tools: automate ngtcp2 and nghttp3 update

PR-URL: https://github.com/nodejs/node/pull/47402 Refs: https://github.com/nodejs/security-wg/issues/828 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2026-01-15 12:15:26 +00:00 · 2023-04-12 15:18:02 +02:00
parent 56ccd599fe
commit 6dcbf8b616
4 changed files with 218 additions and 0 deletions
--- a/.github/workflows/tools.yml
+++ b/.github/workflows/tools.yml
@@ -174,6 +174,22 @@ jobs:
              cat temp-output
              tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
              rm temp-output
+          - id: ngtcp2
+            subsystem: deps
+            label: dependencies
+            run: |
+              ./tools/dep_updaters/update-ngtcp2.sh > temp-output
+              cat temp-output
+              tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
+              rm temp-output
+          - id: nghttp3
+            subsystem: deps
+            label: dependencies
+            run: |
+              ./tools/dep_updaters/update-nghttp3.sh > temp-output
+              cat temp-output
+              tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true
+              rm temp-output
    steps:
      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c  # v3.3.0
        with:
--- a/doc/contributing/maintaining-ngtpc2.md
+++ b/doc/contributing/maintaining-ngtpc2.md
@@ -0,0 +1,62 @@
+# ngtcp2 and nghttp3
+
+The ngtcp2 and nghttp3 dependencies provide the core functionality for
+QUIC and HTTP/3.
+
+The sources are pulled from:
+
+* ngtcp2: <https://github.com/ngtcp2/ngtcp2>
+* nghttp3: <https://github.com/ngtcp2/nghttp3>
+
+In both the `ngtcp2` and `nghttp3` git repos, the active development occurs
+in the default branch (currently named `main` in each). Tagged versions do not
+always point to the default branch.
+
+We only use a subset of the sources for each.
+
+## Updating
+
+The `nghttp3` library depends on `ngtcp2`. Both should always be updated
+together. From `ngtcp2` we only want the contents of the `lib` and `crypto`
+directories; from `nghttp3` we only want the contents of the `lib` directory.
+
+After updating either dependency, check if any source files or include
+directories have been added or removed and update `ngtcp2.gyp` accordingly.
+
+### Updating ngtcp2
+
+The `tools/dep_updaters/update-ngtcp2.sh` script automates the update of the
+ngtcp2 source files.
+
+Check that Node.js still builds and tests.
+
+1. Add ngtcp2:
+   ```console
+   $ git add deps/ngtcp2
+   ```
+2. Commit the changes: `git commit`.
+3. Add a message like:
+   ```text
+   deps: update ngtcp2 to <version>
+
+   Updated as described in doc/contributing/maintaining-ngtcp2.md.
+   ```
+
+### Updating nghttp3
+
+The `tools/dep_updaters/update-nghttp3.sh` script automates the update of the
+nghttp3 source files.
+
+Check that Node.js still builds and tests.
+
+1. Add nghttp3:
+   ```console
+   $ git add deps/ngtcp2
+   ```
+2. Commit the changes: `git commit`.
+3. Add a message like:
+   ```text
+   deps: update nghttp3 to <version>
+
+   Updated as described in doc/contributing/maintaining-ngtcp2.md.
+   ```
--- a/tools/dep_updaters/update-nghttp3.sh
+++ b/tools/dep_updaters/update-nghttp3.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+set -e
+# Shell script to update nghttp3 in the source tree to a specific version
+
+BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
+DEPS_DIR="$BASE_DIR/deps"
+[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
+[ -x "$NODE" ] || NODE=$(command -v node)
+
+NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
+const res = await fetch('https://api.github.com/repos/ngtcp2/nghttp3/releases');
+if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
+const releases = await res.json()
+const { tag_name } = releases.at(0);
+console.log(tag_name.replace('v', ''));
+EOF
+)"
+
+NGHTTP3_VERSION_H="$DEPS_DIR/ngtcp2/nghttp3/lib/includes/nghttp3/version.h"
+
+CURRENT_VERSION=$(grep "#define NGHTTP3_VERSION" "$NGHTTP3_VERSION_H" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
+
+if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
+  echo "Skipped because http3 is on the latest version."
+  exit 0
+fi
+
+WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')
+
+cleanup () {
+  EXIT_CODE=$?
+  [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE"
+  exit $EXIT_CODE
+}
+
+trap cleanup INT TERM EXIT
+
+NGHTTP3_REF="v$NEW_VERSION"
+NGHTTP3_ZIP="nghttp3-$NEW_VERSION"
+
+cd "$WORKSPACE"
+
+echo "Fetching nghttp3 source archive..."
+curl -sL -o "$NGHTTP3_ZIP.zip" "https://github.com/ngtcp2/nghttp3/archive/refs/tags/$NGHTTP3_REF.zip"
+unzip "$NGHTTP3_ZIP.zip"
+rm "$NGHTTP3_ZIP.zip"
+mv "$NGHTTP3_ZIP" nghttp3
+
+cd nghttp3
+
+autoreconf -i
+
+./configure --prefix="$PWD/build" --enable-lib-only
+
+cp -R lib/* "$DEPS_DIR/ngtcp2/nghttp3/lib/"
+
+echo "All done!"
+echo ""
+echo "Please git add nghttp3, commit the new version:"
+echo ""
+echo "$ git add -A deps/nghttp3"
+echo "$ git commit -m \"deps: update nghttp3 to $NEW_VERSION\""
+echo ""
+
+# The last line of the script should always print the new version,
+# as we need to add it to $GITHUB_ENV variable.
+echo "NEW_VERSION=$NEW_VERSION"
--- a/tools/dep_updaters/update-ngtcp2.sh
+++ b/tools/dep_updaters/update-ngtcp2.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+set -e
+# Shell script to update ngtcp2 in the source tree to a specific version
+
+BASE_DIR=$(cd "$(dirname "$0")/../.." && pwd)
+DEPS_DIR="$BASE_DIR/deps"
+[ -z "$NODE" ] && NODE="$BASE_DIR/out/Release/node"
+[ -x "$NODE" ] || NODE=$(command -v node)
+
+NEW_VERSION="$("$NODE" --input-type=module <<'EOF'
+const res = await fetch('https://api.github.com/repos/ngtcp2/ngtcp2/releases');
+if (!res.ok) throw new Error(`FetchError: ${res.status} ${res.statusText}`, { cause: res });
+const releases = await res.json()
+const { tag_name } = releases.at(0);
+console.log(tag_name.replace('v', ''));
+EOF
+)"
+
+NGTCP2_VERSION_H="$DEPS_DIR/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h"
+
+CURRENT_VERSION=$(grep "#define NGTCP2_VERSION" "$NGTCP2_VERSION_H" | sed -n "s/^.*VERSION \"\(.*\)\"/\1/p")
+
+if [ "$NEW_VERSION" = "$CURRENT_VERSION" ]; then
+  echo "Skipped because ngtcp2 is on the latest version."
+  exit 0
+fi
+
+WORKSPACE=$(mktemp -d 2> /dev/null || mktemp -d -t 'tmp')
+
+cleanup () {
+  EXIT_CODE=$?
+  [ -d "$WORKSPACE" ] && rm -rf "$WORKSPACE"
+  exit $EXIT_CODE
+}
+
+trap cleanup INT TERM EXIT
+
+NGTCP2_REF="v$NEW_VERSION"
+NGTCP2_ZIP="ngtcp2-$NEW_VERSION"
+
+cd "$WORKSPACE"
+
+echo "Fetching ngtcp2 source archive..."
+curl -sL -o "$NGTCP2_ZIP.zip" "https://github.com/ngtcp2/ngtcp2/archive/refs/tags/$NGTCP2_REF.zip"
+unzip "$NGTCP2_ZIP.zip"
+rm "$NGTCP2_ZIP.zip"
+mv "$NGTCP2_ZIP" ngtcp2
+
+cd ngtcp2
+
+autoreconf -i
+
+# For Mac users who have installed libev with MacPorts, append
+# ',-L/opt/local/lib' to LDFLAGS, and also pass
+# CPPFLAGS="-I/opt/local/include" to ./configure.
+
+./configure --prefix="$PWD/build" --enable-lib-only 
+
+cp -R lib/* "$DEPS_DIR/ngtcp2/ngtcp2/lib/"
+
+cp -R crypto/* "$DEPS_DIR/ngtcp2/ngtcp2/crypto/"
+
+echo "All done!"
+echo ""
+echo "Please git add ngtcp2, commit the new version:"
+echo ""
+echo "$ git add -A deps/ngtcp2"
+echo "$ git commit -m \"deps: update ngtcp2 to $NEW_VERSION\""
+echo ""
+
+# The last line of the script should always print the new version,
+# as we need to add it to $GITHUB_ENV variable.
+echo "NEW_VERSION=$NEW_VERSION"