Merge pull request #68 from Automattic/fix-ci-checks #220
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Here we build the yara.node binary, package it and copy it to the repository. | |
| # Both MacOS and Linux (Debian-based) versions are built here. | |
| name: Build the binary | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| # we're going to build and commit fresh binaries when a new release is published | |
| release: | |
| types: [created] | |
| # allow these jobs to commit to the repository | |
| permissions: | |
| contents: write | |
| jobs: | |
| # We need to use the node-yara binary on Debian 10.x machines | |
| # hence we're using the container to build it | |
| build-debian: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # https://nodejs.org/en/about/previous-releases | |
| node-version: | |
| - '20' | |
| - '22' | |
| - '24' | |
| # https://docs.github.com/en/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job#choosing-github-hosted-runners | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| # https://github.com/stefanzweifel/git-auto-commit-action#checkout-the-correct-branch | |
| with: | |
| ref: ${{ github.head_ref }} | |
| # https://github.com/actions/setup-node | |
| - name: Install Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@master | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Build binaries inside the container | |
| run: | | |
| set -x | |
| node -v | |
| # what's the package version? | |
| # e.g. Binary staged at "build/stage/Automattic/node-yara/raw/master/binaries/yara-v2.6.0-beta.1-linux-x64-node-v93.tar.gz" | |
| export PACKAGE_VERSION=$(jq -r .version package.json) | |
| # what's the Node.js version? | |
| export ABI=$(node --eval 'console.log(process.versions.modules)') | |
| echo "::notice::Building binary for node-yara package v${PACKAGE_VERSION} for Node.js $(node -v) (ABI ${ABI}) ..." | |
| # build inside the container (pass the required Node.js version there) and copy the package to the host | |
| docker build --build-arg NODEJS=${{ matrix.node-version }} -t yara/debian . | |
| docker images | |
| # e.g. yara-v2.5.0-linux-x64-node-v93.tar.gz | |
| docker run --rm --volume /tmp:/tmp yara/debian cp ./binaries/yara-v${PACKAGE_VERSION}-linux-x64-node-v${ABI}.tar.gz /tmp | |
| ls -lh /tmp/yara-v${PACKAGE_VERSION}-* | |
| # make sure we have the latest changes from the repository before we try to commit our changes | |
| git pull --rebase | |
| # copy it to the repository clone | |
| cp /tmp/yara-v${PACKAGE_VERSION}-* ./binaries | |
| # see what will be included in the npm package | |
| npm pack | |
| - name: git status | |
| run: | | |
| # see if there's a difference | |
| git status --porcelain | |
| # By default, the commit is made in the name of "GitHub Actions" | |
| # and co-authored by the user that made the last commit. | |
| # https://github.com/marketplace/actions/git-auto-commit | |
| - name: Commit the changes to the binary files | |
| # if: true # node-gyp builds are not reproducible, hence each build would create a "new" commit -> disabling for now (comment out this line if needed) | |
| if: github.event_name == 'release' && github.event.action == 'created' # commit new binaries package on releases | |
| uses: stefanzweifel/git-auto-commit-action@v7 | |
| with: | |
| commit_message: Commit the binary package changes for Linux / Node.js ${{ matrix.node-version }} | |
| file_pattern: './binaries/*.tar.gz' | |
| build-macos: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # https://nodejs.org/en/about/previous-releases | |
| node-version: | |
| - '20' | |
| - '22' | |
| - '24' | |
| # https://github.com/actions/runner-images?tab=readme-ov-file#available-images | |
| os: | |
| - 'macos-14-large' # x64 | |
| - 'macos-14' # arm | |
| # https://docs.github.com/en/actions/writing-workflows/choosing-where-your-workflow-runs/choosing-the-runner-for-a-job#choosing-github-hosted-runners | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| # https://github.com/stefanzweifel/git-auto-commit-action#checkout-the-correct-branch | |
| with: | |
| ref: ${{ github.head_ref }} | |
| # note that brew install linked path varies between arm and x64 platforms | |
| # /usr/local/opt/libmagic for x64 | |
| # /opt/homebrew/opt/libmagic for arm64 | |
| - name: Set architecture-specific variables | |
| id: set-arch | |
| run: | | |
| ARCH=$(uname -m) | |
| echo "Architecture: $ARCH" | |
| if [ "$ARCH" = "arm64" ]; then | |
| echo "brew_path=/opt/homebrew" >> $GITHUB_OUTPUT | |
| echo "Running on ARM64 (Apple Silicon)" | |
| else | |
| echo "brew_path=/usr/local" >> $GITHUB_OUTPUT | |
| echo "Running on x64 (Intel)" | |
| fi | |
| - name: Setup build env | |
| run: | | |
| BREW_PATH="${{ steps.set-arch.outputs.brew_path }}" | |
| # Install deps | |
| brew install \ | |
| automake \ | |
| autoconf \ | |
| pkg-config \ | |
| libtool \ | |
| libmagic \ | |
| openssl | |
| # Create compatibility symlinks for x64 paths when on arm64 | |
| if [ "$(uname -m)" = "arm64" ]; then | |
| sudo mkdir -p /usr/local/opt/libmagic/{lib,include} | |
| sudo ln -sf /opt/homebrew/opt/libmagic/lib/libmagic.a /usr/local/opt/libmagic/lib/ | |
| sudo ln -sf /opt/homebrew/opt/libmagic/lib/libmagic.dylib /usr/local/opt/libmagic/lib/ | |
| sudo ln -sf /opt/homebrew/opt/libmagic/lib/libmagic.1.dylib /usr/local/opt/libmagic/lib/ | |
| sudo ln -sf /opt/homebrew/opt/libmagic/include/magic.h /usr/local/opt/libmagic/include/ | |
| fi | |
| # Set up env vars | |
| echo "PKG_CONFIG_PATH=$BREW_PATH/opt/libmagic/lib/pkgconfig:$BREW_PATH/opt/openssl/lib/pkgconfig" >> $GITHUB_ENV | |
| echo "CPATH=$BREW_PATH/include" >> $GITHUB_ENV | |
| echo "C_INCLUDE_PATH=$BREW_PATH/opt/libmagic/include" >> $GITHUB_ENV | |
| echo "CPLUS_INCLUDE_PATH=$BREW_PATH/opt/libmagic/include" >> $GITHUB_ENV | |
| echo "CFLAGS=-I$BREW_PATH/opt/libmagic/include" >> $GITHUB_ENV | |
| echo "CPPFLAGS=-I$BREW_PATH/opt/libmagic/include -I$BREW_PATH/opt/openssl/include" >> $GITHUB_ENV | |
| echo "LIBRARY_PATH=$BREW_PATH/opt/libmagic/lib:$BREW_PATH/opt/openssl/lib" >> $GITHUB_ENV | |
| echo "LDFLAGS=-L$BREW_PATH/opt/libmagic/lib -L$BREW_PATH/opt/openssl/lib" >> $GITHUB_ENV | |
| echo "OPENSSL_ROOT_DIR=$BREW_PATH/opt/openssl" >> $GITHUB_ENV | |
| echo "OPENSSL_INCLUDE_DIR=$BREW_PATH/opt/openssl/include" >> $GITHUB_ENV | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@master | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Build binaries with node-pre-gyp | |
| run: | | |
| set -x | |
| # what's the package version? | |
| # e.g. Binary staged at "build/stage/Automattic/node-yara/raw/master/binaries/yara-v2.6.0-beta.1-darwin-x64-node-v93.tar.gz" | |
| export PACKAGE_VERSION=$(jq -r .version package.json) | |
| # what's the Node.js version? | |
| export ABI=$(node --eval 'console.log(process.versions.modules)') | |
| echo "::notice::Building binary for node-yara package v${PACKAGE_VERSION} for Node.js $(node -v) (ABI ${ABI}) ..." | |
| npm install --ignore-scripts | |
| time -p npx node-pre-gyp configure rebuild | |
| otool -L build/Release/yara.node | |
| npx node-pre-gyp configure package | |
| # run tests | |
| npm test | |
| # make sure we have the latest changes from the repository before we try to commit our changes | |
| git pull --rebase | |
| # copy it to the repository clone | |
| cp ./build/stage/Automattic/node-yara/raw/master/binaries/yara-*.tar.gz ./binaries | |
| - name: git status | |
| run: | | |
| # see if there's a difference | |
| git status --porcelain | |
| - name: Prepare the pre-built package for the commit | |
| run: | | |
| # make sure we have the latest changes from the repository before we try to commit our changes | |
| git stash && git pull --rebase && git stash pop || true | |
| # see if there's a difference | |
| git status --porcelain | |
| # TODO: publish as the release artifacts | |
| # | |
| # By default, the commit is made in the name of "GitHub Actions" | |
| # and co-authored by the user that made the last commit. | |
| # https://github.com/marketplace/actions/git-auto-commit | |
| - name: Commit the changes to the binary files | |
| # if: true # node-gyp builds are not reproducible, hence each build would create a "new" commit -> disabling for now (comment out this line if needed) | |
| if: github.event_name == 'release' && github.event.action == 'created' # commit new binaries package on releases | |
| uses: stefanzweifel/git-auto-commit-action@v7 | |
| with: | |
| commit_message: Commit the binary package changes for MacOS / Node.js ${{ matrix.node-version }} | |
| file_pattern: './binaries/*.tar.gz' |