Merge pull request #7 from photostructure/dependabot/npm_and_yarn/mai… #42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version bump type" | |
| required: true | |
| type: choice | |
| options: | |
| - patch | |
| - minor | |
| - major | |
| default: "minor" | |
| jobs: | |
| test-matrix: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [windows-latest, macos-14] | |
| node-version: [18, 20, 22, 23] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Compile native code | |
| run: npm run prebuild | |
| - name: Run tests | |
| run: npm run tests | |
| - name: Upload prebuilds | |
| if: ${{ matrix.node-version == 18 && github.event_name == 'workflow_dispatch' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: prebuilds-${{ matrix.os }} | |
| path: prebuilds/ | |
| test-ubuntu: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: [x64, arm64] | |
| node-version: [18, 20, 22, 23] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup QEMU | |
| if: ${{ matrix.arch == 'arm64' }} | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/arm64 | |
| - run: sudo apt-get update && sudo apt-get install -y docker libglib2.0-dev libblkid-dev uuid-dev | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - uses: actions/checkout@v4 | |
| - run: npm ci | |
| - run: npm run prebuild | |
| - run: npm run tests | |
| - name: Upload prebuilds | |
| if: ${{ matrix.node-version == 18 && github.event_name == 'workflow_dispatch' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: prebuilds-linux-${{ matrix.arch }}-glibc | |
| path: prebuilds/ | |
| test-alpine: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # my eyes can't discern arm64 from amd64 | |
| arch: [x64, arm64] | |
| node-version: [18, 20, 22, 23] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| if: ${{ matrix.arch == 'arm64' }} | |
| with: | |
| platforms: linux/arm64 | |
| - run: | | |
| docker run --rm -v $(pwd):/tmp/project --entrypoint /bin/sh --platform linux/${{ matrix.arch == 'x64' && 'amd64' || 'arm64' }} node:${{ matrix.node-version }}-alpine -c "\ | |
| apk add build-base git python3 py3-setuptools util-linux-dev --update-cache && \ | |
| cd /tmp/project && \ | |
| npm ci && \ | |
| npm run prebuild && \ | |
| npm run tests" | |
| - name: Upload prebuilds | |
| if: ${{ matrix.node-version == 18 && github.event_name == 'workflow_dispatch' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: prebuilds-linux-${{ matrix.arch }}-musl | |
| path: prebuilds/ | |
| publish: | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| runs-on: ubuntu-latest | |
| needs: [test-matrix, test-ubuntu, test-alpine] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ./prebuilds | |
| merge-multiple: true # < because prebuilds/linux-x64/ will contain both a glibc and musl build | |
| - name: List ./prebuilds/ | |
| run: ls -laR ./prebuilds | |
| - name: Set up GPG | |
| run: | | |
| # Import key more securely | |
| echo "$GPG_PRIVATE_KEY" | gpg --batch --import 2>/dev/null | |
| # Configure gpg more securely | |
| cat > ~/.gnupg/gpg.conf << EOF | |
| default-key ${{ secrets.GPG_KEY_ID }} | |
| pinentry-mode loopback | |
| use-agent | |
| EOF | |
| # Reload agent | |
| gpg-connect-agent RELOADAGENT /bye | |
| # Add key using configuration file instead of CLI args | |
| echo "$GPG_PASSPHRASE" | gpg --batch --passphrase-fd 0 --quick-add-key ${{ secrets.GPG_KEY_ID }} | |
| - name: Configure Git to use GPG | |
| run: | | |
| git config --global user.signingkey ${{ secrets.GPG_KEY_ID }} | |
| git config --global commit.gpgSign true | |
| git config --global gpg.program gpg | |
| - name: Configure git for publishing | |
| run: | | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| - name: Configure npm for publishing | |
| run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc | |
| - name: Publish to npm | |
| run: npm run release -- --ci ${{ github.event.inputs.version }} | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Cleanup GPG keys | |
| if: always() | |
| run: | | |
| gpg --batch --yes --delete-secret-keys ${{ secrets.GPG_KEY_ID }} | |
| gpg --batch --yes --delete-keys ${{ secrets.GPG_KEY_ID }} | |
| rm -rf ~/.gnupg/ | |
| - name: Remove npm token | |
| if: always() | |
| run: rm -f ~/.npmrc |