mirror of
synced 2025-01-10 18:24:24 +00:00
*Authors* - Checking and updating authors has been migrated to a custom script in the repo *Changelog* - changelogplease is no longer maintained - generate changelog in markdown for GitHub releases - generate changelog in HTML for blog posts - generate contributors list in HTML for blog posts *dist* - clone dist repo, copy files, and commit/push - commit tag with dist files on main branch; remove dist files from main branch after release *cdn* - clone cdn repo, copy files, and commit/push - create versioned and unversioned copies in cdn/ - generate md5 sums and archives for Google and MSFT *build* - implement reproducible builds and verify release builds * uses the last modified date for the latest commit * See https://reproducible-builds.org/ - the verify workflow also ensures all files were properly published to the CDN and npm *docs* - the new release workflow is documented at build/release/README.md *misc* - now that we don't need the jquery-release script and now that we no longer need to build on Node 10, we can use ESM in all files in the build folder - move dist wrappers to "wrappers" folders for easy removal of all built files - limit certain workflows to the main repo (not forks) - version in package.json has been set to beta.1 so that the next release will be beta.2 - release-it added the `preReleaseBase` option and we now always set it to `1` in the npm script. This is a noop for stable releases. Fixes jquery/jquery-release#114 Closes gh-5512
199 lines
5.5 KiB
199 lines
5.5 KiB
* Verify the latest release is reproducible
* Works with versions 4.0.0-beta.2 and later
import chalk from "chalk";
import * as Diff from "diff";
import { exec as nodeExec } from "node:child_process";
import crypto from "node:crypto";
import { createWriteStream } from "node:fs";
import { mkdir, readdir, readFile } from "node:fs/promises";
import path from "node:path";
import { Readable } from "node:stream";
import { finished } from "node:stream/promises";
import util from "node:util";
import { gunzip as nodeGunzip } from "node:zlib";
import { rimraf } from "rimraf";
const exec = util.promisify( nodeExec );
const gunzip = util.promisify( nodeGunzip );
const SRC_REPO = "https://github.com/jquery/jquery.git";
const CDN_URL = "https://code.jquery.com";
const REGISTRY_URL = "https://registry.npmjs.org/jquery";
const rstable = /^(\d+\.\d+\.\d+)$/;
export async function verifyRelease( { version } = {} ) {
if ( !version ) {
version = process.env.VERSION || ( await getLatestVersion() );
console.log( `Checking jQuery ${ version }...` );
const release = await buildRelease( { version } );
let verified = true;
// Only check stable versions against the CDN
if ( rstable.test( version ) ) {
await Promise.all(
release.files.map( async( file ) => {
const cdnContents = await fetch( new URL( file.name, CDN_URL ) ).then(
( res ) => res.text()
if ( cdnContents !== file.contents ) {
console.log( `${ file.name } is different from the CDN:` );
diffFiles( file.contents, cdnContents );
verified = false;
} )
// Check all releases against npm.
// First, download npm tarball for version
const npmPackage = await fetch( REGISTRY_URL ).then( ( res ) => res.json() );
if ( !npmPackage.versions[ version ] ) {
throw new Error( `jQuery ${ version } not found on npm!` );
const npmTarball = npmPackage.versions[ version ].dist.tarball;
// Write npm tarball to file
const npmTarballPath = path.join( "tmp/verify", version, "npm.tgz" );
await downloadFile( npmTarball, npmTarballPath );
// Check the tarball checksum
const tgzSum = await sumTarball( npmTarballPath );
if ( tgzSum !== release.tgz.contents ) {
console.log( `${ version }.tgz is different from npm:` );
diffFiles( release.tgz.contents, tgzSum );
verified = false;
await Promise.all(
release.files.map( async( file ) => {
// Get file contents from tarball
const { stdout: npmContents } = await exec(
`tar -xOf ${ npmTarballPath } package/${ file.path }/${ file.name }`
if ( npmContents !== file.contents ) {
console.log( `${ file.name } is different from the CDN:` );
diffFiles( file.contents, npmContents );
verified = false;
} )
if ( verified ) {
console.log( `jQuery ${ version } is reproducible!` );
} else {
throw new Error( `jQuery ${ version } is NOT reproducible!` );
async function buildRelease( { version } ) {
const releaseFolder = path.join( "tmp/verify", version );
// Clone the release repo
console.log( `Cloning jQuery ${ version }...` );
await rimraf( releaseFolder );
await mkdir( releaseFolder, { recursive: true } );
await exec(
`git clone -q -b ${ version } --depth=1 ${ SRC_REPO } ${ releaseFolder }`
// Install node dependencies
console.log( `Installing dependencies for jQuery ${ version }...` );
await exec( "npm ci", { cwd: releaseFolder } );
// Build the release
console.log( `Building jQuery ${ version }...` );
const { stdout: buildOutput } = await exec( "npm run build:all", {
cwd: releaseFolder,
env: {
VERSION: version
} );
console.log( buildOutput );
// Pack the npm tarball
console.log( `Packing jQuery ${ version }...` );
const { stdout: packOutput } = await exec( "npm pack", { cwd: releaseFolder } );
console.log( packOutput );
// Get all top-level /dist and /dist-module files
const distFiles = await readdir( path.join( releaseFolder, "dist" ), {
withFileTypes: true
} );
const distModuleFiles = await readdir(
path.join( releaseFolder, "dist-module" ),
withFileTypes: true
const files = await Promise.all(
[ ...distFiles, ...distModuleFiles ]
.filter( ( dirent ) => dirent.isFile() )
.map( async( dirent ) => ( {
name: dirent.name,
path: path.basename( dirent.path ),
contents: await readFile( path.join( dirent.path, dirent.name ), "utf8" )
} ) )
// Get checksum of the tarball
const tgzFilename = `jquery-${ version }.tgz`;
const sum = await sumTarball( path.join( releaseFolder, tgzFilename ) );
return {
tgz: {
name: tgzFilename,
contents: sum
async function downloadFile( url, dest ) {
const response = await fetch( url );
const fileStream = createWriteStream( dest );
const stream = Readable.fromWeb( response.body ).pipe( fileStream );
return finished( stream );
async function diffFiles( a, b ) {
const diff = Diff.diffLines( a, b );
diff.forEach( ( part ) => {
if ( part.added ) {
console.log( chalk.green( part.value ) );
} else if ( part.removed ) {
console.log( chalk.red( part.value ) );
} else {
console.log( part.value );
} );
async function getLatestVersion() {
const { stdout: sha } = await exec( "git rev-list --tags --max-count=1" );
const { stdout: tag } = await exec( `git describe --tags ${ sha.trim() }` );
return tag.trim();
function shasum( data ) {
const hash = crypto.createHash( "sha256" );
hash.update( data );
return hash.digest( "hex" );
async function sumTarball( filepath ) {
const contents = await readFile( filepath );
const unzipped = await gunzip( contents );
return shasum( unzipped );