feat: update security release date (#772)

* feat: finalize security release

* fix: update doc

* fix: renamed and removed folder moving part

* fix: validate date format

Author: marco-ippolito

components/git/security.js

@@ -1,5 +1,6 @@
 import CLI from '../../lib/cli.js';
 import SecurityReleaseSteward from '../../lib/prepare_security.js';
+import UpdateSecurityRelease from '../../lib/update_security_release.js';
 
 export const command = 'security [options]';
 export const describe = 'Manage an in-progress security release or start a new one.';
@@ -8,6 +9,10 @@ const securityOptions = {
   start: {
     describe: 'Start security release process',
     type: 'boolean'
+  },
+  'update-date': {
+    describe: 'Updates the target date of the security release',
+    type: 'string'
   }
 };
 
@@ -17,17 +22,32 @@ export function builder(yargs) {
   yargsInstance = yargs;
   return yargs.options(securityOptions).example(
     'git node security --start',
-    'Prepare a security release of Node.js');
+    'Prepare a security release of Node.js')
+    .example(
+      'git node security --update-date=31/12/2023',
+      'Updates the target date of the security release'
+    );
 }
 
 export function handler(argv) {
   if (argv.start) {
     return startSecurityRelease(argv);
   }
+  if (argv['update-date']) {
+    return updateReleaseDate(argv);
+  }
   yargsInstance.showHelp();
 }
 
-async function startSecurityRelease(argv) {
+async function updateReleaseDate(argv) {
+  const releaseDate = argv['update-date'];
+  const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
+  const cli = new CLI(logStream);
+  const update = new UpdateSecurityRelease(cli);
+  return update.updateReleaseDate(releaseDate);
+}
+
+async function startSecurityRelease() {
   const logStream = process.stdout.isTTY ? process.stdout : process.stderr;
   const cli = new CLI(logStream);
   const release = new SecurityReleaseSteward(cli);

docs/git-node.md

@@ -455,8 +455,16 @@ $ ncu-config --global set h1_username $H1_TOKEN
 
 This command creates the Next Security Issue in Node.js private repository
 following the [Security Release Process][] document.
-It will retrieve all the triaged HackerOne reports and add them to the list
-with the affected release line.
+It will retrieve all the triaged HackerOne reports and add creates the `vulnerabilities.json`.
+
+### `git node security --update-date=target`
+
+This command updates the `vulnerabilities.json` with target date of the security release.
+Example:
+  
+```sh
+  git node security --update-date=16/12/2023
+```
 
 ## `git node status`
 

lib/prepare_security.js

@@ -1,19 +1,19 @@
 import nv from '@pkgjs/nv';
-import auth from './auth.js';
-import Request from './request.js';
 import fs from 'node:fs';
-import { runSync } from './run.js';
 import path from 'node:path';
-
-export const PLACEHOLDERS = {
-  releaseDate: '%RELEASE_DATE%',
-  vulnerabilitiesPRURL: '%VULNERABILITIES_PR_URL%',
-  preReleasePrivate: '%PRE_RELEASE_PRIV%',
-  postReleasePrivate: '%POS_RELEASE_PRIV%',
-  affectedLines: '%AFFECTED_LINES%'
-};
+import auth from './auth.js';
+import Request from './request.js';
+import {
+  NEXT_SECURITY_RELEASE_BRANCH,
+  NEXT_SECURITY_RELEASE_FOLDER,
+  NEXT_SECURITY_RELEASE_REPOSITORY,
+  PLACEHOLDERS,
+  checkoutOnSecurityReleaseBranch,
+  commitAndPushVulnerabilitiesJSON
+} from './security-release/security-release.js';
 
 export default class SecurityReleaseSteward {
+  repository = NEXT_SECURITY_RELEASE_REPOSITORY;
   constructor(cli) {
     this.cli = cli;
   }
@@ -28,9 +28,10 @@ export default class SecurityReleaseSteward {
     const req = new Request(credentials);
     const release = new PrepareSecurityRelease(req);
     const releaseDate = await release.promptReleaseDate(cli);
-    let securityReleasePRUrl = PLACEHOLDERS.vulnerabilitiesPRURL;
 
     const createVulnerabilitiesJSON = await release.promptVulnerabilitiesJSON(cli);
+
+    let securityReleasePRUrl;
     if (createVulnerabilitiesJSON) {
       securityReleasePRUrl = await this.createVulnerabilitiesJSON(req, release, { cli });
     }
@@ -47,7 +48,7 @@ export default class SecurityReleaseSteward {
 
   async createVulnerabilitiesJSON(req, release, { cli }) {
     // checkout on the next-security-release branch
-    release.checkoutOnSecurityReleaseBranch(cli);
+    checkoutOnSecurityReleaseBranch(cli, this.repository);
 
     // choose the reports to include in the security release
     const reports = await release.chooseReports(cli);
@@ -62,13 +63,14 @@ export default class SecurityReleaseSteward {
       cli.info(`To push the vulnerabilities.json file run:
         - git add ${filePath}
         - git commit -m "chore: create vulnerabilities.json for next security release"
-        - git push -u origin next-security-release
+        - git push -u origin ${NEXT_SECURITY_RELEASE_BRANCH}
         - open a PR on ${release.repository.owner}/${release.repository.repo}`);
       return;
     };
 
     // commit and push the vulnerabilities.json file
-    release.commitAndPushVulnerabilitiesJSON(filePath, cli);
+    const commitMessage = 'chore: create vulnerabilities.json for next security release';
+    commitAndPushVulnerabilitiesJSON(filePath, commitMessage, { cli, repository: this.repository });
 
     const createPr = await release.promptCreatePR(cli);
 
@@ -80,13 +82,8 @@ export default class SecurityReleaseSteward {
 }
 
 class PrepareSecurityRelease {
-  repository = {
-    owner: 'nodejs-private',
-    repo: 'security-release'
-  };
-
+  repository = NEXT_SECURITY_RELEASE_REPOSITORY;
   title = 'Next Security Release';
-  nextSecurityReleaseBranch = 'next-security-release';
 
   constructor(req, repository) {
     this.req = req;
@@ -101,30 +98,6 @@ class PrepareSecurityRelease {
       { defaultAnswer: true });
   }
 
-  checkRemote(cli) {
-    const remote = runSync('git', ['ls-remote', '--get-url', 'origin']).trim();
-    const { owner, repo } = this.repository;
-    const securityReleaseOrigin = [
-      `https://github.com/${owner}/${repo}.git`,
-      `[email protected]:${owner}/${repo}.git`
-    ];
-
-    if (!securityReleaseOrigin.includes(remote)) {
-      cli.error(`Wrong repository! It should be ${securityReleaseOrigin}`);
-      process.exit(1);
-    }
-  }
-
-  commitAndPushVulnerabilitiesJSON(filePath, cli) {
-    this.checkRemote(cli);
-
-    runSync('git', ['add', filePath]);
-    const commitMessage = 'chore: create vulnerabilities.json for next security release';
-    runSync('git', ['commit', '-m', commitMessage]);
-    runSync('git', ['push', '-u', 'origin', 'next-security-release']);
-    cli.ok(`Pushed commit: ${commitMessage} to ${this.nextSecurityReleaseBranch}`);
-  }
-
   getSecurityIssueTemplate() {
     return fs.readFileSync(
       new URL(
@@ -160,7 +133,7 @@ class PrepareSecurityRelease {
       { defaultAnswer: true });
   }
 
-  buildIssue(releaseDate, securityReleasePRUrl) {
+  buildIssue(releaseDate, securityReleasePRUrl = PLACEHOLDERS.vulnerabilitiesPRURL) {
     const template = this.getSecurityIssueTemplate();
     const content = template.replace(PLACEHOLDERS.releaseDate, releaseDate)
       .replace(PLACEHOLDERS.vulnerabilitiesPRURL, securityReleasePRUrl);
@@ -224,24 +197,13 @@ class PrepareSecurityRelease {
     return summaries?.[0].attributes?.content;
   }
 
-  checkoutOnSecurityReleaseBranch(cli) {
-    this.checkRemote(cli);
-    const currentBranch = runSync('git', ['branch', '--show-current']).trim();
-    cli.info(`Current branch: ${currentBranch} `);
-
-    if (currentBranch !== this.nextSecurityReleaseBranch) {
-      runSync('git', ['checkout', '-B', this.nextSecurityReleaseBranch]);
-      cli.ok(`Checkout on branch: ${this.nextSecurityReleaseBranch} `);
-    };
-  }
-
   async createVulnerabilitiesJSON(reports, { cli }) {
     cli.separator('Creating vulnerabilities.json...');
     const file = JSON.stringify({
       reports
     }, null, 2);
 
-    const folderPath = path.join(process.cwd(), 'security-release', 'next-security-release');
+    const folderPath = path.join(process.cwd(), NEXT_SECURITY_RELEASE_FOLDER);
     try {
       await fs.accessSync(folderPath);
     } catch (error) {

lib/security-release/security-release.js

@@ -0,0 +1,58 @@
+import { runSync } from '../run.js';
+
+export const NEXT_SECURITY_RELEASE_BRANCH = 'next-security-release';
+export const NEXT_SECURITY_RELEASE_FOLDER = 'security-release/next-security-release';
+
+export const NEXT_SECURITY_RELEASE_REPOSITORY = {
+  owner: 'nodejs-private',
+  repo: 'security-release'
+};
+
+export const PLACEHOLDERS = {
+  releaseDate: '%RELEASE_DATE%',
+  vulnerabilitiesPRURL: '%VULNERABILITIES_PR_URL%',
+  preReleasePrivate: '%PRE_RELEASE_PRIV%',
+  postReleasePrivate: '%POS_RELEASE_PRIV%',
+  affectedLines: '%AFFECTED_LINES%'
+};
+
+export function checkRemote(cli, repository) {
+  const remote = runSync('git', ['ls-remote', '--get-url', 'origin']).trim();
+  const { owner, repo } = repository;
+  const securityReleaseOrigin = [
+    `https://github.com/${owner}/${repo}.git`,
+    `[email protected]:${owner}/${repo}.git`
+  ];
+
+  if (!securityReleaseOrigin.includes(remote)) {
+    cli.error(`Wrong repository! It should be ${securityReleaseOrigin}`);
+    process.exit(1);
+  }
+}
+
+export function checkoutOnSecurityReleaseBranch(cli, repository) {
+  checkRemote(cli, repository);
+  const currentBranch = runSync('git', ['branch', '--show-current']).trim();
+  cli.info(`Current branch: ${currentBranch} `);
+
+  if (currentBranch !== NEXT_SECURITY_RELEASE_BRANCH) {
+    runSync('git', ['checkout', '-B', NEXT_SECURITY_RELEASE_BRANCH]);
+    cli.ok(`Checkout on branch: ${NEXT_SECURITY_RELEASE_BRANCH} `);
+  };
+}
+
+export function commitAndPushVulnerabilitiesJSON(filePath, commitMessage, { cli, repository }) {
+  checkRemote(cli, repository);
+
+  if (Array.isArray(filePath)) {
+    for (const path of filePath) {
+      runSync('git', ['add', path]);
+    }
+  } else {
+    runSync('git', ['add', filePath]);
+  }
+
+  runSync('git', ['commit', '-m', commitMessage]);
+  runSync('git', ['push', '-u', 'origin', NEXT_SECURITY_RELEASE_BRANCH]);
+  cli.ok(`Pushed commit: ${commitMessage} to ${NEXT_SECURITY_RELEASE_BRANCH}`);
+}

lib/update_security_release.js

@@ -0,0 +1,61 @@
+import {
+  NEXT_SECURITY_RELEASE_FOLDER,
+  NEXT_SECURITY_RELEASE_REPOSITORY,
+  checkoutOnSecurityReleaseBranch,
+  commitAndPushVulnerabilitiesJSON
+} from './security-release/security-release.js';
+import fs from 'node:fs';
+import path from 'node:path';
+
+export default class UpdateSecurityRelease {
+  repository = NEXT_SECURITY_RELEASE_REPOSITORY;
+  constructor(cli) {
+    this.cli = cli;
+  }
+
+  async updateReleaseDate(releaseDate) {
+    const { cli } = this;
+
+    try {
+      const [day, month, year] = releaseDate.split('/');
+      const value = new Date(`${month}/${day}/${year}`).valueOf();
+      if (Number.isNaN(value) || value < 0) {
+        throw new Error('Invalid date format');
+      }
+    } catch (error) {
+      cli.error('Invalid date format. Please use the format dd/mm/yyyy.');
+      process.exit(1);
+    }
+
+    // checkout on the next-security-release branch
+    checkoutOnSecurityReleaseBranch(cli, this.repository);
+
+    // update the release date in the vulnerabilities.json file
+    const updatedVulnerabilitiesFiles = await this.updateVulnerabilitiesJSON(releaseDate, { cli });
+
+    const commitMessage = `chore: update the release date to ${releaseDate}`;
+    commitAndPushVulnerabilitiesJSON(updatedVulnerabilitiesFiles,
+      commitMessage, { cli, repository: this.repository });
+    cli.ok('Done!');
+  }
+
+  async updateVulnerabilitiesJSON(releaseDate) {
+    const vulnerabilitiesJSONPath = path.join(process.cwd(),
+      NEXT_SECURITY_RELEASE_FOLDER, 'vulnerabilities.json');
+
+    const exists = fs.existsSync(vulnerabilitiesJSONPath);
+
+    if (!exists) {
+      this.cli.error(`The file vulnerabilities.json does not exist at ${vulnerabilitiesJSONPath}`);
+      process.exit(1);
+    }
+
+    const content = JSON.parse(fs.readFileSync(vulnerabilitiesJSONPath, 'utf8'));
+    content.releaseDate = releaseDate;
+
+    fs.writeFileSync(vulnerabilitiesJSONPath, JSON.stringify(content, null, 2));
+
+    this.cli.ok(`Updated the release date in vulnerabilities.json: ${releaseDate}`);
+    return [vulnerabilitiesJSONPath];
+  }
+}