From 886e23722cdd6a01d60880982f3e842c16ac0ebb Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Fri, 15 Jan 2021 10:47:46 +0200 Subject: [PATCH 1/2] ed25519: Improve message on upstream changes * Include the script output in filed bug report * Make sure the output includes expected and found hash, as well as links to current master and a diff * Just use bash features for string mangling --- .github/workflows/check-upstream-ed25519.yml | 11 +++++++---- securesystemslib/_vendor/test-ed25519-upstream.sh | 8 +++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.github/workflows/check-upstream-ed25519.yml b/.github/workflows/check-upstream-ed25519.yml index c65782a5..446dc35c 100644 --- a/.github/workflows/check-upstream-ed25519.yml +++ b/.github/workflows/check-upstream-ed25519.yml @@ -14,10 +14,11 @@ jobs: - name: Test if ed25519 upstream master HEAD is what we expect id: test_ed25519 run: | - if sh securesystemslib/_vendor/test-ed25519-upstream.sh; then + if output=$(securesystemslib/_vendor/test-ed25519-upstream.sh); then echo "::set-output name=result::0" else echo "::set-output name=result::1" + echo "::set-output name=output::$output" fi - name: Create issue (unless one is open already) uses: actions/github-script@v3 @@ -25,6 +26,7 @@ jobs: with: script: | console.log("ed25519 upstream master has changed!") + console.log("${{ steps.test_ed25519.outputs.output }}") const repo = context.repo.owner + "/" + context.repo.repo const issues = await github.search.issuesAndPullRequests({ q: "ed25519+upstream+has+new+commits+in:title+state:open+type:issue+repo:" + repo, @@ -38,9 +40,10 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, title: "ed25519 upstream has new commits", - body: "It seems https://github.com/pyca/ed25519.git has new commits. " + - "Please review them, update the vendored copy if needed, and then " + - "update the expected hash in _vendor/test-ed25519-upstream.sh" + body: "It seems https://github.com/pyca/ed25519.git has changed: " + + "${{ steps.test_ed25519.outputs.output }} " + + "Please review changes, update the vendored copy if needed, and " + + "then update the expected hash in _vendor/test-ed25519-upstream.sh" }) } diff --git a/securesystemslib/_vendor/test-ed25519-upstream.sh b/securesystemslib/_vendor/test-ed25519-upstream.sh index c20d8f57..43612193 100755 --- a/securesystemslib/_vendor/test-ed25519-upstream.sh +++ b/securesystemslib/_vendor/test-ed25519-upstream.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Check for new commits in upstream ed25519 # @@ -17,8 +17,10 @@ pyca_ed25519_git_url="https://github.com/pyca/ed25519.git" pyca_ed25519_master_head=$(git ls-remote "$pyca_ed25519_git_url" master | cut -f1) if [ "$pyca_ed25519_master_head" != "$pyca_ed25519_expected" ]; then - echo "$pyca_ed25519_git_url master branch has been updated." >&2 - echo "Expected $pyca_ed25519_expected, found $pyca_ed25519_master_head." >&2 + echo "Expected [master](https://github.com/pyca/ed25519/commits/master)" \ + "to be commit ${pyca_ed25519_expected:0:7}, found" \ + "${pyca_ed25519_master_head:0:7} instead" \ + "([diff](https://github.com/pyca/ed25519/compare/${pyca_ed25519_expected}...master))." exit 1 fi From cd841cdb86a9f6d5f0ef9a84d67a698e3ce2ece2 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Fri, 15 Jan 2021 10:58:55 +0200 Subject: [PATCH 2/2] ed25519: Update expected commit This change in ed25519 is an infrastructure change only: no need to update. Fixes #305 --- securesystemslib/_vendor/test-ed25519-upstream.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securesystemslib/_vendor/test-ed25519-upstream.sh b/securesystemslib/_vendor/test-ed25519-upstream.sh index 43612193..f4233139 100755 --- a/securesystemslib/_vendor/test-ed25519-upstream.sh +++ b/securesystemslib/_vendor/test-ed25519-upstream.sh @@ -12,7 +12,7 @@ set -eu # This commit matches our securesystemslib/_vendor/ed25519/ content. # If upstream changes, we should review the changes, vendor them, # and update the hash here -pyca_ed25519_expected="c13748e1d24c5c00f6ce2b9c38a319ae02355d97" +pyca_ed25519_expected="0abd61bd0ef914133906b797ad568b35d44744a2" pyca_ed25519_git_url="https://github.com/pyca/ed25519.git" pyca_ed25519_master_head=$(git ls-remote "$pyca_ed25519_git_url" master | cut -f1)