Skip to content

fix(secrets): Reduce keychain unlock prompts on MacOS #631

fix(secrets): Reduce keychain unlock prompts on MacOS

fix(secrets): Reduce keychain unlock prompts on MacOS #631

Workflow file for this run

name: Secrets SDK CI
env:
DEBUG: napi:*
APP_NAME: keyring
MACOSX_DEPLOYMENT_TARGET: 10.13
on:
push:
paths:
- "packages/secrets/**"
- ".github/workflows/secrets-sdk.yml"
pull_request:
paths:
- "packages/secrets/**"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
working-directory: packages/secrets
jobs:
build:
if: (github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository) && !contains(github.event.head_commit.message, '[ci skip]')
strategy:
fail-fast: false
matrix:
settings:
- host: macos-latest
target: x86_64-apple-darwin
build: npm run build -- --target x86_64-apple-darwin
- host: windows-latest
build: npm run build -- --target x86_64-pc-windows-msvc
target: x86_64-pc-windows-msvc
- host: windows-latest
build: |
npm run build -- --target i686-pc-windows-msvc
npm run test
target: i686-pc-windows-msvc
- host: ubuntu-latest
target: x86_64-unknown-linux-gnu
use-cross: true
build: |
set -e
CARGO=cross npm run build -- --target x86_64-unknown-linux-gnu
- host: ubuntu-latest
target: i686-unknown-linux-gnu
use-cross: true
build: |
set -e
source scripts/configure-cross.sh i686-unknown-linux-gnu
CARGO=cross npm run build -- --target i686-unknown-linux-gnu
- host: ubuntu-latest
target: armv7-unknown-linux-gnueabihf
use-cross: true
build: |
set -e
source scripts/configure-cross.sh armv7-unknown-linux-gnueabihf
CARGO=cross npm run build -- --target armv7-unknown-linux-gnueabihf
- host: ubuntu-latest
target: x86_64-unknown-linux-musl
use-cross: true
build: |
set -e
CARGO=cross npm run build -- --target x86_64-unknown-linux-musl
- host: macos-latest
target: aarch64-apple-darwin
build: npm run build -- --target aarch64-apple-darwin
- host: ubuntu-latest
target: aarch64-unknown-linux-gnu
use-cross: true
build: |
set -e
source scripts/configure-cross.sh aarch64-unknown-linux-gnu
CARGO=cross npm run build -- --target aarch64-unknown-linux-gnu
- host: ubuntu-latest
target: aarch64-unknown-linux-musl
use-cross: true
build: |
set -e
source scripts/configure-cross.sh aarch64-unknown-linux-musl
CARGO=cross npm run build -- --target aarch64-unknown-linux-musl
- host: windows-latest
target: aarch64-pc-windows-msvc
build: npm run build -- --target aarch64-pc-windows-msvc
name: stable - ${{ matrix.settings.target }} - node@20
runs-on: ${{ matrix.settings.host }}
steps:
- uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
if: ${{ !matrix.settings.docker }}
with:
node-version: 20
check-latest: true
cache: npm
- name: Install
uses: dtolnay/rust-toolchain@stable
if: ${{ !matrix.settings.docker }}
with:
toolchain: stable
target: ${{ matrix.settings.target }}
- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
.cargo-cache
target/
key: ${{ matrix.settings.target }}-cargo-${{ matrix.settings.host }}
- run: cargo install cross
if: ${{ matrix.settings.use-cross }}
- name: Setup toolchain
run: ${{ matrix.settings.setup }}
if: ${{ matrix.settings.setup }}
shell: bash
- name: Install workspace dependencies
working-directory: "."
run: npm ci --ignore-scripts
- name: Setup node x86
uses: actions/setup-node@v4
if: matrix.settings.target == 'i686-pc-windows-msvc'
with:
node-version: 20
check-latest: true
cache: npm
architecture: x86
- name: Build in docker
uses: addnab/docker-run-action@v3
if: ${{ matrix.settings.docker }}
with:
image: ${{ matrix.settings.docker }}
options: "--user 0:0 -v ${{ github.workspace }}/.cargo-cache/git/db:/usr/local/cargo/git/db -v ${{ github.workspace }}/.cargo/registry/cache:/usr/local/cargo/registry/cache -v ${{ github.workspace }}/.cargo/registry/index:/usr/local/cargo/registry/index -v ${{ github.workspace }}:/build -w /build"
run: ${{ matrix.settings.build }}
- name: Build
run: ${{ matrix.settings.build }}
if: ${{ !matrix.settings.docker }}
shell: bash
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: bindings-${{ matrix.settings.target }}
path: packages/secrets/src/keyring/${{ env.APP_NAME }}.*.node
if-no-files-found: error
# build-freebsd:
# runs-on: macos-12
# name: Build FreeBSD
# steps:
# - uses: actions/checkout@v3
# - name: Build
# id: build
# uses: vmactions/freebsd-vm@v0
# env:
# DEBUG: napi:*
# RUSTUP_HOME: /usr/local/rustup
# CARGO_HOME: /usr/local/cargo
# RUSTUP_IO_THREADS: 1
# with:
# envs: DEBUG RUSTUP_HOME CARGO_HOME RUSTUP_IO_THREADS
# usesh: true
# mem: 3000
# prepare: |
# pkg install -y -f curl node libnghttp2 npm yarn
# curl https://sh.rustup.rs -sSf --output rustup.sh
# sh rustup.sh -y --profile minimal --default-toolchain beta
# export PATH="/usr/local/cargo/bin:$PATH"
# echo "~~~~ rustc --version ~~~~"
# rustc --version
# echo "~~~~ node -v ~~~~"
# node -v
# echo "~~~~ yarn --version ~~~~"
# yarn --version
# run: |
# export PATH="/usr/local/cargo/bin:$PATH"
# pwd
# ls -lah
# whoami
# env
# freebsd-version
# yarn install
# yarn build
# strip -x *.node
# yarn test
# rm -rf node_modules
# rm -rf target
# rm -rf .yarn/cache
# - name: Upload artifact
# uses: actions/upload-artifact@v3
# with:
# name: bindings-freebsd
# path: ${{ env.APP_NAME }}.*.node
# if-no-files-found: error
test:
name: Test bindings on ${{ matrix.settings.target }} - node@${{ matrix.node }}
needs:
- build
strategy:
fail-fast: false
matrix:
settings:
- host: windows-latest
target: x86_64-pc-windows-msvc
- host: macos-latest
target: aarch64-apple-darwin
- host: macos-latest
target: x86_64-apple-darwin
architecture: x64
- host: ubuntu-latest
target: x86_64-unknown-linux-gnu
- host: ubuntu-latest
target: x86_64-unknown-linux-musl
- host: ubuntu-latest
target: aarch64-unknown-linux-gnu
platform: linux/arm64
- host: ubuntu-latest
target: aarch64-unknown-linux-musl
platform: linux/arm64
- host: ubuntu-latest
target: armv7-unknown-linux-gnueabihf
platform: linux/arm/v7
node:
- "18"
- "20"
- "22"
runs-on: ${{ matrix.settings.host }}
steps:
- uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
check-latest: true
cache: npm
architecture: ${{ matrix.settings.architecture }}
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: bindings-${{ matrix.settings.target }}
path: packages/secrets/src/keyring/
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
if: ${{ matrix.settings.platform }}
with:
platforms: ${{ matrix.settings.platform }}
- run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
if: ${{ matrix.settings.platform }}
- name: Test bindings
run: npm run test
if: ${{ matrix.settings.host != 'ubuntu-latest' }}
- name: Setup and run tests
uses: addnab/docker-run-action@v3
if: ${{ matrix.settings.host == 'ubuntu-latest' && !endsWith(matrix.settings.target, 'musl') }}
with:
image: ${{ format('node:{0}-slim', matrix.node) }}
options: "-v ${{ github.workspace }}:/build -w /build --cap-add=IPC_LOCK ${{ matrix.settings.platform && format('--platform={0}', matrix.settings.platform) }}"
run: |
set -e
apt update -y && apt install -y gnome-keyring
cd packages/secrets && dbus-run-session -- bash scripts/linux-test.sh
- name: Setup and run tests (MUSL)
uses: addnab/docker-run-action@v3
if: ${{ matrix.settings.host == 'ubuntu-latest' && endsWith(matrix.settings.target, 'musl') }}
with:
image: ${{ format('node:{0}-alpine', matrix.node) }}
options: "-v ${{ github.workspace }}:/build -w /build --cap-add=IPC_LOCK ${{ matrix.settings.platform && format('--platform={0}', matrix.settings.platform) }}"
run: |
set -e
apk add dbus gnome-keyring libsecret
cd packages/secrets && dbus-run-session -- sh scripts/linux-test.sh