name: OpenSSL update on: schedule: # Run once a week at 00:05 AM UTC on Sunday. - cron: 5 0 * * 0 workflow_dispatch: permissions: contents: read jobs: openssl-update: if: github.repository == 'nodejs/node' runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false - name: Check and download new OpenSSL version run: | ./tools/dep_updaters/update-openssl.sh download > temp-output cat temp-output tail -n1 temp-output | grep "NEW_VERSION=" >> "$GITHUB_ENV" || true rm temp-output env: GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} - name: Create PR with first commit if: env.NEW_VERSION uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5 # Creates a PR with the new OpenSSL source code committed env: GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} with: author: Node.js GitHub Bot body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}. branch: actions/tools-update-openssl # Custom branch *just* for this Action. commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}' labels: dependencies, openssl title: 'deps: update OpenSSL to ${{ env.NEW_VERSION }}' path: deps/openssl update-pull-request-title-and-body: true - name: Regenerate platform specific files if: env.NEW_VERSION run: | sudo apt install -y nasm libtext-template-perl ./tools/dep_updaters/update-openssl.sh regenerate env: GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} - name: Add second commit # Adds a second commit to the PR with the generated platform-dependent files if: env.NEW_VERSION uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5 env: GITHUB_TOKEN: ${{ secrets.GH_USER_TOKEN }} with: author: Node.js GitHub Bot branch: actions/tools-update-openssl # Custom branch *just* for this Action. commit-message: 'deps: update archs files for openssl-${{ env.NEW_VERSION }}' path: deps/openssl