118 lines
3.1 KiB
TypeScript
118 lines
3.1 KiB
TypeScript
// Copyright 2025 Signal Messenger, LLC
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
import { join } from 'node:path';
|
|
import { readFile, readdir, writeFile } from 'node:fs/promises';
|
|
import z from 'zod';
|
|
import semver from 'semver';
|
|
|
|
import { drop } from '../util/drop';
|
|
import { strictAssert } from '../util/assert';
|
|
|
|
const { GITHUB_TOKEN } = process.env;
|
|
|
|
const WORKFLOWS_DIR = join(__dirname, '..', '..', '.github', 'workflows');
|
|
|
|
const REGEXP =
|
|
/uses:\s*(?<path>[^\s]+)@(?<ref>[^\s#]+)(?:\s*#\s*(?<originalRef>[^\n]+))?/g;
|
|
|
|
const CACHE = new Map<string, string>();
|
|
|
|
const TagsSchema = z
|
|
.object({
|
|
name: z.string(),
|
|
commit: z.object({
|
|
sha: z.string(),
|
|
}),
|
|
})
|
|
.array();
|
|
|
|
async function updateAction(fullPath: string): Promise<void> {
|
|
const source = await readFile(fullPath, 'utf8');
|
|
|
|
for (const { groups } of source.matchAll(REGEXP)) {
|
|
strictAssert(groups != null, 'Expected regexp to fully match');
|
|
const { path, ref, originalRef } = groups;
|
|
|
|
// Skip local actions
|
|
if (path.startsWith('.')) {
|
|
continue;
|
|
}
|
|
|
|
// Skip internal actions
|
|
if (path.startsWith('signalapp/')) {
|
|
continue;
|
|
}
|
|
|
|
const cacheKey = `${path}@${originalRef}`;
|
|
if (CACHE.has(cacheKey)) {
|
|
continue;
|
|
}
|
|
|
|
const [org, repo] = path.split('/', 2);
|
|
|
|
const url =
|
|
`https://api.github.com/repos/${encodeURIComponent(org)}/` +
|
|
`${encodeURIComponent(repo)}/tags`;
|
|
|
|
// eslint-disable-next-line no-await-in-loop
|
|
const res = await fetch(url, {
|
|
headers: {
|
|
authorization: GITHUB_TOKEN ? `Bearer ${GITHUB_TOKEN}` : '',
|
|
'user-agent':
|
|
'Mozilla/5.0 (Macintosh; ' +
|
|
'Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0',
|
|
},
|
|
});
|
|
if (!res.ok) {
|
|
throw new Error(`Failed to fetch ${url}, status: ${res.status}`);
|
|
}
|
|
|
|
// eslint-disable-next-line no-await-in-loop
|
|
const tags = TagsSchema.parse(await res.json())
|
|
// Filter out invalid tags
|
|
.filter(tag => semver.valid(tag.name))
|
|
// Sort by latest release first
|
|
.sort((a, b) => semver.compare(b.name, a.name));
|
|
|
|
const targetRef = originalRef ?? ref;
|
|
let range = targetRef;
|
|
|
|
// Pad tag to be valid semver range
|
|
if (/^v\d+$/.test(range)) {
|
|
range = `^${range}.0.0`;
|
|
} else if (/^v\d+\.d+$/.test(range)) {
|
|
range = `^${range}.0`;
|
|
}
|
|
|
|
// Pick first match
|
|
const match = tags.find(tag => semver.satisfies(tag.name, range));
|
|
if (!match) {
|
|
throw new Error(`Tag ${targetRef} not found for ${path}`);
|
|
}
|
|
|
|
CACHE.set(cacheKey, `uses: ${path}@${match.commit.sha} # ${targetRef}`);
|
|
}
|
|
|
|
const result = source.replace(
|
|
REGEXP,
|
|
(match, _p1, _p2, _p3, _offset, _string, groups) => {
|
|
const { path, originalRef } = groups;
|
|
|
|
const cacheKey = `${path}@${originalRef}`;
|
|
return CACHE.get(cacheKey) || match;
|
|
}
|
|
);
|
|
await writeFile(fullPath, result);
|
|
}
|
|
|
|
async function main(): Promise<void> {
|
|
const actions = await readdir(WORKFLOWS_DIR);
|
|
|
|
for (const name of actions) {
|
|
// eslint-disable-next-line no-await-in-loop
|
|
await updateAction(join(WORKFLOWS_DIR, name));
|
|
}
|
|
}
|
|
drop(main());
|