From fde986d24ae886885795e04b66e0acf0208cc445 Mon Sep 17 00:00:00 2001 From: janniks Date: Thu, 27 Mar 2025 16:31:47 +0700 Subject: [PATCH 1/6] ci: check sha --- .github/workflows/verify-packages.yml | 32 ++++++++++ build-packages.ts | 86 +++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 .github/workflows/verify-packages.yml create mode 100644 build-packages.ts diff --git a/.github/workflows/verify-packages.yml b/.github/workflows/verify-packages.yml new file mode 100644 index 000000000..a1fe210c3 --- /dev/null +++ b/.github/workflows/verify-packages.yml @@ -0,0 +1,32 @@ +name: Verify Package Builds + +on: + push: + +jobs: + verify: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + cache: 'npm' + + - name: Install dependencies + run: npm ci + + - name: Run package verification + run: npx tsx -y ./build-packages.ts + + - name: Check for mismatches + run: | + if grep -q "DIFFERS" <<< "$(./build-packages.ts)"; then + echo "❌ Found package build mismatches with npm registry!" + exit 1 + else + echo "✅ All package builds match npm registry versions" + fi diff --git a/build-packages.ts b/build-packages.ts new file mode 100644 index 000000000..ee12ab8d0 --- /dev/null +++ b/build-packages.ts @@ -0,0 +1,86 @@ +#!/usr/bin/env tsx + +import * as fs from 'fs'; +import * as path from 'path'; +import { spawnSync } from 'child_process'; + +const ORIGINAL_DIR = process.cwd(); +const PACKAGES_DIR = path.resolve(ORIGINAL_DIR, 'packages'); + +// Get all package directories +const packages = fs.readdirSync(PACKAGES_DIR).filter(item => { + const itemPath = path.join(PACKAGES_DIR, item); + return fs.statSync(itemPath).isDirectory() && !item.startsWith('.'); +}); + +console.log(`Found ${packages.length} packages to process`); + +// Process all packages +const results = packages + .map(dir => { + const json = path.join(PACKAGES_DIR, dir, 'package.json'); + const pkg = JSON.parse(fs.readFileSync(json, 'utf8')); + + if (pkg.private === true) { + console.log(`Skipping package: ${pkg.name}`); + return null; + } + + console.log(`\nProcessing package: ${pkg.name}`); + process.chdir(path.join(PACKAGES_DIR, dir)); + + // Run npm publish dry-run + const result = spawnSync('npm', ['publish', '--dry-run'], { encoding: 'utf8' }); + const output = `${result.stdout}\n${result.stderr}`; + + // Extract values using inline functions + const shasum = extractFromOutput(output, /npm notice shasum:\s+([a-f0-9]{40})/); + const integrity = extractFromOutput( + output, + /npm notice integrity:\s+(sha\d+-[A-Za-z0-9+/=]+(?:\[\.\.\.\][A-Za-z0-9+/=]*==?)?)/ + ); + + console.log(` Package: ${pkg.name}`); + console.log(` Tarball hash: ${integrity}`); + console.log(` Shasum: ${shasum}`); + + // Check latest published version on npm registry + const registryCheck = spawnSync('curl', [`https://registry.npmjs.org/${pkg.name}/latest`], { + encoding: 'utf8', + }); + const registryData = JSON.parse(registryCheck.stdout); + const registryShasum = registryData.dist?.shasum; + + const status = registryShasum === shasum ? 'matches' : `DIFFERS`; + console.log(` ${status}`); + + return { + name: pkg.name, + tarballHash: integrity, + shasum, + }; + }) + .filter(Boolean) as PackageInfo[]; + +// Restore original directory +process.chdir(ORIGINAL_DIR); + +// Output final results +console.log('\n=== PACKAGE BUILD RESULTS ==='); +console.table(results); + +// HELPERS +function extractFromOutput(output: string, regex: RegExp): string { + return ( + output + .split('\n') + .map(line => line.match(regex)?.[1]) + .find(Boolean) || 'Not found' + ); +} + +interface PackageInfo { + name: string; + tarballHash: string; + shasum: string; +} From 58cc1c6deab4adf21065ec7ac78f2f9e00eb5853 Mon Sep 17 00:00:00 2001 From: janniks Date: Thu, 27 Mar 2025 17:06:56 +0700 Subject: [PATCH 2/6] ci: update npx --- .github/workflows/verify-packages.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/verify-packages.yml b/.github/workflows/verify-packages.yml index a1fe210c3..62c6bf812 100644 --- a/.github/workflows/verify-packages.yml +++ b/.github/workflows/verify-packages.yml @@ -19,8 +19,11 @@ jobs: - name: Install dependencies run: npm ci + - name: Install tsx globally + run: npm install -g tsx + - name: Run package verification - run: npx tsx -y ./build-packages.ts + run: npx tsx ./build-packages.ts - name: Check for mismatches run: | From 9000f5b4cf4a158854aaceba0ec4a12facecd5e2 Mon Sep 17 00:00:00 2001 From: janniks Date: Fri, 28 Mar 2025 01:30:28 +0700 Subject: [PATCH 3/6] ci: update npx --- .github/workflows/verify-packages.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/verify-packages.yml b/.github/workflows/verify-packages.yml index 62c6bf812..3734044a6 100644 --- a/.github/workflows/verify-packages.yml +++ b/.github/workflows/verify-packages.yml @@ -22,12 +22,9 @@ jobs: - name: Install tsx globally run: npm install -g tsx - - name: Run package verification - run: npx tsx ./build-packages.ts - - name: Check for mismatches run: | - if grep -q "DIFFERS" <<< "$(./build-packages.ts)"; then + if grep -q "DIFFERS" <<< "$(npx tsx ./build-packages.ts)"; then echo "❌ Found package build mismatches with npm registry!" exit 1 else From ef6e1d6c65db22c28eef9c74b644f85cf8fb08e2 Mon Sep 17 00:00:00 2001 From: janniks Date: Thu, 17 Apr 2025 18:02:31 +0900 Subject: [PATCH 4/6] ci: run check into the past --- .github/workflows/verify-packages.yml | 40 ++++++++++++++++++++++----- build-packages.ts | 32 +++++++++++---------- 2 files changed, 51 insertions(+), 21 deletions(-) diff --git a/.github/workflows/verify-packages.yml b/.github/workflows/verify-packages.yml index 3734044a6..8926e70f7 100644 --- a/.github/workflows/verify-packages.yml +++ b/.github/workflows/verify-packages.yml @@ -22,11 +22,37 @@ jobs: - name: Install tsx globally run: npm install -g tsx - - name: Check for mismatches + - name: Get tags older than 6 months + id: get_tags run: | - if grep -q "DIFFERS" <<< "$(npx tsx ./build-packages.ts)"; then - echo "❌ Found package build mismatches with npm registry!" - exit 1 - else - echo "✅ All package builds match npm registry versions" - fi + TAGS=$(git for-each-ref --sort=-taggerdate --format '%(refname:short) %(taggerdate:iso8601)' refs/tags | \ + awk -v date="$(date -d '6 months ago' +%Y-%m-%d)" '$2 < date {print $1}') + echo "tags<> $GITHUB_OUTPUT + echo "$TAGS" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + - name: Verify packages for each tag + id: verify_tags + run: | + set -e + mkdir -p results + echo "| Tag | Result | Differing Packages |" > results/summary.md + echo "|-----|--------|--------------------|" >> results/summary.md + for TAG in ${{ steps.get_tags.outputs.tags }}; do + echo "Checking out $TAG" + git checkout $TAG + npm ci || { echo "| $TAG | npm ci failed | - |" >> results/summary.md; continue; } + DIFFERS_JSON=$(npx tsx ./build-packages.ts) + if [ "$DIFFERS_JSON" != "[]" ]; then + # Remove brackets and quotes for markdown table + DIFFERS_LIST=$(echo $DIFFERS_JSON | jq -r '. | join(", ")') + echo "| $TAG | ❌ Mismatch | $DIFFERS_LIST |" >> results/summary.md + else + echo "| $TAG | ✅ Match | - |" >> results/summary.md + fi + done + git checkout $GITHUB_SHA # Return to original commit + + - name: Print summary table + run: | + cat results/summary.md diff --git a/build-packages.ts b/build-packages.ts index ee12ab8d0..14f3749c6 100644 --- a/build-packages.ts +++ b/build-packages.ts @@ -13,7 +13,9 @@ const packages = fs.readdirSync(PACKAGES_DIR).filter(item => { return fs.statSync(itemPath).isDirectory() && !item.startsWith('.'); }); -console.log(`Found ${packages.length} packages to process`); +// console.debug(`Found ${packages.length} packages to process`); + +const NPM_VERSION_TAG = (process.env.NPM_VERSION_TAG || 'latest').replace(/^v/, ''); // Process all packages const results = packages @@ -22,11 +24,11 @@ const results = packages const pkg = JSON.parse(fs.readFileSync(json, 'utf8')); if (pkg.private === true) { - console.log(`Skipping package: ${pkg.name}`); + // console.debug(`Skipping package: ${pkg.name}`); return null; } - console.log(`\nProcessing package: ${pkg.name}`); + // console.debug(`\nProcessing package: ${pkg.name}`); process.chdir(path.join(PACKAGES_DIR, dir)); // Run npm publish dry-run @@ -40,34 +42,36 @@ const results = packages /npm notice integrity:\s+(sha\d+-[A-Za-z0-9+/=]+(?:\[\.\.\.\][A-Za-z0-9+/=]*==?)?)/ ); - console.log(` Package: ${pkg.name}`); - console.log(` Tarball hash: ${integrity}`); - console.log(` Shasum: ${shasum}`); + // console.debug(` Package: ${pkg.name}`); + // console.debug(` Tarball hash: ${integrity}`); + // console.debug(` Shasum: ${shasum}`); - // Check latest published version on npm registry - const registryCheck = spawnSync('curl', [`https://registry.npmjs.org/${pkg.name}/latest`], { + const registryUrl = `https://registry.npmjs.org/${pkg.name}/${NPM_VERSION_TAG}`; + const registryCheck = spawnSync('curl', [registryUrl], { encoding: 'utf8', }); const registryData = JSON.parse(registryCheck.stdout); const registryShasum = registryData.dist?.shasum; - const status = registryShasum === shasum ? 'matches' : `DIFFERS`; - console.log(` ${status}`); - return { name: pkg.name, tarballHash: integrity, shasum, + differs: registryShasum === shasum, }; }) - .filter(Boolean) as PackageInfo[]; + .filter(Boolean) as (PackageInfo & { differs: boolean })[]; // Restore original directory process.chdir(ORIGINAL_DIR); // Output final results -console.log('\n=== PACKAGE BUILD RESULTS ==='); -console.table(results); +// console.debug('\n=== PACKAGE BUILD RESULTS ==='); +// console.debug(results); + +// Output JSON array of differing packages +const differingPackages = results.filter(r => r.differs).map(r => r.name); +console.log(JSON.stringify(differingPackages)); // HELPERS function extractFromOutput(output: string, regex: RegExp): string { From 760935edda059489a4d6ab21180b416df51bb92a Mon Sep 17 00:00:00 2001 From: janniks Date: Thu, 17 Apr 2025 22:35:23 +0900 Subject: [PATCH 5/6] ci: update workflow --- .github/workflows/verify-packages.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/verify-packages.yml b/.github/workflows/verify-packages.yml index 8926e70f7..e6b733794 100644 --- a/.github/workflows/verify-packages.yml +++ b/.github/workflows/verify-packages.yml @@ -38,11 +38,13 @@ jobs: mkdir -p results echo "| Tag | Result | Differing Packages |" > results/summary.md echo "|-----|--------|--------------------|" >> results/summary.md + echo "Tags to check:" >&2 + echo "${{ steps.get_tags.outputs.tags }}" >&2 for TAG in ${{ steps.get_tags.outputs.tags }}; do echo "Checking out $TAG" git checkout $TAG npm ci || { echo "| $TAG | npm ci failed | - |" >> results/summary.md; continue; } - DIFFERS_JSON=$(npx tsx ./build-packages.ts) + DIFFERS_JSON=$(TAG=$TAG npx tsx ./build-packages.ts) if [ "$DIFFERS_JSON" != "[]" ]; then # Remove brackets and quotes for markdown table DIFFERS_LIST=$(echo $DIFFERS_JSON | jq -r '. | join(", ")') @@ -56,3 +58,5 @@ jobs: - name: Print summary table run: | cat results/summary.md + +# continue: check github action status !!! From d940536abdf594e5b7408e825b2faf410b937902 Mon Sep 17 00:00:00 2001 From: janniks Date: Fri, 18 Apr 2025 19:04:32 +0900 Subject: [PATCH 6/6] ci: log more --- .github/workflows/verify-packages.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/verify-packages.yml b/.github/workflows/verify-packages.yml index e6b733794..f4ddae28a 100644 --- a/.github/workflows/verify-packages.yml +++ b/.github/workflows/verify-packages.yml @@ -38,13 +38,16 @@ jobs: mkdir -p results echo "| Tag | Result | Differing Packages |" > results/summary.md echo "|-----|--------|--------------------|" >> results/summary.md - echo "Tags to check:" >&2 - echo "${{ steps.get_tags.outputs.tags }}" >&2 + echo "Tags to check:" + echo "${{ steps.get_tags.outputs.tags }}" for TAG in ${{ steps.get_tags.outputs.tags }}; do + echo "\nProcessing tag: $TAG" echo "Checking out $TAG" git checkout $TAG npm ci || { echo "| $TAG | npm ci failed | - |" >> results/summary.md; continue; } + echo "Running build-packages.ts for tag: $TAG" DIFFERS_JSON=$(TAG=$TAG npx tsx ./build-packages.ts) + echo "build-packages.ts output for $TAG: $DIFFERS_JSON" if [ "$DIFFERS_JSON" != "[]" ]; then # Remove brackets and quotes for markdown table DIFFERS_LIST=$(echo $DIFFERS_JSON | jq -r '. | join(", ")')