From 3b516d5ff5e0114b9c424f359efbe1861ec3d585 Mon Sep 17 00:00:00 2001 From: Christian Hoffmann Date: Thu, 11 Aug 2022 23:05:46 +0200 Subject: [PATCH 1/5] TEST: fake old versions --- .github/autobuild/windows.ps1 | 4 ++-- .github/workflows/autobuild.yml | 4 ++-- windows/deploy_windows.ps1 | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/autobuild/windows.ps1 b/.github/autobuild/windows.ps1 index 2a800bbb81..ae4b7acfbb 100644 --- a/.github/autobuild/windows.ps1 +++ b/.github/autobuild/windows.ps1 @@ -17,12 +17,12 @@ $ErrorActionPreference = "Stop" $QtDir = 'C:\Qt' $ChocoCacheDir = 'C:\ChocoCache' $Qt32Version = "5.15.2" -$Qt64Version = "5.15.2" +$Qt64Version = "6.0.0" $AqtinstallVersion = "2.1.0" $JackVersion = "1.9.17" $Msvc32Version = "win32_msvc2019" $Msvc64Version = "win64_msvc2019_64" -$JomVersion = "1.1.2" +$JomVersion = "1.1.1" $JamulusVersion = $Env:JAMULUS_BUILD_VERSION if ( $JamulusVersion -notmatch '^\d+\.\d+\.\d+.*' ) diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 7286e59c27..706013966e 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -133,7 +133,7 @@ jobs: - config_name: MacOS (artifacts) target_os: macos building_on_os: macos-12 - base_command: QT_VERSION=6.3.1 SIGN_IF_POSSIBLE=1 ./.github/autobuild/mac.sh + base_command: QT_VERSION=6.3.0 SIGN_IF_POSSIBLE=1 ./.github/autobuild/mac.sh # Disable CodeQL on mac as it interferes with signing the binaries (signing hangs, see #2563 and #2564) run_codeql: false # Latest Xcode which runs on macos-11: @@ -142,7 +142,7 @@ jobs: - config_name: MacOS arm64 (artifacts) target_os: macos building_on_os: macos-12 - base_command: QT_VERSION=6.3.1 SIGN_IF_POSSIBLE=1 TARGET_ARCH=arm64 ARTIFACT_SUFFIX=_arm64 ./.github/autobuild/mac.sh + base_command: QT_VERSION=6.3.0 SIGN_IF_POSSIBLE=1 TARGET_ARCH=arm64 ARTIFACT_SUFFIX=_arm64 ./.github/autobuild/mac.sh # Disable CodeQL on mac as it interferes with signing the binaries (signing hangs, see #2563 and #2564) run_codeql: false xcode_version: 13.4.1 diff --git a/windows/deploy_windows.ps1 b/windows/deploy_windows.ps1 index 95df80627f..114f843abd 100644 --- a/windows/deploy_windows.ps1 +++ b/windows/deploy_windows.ps1 @@ -8,10 +8,10 @@ param ( # - Do not update ASIO SDK without checking for license-related changes. # - Do not copy (parts of) the ASIO SDK into the Jamulus source tree without # further consideration as it would make the license situation more complicated. - [string] $AsioSDKName = "asiosdk_2.3.3_2019-06-14", - [string] $AsioSDKUrl = "https://download.steinberg.net/sdk_downloads/asiosdk_2.3.3_2019-06-14.zip", - [string] $NsisName = "nsis-3.08", - [string] $NsisUrl = "https://downloads.sourceforge.net/project/nsis/NSIS%203/3.08/nsis-3.08.zip", + [string] $AsioSDKName = "asiosdk_0.3.3_2019-06-14", + [string] $AsioSDKUrl = "https://download.steinberg.net/sdk_downloads/asiosdk_0.3.3_2019-06-14.zip", + [string] $NsisName = "nsis-3.07", + [string] $NsisUrl = "https://downloads.sourceforge.net/project/nsis/NSIS%203/3.07/nsis-3.06.zip", [string] $BuildOption = "" ) From 1b22f64f02db6facfdf6d055ef52c46808d4790a Mon Sep 17 00:00:00 2001 From: Christian Hoffmann Date: Thu, 11 Aug 2022 17:07:22 +0200 Subject: [PATCH 2/5] CI: Check for dependency updates automatically This currently covers: - aqt - Qt6 - choco-jack - choco-jom - NSIS - ASIO-SDK Related: #2346 --- .github/autobuild/android.sh | 2 + .github/autobuild/ios.sh | 2 + .github/autobuild/mac.sh | 2 + .github/autobuild/windows.ps1 | 2 + .github/workflows/bump-dependencies.yml | 180 ++++++++++++++++++++++++ windows/deploy_windows.ps1 | 3 + 6 files changed, 191 insertions(+) create mode 100644 .github/workflows/bump-dependencies.yml diff --git a/.github/autobuild/android.sh b/.github/autobuild/android.sh index 652b589b1c..a8e52e8616 100755 --- a/.github/autobuild/android.sh +++ b/.github/autobuild/android.sh @@ -1,6 +1,8 @@ #!/bin/bash set -eu +# Some of the following version pinnings are semi-automatically checked for +# updates. Update .github/workflows/bump-dependencies.yaml when renaming those: COMMANDLINETOOLS_VERSION=6858069 ANDROID_NDK_VERSION=r21d ANDROID_PLATFORM=android-30 diff --git a/.github/autobuild/ios.sh b/.github/autobuild/ios.sh index 14cbcbf873..b60dbdf53d 100755 --- a/.github/autobuild/ios.sh +++ b/.github/autobuild/ios.sh @@ -2,6 +2,8 @@ set -eu QT_DIR=/usr/local/opt/qt +# The following version pinnings are semi-automatically checked for +# updates. Verify .github/workflows/bump-dependencies.yaml when changing those manually: AQTINSTALL_VERSION=2.1.0 if [[ ! ${QT_VERSION:-} =~ [0-9]+\.[0-9]+\..* ]]; then diff --git a/.github/autobuild/mac.sh b/.github/autobuild/mac.sh index f0fffd504e..45544c5755 100755 --- a/.github/autobuild/mac.sh +++ b/.github/autobuild/mac.sh @@ -2,6 +2,8 @@ set -eu QT_DIR=/usr/local/opt/qt +# The following version pinnings are semi-automatically checked for +# updates. Verify .github/workflows/bump-dependencies.yaml when changing those manually: AQTINSTALL_VERSION=2.1.0 TARGET_ARCH="${TARGET_ARCH:-}" diff --git a/.github/autobuild/windows.ps1 b/.github/autobuild/windows.ps1 index ae4b7acfbb..a07ddf111a 100644 --- a/.github/autobuild/windows.ps1 +++ b/.github/autobuild/windows.ps1 @@ -16,6 +16,8 @@ $ErrorActionPreference = "Stop" $QtDir = 'C:\Qt' $ChocoCacheDir = 'C:\ChocoCache' +# The following version pinnings are semi-automatically checked for +# updates. Verify .github/workflows/bump-dependencies.yaml when changing those manually: $Qt32Version = "5.15.2" $Qt64Version = "6.0.0" $AqtinstallVersion = "2.1.0" diff --git a/.github/workflows/bump-dependencies.yml b/.github/workflows/bump-dependencies.yml new file mode 100644 index 0000000000..6dbd11b957 --- /dev/null +++ b/.github/workflows/bump-dependencies.yml @@ -0,0 +1,180 @@ +name: Bump dependencies + +on: + # For PR creation: + workflow_dispatch: + schedule: + - cron: '13 8 * * 6' # once a week on Saturdays at 08:13 + + # For branch deletion: + # We have to use pull_request_target because pull_request does not trigger on closed PRs with merge conflicts: + # https://github.com/orgs/community/discussions/26304 + # WARNING: pull_request_target is dangerous as the run can be influenced by the PR origin. + pull_request_target: + types: + - closed + + # For rebasing: + push: + branches: [master] + +permissions: + pull-requests: write + # The main repository writes are done using a deploy key as we can't grant + # workflows: permission here, which is required when pushing to .github/workflows. + # We need basic access for branch deletion anyway: + contents: write + +jobs: + create-prs: + name: Update ${{ matrix.components.name }} if necessary + if: >- + github.repository_owner == 'hoffie' && + github.event_name != 'pull_request_target' + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + components: + - name: aqt + # not Changelog-worthy + get_upstream_version: GH_REPO=miurahr/aqtinstall gh release view --json tagName --jq .tagName | sed -re 's/^v//' + # The following regexps capture both the *nix and the Windows variable syntax (different case, underscore): + local_version_regex: (.*AQTINSTALL_?VERSION\s*=\s*"?)([0-9.]*)("?.*) + + - name: Qt6 + changelog_name: bundled Qt6 + get_upstream_version: | + latest_minor="$(curl -s https://download.qt.io/official_releases/qt/ | grep -oP 'href="\K[0-9.]+(?=/")' | sort --reverse --version-sort | head -n1)"; + curl -s https://download.qt.io/official_releases/qt/"${latest_minor}"/ | grep -oP 'href="\K[0-9.]+(?=/")' | sort --reverse --version-sort | head -n1 + # The following regex captures both the *nix and the Windows variable syntax (different case, underscore): + local_version_regex: (.*QT[0-9_]+VERSION\s*=\s*"?)(6\.[0-9.]+)("?.*) + + - name: choco-jack + changelog_name: bundled JACK (Windows-only) + get_upstream_version: | + curl -s -o /dev/null --location --range 0-5 --write-out '%{url_effective}' https://community.chocolatey.org/api/v2/package/jack/ | + grep -oP '.*/jack\.\K.*(?=\.nupkg)' + local_version_regex: (.*JackVersion\s*=\s*"?)([0-9.]+)("?.*) + + - name: choco-jom + # not Changelog-worthy + get_upstream_version: | + curl -s -o /dev/null --location --range 0-5 --write-out '%{url_effective}' https://community.chocolatey.org/api/v2/package/jom/ | + grep -oP 'jom\.\K.*(?=\.nupkg)' + local_version_regex: (.*JomVersion\s*=\s*"?)([0-9.]+)("?.*) + + - name: NSIS + changelog_name: Windows Installer base (NSIS) + get_upstream_version: | + curl -s -o /dev/null --location --range 0-5 --write-out '%{url_effective}' https://sourceforge.net/projects/nsis/files/latest/download | + grep -oP '.*/nsis-\K[0-9.]+(?=-setup\.)' + # This pattern is a bit special as it has to match twice in a single line. + # Therefore, we have to be very careful to avoid consuming too much pattern space. + # This is why a positive lookahead is used instead of direct matching: + local_version_regex: (.*"nsis-|.*\/NSIS.20.\/|\/nsis-)([0-9.]+)(".*|(?=\/nsis-)|\.zip.*) + + - name: ASIO-SDK + changelog_name: ASIO SDK (Windows-only) + get_upstream_version: | + curl -s -o /dev/null --location --range 0-5 --write-out '%{url_effective}' https://www.steinberg.net/asiosdk | + grep -oP '.*asiosdk_\K.*(?=\.zip)' + local_version_regex: (.*["\/]asiosdk_)([^"]+?)(".*|\.zip.*) + + steps: + - uses: actions/checkout@v3 + with: + ssh-key: ${{ secrets.BUMP_DEPENDENCIES_SSH_DEPLOY_KEY || 'fail-due-to-missing-ssh-key-as-secret' }} + fetch-depth: '0' # we create/compare new branches and therefore require full history + - env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -eu + files=( .github/{autobuild,workflows}/* windows/*.ps1 ) + upstream_version="$(${{ matrix.components.get_upstream_version }})" + local_version="$(perl -nle 'print "$2" if /${{ matrix.components.local_version_regex }}/i' "${files[@]}" | sort --reverse --version-sort | head -n1)" + if [[ -z "$upstream_version" ]]; then + echo "failed to extract upstream version" + exit 1 + fi + if [[ -z "$local_version" ]]; then + echo "failed to extract local version" + exit 1 + fi + if [[ "$upstream_version" == "$local_version" ]]; then + echo "upstream ${{ matrix.components.name }} (${upstream_version}) matches local ${{ matrix.components.name }} (${local_version})" + exit 0 + fi + echo "upstream ${{ matrix.components.name }} (${upstream_version}) is different than local ${{ matrix.components.name }} (${local_version}), creating PR" + git config --global user.email "actions@github.com" + git config --global user.name "github-actions[bot]" + pr_branch=ci/bump-dependencies/${{ matrix.components.name }} + git checkout -b "${pr_branch}" + # sed does not support replacements with overlapping or lookahead patterns as is the case with NSIS. + # Therefore, use perl instead: + perl -pe 's/${{ matrix.components.local_version_regex }}/${1}'"${upstream_version}"'${3}/gi' -i "${files[@]}" + git add . + title="Build: Update ${{ matrix.components.name }} to ${upstream_version}" + existing_pr="$(gh pr list --head "${pr_branch}" --json number --jq '.[].number')" + git commit -m "${title}" + if [[ "${existing_pr}" ]]; then + git fetch origin "${pr_branch}" + diff_size="$(git diff "remotes/origin/${pr_branch}" HEAD)" + if [[ -z "${diff_size}" ]]; then + echo "found existing branch, diff is empty, nothing to do" + exit 0 + fi + fi + git push origin "+${pr_branch}" + body="This automated Pull Request updates the used **${{ matrix.components.name }}** version to version **${upstream_version}**."$'\n\n' + body="${body}This PR was opened by the workflow *${GITHUB_WORKFLOW}* (*${GITHUB_JOB}*)"$'\n\n' + body="${body}CHANGELOG: " + if [[ "${{ matrix.components.changelog_name }}" ]]; then + body="${body}Build: Updated ${{ matrix.components.changelog_name }} to version ${upstream_version}" + else + body="${body}SKIP" + fi + if [[ $existing_pr ]]; then + existing_title="$(gh pr view "${existing_pr}" --json title --jq .title)" + gh pr edit "${existing_pr}" --title "${title}" --body "${body}" + if [[ "${existing_title}" != "${title}" ]]; then + # If the title changed, this implies that we are updating the PR for a different version + # (and not just rebasing it). Therefore, leave a comment to make that transparent: + gh pr comment "${existing_pr}" --body "PR has been updated for version *${upstream_version}* by the workflow *${GITHUB_WORKFLOW}* (*${GITHUB_JOB}*)." + fi + else + gh pr create --base master --head "${pr_branch}" --title "${title}" --body "${body}" + echo 'When Github actions create a PR, no workflows/checks (e.g. autobuilds) run.' + echo 'We do want autobuilds though, therefore, we push a slightly modified commit via the deploy key, which avoids this problem.' + echo 'We have to wait some time in order to trigger a new event... Waiting 60sec now' + sleep 60 + git commit --amend --no-edit + git push origin "+${pr_branch}" + fi + +# FIXME hoffie -> jamulussoftware (2x) + delete-old-pr-branches: + if: >- + github.repository_owner == 'hoffie' && + github.event_name == 'pull_request_target' && + startsWith(github.event.pull_request.head.label, 'hoffie:ci/bump-dependencies/') + runs-on: ubuntu-latest + steps: + # This job runs via pull_request_target. Please check for any security + # consequences when extending these steps: + # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ + - uses: actions/checkout@v3 + # this checks out the upstream `master` and not the PR branch; this is fine for us + # as we just need a proper config for git/gh to work with. + - env: + pr_branch: ${{ github.event.pull_request.head.ref }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -eu + [[ "${pr_branch}" == ci/bump-dependencies/* ]] || exit 1 + open_pr_count="$(gh pr list --head "${pr_branch}" --json number --jq '.[].number' | wc -l)" + if [[ "$open_pr_count" != 0 ]]; then + echo "Open PRs for ${pr_branch} found, keeping branch" + exit 0 + fi + git push origin ":${pr_branch}" diff --git a/windows/deploy_windows.ps1 b/windows/deploy_windows.ps1 index 114f843abd..d9cdb9612f 100644 --- a/windows/deploy_windows.ps1 +++ b/windows/deploy_windows.ps1 @@ -8,6 +8,9 @@ param ( # - Do not update ASIO SDK without checking for license-related changes. # - Do not copy (parts of) the ASIO SDK into the Jamulus source tree without # further consideration as it would make the license situation more complicated. + # + # The following version pinnings are semi-automatically checked for + # updates. Verify .github/workflows/bump-dependencies.yaml when changing those manually: [string] $AsioSDKName = "asiosdk_0.3.3_2019-06-14", [string] $AsioSDKUrl = "https://download.steinberg.net/sdk_downloads/asiosdk_0.3.3_2019-06-14.zip", [string] $NsisName = "nsis-3.07", From a466424ae4e39f4084a230dc89f804f670e1ce49 Mon Sep 17 00:00:00 2001 From: Christian Hoffmann Date: Fri, 12 Aug 2022 13:48:27 +0200 Subject: [PATCH 3/5] Github: Enable dependabot Related: #2346 --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..9de4980495 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + commit-message: + prefix: "CI" From dd642af77560566791a0a8563b786ddf65281571 Mon Sep 17 00:00:00 2001 From: Christian Hoffmann Date: Sat, 13 Aug 2022 13:16:02 +0200 Subject: [PATCH 4/5] test commit --- foo.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 foo.txt diff --git a/foo.txt b/foo.txt new file mode 100644 index 0000000000..e69de29bb2 From 307a552e387582e68577275659ab61e310fcefc4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Aug 2022 11:18:34 +0000 Subject: [PATCH 5/5] CI: Bump dev-drprasad/delete-tag-and-release from 0.1.2 to 0.2.0 Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release) from 0.1.2 to 0.2.0. - [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases) - [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.1.2...v0.2.0) --- updated-dependencies: - dependency-name: dev-drprasad/delete-tag-and-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/autobuild.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/autobuild.yml b/.github/workflows/autobuild.yml index 706013966e..1209ab718d 100644 --- a/.github/workflows/autobuild.yml +++ b/.github/workflows/autobuild.yml @@ -80,7 +80,7 @@ jobs: - name: Remove release ${{steps.get-build-vars.outputs.RELEASE_TAG}}, if existing if: steps.get-build-vars.outputs.PUBLISH_TO_RELEASE == 'true' continue-on-error: true - uses: dev-drprasad/delete-tag-and-release@v0.1.2 + uses: dev-drprasad/delete-tag-and-release@v0.2.0 with: delete_release: true tag_name: ${{ steps.get-build-vars.outputs.RELEASE_TAG }}