From 0bde3882ea3c210d11f2dfd8390b04d8692aeab3 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Sun, 1 Feb 2026 13:14:50 +0100 Subject: [PATCH 1/2] tools: add ncrypto updater script --- .github/CODEOWNERS | 1 - .github/workflows/tools.yml | 9 ++++ Makefile | 5 +-- tools/dep_updaters/update-ncrypto.sh | 63 ++++++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 5 deletions(-) create mode 100755 tools/dep_updaters/update-ncrypto.sh diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 98c9b8e410ca0a..edd63eddf7479a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -64,7 +64,6 @@ /lib/tls.js @nodejs/crypto @nodejs/net /src/crypto/* @nodejs/crypto /src/node_crypto* @nodejs/crypto -/deps/ncrypto/* @nodejs/crypto # http diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 4136af15cd0771..c320ff2673026b 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -30,6 +30,7 @@ on: - llhttp - minimatch - nbytes + - ncrypto - nixpkgs-unstable - nghttp2 - nghttp3 @@ -191,6 +192,14 @@ jobs: cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output + - id: ncrypto + subsystem: deps + label: dependencies + run: | + ./tools/dep_updaters/update-ncrypto.sh > temp-output + cat temp-output + tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true + rm temp-output - id: nixpkgs-unstable subsystem: tools # dont-land labels are there so we can guarantee released versions of diff --git a/Makefile b/Makefile index cad6fb029387d0..1ecba30e9602c8 100644 --- a/Makefile +++ b/Makefile @@ -1491,10 +1491,7 @@ LINT_CPP_EXCLUDE += $(LINT_CPP_ADDON_DOC_FILES) # These files were copied more or less verbatim from V8. LINT_CPP_EXCLUDE += src/tracing/trace_event.h src/tracing/trace_event_common.h -# deps/ncrypto is included in this list, as it is maintained in -# this repository, and should be linted. Eventually it should move -# to its own repo, at which point we should remove it from this list. -LINT_CPP_DEPS = deps/ncrypto/*.cc deps/ncrypto/*.h +LINT_CPP_DEPS = LINT_CPP_FILES = $(filter-out $(LINT_CPP_EXCLUDE), $(wildcard \ benchmark/napi/*/*.cc \ diff --git a/tools/dep_updaters/update-ncrypto.sh b/tools/dep_updaters/update-ncrypto.sh new file mode 100755 index 00000000000000..6f59add236627a --- /dev/null +++ b/tools/dep_updaters/update-ncrypto.sh @@ -0,0 +1,63 @@ +#!/bin/sh +set -ex +# Shell script to update ncrypto in the source tree to a specific version + +BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd) +DEPS_DIR="$BASE_DIR/deps" +[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node" +[ -x "$NODE" ] || NODE=$(command -v node) + +# shellcheck disable=SC1091 +. "$BASE_DIR/tools/dep_updaters/utils.sh" + +NEW_VERSION="$("$NODE" --input-type=module <<'EOF' +const res = await fetch('https://api.github.com/repos/nodejs/ncrypto/releases/latest', + process.env.GITHUB_TOKEN && { + headers: { + "Authorization": `Bearer ${process.env.GITHUB_TOKEN}` + }, + }); +if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res }); +const { tag_name } = await res.json(); +console.log(tag_name.replace('v', '')); +EOF +)" + +CURRENT_VERSION=$(awk -F'"' '/^#define NCRYPTO_VERSION /{ print $2 }' "$DEPS_DIR/ncrypto/ncrypto/version.h" || true) + +# This function exit with 0 if new version and current version are the same +compare_dependency_version "ncrypto" "$NEW_VERSION" "$CURRENT_VERSION" + +echo "Making temporary workspace..." + +WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp') + +cleanup () { + EXIT_CODE=$? + [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE" + exit $EXIT_CODE +} + +trap cleanup INT TERM EXIT + +echo "Fetching ncrypto source archive..." +NCRYPTO_TARBALL="ncrypto-v$NEW_VERSION.tar.gz" +curl -sL "https://api.github.com/repos/nodejs/ncrypto/tarball/v$NEW_VERSION" \ +| tar xz --strip-components=1 -C "$WORKSPACE" --wildcards \ + '*/README.md' \ + '*/src/engine.cpp' \ + '*/src/ncrypto.cpp' \ + '*/include/ncrypto.h' \ + '*/include/ncrypto/version.h' + +mv "$WORKSPACE/README.md" "$DEPS_DIR/ncrypto/." +mv "$WORKSPACE/src/engine.cpp" "$DEPS_DIR/ncrypto/engine.cc" +mv "$WORKSPACE/src/ncrypto.cpp" "$DEPS_DIR/ncrypto/ncrypto.cc" +mv "$WORKSPACE/include/"* "$DEPS_DIR/ncrypto/." + +cleanup + +# Update the version number on maintaining-dependencies.md +# and print the new version as the last line of the script as we need +# to add it to $GITHUB_ENV variable +finalize_version_update "ncrypto" "$NEW_VERSION" From ae2825f0dfb2f4b0ec208005a79de12c77157aee Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Sun, 1 Feb 2026 13:30:23 +0100 Subject: [PATCH 2/2] fixup! tools: add ncrypto updater script --- tools/dep_updaters/update-ncrypto.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tools/dep_updaters/update-ncrypto.sh b/tools/dep_updaters/update-ncrypto.sh index 6f59add236627a..3a84e07f92806b 100755 --- a/tools/dep_updaters/update-ncrypto.sh +++ b/tools/dep_updaters/update-ncrypto.sh @@ -41,7 +41,6 @@ cleanup () { trap cleanup INT TERM EXIT echo "Fetching ncrypto source archive..." -NCRYPTO_TARBALL="ncrypto-v$NEW_VERSION.tar.gz" curl -sL "https://api.github.com/repos/nodejs/ncrypto/tarball/v$NEW_VERSION" \ | tar xz --strip-components=1 -C "$WORKSPACE" --wildcards \ '*/README.md' \ @@ -55,8 +54,6 @@ mv "$WORKSPACE/src/engine.cpp" "$DEPS_DIR/ncrypto/engine.cc" mv "$WORKSPACE/src/ncrypto.cpp" "$DEPS_DIR/ncrypto/ncrypto.cc" mv "$WORKSPACE/include/"* "$DEPS_DIR/ncrypto/." -cleanup - # Update the version number on maintaining-dependencies.md # and print the new version as the last line of the script as we need # to add it to $GITHUB_ENV variable