Use explicit pinned dependencies per:
- [The Open Source Security Foundation (OpenSSF) Security
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
This pull request is created by
[StepSecurity](https://app.stepsecurity.io/securerepo) at the request of
@guidezpl. Please merge the Pull Request to incorporate the requested
changes.
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Pierre-Louis <plg@google.com>
Co-authored-by: Zachary Anderson <zanderso@users.noreply.github.com>
The content hash doesn't exist for local engine changes, except for on
CI. If we detect we're on a branch with committed or uncommitted changes
to engine files; use "master".
towards #171790
re-land attempt for #173114 (try 2)
re-land attempt for #172792 (original)
The first commit in this PR is the previously LGTM'd changes for the
above; with tests.
The second commit is the critical change to make this work in post
submits (fixes#173143). It turns out that while LUCI reports the GitHub
private branches; our recipes directly checkout the git sha. This
matters because the content scripts couldn't determine the branch name
and the rev-parse was just HEAD. This lead the scripts down the
merge-base logic, which returns the previous commit.
A test was added specifically for this.
Alternatively to this change, we could have checked for LUCI_CONTEXT
being present in the environment. This is checked by Flutter tools in
some cases, but not by any other scripts in `bin/internal`. The downside
to checking HEAD: if you have a local branch with engine changes and you
move back a revision - `dart`/`flutter` invocations will generate the
hash for your local changes and fail.
<!-- start_original_pr_link -->
Reverts: flutter/flutter#173114
<!-- end_original_pr_link -->
<!-- start_initiating_author -->
Initiated by: jtmcdole
<!-- end_initiating_author -->
<!-- start_revert_reason -->
Reason for reverting: there is still another problem with the merge
queue causing the content hash to be different:
git revision: e13dd5384cc0db576291c2925852879f1111f284
actual hash: 4b6f7b0f9849efaa59f515c8e95f3f27a6eb2ffb
hash in the queue? 9e5b2eef4ba79b15b4f80dbba812d199d262366f
<!-- end_revert_reason -->
<!-- start_original_pr_author -->
Original PR Author: jtmcdole
<!-- end_original_pr_author -->
<!-- start_reviewers -->
Reviewed By: {matanlurey, chingjun}
<!-- end_reviewers -->
<!-- start_revert_body -->
This change reverts the following previous change:
The content hash doesn't exist for local engine changes, except for on
CI. If we detect we're on a branch with committed or uncommitted changes
to engine files; use "master".
towards #171790
re-land attempt for #172792 with the following changes:
1. content_aware_hash.(ps1|sh) now consider multiple branches to choose
between HEAD and merge-base.
2. content_aware_hash_test.dart updated for these new requirements
3. content_aware_hash_test.dart allows for forcing powershell on mac for
testing
4. updated docs/tool/Engine-artifacts.md documentation.
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [ ] I followed the [breaking change policy] and added [Data Driven
Fixes] where supported.
- [x] All existing and new tests are passing.
<!-- end_revert_body -->
Co-authored-by: auto-submit[bot] <flutter-engprod-team@google.com>
The content hash doesn't exist for local engine changes, except for on
CI. If we detect we're on a branch with committed or uncommitted changes
to engine files; use "master".
towards #171790
re-land attempt for #172792 with the following changes:
1. content_aware_hash.(ps1|sh) now consider multiple branches to choose
between HEAD and merge-base.
2. content_aware_hash_test.dart updated for these new requirements
3. content_aware_hash_test.dart allows for forcing powershell on mac for
testing
4. updated docs/tool/Engine-artifacts.md documentation.
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [ ] I followed the [breaking change policy] and added [Data Driven
Fixes] where supported.
- [x] All existing and new tests are passing.
<!-- start_original_pr_link -->
Reverts: flutter/flutter#172792
<!-- end_original_pr_link -->
<!-- start_initiating_author -->
Initiated by: jtmcdole
<!-- end_initiating_author -->
<!-- start_revert_reason -->
Reason for reverting: almost, but not quite right. android builders
generate the wrong hash because they are on custom branches.
<!-- end_revert_reason -->
<!-- start_original_pr_author -->
Original PR Author: jtmcdole
<!-- end_original_pr_author -->
<!-- start_reviewers -->
Reviewed By: {bdero, matanlurey}
<!-- end_reviewers -->
<!-- start_revert_body -->
This change reverts the following previous change:
The content hash doesn't exist for local engine changes, except for on
CI. If we detect we're on a branch with committed or uncommitted changes
to engine files; use "master".
towards #171790
<!-- end_revert_body -->
Co-authored-by: auto-submit[bot] <flutter-engprod-team@google.com>
The content hash doesn't exist for local engine changes, except for on
CI. If we detect we're on a branch with committed or uncommitted changes
to engine files; use "master".
towards #171790
Rolls forward https://github.com/flutter/flutter/pull/166717.
Does not copy the `README` or `DEPS` files, and instead uses synthetic
scratch files.
These files can change, so we can't possibly know how to hash them
consistently.
<!-- start_original_pr_link -->
Reverts: flutter/flutter#166717
<!-- end_original_pr_link -->
<!-- start_initiating_author -->
Initiated by: matanlurey
<!-- end_initiating_author -->
<!-- start_revert_reason -->
Reason for reverting: Broke tree on
[postsubmit](https://logs.chromium.org/logs/flutter/buildbucket/cr-buildbucket/8718108088961866849/+/u/test:_run_suite_safari-dart2js-canvaskit-engine/stdout)
<!-- end_revert_reason -->
<!-- start_original_pr_author -->
Original PR Author: jtmcdole
<!-- end_original_pr_author -->
<!-- start_reviewers -->
Reviewed By: {matanlurey}
<!-- end_reviewers -->
<!-- start_revert_body -->
This change reverts the following previous change:
1. Calculate the hash in only two places: `content_aware_hash.{ps1|sh}`
2. Call this from the workflow
3. Eventually call this from `update_engine_version.{ps1|sh}`
The files of import:
* `DEPS`: tracks third party dependencies related to building the engine
* `engine`: all the code in the engine folder
* `bin/internal/content_aware_hash.ps1`: script for calculating the hash
on windows
* `bin/internal/content_aware_hash.sh`: script for calculating the hash
on mac/linux
* `.github/workflows/content-aware-hash.yml`: github action for CI/CD
hashing
Tested on windows and mac:
```shell
PS C:\src\flutter> C:\src\flutter\bin\internal\content_aware_hash.ps1
c24231e276e0719738e175e0622e040ad21a7012
```
```shell
❯ ~/src/flutter/bin/internal/content_aware_hash.sh
c24231e276e0719738e175e0622e040ad21a7012
```
<!-- end_revert_body -->
Co-authored-by: auto-submit[bot] <flutter-engprod-team@google.com>
1. Calculate the hash in only two places: `content_aware_hash.{ps1|sh}`
2. Call this from the workflow
3. Eventually call this from `update_engine_version.{ps1|sh}`
The files of import:
* `DEPS`: tracks third party dependencies related to building the engine
* `engine`: all the code in the engine folder
* `bin/internal/content_aware_hash.ps1`: script for calculating the hash
on windows
* `bin/internal/content_aware_hash.sh`: script for calculating the hash
on mac/linux
* `.github/workflows/content-aware-hash.yml`: github action for CI/CD
hashing
Tested on windows and mac:
```shell
PS C:\src\flutter> C:\src\flutter\bin\internal\content_aware_hash.ps1
c24231e276e0719738e175e0622e040ad21a7012
```
```shell
❯ ~/src/flutter/bin/internal/content_aware_hash.sh
c24231e276e0719738e175e0622e040ad21a7012
```
