fix(secrets): Reduce keychain unlock prompts on MacOS #631
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Secrets SDK CI | |
env: | |
DEBUG: napi:* | |
APP_NAME: keyring | |
MACOSX_DEPLOYMENT_TARGET: 10.13 | |
on: | |
push: | |
paths: | |
- "packages/secrets/**" | |
- ".github/workflows/secrets-sdk.yml" | |
pull_request: | |
paths: | |
- "packages/secrets/**" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
working-directory: packages/secrets | |
jobs: | |
build: | |
if: (github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository) && !contains(github.event.head_commit.message, '[ci skip]') | |
strategy: | |
fail-fast: false | |
matrix: | |
settings: | |
- host: macos-latest | |
target: x86_64-apple-darwin | |
build: npm run build -- --target x86_64-apple-darwin | |
- host: windows-latest | |
build: npm run build -- --target x86_64-pc-windows-msvc | |
target: x86_64-pc-windows-msvc | |
- host: windows-latest | |
build: | | |
npm run build -- --target i686-pc-windows-msvc | |
npm run test | |
target: i686-pc-windows-msvc | |
- host: ubuntu-latest | |
target: x86_64-unknown-linux-gnu | |
use-cross: true | |
build: | | |
set -e | |
CARGO=cross npm run build -- --target x86_64-unknown-linux-gnu | |
- host: ubuntu-latest | |
target: i686-unknown-linux-gnu | |
use-cross: true | |
build: | | |
set -e | |
source scripts/configure-cross.sh i686-unknown-linux-gnu | |
CARGO=cross npm run build -- --target i686-unknown-linux-gnu | |
- host: ubuntu-latest | |
target: armv7-unknown-linux-gnueabihf | |
use-cross: true | |
build: | | |
set -e | |
source scripts/configure-cross.sh armv7-unknown-linux-gnueabihf | |
CARGO=cross npm run build -- --target armv7-unknown-linux-gnueabihf | |
- host: ubuntu-latest | |
target: x86_64-unknown-linux-musl | |
use-cross: true | |
build: | | |
set -e | |
CARGO=cross npm run build -- --target x86_64-unknown-linux-musl | |
- host: macos-latest | |
target: aarch64-apple-darwin | |
build: npm run build -- --target aarch64-apple-darwin | |
- host: ubuntu-latest | |
target: aarch64-unknown-linux-gnu | |
use-cross: true | |
build: | | |
set -e | |
source scripts/configure-cross.sh aarch64-unknown-linux-gnu | |
CARGO=cross npm run build -- --target aarch64-unknown-linux-gnu | |
- host: ubuntu-latest | |
target: aarch64-unknown-linux-musl | |
use-cross: true | |
build: | | |
set -e | |
source scripts/configure-cross.sh aarch64-unknown-linux-musl | |
CARGO=cross npm run build -- --target aarch64-unknown-linux-musl | |
- host: windows-latest | |
target: aarch64-pc-windows-msvc | |
build: npm run build -- --target aarch64-pc-windows-msvc | |
name: stable - ${{ matrix.settings.target }} - node@20 | |
runs-on: ${{ matrix.settings.host }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
if: ${{ !matrix.settings.docker }} | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: npm | |
- name: Install | |
uses: dtolnay/rust-toolchain@stable | |
if: ${{ !matrix.settings.docker }} | |
with: | |
toolchain: stable | |
target: ${{ matrix.settings.target }} | |
- name: Cache cargo | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
.cargo-cache | |
target/ | |
key: ${{ matrix.settings.target }}-cargo-${{ matrix.settings.host }} | |
- run: cargo install cross | |
if: ${{ matrix.settings.use-cross }} | |
- name: Setup toolchain | |
run: ${{ matrix.settings.setup }} | |
if: ${{ matrix.settings.setup }} | |
shell: bash | |
- name: Install workspace dependencies | |
working-directory: "." | |
run: npm ci --ignore-scripts | |
- name: Setup node x86 | |
uses: actions/setup-node@v4 | |
if: matrix.settings.target == 'i686-pc-windows-msvc' | |
with: | |
node-version: 20 | |
check-latest: true | |
cache: npm | |
architecture: x86 | |
- name: Build in docker | |
uses: addnab/docker-run-action@v3 | |
if: ${{ matrix.settings.docker }} | |
with: | |
image: ${{ matrix.settings.docker }} | |
options: "--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build" | |
run: ${{ matrix.settings.build }} | |
- name: Build | |
run: ${{ matrix.settings.build }} | |
if: ${{ !matrix.settings.docker }} | |
shell: bash | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bindings-${{ matrix.settings.target }} | |
path: packages/secrets/src/keyring/${{ env.APP_NAME }}.*.node | |
if-no-files-found: error | |
# build-freebsd: | |
# runs-on: macos-12 | |
# name: Build FreeBSD | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - name: Build | |
# id: build | |
# uses: vmactions/freebsd-vm@v0 | |
# env: | |
# DEBUG: napi:* | |
# RUSTUP_HOME: /usr/local/rustup | |
# CARGO_HOME: /usr/local/cargo | |
# RUSTUP_IO_THREADS: 1 | |
# with: | |
# envs: DEBUG RUSTUP_HOME CARGO_HOME RUSTUP_IO_THREADS | |
# usesh: true | |
# mem: 3000 | |
# prepare: | | |
# pkg install -y -f curl node libnghttp2 npm yarn | |
# curl https://sh.rustup.rs -sSf --output rustup.sh | |
# sh rustup.sh -y --profile minimal --default-toolchain beta | |
# export PATH="/usr/local/cargo/bin:$PATH" | |
# echo "~~~~ rustc --version ~~~~" | |
# rustc --version | |
# echo "~~~~ node -v ~~~~" | |
# node -v | |
# echo "~~~~ yarn --version ~~~~" | |
# yarn --version | |
# run: | | |
# export PATH="/usr/local/cargo/bin:$PATH" | |
# pwd | |
# ls -lah | |
# whoami | |
# env | |
# freebsd-version | |
# yarn install | |
# yarn build | |
# strip -x *.node | |
# yarn test | |
# rm -rf node_modules | |
# rm -rf target | |
# rm -rf .yarn/cache | |
# - name: Upload artifact | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: bindings-freebsd | |
# path: ${{ env.APP_NAME }}.*.node | |
# if-no-files-found: error | |
test: | |
name: Test bindings on ${{ matrix.settings.target }} - node@${{ matrix.node }} | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
settings: | |
- host: windows-latest | |
target: x86_64-pc-windows-msvc | |
- host: macos-latest | |
target: aarch64-apple-darwin | |
- host: macos-latest | |
target: x86_64-apple-darwin | |
architecture: x64 | |
- host: ubuntu-latest | |
target: x86_64-unknown-linux-gnu | |
- host: ubuntu-latest | |
target: x86_64-unknown-linux-musl | |
- host: ubuntu-latest | |
target: aarch64-unknown-linux-gnu | |
platform: linux/arm64 | |
- host: ubuntu-latest | |
target: aarch64-unknown-linux-musl | |
platform: linux/arm64 | |
- host: ubuntu-latest | |
target: armv7-unknown-linux-gnueabihf | |
platform: linux/arm/v7 | |
node: | |
- "18" | |
- "20" | |
- "22" | |
runs-on: ${{ matrix.settings.host }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
check-latest: true | |
cache: npm | |
architecture: ${{ matrix.settings.architecture }} | |
- name: Install dependencies | |
run: npm ci --ignore-scripts | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: bindings-${{ matrix.settings.target }} | |
path: packages/secrets/src/keyring/ | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
if: ${{ matrix.settings.platform }} | |
with: | |
platforms: ${{ matrix.settings.platform }} | |
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
if: ${{ matrix.settings.platform }} | |
- name: Test bindings | |
run: npm run test | |
if: ${{ matrix.settings.host != 'ubuntu-latest' }} | |
- name: Setup and run tests | |
uses: addnab/docker-run-action@v3 | |
if: ${{ matrix.settings.host == 'ubuntu-latest' && !endsWith(matrix.settings.target, 'musl') }} | |
with: | |
image: ${{ format('node:{0}-slim', matrix.node) }} | |
options: "-v ${{ github.workspace }}:/build -w /build --cap-add=IPC_LOCK ${{ matrix.settings.platform && format('--platform={0}', matrix.settings.platform) }}" | |
run: | | |
set -e | |
apt update -y && apt install -y gnome-keyring | |
cd packages/secrets && dbus-run-session -- bash scripts/linux-test.sh | |
- name: Setup and run tests (MUSL) | |
uses: addnab/docker-run-action@v3 | |
if: ${{ matrix.settings.host == 'ubuntu-latest' && endsWith(matrix.settings.target, 'musl') }} | |
with: | |
image: ${{ format('node:{0}-alpine', matrix.node) }} | |
options: "-v ${{ github.workspace }}:/build -w /build --cap-add=IPC_LOCK ${{ matrix.settings.platform && format('--platform={0}', matrix.settings.platform) }}" | |
run: | | |
set -e | |
apk add dbus gnome-keyring libsecret | |
cd packages/secrets && dbus-run-session -- sh scripts/linux-test.sh |