTTP3_ZIP="nghttp3-$NEW_VERSION" + +cd "$WORKSPACE" + +echo "Fetching nghttp3 source archive..." +curl -sL -o "$NGHTTP3_ZIP.zip" "https://github.com/ngtcp2/nghttp3/archive/refs/tags/$NGHTTP3_REF.zip" +unzip "$NGHTTP3_ZIP.zip" +rm "$NGHTTP3_ZIP.zip" +mv "$NGHTTP3_ZIP" nghttp3 + +cd nghttp3 + +autoreconf -i + +./configure --prefix="$PWD/build" --enable-lib-only + +cp -R lib/* "$DEPS_DIR/ngtcp2/nghttp3/lib/" + +echo "All done!" +echo "" +echo "Please git add nghttp3, commit the new version:" +echo "" +echo "$ git add -A deps/nghttp3" +echo "$ git commit -m \"deps: update nghttp3 to $NEW_VERSION\"" +echo "" + +# The last line of the script should always print the new version, +# as we need to add it to $GITHUB_ENV variable. +echo "NEW_VERSION=$NEW_VERSION" diff --git a/tools/dep_updaters/update-ngtcp2.sh b/tools/dep_updaters/update-ngtcp2.sh new file mode 100755 index 00000000000000..bfc8bf64f4b107 --- /dev/null +++ b/tools/dep_updaters/update-ngtcp2.sh @@ -0,0 +1,73 @@ +#!/bin/sh +set -e +# Shell script to update ngtcp2 in the source tree to a specific version + +BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) +DEPS_DIR="$BASE_DIR/deps" +[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node" +[ -x "$NODE" ] || NODE=$(command -v node) + +NEW_VERSION="$("$NODE" --input-type=module <<'EOF' +const res = await fetch('https://api.github.com/repos/ngtcp2/ngtcp2/releases'); +if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res }); +const releases = await res.json() +const { tag_name } = releases.at(0); +console.log(tag_name.replace('v', '')); +EOF +)" + +NGTCP2_VERSION_H="$DEPS_DIR/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h" + +CURRENT_VERSION=$(grep "#define NGTCP2_VERSION" "$NGTCP2_VERSION_H" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p") + +if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then + echo "Skipped because ngtcp2 is on the latest version." + exit 0 +fi + +WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') + +cleanup () { + EXIT_CODE=$? + [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE" + exit $EXIT_CODE +} + +trap cleanup INT TERM EXIT + +NGTCP2_REF="v$NEW_VERSION" +NGTCP2_ZIP="ngtcp2-$NEW_VERSION" + +cd "$WORKSPACE" + +echo "Fetching ngtcp2 source archive..." +curl -sL -o "$NGTCP2_ZIP.zip" "https://github.com/ngtcp2/ngtcp2/archive/refs/tags/$NGTCP2_REF.zip" +unzip "$NGTCP2_ZIP.zip" +rm "$NGTCP2_ZIP.zip" +mv "$NGTCP2_ZIP" ngtcp2 + +cd ngtcp2 + +autoreconf -i + +# For Mac users who have installed libev with MacPorts, append +# ',-L/opt/local/lib' to LDFLAGS, and also pass +# CPPFLAGS="-I/opt/local/include" to ./configure. + +./configure --prefix="$PWD/build" --enable-lib-only + +cp -R lib/* "$DEPS_DIR/ngtcp2/ngtcp2/lib/" + +cp -R crypto/* "$DEPS_DIR/ngtcp2/ngtcp2/crypto/" + +echo "All done!" +echo "" +echo "Please git add ngtcp2, commit the new version:" +echo "" +echo "$ git add -A deps/ngtcp2" +echo "$ git commit -m \"deps: update ngtcp2 to $NEW_VERSION\"" +echo "" + +# The last line of the script should always print the new version, +# as we need to add it to $GITHUB_ENV variable. +echo "NEW_VERSION=$NEW_VERSION"