@@ -3,11 +3,12 @@ name: CI
33on :
44 push :
55 pull_request :
6+ workflow_dispatch :
67 schedule :
78 - cron : ' 0 6 * * 1' # Weekly test to check new Node versions
89
910jobs :
10- build-and- test :
11+ test :
1112 runs-on : ubuntu-latest
1213
1314 strategy :
@@ -26,11 +27,109 @@ jobs:
2627 cache : npm
2728 check-latest : true
2829
29- - name : Node version
30- run : node --version
31- - name : OpenSSL version
32- run : node -e "console.log('OpenSSL', process.versions.openssl)"
30+ - run : node -e "console.log('Node', process.version, '| OpenSSL', process.versions.openssl)"
3331
34- - run : npm ci
35- - run : npm run build
32+ - run : npm ci --ignore-scripts
33+
34+ # Build the shipped artifact (a --napi prebuild) and prove it loads and
35+ # works before running the suite against it.
36+ - run : npm run prebuild
37+ - run : npm run test:smoke
38+
39+ - run : npm run build:ts
3640 - run : npm test
41+
42+ prebuild :
43+ name : prebuild (${{ matrix.name }})
44+ runs-on : ${{ matrix.runs-on }}
45+ container : ${{ matrix.container }}
46+ strategy :
47+ fail-fast : false
48+ matrix :
49+ include :
50+ - { name: linux-x64-glibc, runs-on: ubuntu-latest }
51+ - { name: linux-x64-musl, runs-on: ubuntu-latest, container: node:24-alpine }
52+ - { name: linux-arm64-glibc, runs-on: ubuntu-24.04-arm }
53+ - { name: linux-arm64-musl, runs-on: ubuntu-24.04-arm, container: node:24-alpine }
54+ steps :
55+ # Alpine has no toolchain or git; install before checkout, which needs git.
56+ - if : ${{ matrix.container }}
57+ run : apk add --no-cache build-base python3 git tar
58+ - uses : actions/checkout@v4
59+ - uses : actions/setup-node@v4
60+ if : ${{ !matrix.container }}
61+ with :
62+ node-version : 24
63+ - run : npm ci --ignore-scripts
64+ - run : npm run prebuild
65+ - run : npm run test:smoke
66+ - run : tar -czf prebuilds-${{ matrix.name }}.tar.gz prebuilds
67+ - uses : actions/upload-artifact@v4
68+ with :
69+ name : prebuilds-${{ matrix.name }}
70+ path : prebuilds-${{ matrix.name }}.tar.gz
71+
72+ # Prove the single linux-x64 prebuild loads across the whole supported Node
73+ # range (24.15+), not just the Node it was built with.
74+ smoke-across-node :
75+ name : smoke (node ${{ matrix.node-version }}, reuse prebuild)
76+ needs : prebuild
77+ runs-on : ubuntu-latest
78+ strategy :
79+ fail-fast : false
80+ matrix :
81+ node-version : [24, 26, latest]
82+ steps :
83+ - uses : actions/checkout@v4
84+ - uses : actions/setup-node@v4
85+ with :
86+ node-version : ${{ matrix.node-version }}
87+ - run : npm ci --ignore-scripts
88+ - uses : actions/download-artifact@v4
89+ with :
90+ name : prebuilds-linux-x64-glibc
91+ - run : tar -xzf prebuilds-linux-x64-glibc.tar.gz
92+ - run : npm run test:smoke
93+
94+ publish :
95+ name : Publish to npm
96+ needs : [test, prebuild, smoke-across-node]
97+ if : startsWith(github.ref, 'refs/tags/v')
98+ runs-on : ubuntu-latest
99+ environment :
100+ name : npm
101+ url : https://www.npmjs.com/package/tls-impersonate
102+ permissions :
103+ contents : read
104+ id-token : write
105+ steps :
106+ - uses : actions/checkout@v4
107+ - uses : actions/setup-node@v4
108+ with :
109+ node-version : 24
110+ registry-url : ' https://registry.npmjs.org'
111+
112+ # Trusted publishing (tokenless OIDC) needs npm >= 11.5.1.
113+ - run : npm install -g npm@latest
114+
115+ - run : npm ci --ignore-scripts
116+
117+ - uses : actions/download-artifact@v4
118+ with :
119+ pattern : prebuilds-*
120+ path : artifacts
121+ merge-multiple : true
122+ - run : for f in artifacts/*.tar.gz; do tar -xzf "$f"; done
123+ - run : ls -R prebuilds
124+
125+ - name : Verify tag matches package.json version
126+ run : |
127+ TAG_VERSION=${GITHUB_REF#refs/tags/v}
128+ PKG_VERSION=$(node -p "require('./package.json').version")
129+ if [ "$TAG_VERSION" != "$PKG_VERSION" ]; then
130+ echo "Tag v$TAG_VERSION does not match package.json version $PKG_VERSION"
131+ exit 1
132+ fi
133+ echo "Publishing $PKG_VERSION"
134+
135+ - run : npm publish --provenance --access public
0 commit comments