Skip to content

Merge main into feat/multichain #1103

Merge main into feat/multichain

Merge main into feat/multichain #1103

Workflow file for this run

name: EDR NPM release
env:
DEBUG: napi:*
APP_NAME: edr
MACOSX_DEPLOYMENT_TARGET: "10.13"
NUMBER_OF_TARGETS: 7
permissions:
contents: write
id-token: write
on:
push:
branches:
- main
- prerelease
tags-ignore:
- "**"
paths-ignore:
- "**/*.md"
- LICENSE
- "**/*.gitignore"
- .editorconfig
- docs/**
pull_request: null
workflow_dispatch:
jobs:
build:
strategy:
fail-fast: false
matrix:
settings:
- host: macos-13
target: x86_64-apple-darwin
build: |
pnpm build
strip -x *.node
- host: windows-2022
build: pnpm build
target: x86_64-pc-windows-msvc
- host: ubuntu-22.04
target: x86_64-unknown-linux-gnu
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:4b2638c0987845c4ab3488574a215a2a866b99fb28588788786f2b8cbcb40e71
build: |-
set -e &&
pnpm run build --target x86_64-unknown-linux-gnu &&
strip *.node
- host: ubuntu-22.04
target: x86_64-unknown-linux-musl
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:2003f7f7027adaab2c97bf576ce6bb87640a77c62a6898ed2359c050c49872a5
build: |-
apk add perl;
set -e &&
pnpm run build &&
strip *.node
- host: macos-13
target: aarch64-apple-darwin
build: |
pnpm build --target aarch64-apple-darwin
strip -x *.node
- host: ubuntu-22.04
target: aarch64-unknown-linux-gnu
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:08cb2c8326ae78cf8ffd58f81523dd9592a4778c2c5f314251f5773ea204f289
build: |-
set -e &&
sudo apt-get update &&
sudo apt-get install perl -y &&
rustup target add aarch64-unknown-linux-gnu &&
# Required to build OpenSSL
export LDFLAGS="-L/usr/aarch64-unknown-linux-gnu/lib/gcc/aarch64-unknown-linux-gnu/4.8.5" &&
export CFLAGS="-B/usr/aarch64-unknown-linux-gnu/lib/gcc/aarch64-unknown-linux-gnu/4.8.5 --sysroot=/usr/aarch64-unknown-linux-gnu/aarch64-unknown-linux-gnu/sysroot" &&
export CXXFLAGS="-B/usr/aarch64-unknown-linux-gnu/lib/gcc/aarch64-unknown-linux-gnu/4.8.5 --sysroot=/usr/aarch64-unknown-linux-gnu/aarch64-unknown-linux-gnu/sysroot" &&
pnpm run build --target aarch64-unknown-linux-gnu &&
aarch64-unknown-linux-gnu-strip *.node
- host: ubuntu-22.04
target: aarch64-unknown-linux-musl
docker: ghcr.io/napi-rs/napi-rs/nodejs-rust@sha256:2003f7f7027adaab2c97bf576ce6bb87640a77c62a6898ed2359c050c49872a5
build: |-
apk add perl;
set -e &&
rustup target add aarch64-unknown-linux-musl &&
pnpm run build --target aarch64-unknown-linux-musl &&
/aarch64-linux-musl-cross/bin/aarch64-linux-musl-strip *.node
name: stable - ${{ matrix.settings.target }} - node@18
runs-on: ${{ matrix.settings.host }}
defaults:
run:
working-directory: ./crates/edr_napi
steps:
- uses: actions/checkout@v4
- name: Check number of targets
shell: bash
run: |
echo "Number of build jobs: ${{ strategy.job-total }}"
echo "Expected number of build jobs: $NUMBER_OF_TARGETS"
test ${{ strategy.job-total }} -eq "$NUMBER_OF_TARGETS"
- uses: pnpm/action-setup@v4
with:
version: 9
- name: Setup node
uses: actions/setup-node@v3
if: ${{ !matrix.settings.docker }}
with:
node-version: 20
check-latest: true
cache: pnpm
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
if: ${{ !matrix.settings.docker }}
with:
toolchain: stable
# The `--target` flag for `rustup toolchain install` is not working properly which is
# why we need this extra step in addition to the `dtolnay/rust-toolchain` action.
# https://github.com/rust-lang/rustup/issues/3255
- name: Add Rust cross-compilation target
run: rustup target add ${{ matrix.settings.target }}
if: ${{ !matrix.settings.docker }}
shell: bash
- name: Cache cargo
uses: actions/cache@v3
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
.cargo-cache
target/
key: ${{ matrix.settings.target }}-cargo-${{ matrix.settings.host }}
- uses: goto-bus-stop/setup-zig@v2
if: ${{ matrix.settings.target == 'armv7-unknown-linux-gnueabihf' }}
with:
version: 0.10.1
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline
- name: Build in docker
uses: addnab/docker-run-action@v3
if: ${{ matrix.settings.docker }}
with:
image: ${{ matrix.settings.docker }}
options: "--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build/crates/edr_napi"
run: ${{ matrix.settings.build }}
- name: Build
run: ${{ matrix.settings.build }}
if: ${{ !matrix.settings.docker }}
shell: bash
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: bindings-${{ matrix.settings.target }}
# The upload artifact action doesn't respect the working directory setting. Unclear if this is a bug or not
# https://github.com/actions/upload-artifact/issues/294
path: ./crates/edr_napi/${{ env.APP_NAME }}.*.node
if-no-files-found: error
test-macOS-windows-binding:
name: Test bindings on ${{ matrix.settings.target }} - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
settings:
- host: macos-13
target: x86_64-apple-darwin
- host: macos-14
target: aarch64-apple-darwin
- host: windows-2022
target: x86_64-pc-windows-msvc
node:
- "18"
- "20"
runs-on: ${{ matrix.settings.host }}
defaults:
run:
working-directory: ./crates/edr_napi
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-node
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: bindings-${{ matrix.settings.target }}
path: ./crates/edr_napi/
- name: List packages
run: ls -R .
shell: bash
- name: Test bindings
run: pnpm testNoBuild
test-linux-x64-gnu-binding:
name: Test bindings on Linux-x64-gnu - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
node:
- "18"
- "20"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-node
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: bindings-x86_64-unknown-linux-gnu
path: ./crates/edr_napi/
- name: List packages
run: ls -R .
shell: bash
- name: Test bindings
# Setting CI=1 is important to make PNPM install non-interactive
# https://github.com/pnpm/pnpm/issues/6615#issuecomment-1656945689
run: docker run --rm -e CI=1 -v $(pwd):/build -w /build/crates/edr_napi node:${{ matrix.node }} bash -c "wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node; pnpm testNoBuild"
test-linux-x64-musl-binding:
name: Test bindings on x86_64-unknown-linux-musl - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
node:
- "18"
- "20"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-node
with:
node-version: ${{ matrix.node }}
- name: Install dependencies
run: |
pnpm config set supportedArchitectures.libc "musl"
pnpm install --frozen-lockfile --prefer-offline
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: bindings-x86_64-unknown-linux-musl
path: ./crates/edr_napi/
- name: List packages
run: ls -R .
shell: bash
- name: Test bindings
run: docker run --rm -e CI=1 -v $(pwd):/build -w /build/crates/edr_napi node:${{ matrix.node }}-alpine sh -c "wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node; pnpm testNoBuild"
test-linux-aarch64-gnu-binding:
name: Test bindings on aarch64-unknown-linux-gnu - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
node:
- "18"
- "20"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: bindings-aarch64-unknown-linux-gnu
path: ./crates/edr_napi/
- name: List packages
run: ls -R .
shell: bash
- name: Install dependencies
run: |
pnpm config set supportedArchitectures.cpu "arm64"
pnpm config set supportedArchitectures.libc "glibc"
pnpm install --frozen-lockfile --prefer-offline
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Setup and run tests
uses: addnab/docker-run-action@v3
with:
image: node:${{ matrix.node }}
options: "--platform linux/arm64 -v ${{ github.workspace }}:/build -w /build/crates/edr_napi -e CI=1"
run: |
wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node
set -e
pnpm testNoBuild
ls -la
test-linux-aarch64-musl-binding:
name: Test bindings on aarch64-unknown-linux-musl - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
node:
- "18"
- "20"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 9
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: bindings-aarch64-unknown-linux-musl
path: ./crates/edr_napi/
- name: List packages
run: ls -R .
shell: bash
- name: Install dependencies
run: |
pnpm config set supportedArchitectures.cpu "arm64"
pnpm config set supportedArchitectures.libc "musl"
pnpm install --frozen-lockfile --prefer-offline
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Setup and run tests
uses: addnab/docker-run-action@v3
with:
image: node:${{ matrix.node }}-alpine
options: "--platform linux/arm64 -v ${{ github.workspace }}:/build -w /build/crates/edr_napi -e CI=1"
run: |
wget -qO- 'https://unpkg.com/@pnpm/self-installer' | node
set -e
pnpm testNoBuild
check_commit:
name: Check commit
runs-on: ubuntu-22.04
if: github.event_name != 'pull_request' || github.event.pull_request.author_association == 'OWNER' || github.event.pull_request.author_association == 'MEMBER' || github.event.pull_request.author_association == 'COLLABORATOR'
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Check if commit message is a release commit
id: check_commit
# Must match commit check in publish step
run: |
if git log -1 --pretty=%B | grep "^edr-[0-9]\+\.[0-9]\+\.[0-9]\+";
then
echo "Check commit: matches"
echo "match=true" >> "$GITHUB_OUTPUT"
else
echo "Check commit: no match"
echo "match=false" >> "$GITHUB_OUTPUT"
fi
outputs:
match: ${{ steps.check_commit.outputs.match }}
publish:
name: Publish
environment: edr-release
runs-on: ubuntu-22.04
needs:
- check_commit
- test-macOS-windows-binding
- test-linux-x64-gnu-binding
- test-linux-x64-musl-binding
- test-linux-aarch64-gnu-binding
- test-linux-aarch64-musl-binding
# Only run workflow if the commit message is a release commit.
if: ${{ needs.check_commit.outputs.match == 'true' }}
defaults:
run:
working-directory: ./crates/edr_napi
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-node
- name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline
- name: Download all artifacts
uses: actions/download-artifact@v3
with:
path: ./crates/edr_napi/artifacts
- name: Check number of artifacts
shell: bash
run: |
tree artifacts
# get number of artifacts with unique names
NUMBER_OF_ARTIFACTS=$(ls -1q artifacts/*/*.node | xargs -n 1 basename | sort | uniq | wc -l)
echo "Number of unique artifacts: $NUMBER_OF_ARTIFACTS"
echo "Expected number of unique artifacts: $NUMBER_OF_TARGETS"
test "$NUMBER_OF_ARTIFACTS" -eq "$NUMBER_OF_TARGETS"
- name: Install sponge
run: |
sudo apt-get update
sudo apt-get install -y moreutils
- name: Move artifacts
run: pnpm artifacts
- name: Publish
run: |
if git log -1 --pretty=%B | grep "^edr-[0-9]\+\.[0-9]\+\.[0-9]\+-";
then
if [ "$GITHUB_REF" == "refs/heads/main" -o "$GITHUB_REF" == "refs/heads/prerelease" ]; then
echo "Publishing pre-release"
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
pnpm publish --no-git-checks --provenance --tag next --access public
else
echo "Trying to publish a pre-release from a branch that is not 'main' or 'prerelease'"
fi
elif git log -1 --pretty=%B | grep "^edr-[0-9]\+\.[0-9]\+\.[0-9]\+\s*";
then
if [ "$GITHUB_REF" == "refs/heads/main" ]; then
echo "Publishing release"
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
pnpm publish --no-git-checks --provenance --access public
else
echo "Trying to publish a release from a branch that is not 'main'"
fi
else
echo "Not a release, skipping publish"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NOMICFOUNDATION_ORG_NPM_TOKEN }}