Update ruby_resolv, gem search in the ruby buildsystem, & workflows. (#12176)

* workflow tweaks

Signed-off-by: Satadru Pramanik <satadru@gmail.com>

* Update Ruby Resolv gem to handle CVE-2025-24294

Signed-off-by: Satadru Pramanik <satadru@gmail.com>

* Add built packages for linux/386 to ruby_resolv

* Add built packages for linux/amd64 to ruby_resolv

* Add built packages for linux/arm/v7 to ruby_resolv

* Cleanup workflow.

Signed-off-by: Satadru Pramanik <satadru@gmail.com>

* Fix gem search regex

Signed-off-by: Satadru Pramanik <satadru@gmail.com>

* Update ruby gem updater with more ruby gem name exceptions.

Signed-off-by: Satadru Pramanik <satadru@gmail.com>

* Clean up updater output.

Signed-off-by: Satadru Pramanik <satadru@gmail.com>

---------

Signed-off-by: Satadru Pramanik <satadru@gmail.com>
Co-authored-by: Satadru Pramanik <satadru@gmail.com>
Co-authored-by: satmandu <satmandu@users.noreply.github.com>

.github/workflows/Build.yml

@@ -295,7 +295,7 @@ jobs:
             git config user.name "${{ github.actor }}"
             git config user.email "${{ github.actor }}@users.noreply.github.com"
             git add -A
-            git commit -m "Add built packages for ${PLATFORM} to ${{ env.BRANCH }}" && git push -f
+            git commit -m "Add built packages for ${PLATFORM} to branch ${{ env.BRANCH }}." && git push -f
             git log --oneline -10
           fi
   build-check:
@@ -331,11 +331,20 @@ jobs:
             git reset --hard "origin/${{ env.BRANCH }}"
             git pull --rebase origin master && git push -f
             git log --oneline -10
+      - name: Get GH Token
+        id: get_workflow_token
+        uses: peter-murray/workflow-application-token-action@v4
+        with:
+          application_id: ${{ secrets.APPLICATION_ID }}
+          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+          organization: chromebrew
+          revoke_token: true
       - name: Create Pull Request
         if: ${{ github.event.inputs.with_pr == 'true' }}
         env:
           CHANGED_MANIFEST_FILES: ${{ steps.changed-manifest-files.outputs.all_changed_files }}
           CHANGED_PACKAGES: ${{ needs.setup.outputs.changed_packages }}
+          GH_BACKUP_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
           TIMESTAMP: ${{ needs.setup.outputs.timestamp }}
           i686_PACKAGES: ${{ needs.setup.outputs.i686_packages }}
           x86_64_PACKAGES: ${{ needs.setup.outputs.x86_64_packages }}
@@ -360,15 +369,16 @@ jobs:
           echo -e "CREW_REPO=https://github.com/chromebrew/chromebrew.git CREW_BRANCH=${{ env.BRANCH }} crew update \\" >> /tmp/pr.txt
           echo -e "&& yes | crew upgrade\n\`\`\`" >> /tmp/pr.txt
           cat /tmp/pr.txt
+          gh auth status >/dev/null 2>&1 || export GH_TOKEN="${GH_BACKUP_TOKEN}"
           PR_NUMBER=$(gh pr create --title "AutoBuild: ${{ env.BRANCH }} started at ${TIMESTAMP}" -F /tmp/pr.txt | rev | cut -d"/" -f1  | rev)
           echo "PR_NUMBER is ${PR_NUMBER}"
           echo "PR_NUMBER=${PR_NUMBER}" >> "$GITHUB_ENV"
       - name: Trigger Unit Test Workflow & Add Reviewer Team
         if: ${{ github.event.inputs.with_pr == 'true' }}
         env:
+          GH_BACKUP_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
           GH_TOKEN: ${{ secrets.CREW_PR_TOKEN }}
         run: |
-          echo "Flipping pr ${PR_NUMBER} state."
-          gh pr close "${PR_NUMBER}" && gh pr reopen "${PR_NUMBER}"
+          gh auth status >/dev/null 2>&1 || export GH_TOKEN="${GH_BACKUP_TOKEN}"
           gh pr edit "${PR_NUMBER}" --add-reviewer chromebrew/active
           gh pr merge "${PR_NUMBER}" --auto

.github/workflows/Gen-Token.yml

@@ -2,7 +2,7 @@
 name: Generate GitHub Actions Token
 on:
   schedule:
-    - cron: 30 * * * *
+    - cron: 25,55 * * * *
   workflow_dispatch: null
 permissions:
   issues: write

.github/workflows/Unit-Test.yml

@@ -6,7 +6,9 @@ on:
       - created
   merge_group:
   pull_request:
-  #  push:
+    types:
+      - opened
+      - ready_for_review
   workflow_dispatch:
   # workflow_run:
   #  workflows: [Build]

lib/buildsystems/ruby.rb

@@ -47,7 +47,7 @@ def set_vars(passed_name = nil, passed_version = nil)
   # here: https://guides.rubygems.org/rubygems-org-compact-index-api/
   # Figure out gem name, noting that there may be dashes and underscores
   # in the name.
-  gem_test = $gems.grep(/#{"^#{passed_name.gsub(/^ruby_/, '')}\\s.*$"}/).last.blank? ? $gems.grep(/#{"^\(#{passed_name.gsub(/^ruby_/, '').gsub('_', ')*.(')}\\s\).*$"}/).last : $gems.grep(/#{"^#{passed_name.gsub(/^ruby_/, '')}\\s.*$"}/).last
+  gem_test = $gems.grep(/#{"^#{passed_name.gsub(/^ruby_/, '')}\\s.*$"}/).last.blank? ? $gems.grep(/#{"^\(#{passed_name.gsub(/^ruby_/, '').gsub('_', ')+.(')}\\s\).*$"}/).last : $gems.grep(/#{"^#{passed_name.gsub(/^ruby_/, '')}\\s.*$"}/).last
   abort "Cannot find #{passed_name} gem to install.".lightred if gem_test.blank?
   gem_test_name = gem_test.split.first
   gem_test_versions = gem_test.split[1].split(',')

packages/ruby_resolv.rb

@@ -3,17 +3,17 @@ require 'buildsystems/ruby'
 class Ruby_resolv < RUBY
   description 'Thread-aware dns resolver library in ruby.'
   homepage 'https://github.com/ruby/resolv'
-  version "0.6.1-#{CREW_RUBY_VER}"
+  version "0.6.2-#{CREW_RUBY_VER}"
   license 'BSD-2-Clause'
   compatibility 'all'
   source_url 'SKIP'
   binary_compression 'gem'
 
   binary_sha256({
-    aarch64: '05f7c1b496933738df9137d832add02f3dc410ccef7aa0a791556cc92104e9d5',
-     armv7l: '05f7c1b496933738df9137d832add02f3dc410ccef7aa0a791556cc92104e9d5',
-       i686: '840ce5ea587b975310568ff07592e46104291654cb46a62550e3114a770896c3',
-     x86_64: '5f3f544c343bcee028d5a9393205bb0c9b1b95eb730627496cd2412f203a9f4a'
+    aarch64: '12a1218aa609dec6d3224a70bec81048df66f7904dd8669e6a821812958ab1f7',
+     armv7l: '12a1218aa609dec6d3224a70bec81048df66f7904dd8669e6a821812958ab1f7',
+       i686: 'ec1d546a2e400b713cbfb3765a5e640d39f44c6a621ed39993c4ce7601a2e698',
+     x86_64: '8d6074bb8df8d1239230b9b6f118e99e1419c23d9fb13352cb9ceef73d057654'
   })
 
   conflicts_ok

tools/update_python_pip_packages.rb

@@ -11,6 +11,7 @@ $LOAD_PATH.unshift './lib'
 
 require_relative '../lib/color'
 require_relative '../lib/const'
+require_relative '../lib/convenience_functions'
 require_relative '../lib/package'
 require_relative '../lib/package_utils'
 require_relative '../lib/require_gem'
@@ -71,7 +72,7 @@ def check_for_updated_python_packages
   pool.wait_for_termination
 
   puts "Done checking pypi for updates to #{total_files_to_check} python packages.".orange
-  puts "Updated versions were not listed in pypi for: #{packages_without_pypi_versions.join(' ')}".orange
+  puts "Updated versions were not listed in pypi for: #{packages_without_pypi_versions.join(' ')}".orange unless packages_without_pypi_versions.blank?
 
   return updateable_packages
 end

tools/update_ruby_gem_packages.rb

@@ -1,5 +1,5 @@
 #!/usr/local/bin/ruby
-# update_ruby_gem_packages version 2.0 (for Chromebrew)
+# update_ruby_gem_packages version 2.1 (for Chromebrew)
 # Author: Satadru Pramanik (satmandu) satadru at gmail dot com
 # Usage in root of cloned chromebrew repo:
 # tools/update_ruby_gem_packages.rb
@@ -11,6 +11,7 @@ require 'json'
 require 'net/http'
 require_relative '../lib/color'
 require_relative '../lib/const'
+require_relative '../lib/convenience_functions'
 require_relative '../lib/package'
 require_relative '../lib/package_utils'
 require_relative '../lib/require_gem'
@@ -40,7 +41,11 @@ def check_for_updated_ruby_packages
       gem_name = pkg.name.sub('ruby_', '')
       # We replace all dashes with underscores in our initial package names, but some gems actually use underscores, so we need special cases.
       # This list was created by looking at what packages were listed as not having updates in rubygems, and then looking up the upstream name for them.
-      if %w[connection_pool error_highlight mini_mime multi_xml mutex_m power_assert regexp_parser repl_type_completor ruby2_keywords syntax_suggest].include?(gem_name)
+      if %w[
+        connection_pool error_highlight lint_roller method_source
+        mini_mime multi_xml mutex_m power_assert regexp_parser
+        repl_type_completor ruby2_keywords syntax_suggest
+      ].include?(gem_name)
         # These gems used underscores originally, so don't replace anything
       elsif gem_name == 'language_server_protocol'
         # These gems have an underscore then a dash, but there's only one, so we hardcode the logic for now.
@@ -75,7 +80,7 @@ def check_for_updated_ruby_packages
   pool.wait_for_termination
 
   puts "Done checking rubygems for updates to #{total_files_to_check} ruby packages.\r".orange
-  puts "Updated versions were not listed in rubygems for: #{packages_without_gem_versions.join(' ')}".orange
+  puts "Updated versions were not listed in rubygems for: #{packages_without_gem_versions.join(' ')}".orange unless packages_without_gem_versions.blank?
 
   return updateable_packages
 end