diff --git a/.github/workflows/update-cares.yml b/.github/workflows/update-cares.yml index b7a1e5c7c5a65d..fdb0d7c81f7a83 100644 --- a/.github/workflows/update-cares.yml +++ b/.github/workflows/update-cares.yml @@ -18,31 +18,60 @@ jobs: - name: Check c-ares version id: check-version run: | - CURRENT_VERSION=$(grep -oP 'CARES_VERSION\s+\K\S+' cmake/targets/BuildCares.cmake) + set -euo pipefail + + # Extract the commit hash from the line after COMMIT + CURRENT_VERSION=$(awk '/[[:space:]]*COMMIT[[:space:]]*$/{getline; gsub(/^[[:space:]]+|[[:space:]]+$/,"",$0); print}' cmake/targets/BuildCares.cmake) + if [ -z "$CURRENT_VERSION" ]; then - echo "Error: Could not find current version in BuildCares.cmake" + echo "Error: Could not find COMMIT line in BuildCares.cmake" exit 1 fi + + # Validate that it looks like a git hash + if ! [[ $CURRENT_VERSION =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid git hash format in BuildCares.cmake" + echo "Found: $CURRENT_VERSION" + echo "Expected: 40 character hexadecimal string" + exit 1 + fi + echo "current=$CURRENT_VERSION" >> $GITHUB_OUTPUT LATEST_RELEASE=$(curl -sL https://api.github.com/repos/c-ares/c-ares/releases/latest) + if [ -z "$LATEST_RELEASE" ]; then + echo "Error: Failed to fetch latest release from GitHub API" + exit 1 + fi + LATEST_TAG=$(echo "$LATEST_RELEASE" | jq -r '.tag_name') + if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "null" ]; then + echo "Error: Could not extract tag name from GitHub API response" + exit 1 + fi + LATEST_SHA=$(curl -sL "https://api.github.com/repos/c-ares/c-ares/git/ref/tags/$LATEST_TAG" | jq -r '.object.sha') - if [ -z "$LATEST_SHA" ]; then - echo "Error: Could not fetch latest version from GitHub API" + if [ -z "$LATEST_SHA" ] || [ "$LATEST_SHA" = "null" ]; then + echo "Error: Could not fetch SHA for tag $LATEST_TAG" exit 1 fi - if [ ${#LATEST_SHA} -ne 40 ]; then - echo "Error: Invalid SHA length" + + if ! [[ $LATEST_SHA =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid SHA format received from GitHub" + echo "Found: $LATEST_SHA" + echo "Expected: 40 character hexadecimal string" exit 1 fi + echo "latest=$LATEST_SHA" >> $GITHUB_OUTPUT echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT - name: Update version if needed if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest run: | - sed -i "s/CARES_VERSION\s\+[0-9a-f]\+/CARES_VERSION ${{ steps.check-version.outputs.latest }}/" cmake/targets/BuildCares.cmake + set -euo pipefail + # Handle multi-line format where COMMIT and its value are on separate lines + sed -i -E '/[[:space:]]*COMMIT[[:space:]]*$/{n;s/[[:space:]]*([0-9a-f]+)[[:space:]]*$/ ${{ steps.check-version.outputs.latest }}/}' cmake/targets/BuildCares.cmake - name: Create Pull Request if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest diff --git a/.github/workflows/update-libarchive.yml b/.github/workflows/update-libarchive.yml index d20f12bd82f16e..c00ceef4430ce5 100644 --- a/.github/workflows/update-libarchive.yml +++ b/.github/workflows/update-libarchive.yml @@ -17,36 +17,61 @@ jobs: - name: Check libarchive version id: check-version - shell: bash run: | - set -euxo pipefail - CURRENT_VERSION=$(grep -oP 'LIBARCHIVE_VERSION\s+\K\S+' cmake/targets/BuildLibArchive.cmake) + set -euo pipefail + + # Extract the commit hash from the line after COMMIT + CURRENT_VERSION=$(awk '/[[:space:]]*COMMIT[[:space:]]*$/{getline; gsub(/^[[:space:]]+|[[:space:]]+$/,"",$0); print}' cmake/targets/BuildLibArchive.cmake) + if [ -z "$CURRENT_VERSION" ]; then - echo "Error: Could not find current version in BuildLibArchive.cmake" + echo "Error: Could not find COMMIT line in BuildLibArchive.cmake" exit 1 fi + + # Validate that it looks like a git hash + if ! [[ $CURRENT_VERSION =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid git hash format in BuildLibArchive.cmake" + echo "Found: $CURRENT_VERSION" + echo "Expected: 40 character hexadecimal string" + exit 1 + fi + echo "current=$CURRENT_VERSION" >> $GITHUB_OUTPUT LATEST_RELEASE=$(curl -sL https://api.github.com/repos/libarchive/libarchive/releases/latest) + if [ -z "$LATEST_RELEASE" ]; then + echo "Error: Failed to fetch latest release from GitHub API" + exit 1 + fi + LATEST_TAG=$(echo "$LATEST_RELEASE" | jq -r '.tag_name') + if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "null" ]; then + echo "Error: Could not extract tag name from GitHub API response" + exit 1 + fi + LATEST_SHA=$(curl -sL "https://api.github.com/repos/libarchive/libarchive/git/ref/tags/$LATEST_TAG" | jq -r '.object.sha') - if [ -z "$LATEST_SHA" ]; then - echo "Error: Could not fetch latest version from GitHub API" + if [ -z "$LATEST_SHA" ] || [ "$LATEST_SHA" = "null" ]; then + echo "Error: Could not fetch SHA for tag $LATEST_TAG" exit 1 fi - if [ ${#LATEST_SHA} -ne 40 ]; then - echo "Error: Invalid SHA length" + + if ! [[ $LATEST_SHA =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid SHA format received from GitHub" + echo "Found: $LATEST_SHA" + echo "Expected: 40 character hexadecimal string" exit 1 fi + echo "latest=$LATEST_SHA" >> $GITHUB_OUTPUT echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT - name: Update version if needed if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest - shell: bash run: | - set -euxo pipefail - sed -i "s/LIBARCHIVE_VERSION\s\+[0-9a-f]\+/LIBARCHIVE_VERSION ${{ steps.check-version.outputs.latest }}/" cmake/targets/BuildLibArchive.cmake + set -euo pipefail + # Handle multi-line format where COMMIT and its value are on separate lines + sed -i -E '/[[:space:]]*COMMIT[[:space:]]*$/{n;s/[[:space:]]*([0-9a-f]+)[[:space:]]*$/ ${{ steps.check-version.outputs.latest }}/}' cmake/targets/BuildLibArchive.cmake - name: Create Pull Request if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest @@ -64,4 +89,4 @@ jobs: Updates libarchive to version ${{ steps.check-version.outputs.tag }} - Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-libarchive.yml) + Auto-updated by [this workflow](https://github.com/oven-sh/bun/actions/workflows/update-libarchive.yml) \ No newline at end of file diff --git a/.github/workflows/update-libdeflate.yml b/.github/workflows/update-libdeflate.yml index eae3eecf6a874d..b5405c410bcffc 100644 --- a/.github/workflows/update-libdeflate.yml +++ b/.github/workflows/update-libdeflate.yml @@ -18,31 +18,60 @@ jobs: - name: Check libdeflate version id: check-version run: | - CURRENT_VERSION=$(grep -oP 'LIBDEFLATE_VERSION\s+\K\S+' cmake/targets/BuildLibDeflate.cmake) + set -euo pipefail + + # Extract the commit hash from the line after COMMIT + CURRENT_VERSION=$(awk '/[[:space:]]*COMMIT[[:space:]]*$/{getline; gsub(/^[[:space:]]+|[[:space:]]+$/,"",$0); print}' cmake/targets/BuildLibDeflate.cmake) + if [ -z "$CURRENT_VERSION" ]; then - echo "Error: Could not find current version in BuildLibDeflate.cmake" + echo "Error: Could not find COMMIT line in BuildLibDeflate.cmake" exit 1 fi + + # Validate that it looks like a git hash + if ! [[ $CURRENT_VERSION =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid git hash format in BuildLibDeflate.cmake" + echo "Found: $CURRENT_VERSION" + echo "Expected: 40 character hexadecimal string" + exit 1 + fi + echo "current=$CURRENT_VERSION" >> $GITHUB_OUTPUT LATEST_RELEASE=$(curl -sL https://api.github.com/repos/ebiggers/libdeflate/releases/latest) + if [ -z "$LATEST_RELEASE" ]; then + echo "Error: Failed to fetch latest release from GitHub API" + exit 1 + fi + LATEST_TAG=$(echo "$LATEST_RELEASE" | jq -r '.tag_name') + if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "null" ]; then + echo "Error: Could not extract tag name from GitHub API response" + exit 1 + fi + LATEST_SHA=$(curl -sL "https://api.github.com/repos/ebiggers/libdeflate/git/ref/tags/$LATEST_TAG" | jq -r '.object.sha') - if [ -z "$LATEST_SHA" ]; then - echo "Error: Could not fetch latest version from GitHub API" + if [ -z "$LATEST_SHA" ] || [ "$LATEST_SHA" = "null" ]; then + echo "Error: Could not fetch SHA for tag $LATEST_TAG" exit 1 fi - if [ ${#LATEST_SHA} -ne 40 ]; then - echo "Error: Invalid SHA length" + + if ! [[ $LATEST_SHA =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid SHA format received from GitHub" + echo "Found: $LATEST_SHA" + echo "Expected: 40 character hexadecimal string" exit 1 fi + echo "latest=$LATEST_SHA" >> $GITHUB_OUTPUT echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT - name: Update version if needed if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest run: | - sed -i "s/LIBDEFLATE_VERSION\s\+[0-9a-f]\+/LIBDEFLATE_VERSION ${{ steps.check-version.outputs.latest }}/" cmake/targets/BuildLibDeflate.cmake + set -euo pipefail + # Handle multi-line format where COMMIT and its value are on separate lines + sed -i -E '/[[:space:]]*COMMIT[[:space:]]*$/{n;s/[[:space:]]*([0-9a-f]+)[[:space:]]*$/ ${{ steps.check-version.outputs.latest }}/}' cmake/targets/BuildLibDeflate.cmake - name: Create Pull Request if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest diff --git a/.github/workflows/update-lolhtml.yml b/.github/workflows/update-lolhtml.yml index d089ef0515853d..676dcb8e3ab459 100644 --- a/.github/workflows/update-lolhtml.yml +++ b/.github/workflows/update-lolhtml.yml @@ -18,31 +18,60 @@ jobs: - name: Check lolhtml version id: check-version run: | - CURRENT_VERSION=$(grep -oP 'LOLHTML_VERSION\s+\K\S+' cmake/targets/BuildLolHtml.cmake) + set -euo pipefail + + # Extract the commit hash from the line after COMMIT + CURRENT_VERSION=$(awk '/[[:space:]]*COMMIT[[:space:]]*$/{getline; gsub(/^[[:space:]]+|[[:space:]]+$/,"",$0); print}' cmake/targets/BuildLolHtml.cmake) + if [ -z "$CURRENT_VERSION" ]; then - echo "Error: Could not find current version in BuildLolHtml.cmake" + echo "Error: Could not find COMMIT line in BuildLolHtml.cmake" exit 1 fi + + # Validate that it looks like a git hash + if ! [[ $CURRENT_VERSION =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid git hash format in BuildLolHtml.cmake" + echo "Found: $CURRENT_VERSION" + echo "Expected: 40 character hexadecimal string" + exit 1 + fi + echo "current=$CURRENT_VERSION" >> $GITHUB_OUTPUT LATEST_RELEASE=$(curl -sL https://api.github.com/repos/cloudflare/lol-html/releases/latest) + if [ -z "$LATEST_RELEASE" ]; then + echo "Error: Failed to fetch latest release from GitHub API" + exit 1 + fi + LATEST_TAG=$(echo "$LATEST_RELEASE" | jq -r '.tag_name') + if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "null" ]; then + echo "Error: Could not extract tag name from GitHub API response" + exit 1 + fi + LATEST_SHA=$(curl -sL "https://api.github.com/repos/cloudflare/lol-html/git/ref/tags/$LATEST_TAG" | jq -r '.object.sha') - if [ -z "$LATEST_SHA" ]; then - echo "Error: Could not fetch latest version from GitHub API" + if [ -z "$LATEST_SHA" ] || [ "$LATEST_SHA" = "null" ]; then + echo "Error: Could not fetch SHA for tag $LATEST_TAG" exit 1 fi - if [ ${#LATEST_SHA} -ne 40 ]; then - echo "Error: Invalid SHA length" + + if ! [[ $LATEST_SHA =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid SHA format received from GitHub" + echo "Found: $LATEST_SHA" + echo "Expected: 40 character hexadecimal string" exit 1 fi + echo "latest=$LATEST_SHA" >> $GITHUB_OUTPUT echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT - name: Update version if needed if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest run: | - sed -i "s/LOLHTML_VERSION\s\+[0-9a-f]\+/LOLHTML_VERSION ${{ steps.check-version.outputs.latest }}/" cmake/targets/BuildLolHtml.cmake + set -euo pipefail + # Handle multi-line format where COMMIT and its value are on separate lines + sed -i -E '/[[:space:]]*COMMIT[[:space:]]*$/{n;s/[[:space:]]*([0-9a-f]+)[[:space:]]*$/ ${{ steps.check-version.outputs.latest }}/}' cmake/targets/BuildLolHtml.cmake - name: Create Pull Request if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest diff --git a/.github/workflows/update-lshpack.yml b/.github/workflows/update-lshpack.yml index 7902c72bd05623..65d63f962763fb 100644 --- a/.github/workflows/update-lshpack.yml +++ b/.github/workflows/update-lshpack.yml @@ -18,31 +18,60 @@ jobs: - name: Check lshpack version id: check-version run: | - CURRENT_VERSION=$(grep -oP 'LSHPACK_VERSION\s+\K\S+' cmake/targets/BuildLshpack.cmake) + set -euo pipefail + + # Extract the commit hash from the line after COMMIT + CURRENT_VERSION=$(awk '/[[:space:]]*COMMIT[[:space:]]*$/{getline; gsub(/^[[:space:]]+|[[:space:]]+$/,"",$0); print}' cmake/targets/BuildLshpack.cmake) + if [ -z "$CURRENT_VERSION" ]; then - echo "Error: Could not find current version in BuildLshpack.cmake" + echo "Error: Could not find COMMIT line in BuildLshpack.cmake" exit 1 fi + + # Validate that it looks like a git hash + if ! [[ $CURRENT_VERSION =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid git hash format in BuildLshpack.cmake" + echo "Found: $CURRENT_VERSION" + echo "Expected: 40 character hexadecimal string" + exit 1 + fi + echo "current=$CURRENT_VERSION" >> $GITHUB_OUTPUT LATEST_RELEASE=$(curl -sL https://api.github.com/repos/litespeedtech/ls-hpack/releases/latest) + if [ -z "$LATEST_RELEASE" ]; then + echo "Error: Failed to fetch latest release from GitHub API" + exit 1 + fi + LATEST_TAG=$(echo "$LATEST_RELEASE" | jq -r '.tag_name') + if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "null" ]; then + echo "Error: Could not extract tag name from GitHub API response" + exit 1 + fi + LATEST_SHA=$(curl -sL "https://api.github.com/repos/litespeedtech/ls-hpack/git/ref/tags/$LATEST_TAG" | jq -r '.object.sha') - if [ -z "$LATEST_SHA" ]; then - echo "Error: Could not fetch latest version from GitHub API" + if [ -z "$LATEST_SHA" ] || [ "$LATEST_SHA" = "null" ]; then + echo "Error: Could not fetch SHA for tag $LATEST_TAG" exit 1 fi - if [ ${#LATEST_SHA} -ne 40 ]; then - echo "Error: Invalid SHA length" + + if ! [[ $LATEST_SHA =~ ^[0-9a-f]{40}$ ]]; then + echo "Error: Invalid SHA format received from GitHub" + echo "Found: $LATEST_SHA" + echo "Expected: 40 character hexadecimal string" exit 1 fi + echo "latest=$LATEST_SHA" >> $GITHUB_OUTPUT echo "tag=$LATEST_TAG" >> $GITHUB_OUTPUT - name: Update version if needed if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest run: | - sed -i "s/LSHPACK_VERSION\s\+[0-9a-f]\+/LSHPACK_VERSION ${{ steps.check-version.outputs.latest }}/" cmake/targets/BuildLshpack.cmake + set -euo pipefail + # Handle multi-line format where COMMIT and its value are on separate lines + sed -i -E '/[[:space:]]*COMMIT[[:space:]]*$/{n;s/[[:space:]]*([0-9a-f]+)[[:space:]]*$/ ${{ steps.check-version.outputs.latest }}/}' cmake/targets/BuildLshpack.cmake - name: Create Pull Request if: success() && steps.check-version.outputs.current != steps.check-version.outputs.latest