diff --git a/.github/actions/install-nix/action.yml b/.github/actions/install-nix/action.yml deleted file mode 100644 index 2576643..0000000 --- a/.github/actions/install-nix/action.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: 'Install Nix' -description: 'Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.' -author: 'Domen Kožar' -inputs: - extra_nix_config: - description: 'Gets appended to `/etc/nix/nix.conf` if passed.' - github_access_token: - description: 'Configure nix to pull from github using the given github token.' - install_url: - description: 'Installation URL that will contain a script to install Nix.' - install_options: - description: 'Additional installer flags passed to the installer script.' - nix_path: - description: 'Set NIX_PATH environment variable.' - enable_kvm: - description: 'Enable KVM for hardware-accelerated virtualization on Linux, if available.' - required: false - default: true -branding: - color: 'blue' - icon: 'sun' -runs: - using: 'composite' - steps: - - run: | - ${GITHUB_ACTION_PATH}/install-nix.sh - nix profile install nixpkgs#cacert nixpkgs#tzdata - TZDATA=$(nix eval --raw nixpkgs#tzdata.outPath) - CACERT=$(nix eval --raw nixpkgs#cacert.outPath) - echo "TZDIR=$TZDATA/share/zoneinfo" >> "$GITHUB_ENV" - echo "GIT_SSL_CAINFO=$CACERT/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" - echo "NIX_SSL_CERT_FILE=$CACERT/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" - shell: bash - env: - INPUT_EXTRA_NIX_CONFIG: ${{ inputs.extra_nix_config }} - INPUT_GITHUB_ACCESS_TOKEN: ${{ inputs.github_access_token }} - INPUT_INSTALL_OPTIONS: ${{ inputs.install_options }} - INPUT_INSTALL_URL: ${{ inputs.install_url }} - INPUT_NIX_PATH: ${{ inputs.nix_path }} - INPUT_ENABLE_KVM: ${{ inputs.enable_kvm }} - GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/actions/matrixai-env-setup/action.yml b/.github/actions/matrixai-env-setup/action.yml new file mode 100644 index 0000000..e10d5ce --- /dev/null +++ b/.github/actions/matrixai-env-setup/action.yml @@ -0,0 +1,65 @@ +name: 'MatrixAI Environment Setup' +description: 'Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.' +inputs: + extra_nix_config: + description: 'Gets appended to `/etc/nix/nix.conf` if passed.' + github_access_token: + description: 'Configure nix to pull from github using the given github token.' + install_url: + description: 'Installation URL that will contain a script to install Nix.' + install_options: + description: 'Additional installer flags passed to the installer script.' + nix_path: + description: 'Set NIX_PATH environment variable.' + enable_kvm: + description: 'Enable KVM for hardware-accelerated virtualization on Linux, if available.' + required: false + default: true +runs: + using: 'composite' + steps: + - run: | + ${GITHUB_ACTION_PATH}/matrixai-env-setup.sh + shell: bash + env: + INPUT_EXTRA_NIX_CONFIG: | + ${{ inputs.extra_nix_config }} + substituters = s3://matrix-ai-nix-cache?profile=matrix-nix-cache®ion=ap-southeast-2 https://cache.nixos.org/ + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= matrix-ai-nix-cache:yhxzASVutUGCY2o/U4jkiNVj06M6Fi1h94LiC5TkYBg= + INPUT_REGISTRY: | + { + "flakes": [ + { + "exact": true, + "from": { "id": "nixpkgs-matrix", "type": "indirect" }, + "to": { + "type": "git", + "url": "https://github.com/MatrixAI/nixpkgs-matrix" + } + }, + { + "exact": true, + "from": { "id": "nixpkgs-matrix-private", "type": "indirect" }, + "to": { + "type": "git", + "url": "https://github.com/MatrixAI/nixpkgs-matrix-private" + } + } + ], + "version": 2 + } + INPUT_GITHUB_ACCESS_TOKEN: ${{ inputs.github_access_token }} + INPUT_INSTALL_OPTIONS: ${{ inputs.install_options }} + INPUT_INSTALL_URL: ${{ inputs.install_url }} + INPUT_NIX_PATH: ${{ inputs.nix_path }} + INPUT_ENABLE_KVM: ${{ inputs.enable_kvm }} + GITHUB_TOKEN: ${{ github.token }} + - run: | + nix profile install nixpkgs-matrix#cacert nixpkgs-matrix#tzdata nixpkgs-matrix#polykey-cli + TZDATA=$(nix eval --raw nixpkgs-matrix#tzdata.outPath) + CACERT=$(nix eval --raw nixpkgs-matrix#cacert.outPath) + echo "TZDIR=$TZDATA/share/zoneinfo" >> "$GITHUB_ENV" + echo "GIT_SSL_CAINFO=$CACERT/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=$CACERT/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + shell: bash + diff --git a/.github/actions/install-nix/install-nix.sh b/.github/actions/matrixai-env-setup/matrixai-env-setup.sh similarity index 92% rename from .github/actions/install-nix/install-nix.sh rename to .github/actions/matrixai-env-setup/matrixai-env-setup.sh index bdb2b6f..675cc79 100755 --- a/.github/actions/install-nix/install-nix.sh +++ b/.github/actions/matrixai-env-setup/matrixai-env-setup.sh @@ -8,7 +8,7 @@ fi if [[ ($OSTYPE =~ linux) && ($INPUT_ENABLE_KVM == 'true') ]]; then enable_kvm() { - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-install-nix-action-kvm.rules + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-matrixai-env-setup-action-kvm.rules sudo udevadm control --reload-rules && sudo udevadm trigger --name-match=kvm } @@ -114,10 +114,15 @@ if [[ -n "${INPUT_NIX_PATH:-}" ]]; then echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" fi -# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197 +# Set temporary directory (if not already set) to fix https://github.com/cachix/matrixai-env-setup-action/issues/197 if [[ -z "${TMPDIR:-}" ]]; then echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" fi +if [[ -n "${INPUT_REGISTRY:-}" ]]; then + # Output the INPUT_REGISTRY variable contents to /etc/nix/registry.json + echo "$INPUT_REGISTRY" | sudo tee /etc/nix/registry.json > /dev/null +fi + # Close the log message group which was opened above echo "::endgroup::" diff --git a/.github/workflows/application-js-cloudflare-feature-closed.yml b/.github/workflows/application-js-cloudflare-feature-closed.yml index 2d41541..a3ca582 100644 --- a/.github/workflows/application-js-cloudflare-feature-closed.yml +++ b/.github/workflows/application-js-cloudflare-feature-closed.yml @@ -3,6 +3,10 @@ name: "CI / Application JS Cloudflare Feature Closed" on: workflow_call: inputs: + environment: + description: 'Deployment Environment' + type: string + required: true appName: type: string required: true @@ -34,11 +38,12 @@ jobs: if: startsWith(inputs.featureBranch, 'feature') permissions: contents: read + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Stop Deployment env: NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} diff --git a/.github/workflows/application-js-cloudflare-feature.yml b/.github/workflows/application-js-cloudflare-feature.yml index 68e3c89..3cf4a3a 100644 --- a/.github/workflows/application-js-cloudflare-feature.yml +++ b/.github/workflows/application-js-cloudflare-feature.yml @@ -3,6 +3,10 @@ name: "CI / Application JS Cloudflare Feature" on: workflow_call: inputs: + environment: + description: 'Deployment Environment' + type: string + required: true ref: type: string default: master @@ -26,11 +30,12 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run linting env: NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} @@ -46,11 +51,25 @@ jobs: permissions: contents: read actions: write + environment: ${{ inputs.environment }} steps: + - name: Checkout Actions + uses: actions/checkout@v4 + with: + repository: MatrixAI/.github + ref: ${{ inputs.ref }} + path: tmp/.github + - name: Parse Secrets + uses: ./tmp/.github/.github/actions/secrets-parse + with: + secrets: ${{ secrets.DEPLOY_SECRETS }} - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Setup Deploy Secrets + run: | + echo "${{ inputs.DEPLOY_SECRETS }}" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' >> $GITHUB_ENV - name: Run build env: NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} @@ -72,6 +91,7 @@ jobs: concurrency: group: feature-deployment cancel-in-progress: false + environment: ${{ inputs.environment }} steps: - name: Checkout Actions uses: actions/checkout@v4 @@ -86,7 +106,7 @@ jobs: - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - uses: actions/download-artifact@v4 with: name: public @@ -101,9 +121,6 @@ jobs: url: "https://${{ github.ref_name }}.dev.zeta.house" run: | echo 'Perform service deployment for feature' - echo "$SECRET1" - echo "$SECRET2" - echo "$SECRET3" nix develop .#ci --command bash -c $' npm run deploy -- \ --feature "$GITHUB_REF_NAME" \ diff --git a/.github/workflows/application-js-cloudflare-master.yml b/.github/workflows/application-js-cloudflare-master.yml index d244671..a993baf 100644 --- a/.github/workflows/application-js-cloudflare-master.yml +++ b/.github/workflows/application-js-cloudflare-master.yml @@ -3,6 +3,10 @@ name: "CI / Application JS Cloudflare Master" on: workflow_call: inputs: + environment: + description: 'Deployment Environment' + type: string + required: true ref: type: string default: master @@ -24,11 +28,25 @@ jobs: permissions: contents: read actions: write + environment: ${{ inputs.environment }} steps: + - name: Checkout Actions + uses: actions/checkout@v4 + with: + repository: MatrixAI/.github + ref: ${{ inputs.ref }} + path: tmp/.github + - name: Parse Secrets + uses: ./tmp/.github/.github/actions/secrets-parse + with: + secrets: ${{ secrets.DEPLOY_SECRETS }} - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Setup Deploy Secrets + run: | + echo "${{ inputs.DEPLOY_SECRETS }}" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' >> $GITHUB_ENV - name: Run build env: NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} @@ -52,6 +70,7 @@ jobs: cancel-in-progress: false permissions: contents: read + environment: ${{ inputs.environment }} steps: - name: Checkout Actions uses: actions/checkout@v4 @@ -59,7 +78,7 @@ jobs: repository: MatrixAI/.github ref: ${{ inputs.ref }} path: tmp/.github - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Parse Secrets uses: ./tmp/.github/.github/actions/secrets-parse with: diff --git a/.github/workflows/application-js-cloudflare-staging.yml b/.github/workflows/application-js-cloudflare-staging.yml index f4a334e..60cc507 100644 --- a/.github/workflows/application-js-cloudflare-staging.yml +++ b/.github/workflows/application-js-cloudflare-staging.yml @@ -3,6 +3,10 @@ name: "CI / Application JS Cloudflare Staging" on: workflow_call: inputs: + environment: + description: 'Deployment Environment' + type: string + required: true ref: type: string default: master @@ -33,11 +37,12 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run linting env: NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} @@ -53,18 +58,18 @@ jobs: permissions: contents: read pull-requests: write + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v4 - name: Create Pull Request from Staging to Master env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr create \ --head staging \ --base master \ --title "ci: merge staging to master" \ --body "This is an automatic PR generated by the CI/CD pipeline. This will be automatically fast-forward merged if successful." \ - --assignee "@me" \ --no-maintainer-edit || true printf "Pipeline Attempt on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ | gh pr comment staging \ @@ -78,11 +83,25 @@ jobs: permissions: contents: read actions: write + environment: ${{ inputs.environment }} steps: + - name: Checkout Actions + uses: actions/checkout@v4 + with: + repository: MatrixAI/.github + ref: ${{ inputs.ref }} + path: tmp/.github + - name: Parse Secrets + uses: ./tmp/.github/.github/actions/secrets-parse + with: + secrets: ${{ secrets.DEPLOY_SECRETS }} - uses: actions/checkout@v4 with: lfs: true - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Setup Deploy Secrets + run: | + echo "${{ inputs.DEPLOY_SECRETS }}" | jq -r 'to_entries | .[] | "\(.key)=\(.value)"' >> $GITHUB_ENV - name: Run build env: NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} @@ -106,6 +125,7 @@ jobs: cancel-in-progress: false permissions: contents: read + environment: ${{ inputs.environment }} steps: - name: Checkout Actions uses: actions/checkout@v4 @@ -113,7 +133,7 @@ jobs: repository: MatrixAI/.github ref: ${{ inputs.ref }} path: tmp/.github - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Parse Secrets uses: ./tmp/.github/.github/actions/secrets-parse with: @@ -148,6 +168,7 @@ jobs: permissions: contents: write pull-requests: write + environment: ${{ inputs.environment }} steps: - uses: actions/checkout@v4 with: @@ -156,7 +177,7 @@ jobs: token: ${{ secrets.GH_TOKEN }} - name: Merge Pull Request from Staging to Master env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} diff --git a/.github/workflows/application-js-feature.yml b/.github/workflows/application-js-feature.yml new file mode 100644 index 0000000..d69c4b1 --- /dev/null +++ b/.github/workflows/application-js-feature.yml @@ -0,0 +1,42 @@ +name: "CI / Application JS Feature" + +on: + workflow_call: + secrets: + NIXPKGS_PRIVATE_PAT: + required: true + +jobs: + # Lint the code + feature-lint: + name: "Feature / Lint" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run linting + env: + NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} + run: | + nix develop .#ci --command bash -c $' + npm run lint + ' + + # Run a dry run + feature-dry: + name: "Feature / Dry Run" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Dry run + env: + NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} + run: | + nix build .#default --dry-run + nix build .#docker --dry-run + diff --git a/.github/workflows/application-js-staging.yml b/.github/workflows/application-js-staging.yml new file mode 100644 index 0000000..5e9bdce --- /dev/null +++ b/.github/workflows/application-js-staging.yml @@ -0,0 +1,109 @@ +name: "CI / Application JS Staging" + +on: + workflow_call: + secrets: + NIXPKGS_PRIVATE_PAT: + required: true + GH_TOKEN: + required: true + GIT_AUTHOR_EMAIL: + required: true + GIT_AUTHOR_NAME: + required: true + GIT_COMMITTER_EMAIL: + required: true + GIT_COMMITTER_NAME: + required: true + +jobs: + # Lint the code + staging-lint: + name: "Staging / Lint" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run linting + env: + NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} + run: | + nix develop .#ci --command bash -c $' + npm run lint + ' + + # Run a dry run + staging-dry: + name: "Staging / Dry Run" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Dry run + env: + NIX_CONFIG: access-tokens = github.com=${{ secrets.NIXPKGS_PRIVATE_PAT }} + run: | + nix build .#default --dry-run + nix build .#docker --dry-run + + # Create the merge PR + staging-merge-begin: + name: "Staging / Merge Begin" + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v4 + - name: Create Pull Request from Staging to Master + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr create \ + --head staging \ + --base master \ + --title "ci: merge staging to master" \ + --body "This is an automatic PR generated by the CI/CD pipeline. This will be automatically fast-forward merged if successful." \ + --no-maintainer-edit || true + printf "Pipeline Attempt on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ + | gh pr comment staging \ + --body-file - \ + --repo "$GITHUB_REPOSITORY" + + staging-merge-finish: + name: "Staging / Merge Finish" + needs: + - staging-lint + - staging-dry + - staging-merge-begin + runs-on: ubuntu-latest + concurrency: + group: staging-merge-finish + cancel-in-progress: true + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GH_TOKEN }} + - name: Merge Pull Request from Staging to Master + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} + GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} + GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} + GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} + run: | + printf "Pipeline Succeeded on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ + | gh pr comment staging \ + --body-file - \ + --repo "$GITHUB_REPOSITORY" + git checkout master + git merge --ff-only "$GITHUB_SHA" + git push origin master diff --git a/.github/workflows/library-js-feature.yml b/.github/workflows/library-js-feature.yml index 6713912..7a2e41a 100644 --- a/.github/workflows/library-js-feature.yml +++ b/.github/workflows/library-js-feature.yml @@ -12,7 +12,7 @@ jobs: contents: read steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run linting run: | nix develop .#ci --command bash -c $' @@ -28,7 +28,7 @@ jobs: actions: write steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run build run: | nix develop .#ci --command bash -c $' @@ -50,7 +50,7 @@ jobs: checks: write steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run tests run: | nix develop .#ci --command bash -c $' @@ -82,7 +82,7 @@ jobs: actions: write steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run bench run: | nix develop .#ci --command bash -c $' diff --git a/.github/workflows/library-js-staging.yml b/.github/workflows/library-js-staging.yml index 1bdfb7b..4e92368 100644 --- a/.github/workflows/library-js-staging.yml +++ b/.github/workflows/library-js-staging.yml @@ -23,7 +23,7 @@ jobs: contents: read steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run linting run: | nix develop .#ci --command bash -c $' @@ -41,14 +41,13 @@ jobs: - uses: actions/checkout@v4 - name: Create Pull Request from Staging to Master env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr create \ --head staging \ --base master \ --title "ci: merge staging to master" \ --body "This is an automatic PR generated by the CI/CD pipeline. This will be automatically fast-forward merged if successful." \ - --assignee "@me" \ --no-maintainer-edit || true printf "Pipeline Attempt on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ | gh pr comment staging \ @@ -64,7 +63,7 @@ jobs: actions: write steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run build run: | nix develop .#ci --command bash -c $' @@ -93,47 +92,59 @@ jobs: include: - platform: linux os: ubuntu-latest - env: {} - script: | - nix develop .#ci --command bash -c $' - npm test -- --ci --coverage - npm run bench --if-present - ' - platform: windows - os: windows-latest - env: {} - script: | - mkdir -Force "$CI_PROJECT_DIR/tmp" - Import-Module $env:ChocolateyInstall\helpers\chocolateyProfile.psm1 - ./scripts/choco-install.ps1 - refreshenv - npm install --ignore-scripts - $env:Path = "$(npm root)\.bin;" + $env:Path - npm test -- --ci --coverage - npm run bench --if-present + os: windows-2022 - platform: macos os: macos-latest - env: {} - script: | - mkdir -p "$CI_PROJECT_DIR/tmp" - eval "$(brew shellenv)" - ./scripts/brew-install.sh - hash -r - npm install --ignore-scripts - export PATH="$(npm root)/.bin:$PATH" - npm test -- --ci --coverage - npm run bench --if-present steps: - uses: actions/checkout@v4 - if: matrix.platform == 'linux' - uses: MatrixAI/.github/.github/actions/install-nix@master + uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - uses: actions/download-artifact@v4 with: name: dist path: ./dist - - name: Build - env: ${{ matrix.env }} - run: ${{ matrix.script }} + - name: Windows Bootstrap + if: matrix.platform == 'windows' + shell: pwsh + run: | + mkdir -Force "$CI_PROJECT_DIR/tmp" + ./scripts/choco-install.ps1 + where.exe node + where.exe npm + node -v + npm -v + - name: Build (Windows) + if: matrix.platform == 'windows' + shell: pwsh + run: | + npm install --ignore-scripts + $env:Path = "$(npm root)\.bin;" + $env:Path + where.exe node + where.exe npm + node -v + npm -v + npm test -- --ci --coverage + npm run bench --if-present + - name: Build (Linux) + if: matrix.platform == 'linux' + run: | + nix develop .#ci --command bash -c $' + npm test -- --ci --coverage + npm run bench --if-present + ' + - name: Build (macOS) + if: matrix.platform == 'macos' + shell: bash + run: | + mkdir -p "$CI_PROJECT_DIR/tmp" + eval "$(brew shellenv)" + ./scripts/brew-install.sh + hash -r + npm install --ignore-scripts + export PATH="$(npm root)/.bin:$PATH" + npm test -- --ci --coverage + npm run bench --if-present - name: Upload JUnit Report if: success() || failure() uses: actions/upload-artifact@v4 @@ -180,7 +191,7 @@ jobs: token: ${{ secrets.GH_TOKEN }} - name: Merge Pull Request from Staging to Master env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} diff --git a/.github/workflows/library-js-tag.yml b/.github/workflows/library-js-tag.yml index 7f3c79a..d63f0ef 100644 --- a/.github/workflows/library-js-tag.yml +++ b/.github/workflows/library-js-tag.yml @@ -16,7 +16,7 @@ jobs: actions: write steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - name: Run build run: | nix develop .#ci --command bash -c $' @@ -42,7 +42,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-') steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - uses: actions/download-artifact@v4 with: name: dist @@ -74,7 +74,7 @@ jobs: if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') steps: - uses: actions/checkout@v4 - - uses: MatrixAI/.github/.github/actions/install-nix@master + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master - uses: actions/download-artifact@v4 with: name: dist diff --git a/.github/workflows/native-library-js-feature.yml b/.github/workflows/native-library-js-feature.yml new file mode 100644 index 0000000..a3975ce --- /dev/null +++ b/.github/workflows/native-library-js-feature.yml @@ -0,0 +1,104 @@ +name: "CI / Library JS Feature" + +on: + workflow_call: + +jobs: + # Lint the code + feature-lint: + name: "Feature / Lint" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run linting + run: | + nix develop .#ci --command bash -c $' + npm run lint + ' + + # Build the dist + feature-build: + name: "Feature / Build" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run build + run: | + nix develop .#ci --command bash -c $' + npm run build --verbose + ' + - name: Upload Build + uses: actions/upload-artifact@v4 + with: + name: dist + path: ./dist + + # Test the dist + feature-test: + name: "Feature / Test" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + checks: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run tests + run: | + nix develop .#ci --command bash -c $' + npm run test -- --ci --coverage + ' + - name: Upload JUnit report + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: junit-report + path: tmp/junit/junit.xml + - name: Publish JUnit Report + uses: mikepenz/action-junit-report@v5 + with: + report_paths: tmp/junit/junit.xml + - name: Upload Cobertura report + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: coverage-report + path: tmp/coverage/cobertura-coverage.xml + + # Bench the dist + feature-bench: + name: "Feature / Bench" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run bench + run: | + nix develop .#ci --command bash -c $' + npm run bench --if-present + ' + - name: Upload Bench + uses: actions/upload-artifact@v4 + with: + name: metrics-report + path: ./benches/results/metrics.txt + if-no-files-found: ignore diff --git a/.github/workflows/native-library-js-staging.yml b/.github/workflows/native-library-js-staging.yml new file mode 100644 index 0000000..2ff19d1 --- /dev/null +++ b/.github/workflows/native-library-js-staging.yml @@ -0,0 +1,219 @@ +name: "CI / Native Library JS Staging" + +on: + workflow_call: + secrets: + GH_TOKEN: + required: true + GIT_AUTHOR_EMAIL: + required: true + GIT_AUTHOR_NAME: + required: true + GIT_COMMITTER_EMAIL: + required: true + GIT_COMMITTER_NAME: + required: true + +jobs: + # Lint the code + staging-lint: + name: "Staging / Lint" + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run linting + run: | + nix develop .#ci --command bash -c $' + npm run lint + ' + + # Create the merge PR + staging-merge-begin: + name: "Staging / Merge Begin" + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - name: Create Pull Request from Staging to Master + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr create \ + --head staging \ + --base master \ + --title "ci: merge staging to master" \ + --body "This is an automatic PR generated by the CI/CD pipeline. This will be automatically fast-forward merged if successful." \ + --no-maintainer-edit || true + printf "Pipeline Attempt on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ + | gh pr comment staging \ + --body-file - \ + --repo "$GITHUB_REPOSITORY" + + # Build the distribution - JS is platform-agnostic + staging-build: + name: "Staging / Build" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run build + run: | + nix develop .#ci --command bash -c $' + npm run build --ignore-scripts --verbose + ' + - name: Upload Build + uses: actions/upload-artifact@v4 + with: + name: dist + path: ./dist + + # Build on every platform + # This re-uses the built `./dist`, and run tests and benches + staging-platforms: + name: "Staging / Platforms" + needs: + - staging-build + runs-on: ${{ matrix.os }} + permissions: + contents: read + actions: write + checks: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux + os: ubuntu-latest + - platform: windows + os: windows-2022 + - platform: macos + os: macos-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - if: matrix.platform == 'linux' + uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + name: dist + path: ./dist + - name: Windows Bootstrap + if: matrix.platform == 'windows' + shell: pwsh + run: | + mkdir -Force "$CI_PROJECT_DIR/tmp" + ./scripts/choco-install.ps1 + where.exe node + where.exe npm + node -v + npm -v + - name: Build (Windows) + if: matrix.platform == 'windows' + shell: pwsh + run: | + npm install --ignore-scripts + $env:Path = "$(npm root)\.bin;" + $env:Path + where.exe node + where.exe npm + node -v + npm -v + npm run prebuild --verbose + npm test -- --ci --coverage + npm run bench --if-present + - name: Build (Linux) + if: matrix.platform == 'linux' + run: | + nix develop .#ci --command bash -c $' + npm run prebuild --verbose + npm test -- --ci --coverage + npm run bench --if-present + ' + - name: Build (macOS) + if: matrix.platform == 'macos' + shell: bash + run: | + mkdir -p "$CI_PROJECT_DIR/tmp" + eval "$(brew shellenv)" + ./scripts/brew-install.sh + export PYTHON=$(brew --prefix python@3.10)/bin/python3.10 + hash -r + npm install --ignore-scripts + export PATH="$(npm root)/.bin:$PATH" + npm run prebuild --verbose + npm test -- --ci --coverage + npm run bench --if-present + - name: Upload JUnit Report + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: junit-report-${{ matrix.platform }} + path: ./tmp/junit/junit.xml + - name: Publish JUnit Report + uses: mikepenz/action-junit-report@v5 + with: + check_name: JUnit Test Report - ${{matrix.platform}} + report_paths: ./tmp/junit/junit.xml + - name: Upload Cobertura report + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: coverage-report-${{ matrix.platform }} + path: ./tmp/coverage/cobertura-coverage.xml + - name: Upload Metrics Report + if: success() || failure() + uses: actions/upload-artifact@v4 + with: + name: metrics-report-${{ matrix.platform }} + path: ./benches/results/metrics.txt + if-no-files-found: ignore + + staging-merge-finish: + name: "Staging / Merge Finish" + needs: + - staging-lint + - staging-merge-begin + - staging-build + - staging-platforms + runs-on: ubuntu-latest + concurrency: + group: staging-merge-finish + cancel-in-progress: true + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + submodules: 'recursive' + token: ${{ secrets.GH_TOKEN }} + - name: Merge Pull Request from Staging to Master + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} + GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} + GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} + GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} + run: | + printf "Pipeline Succeeded on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ + | gh pr comment staging \ + --body-file - \ + --repo "$GITHUB_REPOSITORY" + git checkout master + git merge --ff-only "$GITHUB_SHA" + git push origin master diff --git a/.github/workflows/native-library-js-tag-gyp.yml b/.github/workflows/native-library-js-tag-gyp.yml new file mode 100644 index 0000000..5025739 --- /dev/null +++ b/.github/workflows/native-library-js-tag-gyp.yml @@ -0,0 +1,243 @@ +name: "CI / Library JS Tag" + +on: + workflow_call: + secrets: + NPM_TOKEN: + required: true + +jobs: + # Lint the code + tag-lint: + name: "Tag / Lint" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run linting + run: | + nix develop .#ci --command bash -c $' + npm run lint + ' + + # Build the distribution - JS is platform-agnostic + tag-build: + name: "Tag / Build" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + needs: tag-lint + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run build + run: | + nix develop .#ci --command bash -c $' + npm run build --verbose + ' + - name: Upload Build + uses: actions/upload-artifact@v4 + with: + name: dist + path: ./dist + + tag-platforms: + name: "Tag / Platforms" + needs: + - tag-build + runs-on: ${{ matrix.os }} + permissions: + contents: read + actions: write + checks: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux + os: ubuntu-latest + - platform: windows + os: windows-2022 + - platform: macos + os: macos-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - if: matrix.platform == 'linux' + uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + name: dist + path: ./dist + - name: Windows Bootstrap + if: matrix.platform == 'windows' + shell: pwsh + run: | + mkdir -Force "$CI_PROJECT_DIR/tmp" + ./scripts/choco-install.ps1 + where.exe node + where.exe npm + node -v + npm -v + - name: Build (Windows) + if: matrix.platform == 'windows' + shell: pwsh + env: + npm_config_arch: "x64" + RUST_BACKTRACE: "1" + LIBCLANG_PATH: "C:\\Program Files\\LLVM\\bin" + run: | + npm install --ignore-scripts + $env:Path = "$(npm root)\.bin;" + $env:Path + where.exe node + where.exe npm + node -v + npm -v + npm run prebuild --verbose -- --production + npm test -- --ci --coverage + npm run bench + - name: Build (Linux) + if: matrix.platform == 'linux' + env: + npm_config_arch: "x64" + RUST_BACKTRACE: "1" + run: | + nix develop .#ci --command bash -c $' + npm run prebuild --verbose -- --production + npm test -- --ci --coverage + npm run bench + ' + - name: Build (macOS) + if: matrix.platform == 'macos' + shell: bash + run: | + eval "$(brew shellenv)" + ./scripts/brew-install.sh + export PYTHON=$(brew --prefix python@3.10)/bin/python3.10 + hash -r + npm install --ignore-scripts + export PATH="$(npm root)/.bin:$PATH" + npm run prebuild --verbose -- --production + npm test -- --ci --coverage + npm run bench + - uses: actions/upload-artifact@v4 + with: + name: prebuild-${{ matrix.platform }} + path: ./prebuilds + + + # Publish the prerelease + tag-prerelease: + name: "Tag / Pre-release" + runs-on: ubuntu-latest + concurrency: + group: tag-prerelease + cancel-in-progress: false + needs: + - tag-platforms + permissions: + contents: write + if: startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-') + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + pattern: prebuild* + path: prebuilds + merge-multiple: true + - name: Publishing library prerelease + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ./.npmrc + nix develop .#ci --command bash -c $' + npm publish --tag prerelease --access public + ' + for d in prebuilds/*; do + tar \ + --create \ + --verbose \ + --file="prebuilds/$(basename $d).tar" \ + --directory=prebuilds \ + "$(basename $d)" + done + nix develop .#ci --command bash -c $' + gh release \ + create "$GITHUB_REF_NAME" \ + prebuilds/*.tar \ + --title "$GITHUB_REF_NAME-$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + --notes "" \ + --prerelease \ + --target staging \ + --repo "$GITHUB_REPOSITORY" + ' + - name: Remove `.npmrc` + if: success() || failure() + run: | + rm -f ./.npmrc + + # Publish the release + tag-release: + name: "Tag / Release" + runs-on: ubuntu-latest + concurrency: + group: tag-release + cancel-in-progress: false + needs: + - tag-platforms + permissions: + contents: write + if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + pattern: prebuild* + path: prebuilds + merge-multiple: true + - name: Publishing library release + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ./.npmrc + nix develop .#ci --command bash -c $' + npm publish --access public + ' + for d in prebuilds/*; do + tar \ + --create \ + --verbose \ + --file="prebuilds/$(basename $d).tar" \ + --directory=prebuilds \ + "$(basename $d)" + done + nix develop .#ci --command bash -c $' + gh release \ + create "$GITHUB_REF_NAME" \ + prebuilds/*.tar \ + --title "$GITHUB_REF_NAME-$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + --notes "" \ + --target master \ + --repo "$GITHUB_REPOSITORY" + ' + - name: Remove `.npmrc` + if: success() || failure() + run: | + rm -f ./.npmrc diff --git a/.github/workflows/native-library-js-tag.yml b/.github/workflows/native-library-js-tag.yml new file mode 100644 index 0000000..141da76 --- /dev/null +++ b/.github/workflows/native-library-js-tag.yml @@ -0,0 +1,258 @@ +name: "CI / Library JS Tag" + +on: + workflow_call: + secrets: + NPM_TOKEN: + required: true + +jobs: + # Lint the code + tag-lint: + name: "Tag / Lint" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run linting + run: | + nix develop .#ci --command bash -c $' + npm run lint + ' + + # Build the distribution - JS is platform-agnostic + tag-build: + name: "Tag / Build" + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + needs: tag-lint + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - name: Run build + run: | + nix develop .#ci --command bash -c $' + npm run build --verbose + ' + - name: Upload Build + uses: actions/upload-artifact@v4 + with: + name: dist + path: ./dist + + tag-platforms: + name: "Tag / Platforms" + needs: + - tag-build + runs-on: ${{ matrix.os }} + permissions: + contents: read + actions: write + checks: write + strategy: + fail-fast: false + matrix: + include: + - platform: linux + os: ubuntu-latest + - platform: windows + os: windows-2022 + - platform: macos + os: macos-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - if: matrix.platform == 'linux' + uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + name: dist + path: ./dist + - name: Windows Bootstrap + if: matrix.platform == 'windows' + shell: pwsh + run: | + mkdir -Force "$CI_PROJECT_DIR/tmp" + ./scripts/choco-install.ps1 + where.exe node + where.exe npm + node -v + npm -v + - name: Build (Windows) + if: matrix.platform == 'windows' + shell: pwsh + env: + npm_config_arch: "x64" + RUST_BACKTRACE: "1" + LIBCLANG_PATH: "C:\\Program Files\\LLVM\\bin" + run: | + npm install --ignore-scripts + $env:Path = "$(npm root)\.bin;" + $env:Path + where.exe node + where.exe npm + node -v + npm -v + npm run prebuild --verbose -- --production + npm test -- --ci --coverage + npm run bench + - name: Build (Linux) + if: matrix.platform == 'linux' + env: + npm_config_arch: "x64" + RUST_BACKTRACE: "1" + run: | + nix develop .#ci --command bash -c $' + npm run prebuild --verbose -- --production + npm test -- --ci --coverage + npm run bench + ' + - name: Build (macOS) + if: matrix.platform == 'macos' + shell: bash + run: | + eval "$(brew shellenv)" + ./scripts/brew-install.sh + export PYTHON=$(brew --prefix python@3.10)/bin/python3.10 + hash -r + npm install --ignore-scripts + export PATH="$(npm root)/.bin:$PATH" + export PATH="$HOME/.cargo/bin:$PATH" + echo "Prebuilding for darwin-x64" + npm run prebuild --verbose -- --arch x64 --production + echo "Prebuilding for darwin-arm64" + npm run prebuild --verbose -- --arch arm64 --production + echo "Creating universal binary" + for f in prebuild/*-darwin-arm64.node; do + prefix=$(basename "$f" | sed -E 's/-darwin-arm64\.node$//') + lipo -create \ + -output "prebuild/${prefix}-darwin-x64+arm64.node" \ + "prebuild/${prefix}-darwin-arm64.node" \ + "prebuild/${prefix}-darwin-x64.node" + done + rm -rf node_modules/@matrixai/*-* + echo "Running tests" + npm test -- --ci --coverage + echo "Running benchmarks" + npm run bench + - uses: actions/upload-artifact@v4 + with: + name: prebuild-${{ matrix.platform }} + path: ./prebuild + + + # Publish the prerelease + tag-prerelease: + name: "Tag / Pre-release" + runs-on: ubuntu-latest + concurrency: + group: tag-prerelease + cancel-in-progress: false + needs: + - tag-platforms + permissions: + contents: write + if: startsWith(github.ref, 'refs/tags/v') && contains(github.ref, '-') + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + pattern: prebuild* + path: prebuild + merge-multiple: true + - name: Publishing library prerelease + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ./.npmrc + nix develop .#ci --command bash -c $' + npm publish --tag prerelease --access public + ' + for d in prebuild/*; do + tar \ + --create \ + --verbose \ + --file="prebuild/$(basename $d).tar" \ + --directory=prebuild \ + "$(basename $d)" + done + nix develop .#ci --command bash -c $' + gh release \ + create "$GITHUB_REF_NAME" \ + prebuild/*.tar \ + --title "$GITHUB_REF_NAME-$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + --notes "" \ + --prerelease \ + --target staging \ + --repo "$GITHUB_REPOSITORY" + ' + - name: Remove `.npmrc` + if: success() || failure() + run: | + rm -f ./.npmrc + + # Publish the release + tag-release: + name: "Tag / Release" + runs-on: ubuntu-latest + concurrency: + group: tag-release + cancel-in-progress: false + needs: + - tag-platforms + permissions: + contents: write + if: startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-') + steps: + - uses: actions/checkout@v4 + with: + submodules: 'recursive' + - uses: MatrixAI/.github/.github/actions/matrixai-env-setup@master + - uses: actions/download-artifact@v4 + with: + pattern: prebuild* + path: prebuild + merge-multiple: true + - name: Publishing library release + env: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ./.npmrc + nix develop .#ci --command bash -c $' + npm publish --access public + ' + for d in prebuild/*; do + tar \ + --create \ + --verbose \ + --file="prebuild/$(basename $d).tar" \ + --directory=prebuild \ + "$(basename $d)" + done + nix develop .#ci --command bash -c $' + gh release \ + create "$GITHUB_REF_NAME" \ + prebuild/*.tar \ + --title "$GITHUB_REF_NAME-$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \ + --notes "" \ + --target master \ + --repo "$GITHUB_REPOSITORY" + ' + - name: Remove `.npmrc` + if: success() || failure() + run: | + rm -f ./.npmrc diff --git a/README.md b/README.md index 6d9e12f..bce300d 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,19 @@ Ensure that this repository is mirrored from GitLab to GitHub. This is where we centralized re-usable workflows for GitHub actions. Workflows are grouped together into different kinds of projects. +### Windows runners and Node.js + +On GitHub-hosted Windows runners it is common to have multiple Node versions on `PATH` (for example Node 22 may be preinstalled). If a workflow calls `refreshenv` / `Update-SessionEnvironment` after selecting Node, it can rebuild `PATH` and cause `npm.cmd` to come from a different Node installation than `node.exe`. + +To avoid the Node/npm mismatch: + +* Windows jobs are pinned to `windows-2022`. +* Windows execution is split into two steps: + 1. **Bootstrap** runs repo-local `./scripts/choco-install.ps1` and prints: + `where.exe node`, `where.exe npm`, `node -v`, `npm -v`, `npm exec --yes node -v`. + 2. **Build/Test** runs npm commands in a separate step so `$GITHUB_PATH` updates from the bootstrap step are applied deterministically. +* Reusable workflows in this repository do not use `actions/setup-node` for Windows; they delegate Node selection to the downstream repo’s `./scripts/choco-install.ps1`. + * library-js - TS/JS projects that produce libraries as NPM packages. - feature - for feature branches - staging - for staging branches