rstackjs · stormslowly · Apr 15, 2025 · Apr 8, 2025 · Apr 8, 2025 · Apr 10, 2025
diff --git a/.github/actions/artifact/download/action.yml b/.github/actions/artifact/download/action.yml
@@ -0,0 +1,31 @@
+name: Download Artifact
+
+description: Download file to local or artifact to quickly share files between jobs
+
+inputs:
+  name:
+    description: "Artifact name"
+    default: "artifact"
+  path:
+    description: "Destination path"
+    required: true
+  force-use-github:
+    description: "force download from github"
+    default: false
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Download artifact from github
+      uses: actions/download-artifact@v4.1.7
+      if: ${{ inputs.force-use-github == 'true' || runner.environment == 'github-hosted' }}
+      with:
+        name: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+#    - name: Download artifact from local
+#      uses: lynx-infra/download-artifact
+#      if: ${{ input.force-use-github != 'true' && runner.environment == 'self-hosted' }}
+#      with:
+#        name: ${{ inputs.name }}
+#        path: ${{ inputs.path }}
diff --git a/.github/actions/artifact/upload/action.yml b/.github/actions/artifact/upload/action.yml
@@ -0,0 +1,33 @@
+name: Upload Artifact
+
+description: Upload file to local or artifact to quickly share files between jobs
+
+inputs:
+  name:
+    description: "Artifact name"
+    default: "artifact"
+  path:
+    description: "A file, directory or wildcard pattern that describes what to upload"
+    required: true
+  force-use-github:
+    description: "force upload to github"
+    default: false
+    require: false
+
+runs:
+  using: composite
+  steps:
+    - name: Upload artifact to github
+      uses: actions/upload-artifact@v4
+      if: ${{ inputs.force-use-github == 'true' || runner.environment == 'github-hosted' }}
+      with:
+        name: ${{ inputs.name }}
+        path: ${{ inputs.path }}
+        if-no-files-found: error
+        overwrite: true
+#    - name: Upload artifact to local
+#      uses: lynx-infra/upload-artifact
+#      if: ${{ inputs.force-use-github != 'true' && runner.environment == 'self-hosted' }}
+#      with:
+#        name: ${{ inputs.name }}
+#        path: ${{ inputs.path }}
diff --git a/.github/actions/docker-build/action.yml b/.github/actions/docker-build/action.yml
@@ -0,0 +1,76 @@
+name: Single Docker build
+
+description: Docker build for a single target
+
+inputs:
+  target:
+    required: true
+    type: string
+  image:
+    required: true
+    type: string
+  profile:
+    default: "release"
+    required: false
+    type: string
+  options:
+    description: "Options for docker"
+    default: ""
+    required: false
+    type: string
+  pre:
+    required: false
+    default: ""
+    type: string
+  post:
+    required: false
+    default: ""
+    type: string
+  plugin:
+    required: false
+    default: true
+    type: boolean
+
+runs:
+  using: composite
+  steps:
+    - name: Docker Build ${{ inputs.target }}
+      shell: bash
+      run: |
+        code='
+          set -e
+          if [ -x "$(command -v sccache)" ]; then
+            export RUSTC_WRAPPER=sccache
+            echo "enable sccache"
+          fi
+          ${{ inputs.pre }}
+          rustup target add ${{ inputs.target }}
+
+          npm install -g corepack@0.31.0 --force
+          echo "Corepack version: $(corepack --version)"
+          corepack enable
+
+          RUST_TARGET=${{ inputs.target }} ${{ inputs.plugin == 'false' && 'DISABLE_PLUGIN=1' || '' }} pnpm build:binding:${{ inputs.profile }}  --target ${{ inputs.target }}
+          ${{ inputs.post }}
+        '
+        if [[ ! -n "$CARGO_HOME" ]]; then
+          CARGO_HOME="$(dirname $(dirname $(which cargo)))"
+        fi
+
+        docker run \
+          --rm \
+          --privileged \
+          --user 0:0 \
+          -v $CARGO_HOME/registry/index:/usr/local/cargo/registry/index \
+          -v $CARGO_HOME/registry/cache:/usr/local/cargo/registry/cache \
+          -v $CARGO_HOME/git/db:/usr/local/cargo/git/db \
+          -v /tmp:/tmp \
+          ${{ inputs.options }} \
+          -e CI=1 \
+          -e HOME=$HOME \
+          -v $HOME/.cache:$HOME/.cache \
+          -v ${{ github.workspace }}:/build \
+          -w /build \
+          -i \
+          ${{ inputs.image }} \
+          bash -c "$code"
diff --git a/.github/workflows/release-npm.yml b/.github/workflows/release-npm.yml
@@ -0,0 +1,144 @@
+name: Release Full
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        type: choice
+        description: "Release Npm Tag"
+        required: false
+        default: "latest"
+        options:
+          - canary
+          - nightly
+          - latest
+          - beta
+          - alpha
+      test:
+        type: boolean
+        description: "Run tests before release"
+        required: false
+        default: false
+      dry_run:
+        type: boolean
+        description: "DryRun release"
+        required: false
+        default: false
+      push_tags:
+        type: boolean
+        description: "push tags to github"
+        required: false
+        default: true
+
+permissions:
+  # To publish packages with provenance
+  id-token: write
+  # Allow commenting on issues for `reusable-build.yml`
+  issues: write
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false # Build and test everything so we can look at all the errors
+      matrix:
+        array:
+          - target: x86_64-unknown-linux-gnu
+            runner: "ubuntu-22.04"
+          - target: aarch64-unknown-linux-gnu
+            runner: "ubuntu-22.04"
+          - target: x86_64-unknown-linux-musl
+            runner: "ubuntu-22.04"
+          - target: aarch64-unknown-linux-musl
+            runner: "ubuntu-22.04"
+          - target: i686-pc-windows-msvc
+            runner: "windows-latest"
+          - target: x86_64-pc-windows-msvc
+            runner: "windows-latest"
+          - target: aarch64-pc-windows-msvc
+            runner: "windows-latest"
+          - target: x86_64-apple-darwin
+            runner: "macos-latest"
+          - target: aarch64-apple-darwin
+            runner: "macos-latest"
+
+    uses: ./.github/workflows/reusable-build.yml
+    with:
+      target: ${{ matrix.array.target }}
+      runner: ${{ matrix.array.runner }}
+      test: false
+      profile: "release"
+
+  release:
+    name: Release
+    environment: npm
+    permissions:
+      contents: write
+      # To publish packages with provenance
+      id-token: write
+    runs-on: ubuntu-latest
+    needs: build
+#    if: ${{ github.event_name == 'workflow_dispatch' }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          # This makes Actions fetch only one branch to release
+          fetch-depth: 1
+
+      - name: Pnpm Setup
+        uses: ./.github/actions/pnpm
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4.1.7
+        with:
+          path: artifacts
+
+      - name: ls
+        run: ls -R artifacts
+
+      - name: Move artifacts
+        run: |
+          pnpm napi create-npm-dirs --package-json-path npm/package.json --npm-dir bindings
+          pnpm napi artifacts       --package-json-path npm/package.json --npm-dir bindings --build-output-dir napi
+
+      - name: Show binding packages
+        run: ls -R bindings
+
+      - name: Obtain OIDC token
+        id: oidc
+        run: |
+          token=$(curl --fail -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=cfa.rspack.dev" | jq -r '.value')
+          echo "::add-mask::${token}"
+          echo "token=${token}" >> $GITHUB_OUTPUT
+        shell: bash
+
+      - name: Obtain GitHub credentials
+        id: github_creds
+        run: |
+          token=$(curl --fail "https://cfa.rspack.dev/api/request/${{ secrets.CFA_PROJECT_ID }}/github/credentials" \
+            -X POST \
+            -H "Content-Type: application/json" \
+            -H "Authorization: bearer ${{ secrets.CFA_SECRET }}" \
+            --data "{\"token\":\"${{ steps.oidc.outputs.token }}\"}" | jq -r '.GITHUB_TOKEN')
+          echo "::add-mask::${token}"
+          echo "token=${token}" >> $GITHUB_OUTPUT
+        shell: bash
+
+      - name: Release Full
+        run: |
+          git status
+          cp napi/{index,browser}.js  npm
+          cp napi/index.d.ts          npm
+          pnpm node scripts/x.mjs publish --otp --tag ${{inputs.tag}} ${{inputs.dry_run && '--dry-run' || '--no-dry-run'}} ${{inputs.push_tags && '--push-tags' || '--no-push-tags'}}
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          REPOSITORY: ${{ github.repository }}
+          REF: ${{ github.ref }}
+          ONLY_RELEASE_TAG: true
+          # CFA required environment variables
+          CFA_HOST: https://cfa.rspack.dev
+          GITHUB_TOKEN: ${{ steps.github_creds.outputs.token }}
+          GITHUB_OIDC_TOKEN: ${{ steps.oidc.outputs.token }}
+          CFA_PROJECT_ID: ${{ secrets.CFA_PROJECT_ID }}
+          CFA_SECRET: ${{ secrets.CFA_SECRET }}