chore: Address Initial low hanging internal audit comments #322
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node Bindings | |
| env: | |
| DEBUG: napi:* | |
| APP_NAME: node-eth-kzg | |
| MACOSX_DEPLOYMENT_TARGET: '10.13' | |
| permissions: | |
| contents: write | |
| id-token: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'workflow_dispatch' && 'manual' || github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: The reference (branch/tag/commit) to checkout | |
| required: false | |
| release-type: | |
| type: choice | |
| required: false | |
| default: none | |
| description: Indicates whether we want to make a release and if which one | |
| options: | |
| - pre-release # Release a pre-release version to npm | |
| - release # release an official version to npm | |
| - none # Make no release | |
| jobs: | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| settings: | |
| - host: ubuntu-latest | |
| target: x86_64-apple-darwin | |
| - host: ubuntu-latest | |
| target: aarch64-apple-darwin | |
| - host: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| - host: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| - host: ubuntu-latest | |
| target: x86_64-pc-windows-msvc | |
| - host: ubuntu-latest | |
| target: aarch64-pc-windows-msvc | |
| name: Build - ${{ matrix.settings.target }} | |
| runs-on: ${{ matrix.settings.host }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: stable | |
| targets: ${{ matrix.settings.target }} | |
| # llvm-preview-tools are needed for xwin, because we are compiling assembly (blst) | |
| # Alternatively, you can install llvm | |
| - name: Install llvm-preview-tools | |
| if: runner.os == 'Linux' && contains(matrix.settings.target, 'windows') | |
| run: rustup component add llvm-tools-preview | |
| - name: Install dependencies | |
| run: yarn install | |
| working-directory: bindings/node | |
| - name: Setup Zig | |
| uses: goto-bus-stop/setup-zig@v2 | |
| with: | |
| version: 0.13.0 | |
| - name: Install Binstall | |
| uses: cargo-bins/cargo-binstall@main | |
| - name: Install cargo-zigbuild | |
| run: cargo binstall cargo-zigbuild -y | |
| - name: Install cargo-xwin (Windows on Linux only) | |
| if: contains(matrix.settings.target, 'windows') | |
| run: cargo binstall cargo-xwin -y | |
| - name: Build (Mac and Linux) | |
| if: contains(matrix.settings.target, 'windows') == false | |
| run: yarn build --zig --release --target ${{ matrix.settings.target }} | |
| working-directory: bindings/node | |
| - name: Build (Windows on Linux) | |
| if: contains(matrix.settings.target, 'windows') | |
| run: yarn build --release --target ${{ matrix.settings.target }} | |
| working-directory: bindings/node | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bindings-${{ matrix.settings.target }} | |
| path: bindings/node/${{ env.APP_NAME }}.*.node | |
| if-no-files-found: error | |
| test: | |
| needs: build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| settings: | |
| - host: macos-13 | |
| target: x86_64-apple-darwin | |
| - host: macos-14 | |
| target: aarch64-apple-darwin | |
| - host: ubuntu-latest | |
| target: x86_64-unknown-linux-gnu | |
| - host: ubuntu-latest | |
| target: aarch64-unknown-linux-gnu | |
| - host: windows-latest | |
| target: x86_64-pc-windows-msvc | |
| - host: ubuntu-latest | |
| target: aarch64-pc-windows-msvc | |
| node: | |
| - '20' | |
| name: Test - ${{ matrix.settings.target }} - node@${{ matrix.node }} | |
| runs-on: ${{ matrix.settings.host }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node }} | |
| - name: Install dependencies | |
| run: yarn install | |
| working-directory: bindings/node | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bindings-${{ matrix.settings.target }} | |
| path: bindings/node | |
| # Native testing for macOS (both Intel and ARM) | |
| - name: Test bindings (macOS) | |
| if: startsWith(matrix.settings.host, 'macos') | |
| run: yarn test | |
| working-directory: bindings/node | |
| # Native testing for x86_64 Linux | |
| - name: Test bindings (Linux x86_64) | |
| if: matrix.settings.target == 'x86_64-unknown-linux-gnu' | |
| run: yarn test | |
| working-directory: bindings/node | |
| # Emulated testing for aarch64 Linux | |
| - name: Set up QEMU | |
| if: matrix.settings.target == 'aarch64-unknown-linux-gnu' | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: arm64 | |
| - name: Test bindings (Linux ARM64) | |
| if: matrix.settings.target == 'aarch64-unknown-linux-gnu' | |
| uses: addnab/docker-run-action@v3 | |
| with: | |
| image: node:${{ matrix.node }}-slim | |
| options: '--platform linux/arm64 -v ${{ github.workspace }}:/build -w /build' | |
| run: | | |
| cd bindings/node | |
| yarn config set supportedArchitectures.cpu "arm64" | |
| yarn config set supportedArchitectures.libc "glibc" | |
| yarn install | |
| yarn test | |
| # Native testing for x86_64 Windows | |
| - name: Test bindings (Windows x86_64) | |
| if: matrix.settings.target == 'x86_64-pc-windows-msvc' | |
| run: yarn test | |
| working-directory: bindings/node | |
| # ARM on windows is not tested | |
| publish: | |
| name: Publish | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test | |
| defaults: | |
| run: | |
| working-directory: bindings/node | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: bindings/node/artifacts | |
| - name: Move artifacts | |
| run: yarn artifacts | |
| - name: Publish | |
| if: ${{ inputs.release-type != 'none' && github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc | |
| echo "//registry.yarnpkg.com/:_authToken=$NPM_TOKEN" >> ~/.npmrc | |
| if [ "${{inputs.release-type}}" = "release" ]; then | |
| SHOULD_PUBLISH=true | |
| elif [ "${{inputs.release-type}}" = "pre-release" ]; then | |
| # Prepend the commit hash to the package.json files | |
| # so we can publish a pre-release version | |
| yarn prereleaseVersion | |
| SHOULD_PUBLISH=true | |
| else | |
| echo "No release has been made" | |
| SHOULD_PUBLISH=false | |
| fi | |
| if [ "$SHOULD_PUBLISH" = true ]; then | |
| # Prepare and publish the platform specific packages | |
| yarn prepareAndPublishAddons | |
| # Publish the base package, setting provenance | |
| # to true as it's recommended. The platform specific packages | |
| # don't need to have it, but we could edit them to pass provenance. | |
| npm config set provenance true | |
| npm publish --access public | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_RELEASE_TOKEN }} |