From 40f0a79050ee910ee49678ff5fa98b13ec25ccf5 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Mon, 13 Jan 2025 16:44:41 +0000 Subject: [PATCH 01/16] PoC: Require details tracked when patch version pinned --- .github/workflows/validate-json-schema.yml | 16 +++++++++ .vscode/settings.json | 11 +++++- schemas/toolset-schema.json | 42 ++++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/validate-json-schema.yml create mode 100644 schemas/toolset-schema.json diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml new file mode 100644 index 000000000..d3f9a185f --- /dev/null +++ b/.github/workflows/validate-json-schema.yml @@ -0,0 +1,16 @@ +name: Validate JSON Schema + +on: [push, pull_request] + +jobs: + validate-json: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Validate Toolset JSON files against schema + uses: cardinalby/schema-validator-action@v3 + with: + file: '**/toolset-*.json' + schema: 'schemas/toolset-schema.json' diff --git a/.vscode/settings.json b/.vscode/settings.json index f0ce6b6ac..98a58c65f 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -21,5 +21,14 @@ ], "shellcheck.customArgs": [ "-x" - ] + ], + "json.schemas": [ + { + "fileMatch": [ + "**/toolset-*.json" + ], + "url": "./schemas/toolset-schema.json" + } +] + } diff --git a/schemas/toolset-schema.json b/schemas/toolset-schema.json new file mode 100644 index 000000000..79b1bd988 --- /dev/null +++ b/schemas/toolset-schema.json @@ -0,0 +1,42 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "patternProperties": { + "^.*$": { + "if": { + "type": "object", + "required": [ + "version" + ], + "properties": { + "version": { + "type": "string", + "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+.*$" + } + } + }, + "then": { + "required": [ + "pinnedReason" + ], + "properties": { + "pinnedDetails": { + "type": "object", + "properties": { + "reason": { + "type": "string" + }, + "link": { + "type": "string" + }, + "review-at": { + "type": "string", + "format": "date" + } + } + } + } + } + } + } +} From 9faa1553c1693813eb709ff6ab21d1cc5ff7df37 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Mon, 13 Jan 2025 16:55:50 +0000 Subject: [PATCH 02/16] Do some validation --- .github/workflows/validate-json-schema.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml index d3f9a185f..3e12c82b8 100644 --- a/.github/workflows/validate-json-schema.yml +++ b/.github/workflows/validate-json-schema.yml @@ -9,8 +9,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 - - name: Validate Toolset JSON files against schema - uses: cardinalby/schema-validator-action@v3 - with: - file: '**/toolset-*.json' - schema: 'schemas/toolset-schema.json' + - name: Run JSON Schema validation + run: | + wget https://github.com/neilpa/yajsv/releases/download/v1.4.1/yajsv.linux.amd64 + chmod +x yajsv.linux.amd64 + ./yajsv.linux.amd64 -s ./schemas/toolset-schema.json ./**/toolset-*.json From 62335a38307b9f10fb6e1991895b8ce7b7fa1506 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Mon, 13 Jan 2025 17:15:29 +0000 Subject: [PATCH 03/16] Fix validation --- .github/workflows/validate-json-schema.yml | 2 +- .gitignore | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml index 3e12c82b8..1f3ce7894 100644 --- a/.github/workflows/validate-json-schema.yml +++ b/.github/workflows/validate-json-schema.yml @@ -13,4 +13,4 @@ jobs: run: | wget https://github.com/neilpa/yajsv/releases/download/v1.4.1/yajsv.linux.amd64 chmod +x yajsv.linux.amd64 - ./yajsv.linux.amd64 -s ./schemas/toolset-schema.json ./**/toolset-*.json + ./yajsv.linux.amd64 -s ./schemas/toolset-schema.json $(find . -name 'toolset-*.json' | tr '\n' ' ') diff --git a/.gitignore b/.gitignore index 6018a3757..1d20651d4 100644 --- a/.gitignore +++ b/.gitignore @@ -397,3 +397,4 @@ launch.json # Ignore dynamic template images/*/*-temp.json +.github/workflows/validate-json-schema.yml From 7a88cb1d8b10d82be87cb0d6f1ce8470adf3e6d3 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Mon, 13 Jan 2025 17:20:14 +0000 Subject: [PATCH 04/16] quiet output --- .github/workflows/validate-json-schema.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml index 1f3ce7894..4d35acea4 100644 --- a/.github/workflows/validate-json-schema.yml +++ b/.github/workflows/validate-json-schema.yml @@ -11,6 +11,6 @@ jobs: - name: Run JSON Schema validation run: | - wget https://github.com/neilpa/yajsv/releases/download/v1.4.1/yajsv.linux.amd64 + wget -q https://github.com/neilpa/yajsv/releases/download/v1.4.1/yajsv.linux.amd64 chmod +x yajsv.linux.amd64 ./yajsv.linux.amd64 -s ./schemas/toolset-schema.json $(find . -name 'toolset-*.json' | tr '\n' ' ') From c15fb5f6b212ed2a2f3a77863db0c7cc99eb8975 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Tue, 14 Jan 2025 12:13:15 +0000 Subject: [PATCH 05/16] Add example detection script --- helpers/pinned-details-chech.sh | 30 +++++++++++++++++++++++ images/windows/toolsets/toolset-2019.json | 14 +++++++++-- schemas/toolset-schema.json | 2 +- 3 files changed, 43 insertions(+), 3 deletions(-) create mode 100755 helpers/pinned-details-chech.sh diff --git a/helpers/pinned-details-chech.sh b/helpers/pinned-details-chech.sh new file mode 100755 index 000000000..1874e3b81 --- /dev/null +++ b/helpers/pinned-details-chech.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +toolset_files=$(find . -name 'toolset-*.json') + +for toolset_file in $toolset_files; do + if [[ "$toolset_file" == *"toolset-schema.json" ]]; then + continue + fi + + readarray -t pinned_details < <(jq --compact-output '.. | objects | select(has("review-at"))' "$toolset_file") + + for pinned_detail in "${pinned_details[@]}"; do + review_date=$(jq -r '.["review-at"]' <<< "$pinned_detail") + reason=$(jq -r '.["reason"]' <<< "$pinned_detail") + + if [ -n "$review_date" ]; then + if [ "$(date -d "$review_date" +%s)" -gt "$(date +%s)" ]; then + echo "ERROR: Overdue review date: $review_date for tool in $toolset_file" + echo " Pinned for '$reason'" + echo "" + fi + + if [ "$(date -d "$review_date" +%s)" -le $(( $(date +%s) - 7*24*60*60 )) ]; then + echo "WARNING: Review date is coming up within the next 7 days: $review_date for tool in $toolset_file" + echo " Pinned for '$reason'" + echo "" + fi + fi + done +done diff --git a/images/windows/toolsets/toolset-2019.json b/images/windows/toolsets/toolset-2019.json index d53afe00a..23f80a2dc 100644 --- a/images/windows/toolsets/toolset-2019.json +++ b/images/windows/toolsets/toolset-2019.json @@ -470,13 +470,23 @@ }, "postgresql": { "version": "14.12.1", - "signature": "698BA51AA27CC31282AACA5055E4B9190BC6C0E9" + "signature": "698BA51AA27CC31282AACA5055E4B9190BC6C0E9", + "pinnedDetails": { + "link": "https://github.com/EnterpriseDB/edb-installers/issues/196#issuecomment-2489021239", + "reason": "this was pinned due to a downstream issue with the installer", + "review-at": "2023-12-31" + } }, "kotlin": { "version": "latest" }, "openssl": { - "version": "1.1.1" + "version": "1.1.1", + "pinnedDetails": { + "link": "https://github.com/somelink", + "reason": "this was pinned due to a downstream issue with the installer", + "review-at": "2025-01-30" + } }, "pwsh": { "version": "7.4" diff --git a/schemas/toolset-schema.json b/schemas/toolset-schema.json index 79b1bd988..f9bf71b96 100644 --- a/schemas/toolset-schema.json +++ b/schemas/toolset-schema.json @@ -17,7 +17,7 @@ }, "then": { "required": [ - "pinnedReason" + "pinnedDetails" ], "properties": { "pinnedDetails": { From 78d2d4978410bcc115dc746c66615aac37fb5127 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 09:53:36 +0000 Subject: [PATCH 06/16] Update checker --- .github/workflows/validate-json-schema.yml | 8 +-- helpers/CheckJsonSchema.ps1 | 29 +++++++++ helpers/CheckPinnedDetails.ps1 | 69 ++++++++++++++++++++++ helpers/pinned-details-chech.sh | 30 ---------- 4 files changed, 101 insertions(+), 35 deletions(-) create mode 100644 helpers/CheckJsonSchema.ps1 create mode 100755 helpers/CheckPinnedDetails.ps1 delete mode 100755 helpers/pinned-details-chech.sh diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml index 4d35acea4..6ac19e202 100644 --- a/.github/workflows/validate-json-schema.yml +++ b/.github/workflows/validate-json-schema.yml @@ -9,8 +9,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 - - name: Run JSON Schema validation - run: | - wget -q https://github.com/neilpa/yajsv/releases/download/v1.4.1/yajsv.linux.amd64 - chmod +x yajsv.linux.amd64 - ./yajsv.linux.amd64 -s ./schemas/toolset-schema.json $(find . -name 'toolset-*.json' | tr '\n' ' ') + - name: Validate JSON Schema + shell: pwsh + run: ./helpers/CheckJsonSchema.ps1 diff --git a/helpers/CheckJsonSchema.ps1 b/helpers/CheckJsonSchema.ps1 new file mode 100644 index 000000000..f38eafda2 --- /dev/null +++ b/helpers/CheckJsonSchema.ps1 @@ -0,0 +1,29 @@ +$ErrorActionPreference = 'Stop' + +# A JSON schema validator which supports outputting line numbers for errors +Install-Module -Name GripDevJsonSchemaValidator -Force -Scope CurrentUser + +# Find all toolset JSON files +$toolsetFiles = Get-ChildItem -Recurse -Filter "toolset-*.json" | Where-Object { $_.Name -notlike "*schema.json" } +$schemaFilePath = "./schemas/toolset-schema.json" + +foreach ($file in $toolsetFiles) { + Write-Host "šŸ” Validating $($file.FullName)" -ForegroundColor Cyan + + $validationResult = Test-JsonSchema -SchemaPath $schemaFilePath -JsonPath $file.FullName + + if ($validationResult.Valid) { + Write-Host "āœ… JSON is valid." -ForegroundColor Green + } else { + Write-Host "`nāŒ JSON validation failed!" -ForegroundColor Red + Write-Host " Found the following errors:`n" -ForegroundColor Yellow + $validationResult.Errors | ForEach-Object { + Write-Host $_.UserMessage + if ($env:GITHUB_ACTIONS -eq 'true') { + Write-Host "::error file=$($file.Name),line=$($_.LineNumber)::$($_.UserMessage)" + } + } + } +} + +Write-Host "Schema validation completed successfully" diff --git a/helpers/CheckPinnedDetails.ps1 b/helpers/CheckPinnedDetails.ps1 new file mode 100755 index 000000000..03b573e6a --- /dev/null +++ b/helpers/CheckPinnedDetails.ps1 @@ -0,0 +1,69 @@ +$ErrorActionPreference = 'Stop' + +function Get-PinnedDetailsRecursive($obj) { + $pinnedDetails = @() + + if ($obj -is [System.Management.Automation.PSCustomObject]) { + if ($obj.PSObject.Properties.Name -contains "review-at") { + $pinnedDetails += $obj + } + foreach ($prop in $obj.PSObject.Properties) { + Get-PinnedDetailsRecursive $prop.Value + } + } + elseif ($obj -is [Array]) { + foreach ($item in $obj) { + Get-PinnedDetailsRecursive $item + } + } + + return $pinnedDetails +} + +Write-Host "Checking pinned details for overdue review dates" + +# Find all toolset JSON files in the current directory and subdirectories +$toolsetFiles = Get-ChildItem -Recurse -Filter "toolset-*.json" + +foreach ($toolsetFile in $toolsetFiles) { + Write-Host "Checking $toolsetFile" + + # Skip schema file + if ($toolsetFile.Name -like "*toolset-schema.json") { + continue + } + + # Get all objects with 'review-at' property from the JSON file + $jsonContent = Get-Content $toolsetFile.FullName | ConvertFrom-Json + + $pinnedDetails = Get-PinnedDetailsRecursive $jsonContent | Where-Object { $_ -ne $null } + + foreach ($pinnedDetail in $pinnedDetails) { + $reviewDate = $pinnedDetail.'review-at' + $reason = $pinnedDetail.reason + + Write-Host "Info: Review date $reviewDate, reason $reason" + + if (![string]::IsNullOrEmpty($reviewDate)) { + $reviewDateTime = [DateTime]::Parse($reviewDate) + $currentTime = Get-Date + $sevenDaysAgo = $currentTime.AddDays(-7) + + Write-Host "Info: Review date $reviewDate, current time $currentTime" + + # Check if review date is in the past + if ($reviewDateTime -lt $currentTime) { + Write-Host "ERROR: Overdue review date: $reviewDate for tool in $($toolsetFile.Name)" + Write-Host " Pinned for '$reason'" + Write-Host "" + } + + # Check if review date is within the next 7 days + if ($reviewDateTime -gt $sevenDaysAgo -and $reviewDateTime -le $currentTime) { + Write-Host "WARNING: Review date is coming up within the next 7 days: $reviewDate for tool in $($toolsetFile.Name)" + Write-Host " Pinned for '$reason'" + Write-Host "" + } + } + } +} diff --git a/helpers/pinned-details-chech.sh b/helpers/pinned-details-chech.sh deleted file mode 100755 index 1874e3b81..000000000 --- a/helpers/pinned-details-chech.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -toolset_files=$(find . -name 'toolset-*.json') - -for toolset_file in $toolset_files; do - if [[ "$toolset_file" == *"toolset-schema.json" ]]; then - continue - fi - - readarray -t pinned_details < <(jq --compact-output '.. | objects | select(has("review-at"))' "$toolset_file") - - for pinned_detail in "${pinned_details[@]}"; do - review_date=$(jq -r '.["review-at"]' <<< "$pinned_detail") - reason=$(jq -r '.["reason"]' <<< "$pinned_detail") - - if [ -n "$review_date" ]; then - if [ "$(date -d "$review_date" +%s)" -gt "$(date +%s)" ]; then - echo "ERROR: Overdue review date: $review_date for tool in $toolset_file" - echo " Pinned for '$reason'" - echo "" - fi - - if [ "$(date -d "$review_date" +%s)" -le $(( $(date +%s) - 7*24*60*60 )) ]; then - echo "WARNING: Review date is coming up within the next 7 days: $review_date for tool in $toolset_file" - echo " Pinned for '$reason'" - echo "" - fi - fi - done -done From 3bc475f72e4a2bf38ad1897ce92d74be952b0d4a Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:04:51 +0000 Subject: [PATCH 07/16] try --- helpers/CheckJsonSchema.ps1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/helpers/CheckJsonSchema.ps1 b/helpers/CheckJsonSchema.ps1 index f38eafda2..e338530d4 100644 --- a/helpers/CheckJsonSchema.ps1 +++ b/helpers/CheckJsonSchema.ps1 @@ -7,6 +7,7 @@ Install-Module -Name GripDevJsonSchemaValidator -Force -Scope CurrentUser $toolsetFiles = Get-ChildItem -Recurse -Filter "toolset-*.json" | Where-Object { $_.Name -notlike "*schema.json" } $schemaFilePath = "./schemas/toolset-schema.json" +$toolsetHasErrors = $false foreach ($file in $toolsetFiles) { Write-Host "šŸ” Validating $($file.FullName)" -ForegroundColor Cyan @@ -15,15 +16,21 @@ foreach ($file in $toolsetFiles) { if ($validationResult.Valid) { Write-Host "āœ… JSON is valid." -ForegroundColor Green } else { + $toolsetHasErrors = $true Write-Host "`nāŒ JSON validation failed!" -ForegroundColor Red Write-Host " Found the following errors:`n" -ForegroundColor Yellow $validationResult.Errors | ForEach-Object { Write-Host $_.UserMessage if ($env:GITHUB_ACTIONS -eq 'true') { - Write-Host "::error file=$($file.Name),line=$($_.LineNumber)::$($_.UserMessage)" + Write-Host "Adding annotation" + Write-Host "::error file=$($file.Name),line=$($_.LineNumber)::$($_.UserMessage.Replace("`n", '%0A'))" } } } } -Write-Host "Schema validation completed successfully" +if ($toolsetHasErrors) { + Write-Error "One or more toolset JSON files failed schema validation. See the error output above for more details." +} else { + Write-Host "Schema validation completed successfully" +} From 901125ceec8de03fb0b7e680c86f306aec953346 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:39:03 +0000 Subject: [PATCH 08/16] Check outdated pins --- .github/workflows/check-pinned-versions.yml | 18 +++++ helpers/CheckJsonSchema.ps1 | 10 ++- helpers/CheckOutdatedVersionPinning.ps1 | 81 +++++++++++++++++++++ helpers/CheckPinnedDetails.ps1 | 69 ------------------ images/ubuntu/toolsets/toolset-2004.json | 19 ++++- images/windows/toolsets/toolset-2022.json | 16 +++- images/windows/toolsets/toolset-2025.json | 16 +++- 7 files changed, 150 insertions(+), 79 deletions(-) create mode 100644 .github/workflows/check-pinned-versions.yml create mode 100644 helpers/CheckOutdatedVersionPinning.ps1 delete mode 100755 helpers/CheckPinnedDetails.ps1 diff --git a/.github/workflows/check-pinned-versions.yml b/.github/workflows/check-pinned-versions.yml new file mode 100644 index 000000000..da8adc314 --- /dev/null +++ b/.github/workflows/check-pinned-versions.yml @@ -0,0 +1,18 @@ +on: + push: + branches: + - main + pull_request: + schedule: + - cron: '0 0 * * *' # Run at midnight UTC every day + +jobs: + validate-json: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Validate JSON Schema + shell: pwsh + run: ./helpers/CheckOutdatedVersionPinning.ps1 diff --git a/helpers/CheckJsonSchema.ps1 b/helpers/CheckJsonSchema.ps1 index e338530d4..4155fb899 100644 --- a/helpers/CheckJsonSchema.ps1 +++ b/helpers/CheckJsonSchema.ps1 @@ -1,7 +1,10 @@ $ErrorActionPreference = 'Stop' # A JSON schema validator which supports outputting line numbers for errors -Install-Module -Name GripDevJsonSchemaValidator -Force -Scope CurrentUser +# this allows us to put annotations on builds for errors in the JSON files +# `Test-Json` built in cmdline doesn't. No existing cli tool supports this +# that I could find either. See: https://github.com/lawrencegripper/gripdev-json-schema-validator +Install-Module -Name GripDevJsonSchemaValidator -Force -Scope CurrentUser # Find all toolset JSON files $toolsetFiles = Get-ChildItem -Recurse -Filter "toolset-*.json" | Where-Object { $_.Name -notlike "*schema.json" } @@ -9,16 +12,19 @@ $schemaFilePath = "./schemas/toolset-schema.json" $toolsetHasErrors = $false foreach ($file in $toolsetFiles) { + Write-Host "" Write-Host "šŸ” Validating $($file.FullName)" -ForegroundColor Cyan - $validationResult = Test-JsonSchema -SchemaPath $schemaFilePath -JsonPath $file.FullName + $validationResult = Test-JsonSchema -SchemaPath $schemaFilePath -JsonPath $file.FullName -PrettyPrint $false if ($validationResult.Valid) { Write-Host "āœ… JSON is valid." -ForegroundColor Green } else { + # File has been modified since the commit, enforce validation $toolsetHasErrors = $true Write-Host "`nāŒ JSON validation failed!" -ForegroundColor Red Write-Host " Found the following errors:`n" -ForegroundColor Yellow + $validationResult.Errors | ForEach-Object { Write-Host $_.UserMessage if ($env:GITHUB_ACTIONS -eq 'true') { diff --git a/helpers/CheckOutdatedVersionPinning.ps1 b/helpers/CheckOutdatedVersionPinning.ps1 new file mode 100644 index 000000000..10a4e26de --- /dev/null +++ b/helpers/CheckOutdatedVersionPinning.ps1 @@ -0,0 +1,81 @@ +$ErrorActionPreference = 'Stop' + +# Find all toolset JSON files +$toolsetFiles = Get-ChildItem -Recurse -Filter "toolset-*.json" | Where-Object { $_.Name -notlike "*schema.json" } + +$expiringPins = @() +$now = Get-Date +$warningDays = 30 # Warn if expiring within 30 days + +foreach ($file in $toolsetFiles) { + Write-Host "Processing $($file.Name)" + $content = Get-Content $file.FullName | ConvertFrom-Json + + # Recursively search for pinnedDetails in the JSON + function Search-PinnedDetails { + param($obj, $path) + + $foundPins = @() + + if ($obj -is [System.Management.Automation.PSCustomObject]) { + foreach ($prop in $obj.PSObject.Properties) { + if ($prop.Name -eq "pinnedDetails") { + Write-Host "Found pinned version at $path" + $reviewAt = [DateTime]::Parse($prop.Value.'review-at') + $daysUntilExpiry = ($reviewAt - $now).Days + + if ($daysUntilExpiry -lt $warningDays) { + Write-Host "Adding to expiringPins array" + $foundPins += @{ + Path = $path + File = $file.Name + ReviewAt = $reviewAt + DaysUntilExpiry = $daysUntilExpiry + Reason = $prop.Value.reason + Link = $prop.Value.link + } + } + } else { + $foundPins += Search-PinnedDetails -obj $prop.Value -path "$path.$($prop.Name)" + } + } + } elseif ($obj -is [Array]) { + for ($i = 0; $i -lt $obj.Count; $i++) { + $foundPins += Search-PinnedDetails -obj $obj[$i] -path "$path[$i]" + } + } + + return $foundPins + } + + $expiringPins += Search-PinnedDetails -obj $content -path $file.Name +} + +if ($expiringPins) { + $issueBody = "# Version Pinning Review Required`n`n" + $issueBody += "The following pinned versions need review:`n`n" + + foreach ($pin in $expiringPins) { + $status = if ($pin.DaysUntilExpiry -lt 0) { "EXPIRED" } else { "Expiring Soon" } + $issueBody += "## $($status) - $($pin.Path)`n" + $issueBody += "- **File**: $($pin.File)`n" + $issueBody += "- **Review Date**: $($pin.ReviewAt.ToString('yyyy-MM-dd'))`n" + $issueBody += "- **Days until expiry**: $($pin.DaysUntilExpiry)`n" + $issueBody += "- **Reason**: $($pin.Reason)`n" + $issueBody += "- **Original PR**: $($pin.Link)`n`n" + } + + if ($env:GITHUB_ACTIONS -eq 'true') { + # In GitHub Actions, create an issue + $issueBody | gh issue create --title "Version Pinning Review Found Expired Pinned Versions" --body - + } + + Write-Host "`nIssue Content:`n" + Write-Host $issueBody +} +else { + Write-Host "No expiring pins found." + if ($env:GITHUB_ACTIONS -eq 'true') { + "expired_pins=0" >> $env:GITHUB_OUTPUT + } +} diff --git a/helpers/CheckPinnedDetails.ps1 b/helpers/CheckPinnedDetails.ps1 deleted file mode 100755 index 03b573e6a..000000000 --- a/helpers/CheckPinnedDetails.ps1 +++ /dev/null @@ -1,69 +0,0 @@ -$ErrorActionPreference = 'Stop' - -function Get-PinnedDetailsRecursive($obj) { - $pinnedDetails = @() - - if ($obj -is [System.Management.Automation.PSCustomObject]) { - if ($obj.PSObject.Properties.Name -contains "review-at") { - $pinnedDetails += $obj - } - foreach ($prop in $obj.PSObject.Properties) { - Get-PinnedDetailsRecursive $prop.Value - } - } - elseif ($obj -is [Array]) { - foreach ($item in $obj) { - Get-PinnedDetailsRecursive $item - } - } - - return $pinnedDetails -} - -Write-Host "Checking pinned details for overdue review dates" - -# Find all toolset JSON files in the current directory and subdirectories -$toolsetFiles = Get-ChildItem -Recurse -Filter "toolset-*.json" - -foreach ($toolsetFile in $toolsetFiles) { - Write-Host "Checking $toolsetFile" - - # Skip schema file - if ($toolsetFile.Name -like "*toolset-schema.json") { - continue - } - - # Get all objects with 'review-at' property from the JSON file - $jsonContent = Get-Content $toolsetFile.FullName | ConvertFrom-Json - - $pinnedDetails = Get-PinnedDetailsRecursive $jsonContent | Where-Object { $_ -ne $null } - - foreach ($pinnedDetail in $pinnedDetails) { - $reviewDate = $pinnedDetail.'review-at' - $reason = $pinnedDetail.reason - - Write-Host "Info: Review date $reviewDate, reason $reason" - - if (![string]::IsNullOrEmpty($reviewDate)) { - $reviewDateTime = [DateTime]::Parse($reviewDate) - $currentTime = Get-Date - $sevenDaysAgo = $currentTime.AddDays(-7) - - Write-Host "Info: Review date $reviewDate, current time $currentTime" - - # Check if review date is in the past - if ($reviewDateTime -lt $currentTime) { - Write-Host "ERROR: Overdue review date: $reviewDate for tool in $($toolsetFile.Name)" - Write-Host " Pinned for '$reason'" - Write-Host "" - } - - # Check if review date is within the next 7 days - if ($reviewDateTime -gt $sevenDaysAgo -and $reviewDateTime -le $currentTime) { - Write-Host "WARNING: Review date is coming up within the next 7 days: $reviewDate for tool in $($toolsetFile.Name)" - Write-Host " Pinned for '$reason'" - Write-Host "" - } - } - } -} diff --git a/images/ubuntu/toolsets/toolset-2004.json b/images/ubuntu/toolsets/toolset-2004.json index e96d97b2b..07885f4aa 100644 --- a/images/ubuntu/toolsets/toolset-2004.json +++ b/images/ubuntu/toolsets/toolset-2004.json @@ -377,10 +377,21 @@ }, "aliyunCli": { "version": "3.0.174", - "sha256": "0c51028a7a32fc02c8de855f73e273556f957115eb5624565738f9b9f83a50ba" + "sha256": "0c51028a7a32fc02c8de855f73e273556f957115eb5624565738f9b9f83a50ba", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2025-06-01", + "type": "preexisting-pinned-version-without-reason" + } }, "ocCli": { - "version": "4.15.19" - } - + "version": "4.15.19", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2025-06-01", + "type": "preexisting-pinned-version-without-reason" + } + } } diff --git a/images/windows/toolsets/toolset-2022.json b/images/windows/toolsets/toolset-2022.json index 280820b87..8f2b34269 100644 --- a/images/windows/toolsets/toolset-2022.json +++ b/images/windows/toolsets/toolset-2022.json @@ -380,13 +380,25 @@ }, "postgresql": { "version": "14.12.1", - "signature": "698BA51AA27CC31282AACA5055E4B9190BC6C0E9" + "signature": "698BA51AA27CC31282AACA5055E4B9190BC6C0E9", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2025-06-01", + "type": "preexisting-pinned-version-without-reason" + } }, "kotlin": { "version": "latest" }, "openssl": { - "version": "1.1.1" + "version": "1.1.1", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2024-06-01", + "type": "preexisting-pinned-version-without-reason" + } }, "pwsh": { "version": "7.4" diff --git a/images/windows/toolsets/toolset-2025.json b/images/windows/toolsets/toolset-2025.json index e886e1115..2a413f891 100644 --- a/images/windows/toolsets/toolset-2025.json +++ b/images/windows/toolsets/toolset-2025.json @@ -107,7 +107,13 @@ }, "mingw": { "version": "14.2.0", - "runtime": "ucrt" + "runtime": "ucrt", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2025-06-01", + "type": "preexisting-pinned-version-without-reason" + } }, "MsysPackages": { "msys2": [], @@ -318,7 +324,13 @@ "version": "latest" }, "openssl": { - "version": "3.4.0" + "version": "3.4.0", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2025-06-01", + "type": "preexisting-pinned-version-without-reason" + } }, "pwsh": { "version": "7.4" From 50e09973d0be461466a04ba742c0b642a2f3353f Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:43:40 +0000 Subject: [PATCH 09/16] Fix gh cli piping --- helpers/CheckOutdatedVersionPinning.ps1 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/helpers/CheckOutdatedVersionPinning.ps1 b/helpers/CheckOutdatedVersionPinning.ps1 index 10a4e26de..2d98ad587 100644 --- a/helpers/CheckOutdatedVersionPinning.ps1 +++ b/helpers/CheckOutdatedVersionPinning.ps1 @@ -67,7 +67,11 @@ if ($expiringPins) { if ($env:GITHUB_ACTIONS -eq 'true') { # In GitHub Actions, create an issue - $issueBody | gh issue create --title "Version Pinning Review Found Expired Pinned Versions" --body - + Write-Host "Creating issue" + $tempFile = [System.IO.Path]::GetTempFileName() + Set-Content -Path $tempFile -Value $issueBody + gh issue create --title "Version Pinning Review Found Expired Pinned Versions" --body-file $tempFile + Remove-Item -Path $tempFile } Write-Host "`nIssue Content:`n" From 613e24f3cdce077e1c36f1798470863f50fb48f7 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:46:52 +0000 Subject: [PATCH 10/16] update --- .github/workflows/check-pinned-versions.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/check-pinned-versions.yml b/.github/workflows/check-pinned-versions.yml index da8adc314..71e3f41ce 100644 --- a/.github/workflows/check-pinned-versions.yml +++ b/.github/workflows/check-pinned-versions.yml @@ -6,6 +6,10 @@ on: schedule: - cron: '0 0 * * *' # Run at midnight UTC every day +permissions: + issues: write + contents: read + jobs: validate-json: runs-on: ubuntu-latest @@ -16,3 +20,5 @@ jobs: - name: Validate JSON Schema shell: pwsh run: ./helpers/CheckOutdatedVersionPinning.ps1 + env: + GH_TOKEN: ${{ github.token }} From 1ace44b407eea6614a8b7c71dae7af16b34ff7cf Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:51:21 +0000 Subject: [PATCH 11/16] Update cron --- .github/workflows/check-pinned-versions.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/check-pinned-versions.yml b/.github/workflows/check-pinned-versions.yml index 71e3f41ce..54b6e03cf 100644 --- a/.github/workflows/check-pinned-versions.yml +++ b/.github/workflows/check-pinned-versions.yml @@ -1,10 +1,8 @@ +name: Check Outdated Version Pinning + on: - push: - branches: - - main - pull_request: schedule: - - cron: '0 0 * * *' # Run at midnight UTC every day + - cron: '0 12 * * 1' # Run at 12:00 UTC every Monday permissions: issues: write From 645b62769bc3829e2064bb9d0d9ae5f06d106839 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:55:38 +0000 Subject: [PATCH 12/16] Add pinnedDetails to mingw --- images/windows/toolsets/toolset-2022.json | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/images/windows/toolsets/toolset-2022.json b/images/windows/toolsets/toolset-2022.json index 5ab5d6e85..6660ef26a 100644 --- a/images/windows/toolsets/toolset-2022.json +++ b/images/windows/toolsets/toolset-2022.json @@ -150,7 +150,13 @@ }, "mingw": { "version": "12.2.0", - "runtime": "ucrt" + "runtime": "ucrt", + "pinnedDetails": { + "link": "https://github.com/actions/runner-images-internal/pull/6702", + "reason": "Meaningful reason must be added at next update.", + "review-at": "2025-06-01", + "type": "preexisting-pinned-version-without-reason" + } }, "MsysPackages": { "msys2": [], From 5385f70026a8896b62e273e0695d386219871598 Mon Sep 17 00:00:00 2001 From: lawrencegripper Date: Fri, 31 Jan 2025 10:57:29 +0000 Subject: [PATCH 13/16] Fix double run --- .github/workflows/validate-json-schema.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml index 6ac19e202..5e4d71dfc 100644 --- a/.github/workflows/validate-json-schema.yml +++ b/.github/workflows/validate-json-schema.yml @@ -1,6 +1,12 @@ name: Validate JSON Schema -on: [push, pull_request] +on: + push: + branches: + - main + pull_request: + branches: + - main jobs: validate-json: From 06fe9293439bfab6348c260e73f4e04fedc26f34 Mon Sep 17 00:00:00 2001 From: Lawrence Gripper Date: Fri, 31 Jan 2025 11:03:31 +0000 Subject: [PATCH 14/16] Update .gitignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1d20651d4..6018a3757 100644 --- a/.gitignore +++ b/.gitignore @@ -397,4 +397,3 @@ launch.json # Ignore dynamic template images/*/*-temp.json -.github/workflows/validate-json-schema.yml From ed70f8ac465af3ad1cfe9c474ee150998fb8215e Mon Sep 17 00:00:00 2001 From: Lawrence Gripper Date: Fri, 31 Jan 2025 13:02:49 +0000 Subject: [PATCH 15/16] Update .github/workflows/check-pinned-versions.yml --- .github/workflows/check-pinned-versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-pinned-versions.yml b/.github/workflows/check-pinned-versions.yml index 54b6e03cf..bda072158 100644 --- a/.github/workflows/check-pinned-versions.yml +++ b/.github/workflows/check-pinned-versions.yml @@ -9,7 +9,7 @@ permissions: contents: read jobs: - validate-json: + check-pinning-dates: runs-on: ubuntu-latest steps: - name: Checkout repository From 4c5acc8cdeb1b44576c9219ef929444c29869492 Mon Sep 17 00:00:00 2001 From: Lawrence Gripper Date: Fri, 31 Jan 2025 13:03:06 +0000 Subject: [PATCH 16/16] Update .github/workflows/validate-json-schema.yml --- .github/workflows/validate-json-schema.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate-json-schema.yml b/.github/workflows/validate-json-schema.yml index 5e4d71dfc..dbebc0f29 100644 --- a/.github/workflows/validate-json-schema.yml +++ b/.github/workflows/validate-json-schema.yml @@ -9,7 +9,7 @@ on: - main jobs: - validate-json: + validate-json-schema: runs-on: ubuntu-latest steps: - name: Checkout repository