wip #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| branches: [main, master, develop] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: [main, master] | |
| release: | |
| types: [created] | |
| jobs: | |
| build-test-publish: | |
| name: Build, Test & Publish | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v25 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| extra_nix_config: | | |
| experimental-features = nix-command flakes | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Node.js (for publishing) | |
| if: (github.event_name == 'release' && github.event.action == 'created') || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')) | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| registry-url: "https://registry.npmjs.org" | |
| - name: Cache Emscripten | |
| uses: actions/cache@v3 | |
| with: | |
| path: .emscripten-cache | |
| key: ${{ runner.os }}-emscripten-${{ hashFiles('flake.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-emscripten- | |
| - name: Cache OpenSSL | |
| uses: actions/cache@v3 | |
| with: | |
| path: openssl-wasm | |
| key: ${{ runner.os }}-openssl-3.3.2-wasm | |
| restore-keys: | | |
| ${{ runner.os }}-openssl- | |
| - name: Build OpenSSL | |
| run: | | |
| if [ ! -d "openssl-wasm/lib" ]; then | |
| echo "Building OpenSSL for WASM..." | |
| nix develop --command bash -c "./build-openssl.sh" | |
| else | |
| echo "Using cached OpenSSL" | |
| fi | |
| - name: Build WASM | |
| run: | | |
| nix develop --command bash -c "./build.sh" | |
| - name: Prepare cross-platform test | |
| run: | | |
| nix develop --command bash -c "./tools/prepare-cross-platform-test.sh" | |
| - name: Run all tests | |
| run: | | |
| nix develop --command bash -c "npm test" | |
| - name: Run benchmarks | |
| run: | | |
| nix develop --command bash -c "npm run bench" | |
| - name: Check build artifacts | |
| run: | | |
| ls -lh dist/ | |
| test -f dist/sqlcipher.js | |
| test -f dist/sqlcipher.wasm | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: wasm-build | |
| path: | | |
| dist/ | |
| lib/ | |
| retention-days: 30 | |
| - name: Upload test results | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results | |
| path: | | |
| test/*.log | |
| if-no-files-found: ignore | |
| # Publishing steps (only run on tags) | |
| - name: Verify package contents | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| npm pack --dry-run | |
| ls -lh dist/ | |
| - name: Publish to NPM | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| run: nix develop --command npm publish --provenance --access public | |
| - name: Create GitHub Release | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: | | |
| dist/sqlcipher.js | |
| dist/sqlcipher.wasm | |
| generate_release_notes: true |