OpenSSL update #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: OpenSSL update | |
on: | |
schedule: | |
# Run once a week at 00:05 AM UTC on Sunday. | |
- cron: 5 0 * * 0 | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
openssl-v3-update: | |
if: github.repository == 'nodejs/node' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
persist-credentials: false | |
- name: Check and download new OpenSSL version | |
run: | | |
./tools/dep_updaters/update-openssl.sh download_v3 > temp-output | |
cat temp-output | |
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true | |
rm temp-output | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
- name: Create PR with first commit | |
if: env.NEW_VERSION | |
uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5 | |
# Creates a PR with the new OpenSSL source code committed | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
with: | |
author: Node.js GitHub Bot <[email protected]> | |
body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}. | |
branch: actions/tools-update-openssl # Custom branch *just* for this Action. | |
commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}' | |
labels: dependencies | |
title: 'deps: update OpenSSL to ${{ env.NEW_VERSION }}' | |
path: deps/openssl | |
update-pull-request-title-and-body: true | |
- name: Regenerate platform specific files | |
if: env.NEW_VERSION | |
run: | | |
sudo apt install -y nasm libtext-template-perl | |
./tools/dep_updaters/update-openssl.sh regenerate | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
- name: Add second commit | |
# Adds a second commit to the PR with the generated platform-dependent files | |
if: env.NEW_VERSION | |
uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
with: | |
author: Node.js GitHub Bot <[email protected]> | |
branch: actions/tools-update-openssl # Custom branch *just* for this Action. | |
commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}' | |
path: deps/openssl | |
openssl-v1-update: | |
if: github.repository == 'nodejs/node' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
persist-credentials: false | |
ref: v16.x-staging | |
- name: Check and download new OpenSSL version | |
run: | | |
./tools/dep_updaters/update-openssl.sh download_v1 > temp-output | |
cat temp-output | |
tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true | |
rm temp-output | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
- name: Create PR with first commit | |
if: env.NEW_VERSION | |
uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329 # v1.9.2 | |
# Creates a PR with the new OpenSSL source code committed | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
with: | |
author: Node.js GitHub Bot <[email protected]> | |
body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}. | |
branch: actions/tools-update-openssl-v1 # Custom branch *just* for this Action. | |
commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}' | |
labels: dependencies | |
title: '[v16.x] deps: update OpenSSL to ${{ env.NEW_VERSION }}' | |
path: deps/openssl | |
update-pull-request-title-and-body: true | |
- name: Regenerate platform specific files | |
if: env.NEW_VERSION | |
run: | | |
sudo apt install -y nasm libtext-template-perl | |
./tools/dep_updaters/update-openssl.sh regenerate | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
- name: Add second commit | |
# Adds a second commit to the PR with the generated platform-dependent files | |
if: env.NEW_VERSION | |
uses: gr2m/create-or-update-pull-request-action@df20b2c073090271599a08c55ae26e0c3522b329 # v1.9.2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} | |
with: | |
author: Node.js GitHub Bot <[email protected]> | |
branch: actions/tools-update-openssl-v1 # Custom branch *just* for this Action. | |
commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}' | |
path: deps/openssl |