Skip to content
CI

ci: verify third-party licenses on PR and change to plaintext format from html third-party licenses #68

Sign in to view logs

ci: verify third-party licenses on PR and change to plaintext format from html third-party licenses

ci: verify third-party licenses on PR and change to plaintext format from html third-party licenses #68

Workflow file for this run

.github/workflows/CI.yml at aba4048
name: CI
env:
DEBUG: napi:*
APP_NAME: atlas-local
MACOSX_DEPLOYMENT_TARGET: '10.13'
CARGO_INCREMENTAL: '1'
CARGO_DENY_VERSION: 0.18.4
CARGO_AUDIT_VERSION: 0.21.2
CARGO_ABOUT_VERSION: 0.8.2
'on':
push:
branches:
- main
tags-ignore:
- '**'
paths-ignore:
- '**/*.md'
- LICENSE
- '**/*.gitignore'
- .editorconfig
- docs/**
pull_request: null
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 22
cache: yarn
- name: Install
uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- name: Install dependencies
run: yarn install
- name: Oxlint
run: yarn lint
- name: Cargo fmt
run: cargo fmt -- --check
- name: Clippy
run: cargo clippy
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools-preview
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@v2
with:
tool: cargo-llvm-cov
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-test-
- name: Run tests with coverage
run: cargo llvm-cov --verbose --workspace --lcov --output-path=lcov.info
- name: Upload coverage to Coveralls
env:
COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
uses: coverallsapp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: lcov.info
parallel: true
build:
strategy:
fail-fast: false
matrix:
settings:
- host: macos-latest
target: x86_64-apple-darwin
build: yarn build --target x86_64-apple-darwin
- host: windows-latest
build: yarn build --target x86_64-pc-windows-msvc
target: x86_64-pc-windows-msvc
- host: ubuntu-latest
target: x86_64-unknown-linux-gnu
build: yarn build --target x86_64-unknown-linux-gnu --use-napi-cross
- host: macos-latest
target: aarch64-apple-darwin
build: yarn build --target aarch64-apple-darwin
- host: ubuntu-latest
target: aarch64-unknown-linux-gnu
build: |
export CFLAGS_aarch64_unknown_linux_gnu="-D__ARM_ARCH=8"
yarn build --target aarch64-unknown-linux-gnu --use-napi-cross
name: stable - ${{ matrix.settings.target }} - node@22
runs-on: ${{ matrix.settings.host }}
steps:
- uses: actions/checkout@v5
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 22
cache: yarn
- name: Install
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
targets: ${{ matrix.settings.target }}
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.napi-rs
.cargo-cache
target/
key: ${{ matrix.settings.target }}-cargo-${{ matrix.settings.host }}
- uses: mlugg/setup-zig@v2
if: ${{ contains(matrix.settings.target, 'musl') }}
with:
version: 0.14.1
- name: Install cargo-zigbuild
uses: taiki-e/install-action@v2
if: ${{ contains(matrix.settings.target, 'musl') }}
env:
GITHUB_TOKEN: ${{ github.token }}
with:
tool: cargo-zigbuild
- name: Setup toolchain
run: ${{ matrix.settings.setup }}
if: ${{ matrix.settings.setup }}
shell: bash
- name: Install dependencies
run: yarn install
- name: Build
run: ${{ matrix.settings.build }}
shell: bash
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: bindings-${{ matrix.settings.target }}
path: |
${{ env.APP_NAME }}.*.node
${{ env.APP_NAME }}.*.wasm
if-no-files-found: error
test-macOS-windows-binding:
name: Test bindings on ${{ matrix.settings.target }} - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
settings:
- host: windows-latest
target: x86_64-pc-windows-msvc
architecture: x64
- host: macos-latest
target: aarch64-apple-darwin
architecture: arm64
- host: macos-latest
target: x86_64-apple-darwin
architecture: x64
node:
- '20'
- '22'
runs-on: ${{ matrix.settings.host }}
steps:
- uses: actions/checkout@v5
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: yarn
architecture: ${{ matrix.settings.architecture }}
- name: Install dependencies
run: yarn install
- name: Download artifacts
uses: actions/download-artifact@v5
with:
name: bindings-${{ matrix.settings.target }}
path: .
- name: List packages
run: ls -R .
shell: bash
- name: Test bindings
run: yarn test
- name: Upload coverage report
env:
COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
uses: coverallsapp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: coverage/lcov.info
parallel: true
test-linux-binding:
name: Test ${{ matrix.target }} - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
target:
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu
node:
- '20'
- '22'
runs-on: ${{ contains(matrix.target, 'aarch64') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v5
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: yarn
- name: Output docker params
id: docker
run: |
node -e "
if ('${{ matrix.target }}'.startsWith('aarch64')) {
console.log('PLATFORM=linux/arm64')
} else if ('${{ matrix.target }}'.startsWith('armv7')) {
console.log('PLATFORM=linux/arm/v7')
} else {
console.log('PLATFORM=linux/amd64')
}
" >> $GITHUB_OUTPUT
node -e "
if ('${{ matrix.target }}'.endsWith('-musl')) {
console.log('IMAGE=node:${{ matrix.node }}-alpine')
} else {
console.log('IMAGE=node:${{ matrix.node }}-slim')
}
" >> $GITHUB_OUTPUT
- name: Install dependencies
run: |
yarn config set --json supportedArchitectures.cpu '["current", "arm64", "x64", "arm"]'
yarn config set --json supportedArchitectures.libc '["current", "musl", "gnu"]'
yarn install
- name: Download artifacts
uses: actions/download-artifact@v5
with:
name: bindings-${{ matrix.target }}
path: .
- name: List packages
run: ls -R .
shell: bash
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
if: ${{ contains(matrix.target, 'armv7') }}
with:
platforms: all
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
if: ${{ contains(matrix.target, 'armv7') }}
- name: Test bindings
uses: addnab/docker-run-action@v3
with:
image: ${{ steps.docker.outputs.IMAGE }}
options: '-v ${{ github.workspace }}:${{ github.workspace }} -w ${{ github.workspace }} --platform ${{ steps.docker.outputs.PLATFORM }}'
run: yarn test
- name: Upload coverage report
env:
COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
uses: coverallsapp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: coverage/lcov.info
parallel: true
coverage:
name: Report Coverage
runs-on: ubuntu-latest
needs: [test, test-macOS-windows-binding, test-linux-binding]
steps:
- name: Send coverage
env:
COVERALLS_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
uses: coverallsapp/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel-finished: true
publish:
name: Publish
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
needs:
- lint
- test
- test-macOS-windows-binding
- test-linux-binding
steps:
- uses: actions/checkout@v5
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 22
cache: yarn
- name: Install dependencies
run: yarn install
- name: create npm dirs
run: yarn napi create-npm-dirs
- name: Download all artifacts
uses: actions/download-artifact@v5
with:
path: artifacts
- name: Move artifacts
run: yarn artifacts
- name: List packages
run: ls -R ./npm
shell: bash
- name: Publish
run: |
npm config set provenance true
if git log -1 --pretty=%B | grep "^[0-9]\+\.[0-9]\+\.[0-9]\+$";
then
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
npm publish --access public
elif git log -1 --pretty=%B | grep "^[0-9]\+\.[0-9]\+\.[0-9]\+";
then
echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc
npm publish --tag next --access public
else
echo "Not a release, skipping publish"
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
license-and-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Rust toolchain
run: |
rustup update stable
rustup default stable
rustup component add clippy rustfmt
- name: Cache cargo registry
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
${{ runner.os }}-cargo-
- name: Cache cargo tools
uses: actions/cache@v4
with:
path: ~/.cargo/bin
key: ${{ runner.os }}-cargo-tools-deny-${{ env.CARGO_DENY_VERSION }}-audit-${{ env.CARGO_AUDIT_VERSION }}-about-${{ env.CARGO_ABOUT_VERSION }}
restore-keys: |
${{ runner.os }}-cargo-tools-
- name: Install cargo-deny
run: |
if ! command -v cargo-deny &> /dev/null; then
cargo install --locked --version ${{ env.CARGO_DENY_VERSION }} cargo-deny
fi
- name: Install cargo-audit
run: |
if ! command -v cargo-audit &> /dev/null; then
cargo install --locked --version ${{ env.CARGO_AUDIT_VERSION }} cargo-audit
fi
- name: Install cargo-about
run: |
if ! command -v cargo-about &> /dev/null; then
cargo install --locked --version ${{ env.CARGO_ABOUT_VERSION }} cargo-about
fi
- name: Run cargo deny
run: cargo deny check
- name: Run cargo audit
run: cargo audit
- name: Verify LICENSE-3RD-PARTY.txt is up to date
run: |
cargo about generate --frozen about.hbs > LICENSE-3RD-PARTY-generated.txt
if ! diff -q LICENSE-3RD-PARTY.txt LICENSE-3RD-PARTY-generated.txt > /dev/null; then
echo "ERROR: LICENSE-3RD-PARTY.txt is not up to date!"
echo "Please run: cargo about generate about.hbs > LICENSE-3RD-PARTY.txt"
echo "Differences found:"
diff LICENSE-3RD-PARTY.txt LICENSE-3RD-PARTY-generated.txt || true
exit 1
fi
rm LICENSE-3RD-PARTY-generated.txt
echo "LICENSE-3RD-PARTY.txt is up to date"