node-core-utils/lib/security-announcement.js at 5b7a31d4e1cf1028a80265c12bd21521539f59e9 · RafaelGSS/node-core-utils · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import fs from 'node:fs';
import {
  NEXT_SECURITY_RELEASE_REPOSITORY,
  checkoutOnSecurityReleaseBranch,
  getVulnerabilitiesJSON,
  getVulnerabilitiesJSONPath,
  validateDate,
  formatDateToYYYYMMDD,
  commitAndPushVulnerabilitiesJSON,
  createIssue
} from './security-release/security-release.js';
import auth from './auth.js';
import Request from './request.js';

export default class SecurityAnnouncement {
  repository = NEXT_SECURITY_RELEASE_REPOSITORY;
  req;
  constructor(cli) {
    this.cli = cli;
  }

  async notifyPreRelease() {
    const { cli } = this;

    const credentials = await auth({
      github: true,
      h1: true
    });

    this.req = new Request(credentials);

    // checkout on security release branch
    checkoutOnSecurityReleaseBranch(cli, this.repository);
    // read vulnerabilities JSON file
    const content = getVulnerabilitiesJSON(cli);
    // validate the release date read from vulnerabilities JSON
    if (!content.releaseDate) {
      cli.error('Release date is not set in vulnerabilities.json,' +
        ' run `git node security --update-date=YYYY/MM/DD` to set the release date.');
      process.exit(1);
    }

    validateDate(content.releaseDate);
    const releaseDate = new Date(content.releaseDate);

    const [dockerIssue, buildIssue] = await Promise.all([
      this.createDockerNodeIssue(releaseDate),
      this.createBuildWGIssue(releaseDate)
    ]);

    content.buildIssue = buildIssue;
    content.dockerIssue = dockerIssue;

    const vulnerabilitiesJSONPath = getVulnerabilitiesJSONPath();
    fs.writeFileSync(vulnerabilitiesJSONPath, JSON.stringify(content, null, 2));
    const commitMessage = 'chore: add build and docker issue link';
    commitAndPushVulnerabilitiesJSON([vulnerabilitiesJSONPath],
      commitMessage, { cli: this.cli, repository: this.repository });

    this.cli.ok('Added docker and build issue in vulnerabilities.json');
  }

  async createBuildWGIssue(releaseDate) {
    const repository = {
      owner: 'nodejs',
      repo: 'build'
    };

    const { title, content } = this.createPreleaseAnnouncementIssue(releaseDate, 'build');
    return createIssue(title, content, repository, { cli: this.cli, req: this.req });
  }

  createPreleaseAnnouncementIssue(releaseDate, team) {
    const title = `[NEXT-SECURITY-RELEASE] Heads up on upcoming Node.js\
 security release ${formatDateToYYYYMMDD(releaseDate)}`;
    const content = `As per security release workflow,\
 creating issue to give the ${team} team a heads up.`;
    return { title, content };
  }

  async createDockerNodeIssue(releaseDate) {
    const repository = {
      owner: 'nodejs',
      repo: 'docker-node'
    };

    const { title, content } = this.createPreleaseAnnouncementIssue(releaseDate, 'docker');
    return createIssue(title, content, repository, { cli: this.cli, req: this.req });
  }
}