Skip to content

feat: enable-legacy and enable-weak-ssl-ciphers #221

feat: enable-legacy and enable-weak-ssl-ciphers

feat: enable-legacy and enable-weak-ssl-ciphers #221

name: build-lint-test
on:
pull_request:
env:
LIBCURL_RELEASE: 'LATEST'
concurrency:
group: ${{ github.head_ref }}
cancel-in-progress: true
# all jobs here must have a matrix identical to the ones inside build-and-release.yaml
jobs:
scan:
permissions:
packages: write
contents: write # publish sbom to GH releases/tag assets
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
path: ${{ github.repository }}
# Perform SCA analysis for the code repository
# Produces SBOM and CVE report
# Helps understand vulnerabilities / license compliance across third party dependencies
# Drift: Doesn't track any npm global or OS specific packages that involves scanning entire root file system.
# (TODO): Produce OS specific SBOM to detect build time depdencies.
- id: sca-project
uses: Kong/public-shared-actions/security-actions/sca@2f02738ecb1670f01391162e43fe3f5d4e7942a1 # v2.2.2
with:
dir: ${{ github.repository }}
build-and-test-nodejs:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- macos-13-xlarge
- ubuntu-22.04
libcurl-release:
- 7.86.0
node-libcurl-cpp-std:
- c++17
node:
- 20.16.0
include:
# Lint
- os: ubuntu-latest
node: 20.16.0
node-libcurl-cpp-std: c++17
libcurl-release: 7.86.0
run-lint-and-tsc: true
env:
LIBCURL_RELEASE: ${{ matrix.libcurl-release }}
LATEST_LIBCURL_RELEASE: ${{ matrix.libcurl-release }}
NODE_LIBCURL_CPP_STD: ${{ matrix.node-libcurl-cpp-std }}
steps:
- id: timestamp
run: echo "timestamp=$(timestamp +%s)" >> $GITHUB_OUTPUT
- name: Restore the previous run result
uses: actions/cache@v3
with:
path: |
run_result
key: ${{ github.run_id }}-${{ github.job }}-${{ steps.timestamp.outputs.timestamp }}
restore-keys: |
${{ github.run_id }}-${{ github.job }}-
- id: run_result
run: cat run_result 2>/dev/null || echo 'default'
- if: runner.os == 'macOS'
name: Install Needed packages on macOS
run: brew install coreutils wget automake libtool cmake gnu-sed m4 autoconf@2.69 groff
- if: runner.os == 'Linux'
name: Install Needed packages on Linux
run: sudo apt-get install -y cmake
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'npm'
cache-dependency-path: package-lock.json
- name: Restore libcurl deps cache
uses: actions/cache@v3
id: libcurl-deps-cache
with:
path: |
~/.node-gyp
~/deps
key: v4-build-lint-test-${{ runner.os }}-libcurl-deps-cache-node-${{ matrix.node }}
restore-keys: |
v4-build-lint-test-${{ runner.os }}-libcurl-deps-cache-node-${{ matrix.node }}
- name: Build node-libcurl ${{ matrix.node }}
if: steps.run_result.outputs.run_result != 'success'
run: |
RUN_TESTS=false \
RUN_PREGYP_CLEAN=false \
PUBLISH_BINARY=false \
./scripts/ci/build.sh
- name: 'Run lint'
if: matrix.run-lint-and-tsc && steps.run_result.outputs.run_result != 'success'
run: npm run lint
- name: 'Run tsc'
if: matrix.run-lint-and-tsc && steps.run_result.outputs.run_result != 'success'
run: npm run build:dist
# we do run tests in all matrix jobs
- name: 'Run tests'
if: steps.run_result.outputs.run_result != 'success'
run: npm run test:coverage
# but coverage is only sent for the run-lint-and-tsc job
- name: Upload coverage to Codecov
if: matrix.run-lint-and-tsc && steps.run_result.outputs.run_result != 'success'
uses: codecov/codecov-action@v1
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./coverage/**
fail_ci_if_error: false
- name: Upload artifacts
if: always() && steps.run_result.outputs.run_result != 'success'
uses: actions/upload-artifact@v3
with:
name: build-logs-${{ matrix.os }}-${{ matrix.libcurl-release }}-${{ matrix.node }}
path: ./logs/
retention-days: 3
# TODO(Filipe) - fix this set-output
- run: echo "::set-output name=run_result::success" > run_result
build-and-test-electron:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os:
- macos-13-xlarge
- ubuntu-22.04
libcurl-release:
- 7.86.0
node:
- 20.16.0
electron-version:
- 31.4.0
env:
LIBCURL_RELEASE: ${{ matrix.libcurl-release }}
LATEST_LIBCURL_RELEASE: ${{ matrix.libcurl-release }}
ELECTRON_VERSION: ${{ matrix.electron-version }}
NODE_LIBCURL_CPP_STD: c++17
steps:
- id: timestamp
run: echo "timestamp=$(timestamp +%s)" >> $GITHUB_OUTPUT
- name: Restore the previous run result
uses: actions/cache@v3
with:
path: |
run_result
key: ${{ github.run_id }}-${{ github.job }}-${{ steps.timestamp.outputs.timestamp }}
restore-keys: |
${{ github.run_id }}-${{ github.job }}-
- id: run_result
run: cat run_result 2>/dev/null || echo 'default'
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- name: Install Needed packages
run: brew install coreutils wget automake libtool cmake gnu-sed m4 autoconf@2.69 groff
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'npm'
cache-dependency-path: package-lock.json
- name: Restore Electron Cache
uses: actions/cache@v3
with:
path: ~/Library/Caches/electron
key: v1-${{ runner.os }}-electron-cache-${{ matrix.electron-version }}
restore-keys: |
v1-${{ runner.os }}-electron-cache-${{ matrix.electron-version }}
v1-${{ runner.os }}-electron-cache-
- name: Restore libcurl deps cache
uses: actions/cache@v3
id: libcurl-deps-cache
with:
path: |
~/.node-gyp
~/deps
key: v4-build-lint-test-${{ runner.os }}-libcurl-deps-cache-electron-${{ matrix.electron-version }}
restore-keys: |
v4-build-lint-test-${{ runner.os }}-libcurl-deps-cache-electron-${{ matrix.electron-version }}
- name: 'Set GIT_TAG'
if: startsWith(github.ref, 'refs/tags')
run: echo "GIT_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Build node-libcurl ${{ matrix.node }} ${{ matrix.electron-version }}
if: steps.run_result.outputs.run_result != 'success'
run: |
RUN_TESTS=true \
RUN_PREGYP_CLEAN=false \
PUBLISH_BINARY=false \
./scripts/ci/build.sh
- name: Upload artifacts
if: always() && steps.run_result.outputs.run_result != 'success'
uses: actions/upload-artifact@v3
with:
name: build-logs-${{ matrix.os }}-${{ matrix.libcurl-release }}-${{ matrix.electron-version }}
path: ./logs/
retention-days: 5
# TODO(Filipe) - fix this set-output
- run: echo "::set-output name=run_result::success" > run_result
build-and-test-nodejs-windows:
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
node:
- 20.16.0
env:
npm_config_msvs_version: 2022
npm_config_build_from_source: true
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Setup Node.js ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
- name: Install dependencies
run: |
choco install nasm -y
$env:PATH=$env:PROGRAMFILES + "\NASM;" + $env:Path
python deps\curl-for-windows\configure.py
- name: Build ${{ matrix.node }}
run: |
$env:PATH=$env:PROGRAMFILES + "\NASM;" + $env:Path
npm ci
- name: Test
run: |
npm run ts-node -e "console.log(require('./lib').Curl.getVersionInfoString())"
npm run test
if ($LASTEXITCODE -eq 0) {
$host.SetShouldExit(0)
}
build-and-test-electron-windows:
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
node:
- 20.16.0
electron-version:
- 31.4.0
env:
ELECTRON_VERSION: ${{ matrix.electron-version }}
npm_config_msvs_version: 2022
npm_config_build_from_source: true
npm_config_runtime: 'electron'
npm_config_dist_url: 'https://electronjs.org/headers'
npm_config_target: ${{ matrix.electron-version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Setup Node.js ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
- name: Install dependencies
run: |
choco install nasm -y
$env:PATH=$env:PROGRAMFILES + "\NASM;" + $env:Path
python deps\curl-for-windows\configure.py
npm install -g electron@${env:ELECTRON_VERSION}
- name: Build ${{ matrix.node }}
run: |
$env:PATH=$env:PROGRAMFILES + "\NASM;" + $env:Path
npm ci
- name: Test
run: |
npm run test:electron
if ($LASTEXITCODE -eq 0) {
$host.SetShouldExit(0)
}