Preliminary working version (Spike code)

example.yml

@@ -0,0 +1,88 @@
+updates:
+############################################
+# BBR SDK
+############################################
+- name_pattern: mysql/mysql-((version)).tar.gz
+  cur_version: 5.6.51
+  constraints: '>= 5.6, < 5.7'
+  vers_regexp: '5\.6\.[0-9]+'
+  vers_url: https://endoflife.date/mysql
+  blob_url: https://downloads.mysql.com/archives/get/p/23/file/mysql-((version)).tar.gz
+
+- name_pattern: mysql/mysql-((version)).tar.gz
+  cur_version: 5.7.39
+  constraints: '>= 5.7, < 6'
+  vers_regexp: '5\.7\.[0-9]+'
+  vers_url: https://endoflife.date/mysql
+  blob_url: https://downloads.mysql.com/archives/get/p/23/file/mysql-((version)).tar.gz
+
+- name_pattern: mysql/mysql-((version))-linux-glibc2.17-x86_64-minimal.tar.xz
+  cur_version: 8.0.31
+  constraints: '>= 8.0'
+  vers_regexp: '8\.[0-9]+\.[0-9]+'
+  vers_url: https://endoflife.date/mysql
+  blob_url: https://cdn.mysql.com//Downloads/MySQL-8.0/mysql-((version))-linux-glibc2.17-x86_64-minimal.tar.xz
+
+- name_pattern: postgres/postgresql-((version)).tar.gz
+  cur_version: 9.4.26
+  constraints: '>= 9.4, < 9.5'
+  vers_regexp: '9\.4\.[0-9]+'
+  vers_url: https://endoflife.date/postgresql
+  blob_url: https://ftp.postgresql.org/pub/source/v((version))/postgresql-((version)).tar.gz
+
+- name_pattern: postgres/postgresql-((version)).tar.gz
+  cur_version: 9.6.24
+  constraints: '>= 9.6, < 10'
+  vers_regexp: '9\.6\.[0-9]+'
+  vers_url: https://endoflife.date/postgresql
+  blob_url: https://ftp.postgresql.org/pub/source/v((version))/postgresql-((version)).tar.gz
+
+- name_pattern: postgres/postgresql-((version)).tar.gz
+  cur_version: 10.23
+  constraints: '>= 10, < 11'
+  vers_regexp: '10\.[0-9]+'
+  vers_url: https://endoflife.date/postgresql
+  blob_url: https://ftp.postgresql.org/pub/source/v((version))/postgresql-((version)).tar.gz
+
+- name_pattern: postgres/postgresql-((version)).tar.gz
+  cur_version: 11.18
+  constraints: '>= 11, < 12'
+  vers_regexp: '11\.[0-9]+'
+  vers_url: https://endoflife.date/postgresql
+  blob_url: https://ftp.postgresql.org/pub/source/v((version))/postgresql-((version)).tar.gz
+
+- name_pattern: postgres/postgresql-((version)).tar.gz
+  cur_version: 13.9
+  constraints: '>= 13, < 14'
+  vers_regexp: '13\.[0-9]+'
+  vers_url: https://endoflife.date/postgresql
+  blob_url: https://ftp.postgresql.org/pub/source/v((version))/postgresql-((version)).tar.gz
+
+- name_pattern: libpcre2/pcre2-((version)).tar.gz
+  cur_version: 10.40
+  constraints: '*'
+  vers_regexp: '"pcre2-(?P<version>[0-9]+\.[0-9]+).tar.gz"'
+  vers_url: https://api.github.com/repos/PCRE2Project/pcre2/releases
+  blob_url: https://github.com/PCRE2Project/pcre2/releases/download/pcre2-((version))/pcre2-((version)).tar.gz
+
+- name_pattern: mariadb/mariadb-((version)).tar.gz
+  cur_version: 10.6.10
+  constraints: '>= 10.6, < 10.7'
+  vers_regexp: '10\.6\.[0-9]+'
+  vers_url: https://endoflife.date/mariadb
+  blob_url: https://downloads.mariadb.org/interstitial/mariadb-((version))/source/mariadb-((version)).tar.gz
+
+- name_pattern: openssl/openssl-((version)).tar.gz
+  cur_version: 1.1.1o
+  constraints: '>= 1, < 2'
+  vers_regexp: '\b[0-9]+\.[0-9]+\.[0-9]+[a-z]\b'
+  vers_url: https://www.openssl.org/news/newslog.html
+  blob_url: https://www.openssl.org/source/openssl-((version)).tar.gz
+
+- name_pattern: boost/boost_1_59_0.tar.gz
+  cur_version: 1.59.0
+  constraints: '= 1.59.0'
+  vers_regexp: 'files/boost/(?P<version>\b[0-9]+\.[0-9]+\.[0-9]+\b)'
+  vers_url: https://www.boost.org/users/history/
+  blob_url: https://sourceforge.net/projects/boost/files/boost/1.59.0/boost_1_59_0.tar.gz/download
+

go.mod

@@ -0,0 +1,9 @@
+module github.com/fejnartal/dependabosh
+
+go 1.18
+
+require (
+	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	golang.org/x/mod v0.7.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)

go.sum

@@ -0,0 +1,7 @@
+github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
+golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -0,0 +1,160 @@
+package main
+
+import (
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"regexp"
+	"strconv"
+	"github.com/Masterminds/semver/v3"
+	"gopkg.in/yaml.v3"
+)
+
+type Dependabosh struct {
+	Updates []Dependency `yaml:"updates"`
+}
+
+type Dependency struct {
+	NamePattern string `yaml:"name_pattern"`
+	Constraints string `yaml:"constraints"`
+	CurVersion  string `yaml:"cur_version"`
+	VersRegexp  string `yaml:"vers_regexp"`
+	VersURL     string `yaml:"vers_url"`
+	BlobURL     string `yaml:"blob_url"`
+	SrcURL      string `yaml:"src_url"`
+}
+
+var (
+	WarningLogger *log.Logger
+	InfoLogger    *log.Logger
+	DebugLogger   *log.Logger
+	ErrorLogger   *log.Logger
+)
+
+func init() {
+	InfoLogger = log.New(os.Stdout, "", 0) 
+	DebugLogger = log.New(os.Stdout, "DEBUG: ", log.Ldate|log.Ltime|log.Lshortfile)
+	WarningLogger = log.New(os.Stdout, "WARNING: ", log.Ldate|log.Ltime|log.Lshortfile)
+	ErrorLogger = log.New(os.Stderr, "ERROR: ", log.Ldate|log.Ltime|log.Lshortfile)
+	DebugLogger.SetOutput(ioutil.Discard)
+	WarningLogger.SetOutput(ioutil.Discard)
+}
+
+func main() {
+	yfilePath := os.Args[1]
+	yfile, err := ioutil.ReadFile(yfilePath)
+
+	if err != nil {
+		panic(err)
+	}
+	var dependabosh Dependabosh
+	err = yaml.Unmarshal(yfile, &dependabosh)
+	if err != nil {
+		panic(err)
+	}
+	for _, dep := range dependabosh.Updates {
+		InfoLogger.Println("###################################")
+		InfoLogger.Println("Name Pattern: " + dep.NamePattern)
+		InfoLogger.Println("Cur Version: " + dep.CurVersion)
+		InfoLogger.Println("Constraints: " + dep.Constraints)
+		InfoLogger.Println("Version Regex: " + dep.VersRegexp)
+		InfoLogger.Println("Versions URL: " + dep.VersURL)
+		InfoLogger.Println("Blob URL: " + dep.BlobURL)
+		InfoLogger.Println("SRC URL: " + dep.SrcURL)
+		latestVersion, err := checkLatestVersion(dep)
+		if err != nil {
+			ErrorLogger.Println(err)
+			continue
+			InfoLogger.Println("###################################")
+		}
+		InfoLogger.Println("Latest Version: " + latestVersion)
+		InfoLogger.Println("###################################")
+	}
+
+}
+
+func findAllVersionsWithCaptureGroups(textContainingVersions string, regex *regexp.Regexp) []string {
+	var versionCaptureGroup int
+
+	versionCaptureGroup = 0
+	for i, name := range regex.SubexpNames() {
+		DebugLogger.Println("Capture Group " + name + " has index " + strconv.Itoa(i))
+		if name == "version" {
+			versionCaptureGroup = i
+		}
+	}
+
+
+	allSubmatches := regex.FindAllStringSubmatch(textContainingVersions, -1)
+	allVersions := make([]string, len(allSubmatches))
+	for _, submatch := range allSubmatches {
+		if submatch[versionCaptureGroup] != "" {
+			allVersions = append(allVersions, submatch[versionCaptureGroup])
+			DebugLogger.Println("Found version in input data: " + submatch[versionCaptureGroup] + ".")
+		}
+	}
+	return allVersions
+}
+
+func checkLatestVersion(dep Dependency) (string, error) {
+	vregexp := regexp.MustCompile(dep.VersRegexp)
+	latestVersionsData := fetchLatestVersionsData(dep.VersURL)
+	detectedVersions := findAllVersionsWithCaptureGroups(latestVersionsData, vregexp)
+
+	_, err := semver.NewVersion(dep.CurVersion)
+	if err != nil {
+		ErrorLogger.Println("Vers " + dep.CurVersion + " can't be interpreted as a semver.")
+		return "", semver.ErrInvalidSemVer
+	}
+
+	candidateVersion := dep.CurVersion
+	for _, version := range detectedVersions {
+		if version == "" {
+			// FIXME
+			continue
+		}
+		DebugLogger.Println("Comparing current candidate " + candidateVersion + " with " + version + ".")
+		canonicalCandidate, err := semver.NewVersion(candidateVersion)
+		if err != nil {
+			ErrorLogger.Println("Vers " + candidateVersion + " can't be interpreted as a semver.")
+			continue
+		}
+		canonicalVersion, err := semver.NewVersion(version)
+		if err != nil {
+			ErrorLogger.Println("Vers " + version + " can't be interpreted as a semver.")
+			return "", semver.ErrInvalidSemVer
+		}
+
+		greaterThanCandidateConstraint, _ := semver.NewConstraint("> " + canonicalCandidate.String())
+		versionInRangeConstraint, err := semver.NewConstraint(dep.Constraints)
+		if err != nil {
+			ErrorLogger.Println("Impossible to parse constraints: " + dep.Constraints)
+		}
+
+		if !greaterThanCandidateConstraint.Check(canonicalVersion) {
+			DebugLogger.Println("Rejecting version " + version + " as it's older than current candidate " + candidateVersion)
+		} else {
+			if !versionInRangeConstraint.Check(canonicalVersion) {
+				DebugLogger.Println("Rejecting version " + version + " despite being newer than current candidate " + candidateVersion + " because it doesn't pass constraints")
+			} else {
+				DebugLogger.Println("Adopting version " + version + " as it's newer than current candidate " + candidateVersion + " and passes constraints")
+				candidateVersion = version
+			}
+		}
+	}
+	return candidateVersion, nil
+}
+
+func fetchLatestVersionsData(url string) string {
+	resp, err := http.Get(url)
+	if err != nil {
+	   panic(err)
+	}
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		panic(err)
+	}
+	return string(body)
+}
+