Add provenance #152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
name: Build app | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- "*" | |
paths-ignore: | |
- "*.md" | |
- "*.txt" | |
- "*.yml" | |
- .editorconfig | |
- ".github/**" | |
- .gitignore | |
- .npmignore | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- "*.md" | |
- "*.txt" | |
- "*.yml" | |
- .editorconfig | |
- ".github/**" | |
- .gitignore | |
- .npmignore | |
jobs: | |
build: | |
name: Build amd64 | |
runs-on: ${{ matrix.runner }} | |
strategy: | |
fail-fast: false | |
matrix: | |
node: ["18.x", "20.x"] | |
runner: ["windows-latest", "ubuntu-latest", "macos-latest"] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node }} | |
registry-url: "https://registry.npmjs.org" | |
cache: npm | |
- run: | | |
node --version | |
npm --version | |
npm ci | |
name: Install npm dependencies | |
- run: npm run lint . | |
name: Lint | |
if: matrix.runner == 'ubuntu-latest' | |
- run: npm run typecheck | |
name: Type check | |
if: matrix.runner == 'ubuntu-latest' | |
- run: | | |
set -euo pipefail | |
sudo apt-get update | |
sudo apt-get install -y libnss3 | |
name: Install OS dependencies | |
if: matrix.runner == 'ubuntu-latest' | |
- run: ./test-driver.sh | |
name: Verify install | |
shell: bash | |
build_arm64: | |
name: Build arm64 | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
node: ["18", "20"] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: uraimo/[email protected] | |
name: Verify install | |
id: build | |
with: | |
arch: aarch64 | |
distro: ubuntu20.04 | |
env: | # this is just so we can cache each version | |
GITHUB_WORKFLOW: ${{ github.workflow }}-${{ github.job }}-${{ matrix.node }} | |
dockerRunArgs: | | |
--volume "$PWD:/app" | |
githubToken: ${{ github.token }} | |
install: | | |
set -euo pipefail | |
apt-get update | |
apt-get -y install xz-utils curl libnss3 | |
curl -fsSL --output sha https://nodejs.org/dist/latest-v${{ matrix.node }}.x/SHASUMS256.txt | |
FULL_FILE=`grep 'node-v${{ matrix.node }}.*-linux-arm64.tar.gz' sha | tr -s ' ' | cut -d' ' -f2` | |
NODE_VERSION=`echo $FULL_FILE | grep --color=never -Eo '[0-9]{2,}\.[0-9]{1,}\.[0-9]{1,}'` | |
echo "Node version is $NODE_VERSION" | |
ARCH=arm64 | |
curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" | |
tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner | |
rm sha | |
rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" | |
run: | | |
node --version | |
npm --version | |
cd /app | |
npm ci --no-progress | |
BIN="./lib/chromedriver/chromedriver" | |
if ! [ -e $BIN ]; then | |
echo "Binary not found at $BIN" | |
exit 1 | |
fi | |
build_s390x: | |
name: Build s390x | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
node: ["18", "20"] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: uraimo/[email protected] | |
name: Verify install | |
id: build | |
with: | |
arch: s390x | |
distro: ubuntu20.04 | |
env: | # this is just so we can cache each version | |
GITHUB_WORKFLOW: ${{ github.workflow }}-${{ github.job }}-${{ matrix.node }} | |
dockerRunArgs: | | |
--volume "$PWD:/app" | |
githubToken: ${{ github.token }} | |
install: | | |
set -euo pipefail | |
apt-get update | |
apt-get -y install xz-utils curl libnss3 | |
curl -fsSL --output sha https://nodejs.org/dist/latest-v${{ matrix.node }}.x/SHASUMS256.txt | |
FULL_FILE=`grep 'node-v${{ matrix.node }}.*-linux-s390x.tar.gz' sha | tr -s ' ' | cut -d' ' -f2` | |
NODE_VERSION=`echo $FULL_FILE | grep --color=never -Eo '[0-9]{2,}\.[0-9]{1,}\.[0-9]{1,}'` | |
echo "Node version is $NODE_VERSION" | |
ARCH=s390x | |
curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" | |
tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner | |
rm sha | |
rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" | |
npm install -g npm@latest | |
run: | | |
node --version | |
npm --version | |
cd /app | |
npm ci --no-progress | |
BIN="./lib/chromedriver/chromedriver" | |
if ! [ -e $BIN ]; then | |
echo "Binary not found at $BIN" | |
exit 1 | |
fi | |
build_proxy: | |
name: Build with proxy | |
runs-on: ubuntu-latest | |
services: | |
squid: | |
image: ubuntu/squid:5.2-22.04_beta | |
ports: | |
- 3128:3128 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 20.x | |
registry-url: "https://registry.npmjs.org" | |
cache: npm | |
- run: | | |
node --version | |
npm --version | |
export http_proxy=http://localhost:3128 https_proxy=http://localhost:3128 | |
npm ci | |
name: Install npm dependencies | |
- run: | | |
set -euo pipefail | |
sudo apt-get update | |
sudo apt-get install -y libnss3 | |
name: Install OS dependencies | |
- run: ./test-driver.sh | |
name: Verify install | |
publish: | |
permissions: | |
contents: read | |
id-token: write | |
name: Publish to npm | |
runs-on: ubuntu-latest | |
needs: [build, build_arm64, build_s390x, build_proxy] | |
if: success() && startsWith(github.ref, 'refs/tags/') | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 20.x | |
registry-url: "https://registry.npmjs.org" | |
- run: npm publish --provenance --access public | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |