@node-core/utils 4.0.0

package/lib/prepare_security.js

@@ -0,0 +1,117 @@
+import nv from '@pkgjs/nv';
+import auth from './auth.js';
+import Request from './request.js';
+import fs from 'node:fs';
+
+export default class SecurityReleaseSteward {
+  constructor(cli) {
+    this.cli = cli;
+  }
+
+  async start() {
+    const { cli } = this;
+    const credentials = await auth({
+      github: true,
+      h1: true
+    });
+
+    const req = new Request(credentials);
+    const create = await cli.prompt(
+      'Create the Next Security Release issue?',
+      { defaultAnswer: true });
+    if (create) {
+      const issue = new SecurityReleaseIssue(req);
+      const content = await issue.buildIssue(cli);
+      const data = await req.createIssue('Next Security Release', content, {
+        owner: 'nodejs-private',
+        repo: 'node-private'
+      });
+      if (data.html_url) {
+        cli.ok('Created: ' + data.html_url);
+      } else {
+        cli.error(data);
+      }
+    }
+  }
+}
+
+class SecurityReleaseIssue {
+  constructor(req) {
+    this.req = req;
+    this.content = '';
+    this.title = 'Next Security Release';
+    this.affectedLines = {};
+  }
+
+  getSecurityIssueTemplate() {
+    return fs.readFileSync(
+      new URL(
+        './github/templates/next-security-release.md',
+        import.meta.url
+      ),
+      'utf-8'
+    );
+  }
+
+  async buildIssue(cli) {
+    this.content = this.getSecurityIssueTemplate();
+    cli.info('Getting triaged H1 reports...');
+    const reports = await this.req.getTriagedReports();
+    await this.fillReports(cli, reports);
+
+    this.fillAffectedLines(Object.keys(this.affectedLines));
+
+    const target = await cli.prompt('Enter target date in YYYY-MM-DD format:', {
+      questionType: 'input',
+      defaultAnswer: 'TBD'
+    });
+    this.fillTargetDate(target);
+
+    return this.content;
+  }
+
+  async fillReports(cli, reports) {
+    const supportedVersions = (await nv('supported'))
+      .map((v) => v.versionName + '.x')
+      .join(',');
+
+    let reportsContent = '';
+    for (const report of reports.data) {
+      const { id, attributes: { title }, relationships: { severity } } = report;
+      const reportLevel = severity.data.attributes.rating;
+      cli.separator();
+      cli.info(`Report: ${id} - ${title} (${reportLevel})`);
+      const include = await cli.prompt(
+        'Would you like to include this report to the next security release?',
+        { defaultAnswer: true });
+      if (!include) {
+        continue;
+      }
+
+      reportsContent +=
+        `  * **[${id}](https://hackerone.com/bugs?subject=nodejs&report_id=${id}) - ${title} (TBD) - (${reportLevel})**\n`;
+      const versions = await cli.prompt('Which active release lines this report affects?', {
+        questionType: 'input',
+        defaultAnswer: supportedVersions
+      });
+      for (const v of versions.split(',')) {
+        if (!this.affectedLines[v]) this.affectedLines[v] = true;
+        reportsContent += `    * ${v} - TBD\n`;
+      }
+    }
+    this.content = this.content.replace('%REPORTS%', reportsContent);
+  }
+
+  fillAffectedLines(affectedLines) {
+    let affected = '';
+    for (const line of affectedLines) {
+      affected += `  * ${line} - TBD\n`;
+    }
+    this.content =
+      this.content.replace('%AFFECTED_LINES%', affected);
+  }
+
+  fillTargetDate(date) {
+    this.content = this.content.replace('%RELEASE_DATE%', date);
+  }
+}

package/lib/proxy.js

@@ -0,0 +1,21 @@
+import { globalAgent } from 'node:https';
+import { spawnSync } from 'child_process';
+
+import { ProxyAgent } from 'undici';
+
+import { getMergedConfig } from './config.js';
+
+export default function proxy() {
+  let proxyUrl = getMergedConfig().proxy;
+  if (proxyUrl == null || proxyUrl === '') {
+    proxyUrl = spawnSync(
+      'git',
+      ['config', '--get', '--path', 'https.proxy']
+    ).stdout.toString();
+  }
+  if (proxyUrl == null || proxyUrl === '') {
+    return globalAgent;
+  } else {
+    return new ProxyAgent(proxyUrl);
+  }
+}

package/lib/queries/DefaultBranchRef.gql

@@ -0,0 +1,8 @@
+query DefaultBranchRef($owner: String!, $repo: String!) {
+  repository(owner: $owner, name: $repo) {
+    defaultBranchRef {
+      name
+    }
+  }
+}
+

package/lib/queries/LastCommit.gql

@@ -0,0 +1,16 @@
+query LastCommit($owner: String!, $repo: String!,  $branch: String!, $path: String) {
+  repository(owner: $owner, name: $repo) {
+    ref(qualifiedName: $branch) {
+      target {
+        ... on Commit {
+          history(first: 1, path: $path) {
+            nodes {
+              oid
+              messageHeadline
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/lib/queries/PR.gql

@@ -0,0 +1,37 @@
+query PR($prid: Int!, $owner: String!, $repo: String!) {
+  repository(owner: $owner, name: $repo) {
+    pullRequest(number: $prid) {
+      createdAt,
+      authorAssociation,
+      author {
+        ... on User {
+          login,
+          email,
+          name
+        }
+      },
+      url,
+      bodyHTML,
+      bodyText,
+      labels(first: 100) {
+        nodes {
+          name
+        }
+      },
+      files(first: 100) {
+        nodes {
+          path
+        }
+      },
+      title,
+      baseRefName,
+      headRefName,
+      changedFiles,
+      mergeable,
+      closed,
+      closedAt,
+      merged,
+      mergedAt
+    }
+  }
+}

package/lib/queries/PRComments.gql

@@ -0,0 +1,27 @@
+query Comments($prid: Int!, $owner: String!, $repo: String!, $after: String) {
+  repository(owner: $owner, name: $repo) {
+    pullRequest(number: $prid) {
+      comments(first: 100, after: $after) {
+        totalCount
+        pageInfo {
+          hasNextPage
+          endCursor
+        }
+        nodes {
+          publishedAt
+          bodyText
+          author {
+            login
+          }
+          reactions(content: THUMBS_UP, first: 100) {
+            nodes {
+              user {
+                login
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/lib/queries/PRCommits.gql

@@ -0,0 +1,45 @@
+query Commits($prid: Int!, $owner: String!, $repo: String!, $after: String) {
+  repository(owner: $owner, name: $repo) {
+    pullRequest(number: $prid) {
+      commits(last: 100, after: $after) {
+        totalCount
+        pageInfo {
+          hasNextPage
+          endCursor
+        }
+        nodes {
+          commit {
+            committedDate
+            author {
+              user {
+                login
+              }
+              email
+              name
+            }
+            committer {
+              email
+              name
+            }
+            oid
+            message
+            messageHeadline
+            authoredByCommitter
+            checkSuites(first: 100) {
+              nodes {
+                app {
+                  slug
+                }
+                conclusion,
+                status
+              }
+            }
+            status {
+              state
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/lib/queries/PRs.gql

@@ -0,0 +1,25 @@
+query PRs($owner: String!, $repo: String!, $labels: [String!]) {
+  repository(owner: $owner, name: $repo) {
+    pullRequests(states: [OPEN], first: 20, labels: $labels) {
+      nodes {
+        title,
+        url,
+        number,
+        author {
+          ... on User {
+            login,
+            email,
+            name
+          }
+        },
+        labels(first: 100) {
+          nodes {
+            name
+          }
+        },
+        baseRefName,
+        mergeable,
+      }
+    }
+  }
+}

package/lib/queries/Reviews.gql

@@ -0,0 +1,23 @@
+query Reviews($prid: Int!, $owner: String!, $repo: String!, $after: String) {
+  repository(owner: $owner, name: $repo) {
+    pullRequest(number: $prid) {
+      reviews(first: 100, after: $after) {
+        totalCount
+        pageInfo {
+          hasNextPage
+          endCursor
+        }
+        nodes {
+          bodyText
+          state
+          author {
+            login
+          }
+          authorCanPushToRepository
+          url
+          publishedAt
+        }
+      }
+    }
+  }
+}

package/lib/queries/SearchIssue.gql

@@ -0,0 +1,51 @@
+query SearchIssueByUser($queryString: String!, $isCommenter: Boolean!, $after: String) {
+  search(query: $queryString, type: ISSUE, first: 100, after: $after) {
+    nodes {
+      ... on PullRequest {
+        url
+        publishedAt
+        author {
+          login
+        }
+        title
+        reviews(last: 100) @include(if: $isCommenter) {
+          nodes {
+            publishedAt
+            author {
+              login
+            }
+          }
+        }
+        labels(first: 100) {
+          nodes {
+            name
+          }
+        }
+        comments(last: 100) @include(if: $isCommenter) {
+          nodes {
+            publishedAt
+            author {
+              login
+            }
+          }
+        }
+      }
+      ... on Issue {
+        publishedAt
+        url
+        author {
+          login
+        }
+        title
+        comments(last: 100) @include(if: $isCommenter) {
+          nodes {
+            publishedAt
+            author {
+              login
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/lib/queries/Team.gql

@@ -0,0 +1,22 @@
+query team($org: String!, $team: String!, $after: String) {
+  organization(login: $org) {
+    login
+    team(slug: $team) {
+      name,
+      description,
+      members(first: 100, after: $after) {
+        totalCount
+        pageInfo {
+          hasNextPage
+          endCursor
+        }
+        nodes {
+          login,
+          name,
+          email,
+          url
+        }
+      }
+    }
+  }
+}

package/lib/queries/TreeEntries.gql

@@ -0,0 +1,12 @@
+query TreeEntries($owner: String!, $repo: String!, $expression: String!) {
+  repository(owner: $owner, name: $repo) {
+    object(expression: $expression) {
+      ... on Tree {
+        entries {
+          name
+          type
+        }
+      }
+    }
+  }
+}

package/lib/queries/VotePRInfo.gql

@@ -0,0 +1,28 @@
+query PR($prid: Int!, $owner: String!, $repo: String!) {
+  repository(owner: $owner, name: $repo) {
+    pullRequest(number: $prid) {
+      commits(first: 1) {
+        nodes {
+          commit {
+            oid
+          }
+        }
+      }
+      headRef {
+        name
+        repository {
+          sshUrl
+          url
+        }
+      }
+      closed
+      merged
+    }
+  }
+  viewer {
+    login
+    publicKeys(first: 1) {
+      totalCount
+    }
+  }
+}

package/lib/release/utils.js

@@ -0,0 +1,53 @@
+export function getEOLDate(ltsStartDate) {
+  // Maintenance LTS lasts for 18 months.
+  const result = getLTSMaintenanceStartDate(ltsStartDate);
+  result.setMonth(result.getMonth() + 18);
+  return result;
+}
+
+export function getLTSMaintenanceStartDate(ltsStartDate) {
+  // Active LTS lasts for one year.
+  const result = new Date(ltsStartDate);
+  result.setMonth(result.getMonth() + 12);
+  return result;
+}
+
+export function getStartLTSBlurb({ date, ltsCodename, versionComponents }) {
+  const dateFormat = { month: 'long', year: 'numeric' };
+  // TODO pull these from the schedule.json in the Release repo?
+  const mainDate = getLTSMaintenanceStartDate(date);
+  const mainStart = mainDate.toLocaleString('en-US', dateFormat);
+  const eolDate = getEOLDate(date);
+  const eol = eolDate.toLocaleString('en-US', dateFormat);
+  const { major } = versionComponents;
+  return [
+    /* eslint-disable max-len */
+    `This release marks the transition of Node.js ${major}.x into Long Term Support (LTS)`,
+    `with the codename '${ltsCodename}'. The ${major}.x release line now moves into "Active LTS"`,
+    `and will remain so until ${mainStart}. After that time, it will move into`,
+    `"Maintenance" until end of life in ${eol}.`
+    /* eslint-enable */
+  ].join('\n');
+}
+
+export function updateTestProcessRelease(test, options) {
+  const { versionComponents, ltsCodename } = options;
+  if (test.includes(ltsCodename)) {
+    return test;
+  }
+  const inLines = test.split('\n');
+  const outLines = [];
+  const { major, minor } = versionComponents;
+  for (const line of inLines) {
+    if (line === '} else {') {
+      outLines.push(`} else if (versionParts[0] === '${major}' ` +
+                    `&& versionParts[1] >= ${minor}) {`
+      );
+      outLines.push(
+        `  assert.strictEqual(process.release.lts, '${ltsCodename}');`
+      );
+    }
+    outLines.push(line);
+  }
+  return outLines.join('\n');
+}

package/lib/request.js

@@ -0,0 +1,185 @@
+import fs from 'node:fs';
+
+import { fetch } from 'undici';
+
+import { CI_DOMAIN } from './ci/ci_type_parser.js';
+import proxy from './proxy.js';
+import {
+  isDebugVerbosity,
+  debuglog
+} from './verbosity.js';
+
+function wrappedFetch(url, options, ...args) {
+  if (isDebugVerbosity()) {
+    debuglog('[fetch]', url);
+  }
+  return fetch(url, options, ...args);
+}
+
+export default class Request {
+  constructor(credentials) {
+    this.credentials = credentials;
+    this.proxyAgent = proxy();
+  }
+
+  loadQuery(file) {
+    const filePath = new URL(`./queries/${file}.gql`, import.meta.url);
+    return fs.readFileSync(filePath, 'utf8');
+  }
+
+  async fetch(url, options) {
+    options.agent = this.proxyAgent;
+    if (url.startsWith(`https://${CI_DOMAIN}`)) {
+      options.headers = options.headers || {};
+      Object.assign(options.headers, this.getJenkinsHeaders());
+    }
+    return wrappedFetch(url, options);
+  }
+
+  async buffer(url, options = {}) {
+    const res = await this.fetch(url, options);
+    const buffer = await res.arrayBuffer();
+    return Buffer.from(buffer);
+  }
+
+  async text(url, options = {}) {
+    return this.fetch(url, options).then(res => res.text());
+  }
+
+  async json(url, options = {}) {
+    options.headers = options.headers || {};
+    const text = await this.text(url, options);
+    try {
+      return JSON.parse(text);
+    } catch (e) {
+      if (isDebugVerbosity()) {
+        debuglog('[Request] Cannot parse JSON response from',
+          url, ':\n', text);
+      }
+      throw e;
+    }
+  }
+
+  async createIssue(title, body, { owner, repo }) {
+    const url = `https://api.github.com/repos/${owner}/${repo}/issues`;
+    const options = {
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${this.credentials.github}`,
+        'User-Agent': 'node-core-utils',
+        Accept: 'application/vnd.github+json'
+      },
+      body: JSON.stringify({
+        title,
+        body
+      })
+    };
+    return this.json(url, options);
+  }
+
+  async gql(name, variables, path) {
+    const query = this.loadQuery(name);
+    if (path) {
+      const result = await this.queryAll(query, variables, path);
+      return result;
+    } else {
+      const result = await this.query(query, variables);
+      return result;
+    }
+  }
+
+  getJenkinsHeaders() {
+    const jenkinsCredentials = this.credentials.jenkins;
+    if (!jenkinsCredentials) {
+      throw new Error('The request has not been ' +
+                      'authenticated with a Jenkins token');
+    }
+    return {
+      Authorization: `Basic ${jenkinsCredentials}`,
+      'User-Agent': 'node-core-utils'
+    };
+  }
+
+  async getTriagedReports() {
+    const url = 'https://api.hackerone.com/v1/reports?filter[program][]=nodejs&filter[state][]=triaged';
+    const options = {
+      method: 'GET',
+      headers: {
+        Authorization: `Basic ${this.credentials.h1}`,
+        'User-Agent': 'node-core-utils',
+        Accept: 'application/json'
+      }
+    };
+    return this.json(url, options);
+  }
+
+  // This is for github v4 API queries, for other types of queries
+  // use .text or .json
+  async query(query, variables) {
+    const githubCredentials = this.credentials.github;
+    if (!githubCredentials) {
+      throw new Error('The request has not been ' +
+                      'authenticated with a GitHub token');
+    }
+    const url = 'https://api.github.com/graphql';
+    const options = {
+      agent: this.proxyAgent,
+      method: 'POST',
+      headers: {
+        Authorization: `Basic ${githubCredentials}`,
+        'User-Agent': 'node-core-utils',
+        Accept: 'application/vnd.github.antiope-preview+json'
+      },
+      body: JSON.stringify({
+        query,
+        variables
+      })
+    };
+
+    const result = await this.json(url, options);
+    if (result.errors) {
+      const { type, message } = result.errors[0];
+      const err = new Error(`[${type}] GraphQL request Error: ${message}`);
+      err.data = {
+        variables
+      };
+      throw err;
+    }
+    if (result.message) {
+      const err = new Error(`GraphQL request Error: ${result.message}`);
+      err.data = {
+        variables
+      };
+      throw err;
+    }
+    return result.data;
+  }
+
+  async queryAll(query, variables, path) {
+    let after = null;
+    let all = [];
+    // first page
+    do {
+      const varWithPage = Object.assign({
+        after
+      }, variables);
+      const data = await this.query(query, varWithPage);
+      let current = data;
+      for (const step of path) {
+        current = current[step];
+      }
+      // current should have:
+      //   totalCount
+      //   pageInfo { hasNextPage, endCursor }
+      //   nodes
+      all = all.concat(current.nodes);
+      if (current.pageInfo.hasNextPage) {
+        after = current.pageInfo.endCursor;
+      } else {
+        after = null;
+      }
+    } while (after !== null);
+
+    return all;
+  }
+}

package/lib/review_state.js

@@ -0,0 +1,5 @@
+export const PENDING = 'PENDING';
+export const COMMENTED = 'COMMENTED';
+export const APPROVED = 'APPROVED';
+export const CHANGES_REQUESTED = 'CHANGES_REQUESTED';
+export const DISMISSED = 'DISMISSED';