Version Packages #1023
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: EDR NPM release | |
env: | |
DEBUG: napi:* | |
APP_NAME: edr | |
MACOSX_DEPLOYMENT_TARGET: "10.13" | |
NUMBER_OF_TARGETS: 7 | |
permissions: | |
contents: write | |
id-token: write | |
on: | |
push: | |
branches: | |
- main | |
- prerelease | |
tags-ignore: | |
- "**" | |
paths-ignore: | |
- "**/*.md" | |
- LICENSE | |
- "**/*.gitignore" | |
- .editorconfig | |
- docs/** | |
pull_request: null | |
workflow_dispatch: | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
settings: | |
- host: macos-13 | |
target: x86_64-apple-darwin | |
build: | | |
pnpm build | |
strip -x *.node | |
- host: windows-2022 | |
build: pnpm build | |
target: x86_64-pc-windows-msvc | |
- host: ubuntu-22.04 | |
target: x86_64-unknown-linux-gnu | |
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:4b2638c0987845c4ab3488574a215a2a866b99fb28588788786f2b8cbcb40e71 | |
build: |- | |
set -e && | |
pnpm run build --target x86_64-unknown-linux-gnu && | |
strip *.node | |
- host: ubuntu-22.04 | |
target: x86_64-unknown-linux-musl | |
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:2003f7f7027adaab2c97bf576ce6bb87640a77c62a6898ed2359c050c49872a5 | |
build: |- | |
apk add perl; | |
set -e && | |
pnpm run build && | |
strip *.node | |
- host: macos-13 | |
target: aarch64-apple-darwin | |
build: | | |
pnpm build --target aarch64-apple-darwin | |
strip -x *.node | |
- host: ubuntu-22.04 | |
target: aarch64-unknown-linux-gnu | |
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:08cb2c8326ae78cf8ffd58f81523dd9592a4778c2c5f314251f5773ea204f289 | |
build: |- | |
set -e && | |
sudo apt-get update && | |
sudo apt-get install perl -y && | |
rustup target add aarch64-unknown-linux-gnu && | |
# Required to build OpenSSL | |
export LDFLAGS="-L/usr/aarch64-unknown-linux-gnu/lib/gcc/aarch64-unknown-linux-gnu/4.8.5" && | |
export CFLAGS="-B/usr/aarch64-unknown-linux-gnu/lib/gcc/aarch64-unknown-linux-gnu/4.8.5 --sysroot=/usr/aarch64-unknown-linux-gnu/aarch64-unknown-linux-gnu/sysroot" && | |
export CXXFLAGS="-B/usr/aarch64-unknown-linux-gnu/lib/gcc/aarch64-unknown-linux-gnu/4.8.5 --sysroot=/usr/aarch64-unknown-linux-gnu/aarch64-unknown-linux-gnu/sysroot" && | |
pnpm run build --target aarch64-unknown-linux-gnu && | |
aarch64-unknown-linux-gnu-strip *.node | |
- host: ubuntu-22.04 | |
target: aarch64-unknown-linux-musl | |
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:2003f7f7027adaab2c97bf576ce6bb87640a77c62a6898ed2359c050c49872a5 | |
build: |- | |
apk add perl; | |
set -e && | |
rustup target add aarch64-unknown-linux-musl && | |
pnpm run build --target aarch64-unknown-linux-musl && | |
/aarch64-linux-musl-cross/bin/aarch64-linux-musl-strip *.node | |
name: stable - ${{ matrix.settings.target }} - node@18 | |
runs-on: ${{ matrix.settings.host }} | |
defaults: | |
run: | |
working-directory: ./crates/edr_napi | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Check number of targets | |
shell: bash | |
run: | | |
echo "Number of build jobs: ${{ strategy.job-total }}" | |
echo "Expected number of build jobs: $NUMBER_OF_TARGETS" | |
test ${{ strategy.job-total }} -eq "$NUMBER_OF_TARGETS" | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- name: Setup node | |
uses: actions/setup-node@v3 | |
if: ${{ !matrix.settings.docker }} | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: pnpm | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@stable | |
if: ${{ !matrix.settings.docker }} | |
with: | |
toolchain: stable | |
# The `--target` flag for `rustup toolchain install` is not working properly which is | |
# why we need this extra step in addition to the `dtolnay/rust-toolchain` action. | |
# https://github.com/rust-lang/rustup/issues/3255 | |
- name: Add Rust cross-compilation target | |
run: rustup target add ${{ matrix.settings.target }} | |
if: ${{ !matrix.settings.docker }} | |
shell: bash | |
- name: Cache cargo | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
.cargo-cache | |
target/ | |
key: ${{ matrix.settings.target }}-cargo-${{ matrix.settings.host }} | |
- uses: goto-bus-stop/setup-zig@v2 | |
if: ${{ matrix.settings.target == 'armv7-unknown-linux-gnueabihf' }} | |
with: | |
version: 0.10.1 | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --prefer-offline | |
- name: Build in docker | |
uses: addnab/docker-run-action@v3 | |
if: ${{ matrix.settings.docker }} | |
with: | |
image: ${{ matrix.settings.docker }} | |
options: "--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build/crates/edr_napi" | |
run: ${{ matrix.settings.build }} | |
- name: Build | |
run: ${{ matrix.settings.build }} | |
if: ${{ !matrix.settings.docker }} | |
shell: bash | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: bindings-${{ matrix.settings.target }} | |
# The upload artifact action doesn't respect the working directory setting. Unclear if this is a bug or not | |
# https://github.com/actions/upload-artifact/issues/294 | |
path: ./crates/edr_napi/${{ env.APP_NAME }}.*.node | |
if-no-files-found: error | |
test-macOS-windows-binding: | |
name: Test bindings on ${{ matrix.settings.target }} - node@${{ matrix.node }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
settings: | |
- host: macos-13 | |
target: x86_64-apple-darwin | |
- host: macos-14 | |
target: aarch64-apple-darwin | |
- host: windows-2022 | |
target: x86_64-pc-windows-msvc | |
node: | |
- "18" | |
- "20" | |
runs-on: ${{ matrix.settings.host }} | |
defaults: | |
run: | |
working-directory: ./crates/edr_napi | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-node | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --prefer-offline | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: bindings-${{ matrix.settings.target }} | |
path: ./crates/edr_napi/ | |
- name: List packages | |
run: ls -R . | |
shell: bash | |
- name: Test bindings | |
run: pnpm testNoBuild | |
test-linux-x64-gnu-binding: | |
name: Test bindings on Linux-x64-gnu - node@${{ matrix.node }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
node: | |
- "18" | |
- "20" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-node | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --prefer-offline | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: bindings-x86_64-unknown-linux-gnu | |
path: ./crates/edr_napi/ | |
- name: List packages | |
run: ls -R . | |
shell: bash | |
- name: Test bindings | |
# Setting CI=1 is important to make PNPM install non-interactive | |
# https://github.com/pnpm/pnpm/issues/6615#issuecomment-1656945689 | |
run: docker run --rm -e CI=1 -v $(pwd):/build -w /build/crates/edr_napi node:${{ matrix.node }} bash -c "wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node; pnpm testNoBuild" | |
test-linux-x64-musl-binding: | |
name: Test bindings on x86_64-unknown-linux-musl - node@${{ matrix.node }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
node: | |
- "18" | |
- "20" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-node | |
with: | |
node-version: ${{ matrix.node }} | |
- name: Install dependencies | |
run: | | |
pnpm config set supportedArchitectures.libc "musl" | |
pnpm install --frozen-lockfile --prefer-offline | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: bindings-x86_64-unknown-linux-musl | |
path: ./crates/edr_napi/ | |
- name: List packages | |
run: ls -R . | |
shell: bash | |
- name: Test bindings | |
run: docker run --rm -e CI=1 -v $(pwd):/build -w /build/crates/edr_napi node:${{ matrix.node }}-alpine sh -c "wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node; pnpm testNoBuild" | |
test-linux-aarch64-gnu-binding: | |
name: Test bindings on aarch64-unknown-linux-gnu - node@${{ matrix.node }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
node: | |
- "18" | |
- "20" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: bindings-aarch64-unknown-linux-gnu | |
path: ./crates/edr_napi/ | |
- name: List packages | |
run: ls -R . | |
shell: bash | |
- name: Install dependencies | |
run: | | |
pnpm config set supportedArchitectures.cpu "arm64" | |
pnpm config set supportedArchitectures.libc "glibc" | |
pnpm install --frozen-lockfile --prefer-offline | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: arm64 | |
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Setup and run tests | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: node:${{ matrix.node }} | |
options: "--platform linux/arm64 -v ${{ github.workspace }}:/build -w /build/crates/edr_napi -e CI=1" | |
run: | | |
wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node | |
set -e | |
pnpm testNoBuild | |
ls -la | |
test-linux-aarch64-musl-binding: | |
name: Test bindings on aarch64-unknown-linux-musl - node@${{ matrix.node }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
node: | |
- "18" | |
- "20" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: pnpm/action-setup@v4 | |
with: | |
version: 9 | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: bindings-aarch64-unknown-linux-musl | |
path: ./crates/edr_napi/ | |
- name: List packages | |
run: ls -R . | |
shell: bash | |
- name: Install dependencies | |
run: | | |
pnpm config set supportedArchitectures.cpu "arm64" | |
pnpm config set supportedArchitectures.libc "musl" | |
pnpm install --frozen-lockfile --prefer-offline | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
with: | |
platforms: arm64 | |
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Setup and run tests | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: node:${{ matrix.node }}-alpine | |
options: "--platform linux/arm64 -v ${{ github.workspace }}:/build -w /build/crates/edr_napi -e CI=1" | |
run: | | |
wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node | |
set -e | |
pnpm testNoBuild | |
check_commit: | |
name: Check commit | |
runs-on: ubuntu-22.04 | |
if: github.event_name != 'pull_request' || github.event.pull_request.author_association == 'OWNER' || github.event.pull_request.author_association == 'MEMBER' || github.event.pull_request.author_association == 'COLLABORATOR' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
- name: Check if commit message is a release commit | |
id: check_commit | |
# Must match commit check in publish step | |
run: | | |
if git log -1 --pretty=%B | grep "^edr-[0-9]\+\.[0-9]\+\.[0-9]\+"; | |
then | |
echo "Check commit: matches" | |
echo "match=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "Check commit: no match" | |
echo "match=false" >> "$GITHUB_OUTPUT" | |
fi | |
outputs: | |
match: ${{ steps.check_commit.outputs.match }} | |
publish: | |
name: Publish | |
environment: edr-release | |
runs-on: ubuntu-22.04 | |
needs: | |
- check_commit | |
- test-macOS-windows-binding | |
- test-linux-x64-gnu-binding | |
- test-linux-x64-musl-binding | |
- test-linux-aarch64-gnu-binding | |
- test-linux-aarch64-musl-binding | |
# Only run workflow if the commit message is a release commit. | |
if: ${{ needs.check_commit.outputs.match == 'true' }} | |
defaults: | |
run: | |
working-directory: ./crates/edr_napi | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/setup-node | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile --prefer-offline | |
- name: Download all artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
path: ./crates/edr_napi/artifacts | |
- name: Check number of artifacts | |
shell: bash | |
run: | | |
tree artifacts | |
# get number of artifacts with unique names | |
NUMBER_OF_ARTIFACTS=$(ls -1q artifacts/*/*.node | xargs -n 1 basename | sort | uniq | wc -l) | |
echo "Number of unique artifacts: $NUMBER_OF_ARTIFACTS" | |
echo "Expected number of unique artifacts: $NUMBER_OF_TARGETS" | |
test "$NUMBER_OF_ARTIFACTS" -eq "$NUMBER_OF_TARGETS" | |
- name: Install sponge | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y moreutils | |
- name: Move artifacts | |
run: pnpm artifacts | |
- name: Publish | |
run: | | |
if git log -1 --pretty=%B | grep "^edr-[0-9]\+\.[0-9]\+\.[0-9]\+-"; | |
then | |
if [ "$GITHUB_REF" == "refs/heads/main" -o "$GITHUB_REF" == "refs/heads/prerelease" ]; then | |
echo "Publishing pre-release" | |
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc | |
pnpm publish --no-git-checks --provenance --tag next --access public | |
else | |
echo "Trying to publish a pre-release from a branch that is not 'main' or 'prerelease'" | |
fi | |
elif git log -1 --pretty=%B | grep "^edr-[0-9]\+\.[0-9]\+\.[0-9]\+\s*"; | |
then | |
if [ "$GITHUB_REF" == "refs/heads/main" ]; then | |
echo "Publishing release" | |
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc | |
pnpm publish --no-git-checks --provenance --access public | |
else | |
echo "Trying to publish a release from a branch that is not 'main'" | |
fi | |
else | |
echo "Not a release, skipping publish" | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NOMICFOUNDATION_ORG_NPM_TOKEN }} |