Automating docker-node part of the official Node Docker images release process (#1646)

Co-authored-by: Simen Bekkhus <[email protected]>
Co-authored-by: Pedro Henrique <[email protected]>

Author: Pehesi97

.github/workflows/automatic-updates.yml

@@ -0,0 +1,54 @@
+name: Automatically update Docker image versions
+
+on:
+  schedule:
+    - cron: "*/15 * * * *"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'nodejs'
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run automation script
+        uses: actions/github-script@v6
+        id: updt
+        with:
+          script: |
+            const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/build-automation.mjs`);
+            await script(github);
+
+      - name: Create update PR
+        id: cpr
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: update-branch
+          base: main
+          commit-message: "Update to ${{ steps.updt.outputs.updated-versions }}"
+          title: "Update to ${{ steps.updt.outputs.updated-versions }}"
+          delete-branch: true
+          team-reviewers: |
+            @nodejs/docker
+
+      - name: Check CI status periodically
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/check-pr-status.mjs`);
+            await script(github, '${{ github.repository }}', ${{ steps.cpr.outputs.pull-request-number }});
+
+      - name: Auto-approve the PR
+        uses: juliangruber/approve-pull-request-action@v1
+        with:
+          # Cannot use `GITHUB_TOKEN` as it's not allowed to approve own PR
+          github-token: ${{ secrets.GH_API_TOKEN }}
+          number: ${{ steps.cpr.outputs.pull-request-number }}
+
+      - name: Merge PR
+        uses: juliangruber/merge-pull-request-action@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          number: ${{ steps.cpr.outputs.pull-request-number }}

build-automation.mjs

@@ -0,0 +1,104 @@
+import { promisify } from "util";
+
+import child_process from "child_process";
+
+const exec = promisify(child_process.exec);
+
+// a function that queries the Node.js release website for new versions,
+// compare the available ones with the ones we use in this repo
+// and returns whether we should update or not
+const checkIfThereAreNewVersions = async (github) => {
+  try {
+    const { stdout: versionsOutput } = await exec(". ./functions.sh && get_versions", { shell: "bash" });
+
+    const supportedVersions = versionsOutput.trim().split(" ");
+
+    let latestSupportedVersions = {};
+
+    for (let supportedVersion of supportedVersions) {
+      const { stdout } = await exec(`ls ${supportedVersion}`);
+
+      const { stdout: fullVersionOutput } = await exec(`. ./functions.sh && get_full_version ./${supportedVersion}/${stdout.trim().split("\n")[0]}`, { shell: "bash" });
+
+      console.log(fullVersionOutput);
+
+      latestSupportedVersions[supportedVersion] = { fullVersion: fullVersionOutput.trim() };
+    }
+
+    const { data: availableVersionsJson } = await github.request('https://nodejs.org/download/release/index.json');
+
+    // filter only more recent versions of availableVersionsJson for each major version in latestSupportedVersions' keys
+    // e.g. if latestSupportedVersions = { "12": "12.22.10", "14": "14.19.0", "16": "16.14.0", "17": "17.5.0" }
+    // and availableVersions = ["Node.js 12.22.10", "Node.js 12.24.0", "Node.js 14.19.0", "Node.js 14.22.0", "Node.js 16.14.0", "Node.js 16.16.0", "Node.js 17.5.0", "Node.js 17.8.0"]
+    // return { "12": "12.24.0", "14": "14.22.0", "16": "16.16.0", "17": "17.8.0" }
+
+    let filteredNewerVersions = {};
+
+    for (let availableVersion of availableVersionsJson) {
+      const [availableMajor, availableMinor, availablePatch] = availableVersion.version.split("v")[1].split(".");
+      if (latestSupportedVersions[availableMajor] == null) {
+        continue;
+      }
+      const [_latestMajor, latestMinor, latestPatch] = latestSupportedVersions[availableMajor].fullVersion.split(".");
+      if (latestSupportedVersions[availableMajor] && (Number(availableMinor) > Number(latestMinor) || (availableMinor === latestMinor && Number(availablePatch) > Number(latestPatch)))) {
+        filteredNewerVersions[availableMajor] = { fullVersion: `${availableMajor}.${availableMinor}.${availablePatch}` };
+      }
+    }
+
+    return {
+      shouldUpdate: Object.keys(filteredNewerVersions).length > 0 && JSON.stringify(filteredNewerVersions) !== JSON.stringify(latestSupportedVersions),
+      versions: filteredNewerVersions,
+    }
+  } catch (error) {
+    console.error(error);
+    process.exit(1);
+  }
+};
+
+// a function that queries the Node.js unofficial release website for new musl versions and security releases,
+// and returns relevant information
+const checkForMuslVersionsAndSecurityReleases = async (github, versions) => {
+  try {
+    const { data: unofficialBuildsIndexText } = await github.request('https://unofficial-builds.nodejs.org/download/release/index.json');
+
+    for (let version of Object.keys(versions)) {
+      const { data: unofficialBuildsWebsiteText } = await github.request(`https://unofficial-builds.nodejs.org/download/release/v${versions[version].fullVersion}`);
+
+      versions[version].muslBuildExists = unofficialBuildsWebsiteText.includes("musl");
+      versions[version].isSecurityRelease = unofficialBuildsIndexText.find(indexVersion => indexVersion.version === `v${versions[version].fullVersion}`)?.security;
+    }
+    return versions;
+  } catch (error) {
+    console.error(error);
+    process.exit(1);
+  }
+};
+
+export default async function(github) {
+// if there are no new versions, exit gracefully
+// if there are new versions,
+// check for musl builds
+// then run update.sh
+  const { shouldUpdate, versions } = await checkIfThereAreNewVersions(github);
+
+  if (!shouldUpdate) {
+    console.log("No new versions found. No update required.");
+    process.exit(0);
+  } else {
+    const newVersions = await checkForMuslVersionsAndSecurityReleases(github, versions);
+    let updatedVersions = [];
+    for (let version of Object.keys(newVersions)) {
+      if (newVersions[version].muslBuildExists) {
+        const { stdout } = await exec(`./update.sh ${newVersions[version].isSecurityRelease ? "-s " : ""}${version}`);
+        console.log(stdout);
+        updatedVersions.push(newVersions[version].fullVersion);
+      } else {
+        console.log(`There's no musl build for version ${newVersions[version].fullVersion} yet.`);
+        process.exit(0);
+      }
+    }
+    console.log(`::set-output name=updated-versions::${updatedVersions.join(',')}`);
+    const { stdout } = (await exec(`git diff`));
+    console.log(stdout);
+  }
+}

check-pr-status.mjs

@@ -0,0 +1,29 @@
+// fetch /repos/{owner}/{repo}/pulls/{pull_number}
+// and check its mergeable_state
+// if "clean", exit with status code 0
+// else exit with error
+import { setTimeout } from 'timers/promises';
+
+const tries = 10;
+const retryDelay = 30000;
+
+export default async function(github, repository, pull_number) {
+  const [owner, repo] = repository.split('/');
+  await setTimeout(retryDelay);
+
+  for (let t = 0; t < tries; t++) {
+    try {
+      const { data } = await github.rest.pulls.get({owner, repo, pull_number})
+
+      console.log(data);
+      if (data.mergeable_state === 'clean') {
+        process.exit(0);
+      }
+      await setTimeout(retryDelay);
+    } catch (error) {
+      console.error(error);
+      process.exit(1);
+    }
+  }
+  process.exit(1);
+}

functions.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 #
 # Utlity functions
+# Don't change this file unless needed
+# The GitHub Action for automating new builds rely on this file
 
 info() {
   printf "%s\\n" "$@"