Add NPM provenance #194
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull-Request | |
on: | |
pull_request: | |
jobs: | |
valgrind: | |
needs: ['cpp-lint', 'js-lint'] | |
strategy: | |
matrix: | |
version: [12, 14, 16, 18, 19, 20] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
- run: sudo apt-get update && sudo apt-get install valgrind | |
- run: npm i --ignore-scripts | |
- run: npm run test:js-valgrind | |
asan: | |
needs: ['cpp-lint', 'js-lint'] | |
strategy: | |
matrix: | |
version: [12, 14, 16, 18, 19, 20] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.version }} | |
- run: sudo apt-get update && sudo apt-get install libcpputest-dev cpputest | |
- run: npm i --ignore-scripts | |
- run: npm run test:asan | |
- run: npm run test:js-asan | |
build: | |
needs: ['cpp-lint', 'js-lint'] | |
uses: Datadog/action-prebuildify/.github/workflows/build.yml@main | |
with: | |
cache: false | |
napi: false | |
package-manager: 'npm' | |
prebuild: 'node scripts/prebuild' | |
skip: 'linux-arm linux-ia32' | |
target-name: 'iastnativemethods' | |
cpp-test-libc: | |
needs: ['build'] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
debian: | |
- tag: testing | |
target: | |
- dockerfile: Dockerfile | |
libc: libc | |
artifact: linux-x64 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- run: docker build -t cpputest-libc --build-arg TAG=${{ matrix.debian.tag }} -f ./docker/${{ matrix.target.dockerfile }} . | |
- run: docker run --name test-libc cpputest-libc | |
- run: docker cp test-libc:/build/test/cpputest/results/ . | |
- uses: mikepenz/action-junit-report@v3 | |
if: always() | |
with: | |
report_paths: '**/results/cpputest_*.xml' | |
check_name: junit test report ${{ matrix.target.name }} | |
cpp-test-musl: | |
needs: ['build'] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
alpine: | |
- tag: latest | |
target: | |
- dockerfile: alpine.Dockerfile | |
libc: musl | |
artifact: linuxmusl-x64 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- run: docker build -t cpputest-musl --build-arg TAG=${{ matrix.alpine.tag }} -f ./docker/${{ matrix.target.dockerfile }} . | |
- run: docker run --name test-musl cpputest-musl | |
- run: docker cp test-musl:/build/test/cpputest/results/ . | |
- uses: mikepenz/action-junit-report@v3 | |
if: always() | |
with: | |
report_paths: '**/results/cpputest_*.xml' | |
check_name: junit test report ${{ matrix.target.name }} | |
cpp-lint: | |
needs: ['check-licenses'] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
- run: pip install cpplint | |
- run: cpplint --filter=-build/include_subdir --linelength=120 --recursive ./src | |
js-lint: | |
needs: ['check-licenses'] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '19' | |
- run: npm i --ignore-scripts | |
- run: npm run lint | |
check-licenses: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '19' | |
- run: npm i --ignore-scripts | |
- run: node scripts/check_licenses.js | |
pack: | |
needs: ['cpp-test-musl', 'cpp-test-libc'] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/download-artifact@v3 | |
- run: npm pack | |
- uses: codex-team/action-nodejs-package-info@v1 | |
id: package | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: datadog-native-iast-taint-tracking-${{ steps.package.outputs.version }} | |
path: '*.tgz' | |
test-native-js: | |
needs: ['pack'] | |
strategy: | |
matrix: | |
target: | |
- name: linux 64 bits | |
os: ubuntu-latest | |
artifact: linux-x64-gnu | |
- name: windows 64 bits | |
os: windows-2019 | |
artifact: win32-x64-msvc | |
- name: macos 64 bits | |
os: macos-latest | |
artifact: darwin-x64 | |
runs-on: ${{ matrix.target.os }} | |
env: | |
NPM_TAINTEDUTILS: true | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- run: npm ci --ignore-scripts | |
- uses: codex-team/action-nodejs-package-info@v1 | |
id: package | |
- uses: actions/download-artifact@v3 | |
with: | |
name: datadog-native-iast-taint-tracking-${{ steps.package.outputs.version }} | |
- run: npm i --verbose datadog-native-iast-taint-tracking-${{ steps.package.outputs.version }}.tgz | |
- run: npm run test:js-junit | |
- name: Publish Test Report | |
uses: mikepenz/action-junit-report@v3 | |
if: always() | |
with: | |
report_paths: '**/build/junit.xml' | |
check_name: junit test report ${{ matrix.target.name }} | |
all-good: | |
needs: | |
- test-native-js | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo 'πππππ' | |