@node-core/utils 5.15.0 → 5.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -11
- package/lib/config.js +22 -4
- package/lib/prepare_security.js +16 -0
- package/lib/request.js +17 -0
- package/package.json +7 -7
package/README.md
CHANGED
|
@@ -47,7 +47,7 @@ If you would prefer to build from the source, install and link:
|
|
|
47
47
|
```
|
|
48
48
|
git clone git@github.com:nodejs/node-core-utils.git
|
|
49
49
|
cd node-core-utils
|
|
50
|
-
npm
|
|
50
|
+
npm ci
|
|
51
51
|
npm link
|
|
52
52
|
```
|
|
53
53
|
|
|
@@ -89,14 +89,6 @@ After the token is generated, create an rc file with the following content:
|
|
|
89
89
|
Note: you could use `ncu-config` to configure these variables, but it's not
|
|
90
90
|
recommended to leave your tokens in your command line history.
|
|
91
91
|
|
|
92
|
-
If you have `gpg` installed and setup on your local machine, it is recommended
|
|
93
|
-
to store an encrypted version of this file:
|
|
94
|
-
|
|
95
|
-
```console
|
|
96
|
-
$ gpg --default-recipient-self --encrypt ~/.ncurc
|
|
97
|
-
$ rm ~/.ncurc
|
|
98
|
-
```
|
|
99
|
-
|
|
100
92
|
### Setting up Jenkins credentials
|
|
101
93
|
|
|
102
94
|
The `git-node` and `ncu-ci` commands need to query the Node.js Jenkins API for
|
|
@@ -124,14 +116,30 @@ To obtain the Jenkins API token
|
|
|
124
116
|
}
|
|
125
117
|
```
|
|
126
118
|
|
|
119
|
+
### Protecting your credentials
|
|
127
120
|
|
|
128
|
-
|
|
121
|
+
If you have `gpg` installed and setup on your local machine, it is strongly recommended
|
|
122
|
+
to store an encrypted version of this file:
|
|
123
|
+
|
|
124
|
+
```console
|
|
125
|
+
$ gpg --default-recipient-self --encrypt ~/.ncurc
|
|
126
|
+
$ rm ~/.ncurc
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
The credentials are now encrypted in `~/.ncurc.gpg` and everytime it's needed,
|
|
130
|
+
node-core-utils will invoke `gpg` that may ask you to decrypt it using
|
|
131
|
+
your default key via pinentry.
|
|
129
132
|
|
|
130
133
|
Put the following entries into your
|
|
131
134
|
[global `gitignore` file](https://git-scm.com/docs/git-config#Documentation/git-config.txt-coreexcludesFile)
|
|
132
|
-
(`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`):
|
|
135
|
+
(`$XDG_CONFIG_HOME/git/ignore` or a file specified by `core.excludesFile`). For example:
|
|
136
|
+
|
|
137
|
+
```console
|
|
138
|
+
$ git config --global core.excludesfile ~/.gitignore_global
|
|
139
|
+
```
|
|
133
140
|
|
|
134
141
|
```
|
|
142
|
+
# In ~/.gitignore_global
|
|
135
143
|
# node-core-utils configuration file
|
|
136
144
|
.ncurc
|
|
137
145
|
.ncurc.gpg
|
package/lib/config.js
CHANGED
|
@@ -2,7 +2,7 @@ import path from 'node:path';
|
|
|
2
2
|
import os from 'node:os';
|
|
3
3
|
|
|
4
4
|
import { readJson, writeJson } from './file.js';
|
|
5
|
-
import { existsSync } from 'node:fs';
|
|
5
|
+
import { existsSync, mkdtempSync, rmSync } from 'node:fs';
|
|
6
6
|
import { spawnSync } from 'node:child_process';
|
|
7
7
|
|
|
8
8
|
export const GLOBAL_CONFIG = Symbol('globalConfig');
|
|
@@ -61,13 +61,31 @@ export function getConfigPath(configType, dir) {
|
|
|
61
61
|
};
|
|
62
62
|
|
|
63
63
|
export function writeConfig(configType, obj, dir) {
|
|
64
|
-
|
|
64
|
+
const configPath = getConfigPath(configType, dir);
|
|
65
|
+
const encryptedConfigPath = configPath + '.gpg';
|
|
66
|
+
if (existsSync(encryptedConfigPath)) {
|
|
67
|
+
const tmpDir = mkdtempSync(path.join(os.tmpdir(), 'ncurc-'));
|
|
68
|
+
const tmpFile = path.join(tmpDir, 'config.json');
|
|
69
|
+
try {
|
|
70
|
+
writeJson(tmpFile, obj);
|
|
71
|
+
const { status } = spawnSync('gpg',
|
|
72
|
+
['--default-recipient-self', '--yes', '--encrypt', '--output', encryptedConfigPath, tmpFile]
|
|
73
|
+
);
|
|
74
|
+
if (status !== 0) {
|
|
75
|
+
throw new Error('Failed to encrypt config file: ' + encryptedConfigPath);
|
|
76
|
+
}
|
|
77
|
+
} finally {
|
|
78
|
+
rmSync(tmpDir, { recursive: true, force: true });
|
|
79
|
+
}
|
|
80
|
+
return encryptedConfigPath;
|
|
81
|
+
}
|
|
82
|
+
writeJson(configPath, obj);
|
|
83
|
+
return configPath;
|
|
65
84
|
};
|
|
66
85
|
|
|
67
86
|
export function updateConfig(configType, obj, dir) {
|
|
68
87
|
const config = getConfig(configType, dir);
|
|
69
|
-
|
|
70
|
-
writeJson(configPath, Object.assign(config, obj));
|
|
88
|
+
writeConfig(configType, Object.assign(config, obj), dir);
|
|
71
89
|
};
|
|
72
90
|
|
|
73
91
|
export function getHomeDir(home) {
|
package/lib/prepare_security.js
CHANGED
|
@@ -55,6 +55,22 @@ export default class PrepareSecurityRelease extends SecurityRelease {
|
|
|
55
55
|
// For now, close the ones with Security Release label
|
|
56
56
|
await this.closePRWithLabel('Security Release');
|
|
57
57
|
|
|
58
|
+
if (vulnerabilityJSON.buildIssue) {
|
|
59
|
+
this.cli.info('Commenting on nodejs/build issue');
|
|
60
|
+
await this.req.commentIssue(
|
|
61
|
+
vulnerabilityJSON.buildIssue,
|
|
62
|
+
'Security release is out'
|
|
63
|
+
);
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
if (vulnerabilityJSON.dockerIssue) {
|
|
67
|
+
this.cli.info('Commenting on nodejs/docker-node issue');
|
|
68
|
+
await this.req.commentIssue(
|
|
69
|
+
vulnerabilityJSON.dockerIssue,
|
|
70
|
+
'Security release is out'
|
|
71
|
+
);
|
|
72
|
+
}
|
|
73
|
+
|
|
58
74
|
const updateFolder = await this.cli.prompt(
|
|
59
75
|
`Would you like to update the next-security-release folder to ${
|
|
60
76
|
vulnerabilityJSON.releaseDate}?`,
|
package/lib/request.js
CHANGED
|
@@ -81,6 +81,23 @@ export default class Request {
|
|
|
81
81
|
return this.json(url, options);
|
|
82
82
|
}
|
|
83
83
|
|
|
84
|
+
async commentIssue(fullUrl, comment) {
|
|
85
|
+
const commentUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/') +
|
|
86
|
+
'/comments';
|
|
87
|
+
const options = {
|
|
88
|
+
method: 'POST',
|
|
89
|
+
headers: {
|
|
90
|
+
Authorization: `Basic ${this.credentials.github}`,
|
|
91
|
+
'User-Agent': 'node-core-utils',
|
|
92
|
+
Accept: 'application/vnd.github+json'
|
|
93
|
+
},
|
|
94
|
+
body: JSON.stringify({
|
|
95
|
+
body: comment,
|
|
96
|
+
})
|
|
97
|
+
};
|
|
98
|
+
return this.json(commentUrl, options);
|
|
99
|
+
}
|
|
100
|
+
|
|
84
101
|
async getPullRequest(fullUrl) {
|
|
85
102
|
const prUrl = fullUrl.replace('https://github.com/', 'https://api.github.com/repos/').replace('pull', 'pulls');
|
|
86
103
|
const options = {
|
package/package.json
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@node-core/utils",
|
|
3
|
-
"version": "5.
|
|
3
|
+
"version": "5.16.1",
|
|
4
4
|
"description": "Utilities for Node.js core collaborators",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
7
7
|
"node": "^18.18.0 || >=20.0.0"
|
|
8
8
|
},
|
|
9
9
|
"bin": {
|
|
10
|
-
"get-metadata": "
|
|
11
|
-
"git-node": "
|
|
12
|
-
"ncu-config": "
|
|
13
|
-
"ncu-team": "
|
|
14
|
-
"ncu-ci": "
|
|
10
|
+
"get-metadata": "bin/get-metadata.js",
|
|
11
|
+
"git-node": "bin/git-node.js",
|
|
12
|
+
"ncu-config": "bin/ncu-config.js",
|
|
13
|
+
"ncu-team": "bin/ncu-team.js",
|
|
14
|
+
"ncu-ci": "bin/ncu-ci.js"
|
|
15
15
|
},
|
|
16
16
|
"scripts": {
|
|
17
17
|
"test": "npm run test-unit && npm run lint",
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
"author": "Joyee Cheung <joyeec9h3@gmail.com>",
|
|
26
26
|
"repository": {
|
|
27
27
|
"type": "git",
|
|
28
|
-
"url": "git+ssh://git@github.com
|
|
28
|
+
"url": "git+ssh://git@github.com/nodejs/node-core-utils.git"
|
|
29
29
|
},
|
|
30
30
|
"files": [
|
|
31
31
|
"lib/",
|