From 6254a4c5d5855399e5ae4d1f5e86610711eb2d2d Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 21 May 2024 14:22:48 -0600 Subject: [PATCH 01/15] Create codeql.yml --- .github/workflows/codeql.yml | 95 ++++++++++++++++++++++++++ build.mjs | 125 +++++++++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 build.mjs diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..472a29e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,95 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '15 14 * * 6' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: 'c-cpp' + build-mode: 'manual' + sourceDirectory: './addon' + - language: 'javascript-typescript' + build-mode: 'none' + sourceDirectory: "./src" + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + source-root: ${{ matrix.sourceDirectory }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + npm install + node ./github/workflows/libmongocrypt.mjs + npm run prebuild + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/build.mjs b/build.mjs new file mode 100644 index 0000000..aea1f78 --- /dev/null +++ b/build.mjs @@ -0,0 +1,125 @@ +import util from 'node:util'; +import process from 'node:process'; +import fs from 'node:fs/promises'; +import child_process from 'node:child_process'; +import events from 'node:events'; +import path from 'node:path'; + +async function parseArguments() { + const jsonImport = { [process.version.split('.').at(0) === 'v16' ? 'assert' : 'with']: { type: 'json' } }; + const pkg = (await import('./package.json', jsonImport)).default; + const libmongocryptVersion = pkg['mongodb:libmongocrypt']; + + const options = { + url: { short: 'u', type: 'string', default: 'https://github.com/mongodb/libmongocrypt.git' }, + libversion: { short: 'l', type: 'string', default: libmongocryptVersion }, + clean: { short: 'c', type: 'boolean' }, + help: { short: 'h', type: 'boolean' } + }; + + const args = util.parseArgs({ args: process.argv.slice(2), options, allowPositionals: false }); + + if (args.values.help) { + console.log( + `${process.argv[1]} ${[...Object.keys(options)] + .filter(k => k !== 'help') + .map(k => `[--${k}=${options[k].type}]`) + .join(' ')}` + ); + process.exit(0); + } + + return { + libmongocrypt: { url: args.values.url, ref: args.values.libversion }, + clean: args.values.clean + }; +} + +/** `xtrace` style command runner, uses spawn so that stdio is inherited */ +async function run(command, args = [], options = {}) { + console.error(`+ ${command} ${args.join(' ')}`, options.cwd ? `(in: ${options.cwd})` : ''); + await events.once(child_process.spawn(command, args, { stdio: 'inherit', ...options }), 'exit'); +} + +/** CLI flag maker: `toFlags({a: 1, b: 2})` yields `['-a=1', '-b=2']` */ +function toFlags(object) { + return Array.from(Object.entries(object)).map(([k, v]) => `-${k}=${v}`); +} + +const args = await parseArguments(); +const libmongocryptRoot = path.resolve('_libmongocrypt'); + +const currentLibMongoCryptBranch = await fs.readFile(path.join(libmongocryptRoot, '.git', 'HEAD'), 'utf8').catch(() => '') +const libmongocryptAlreadyClonedAndCheckedOut = currentLibMongoCryptBranch.trim().endsWith(`r-${args.libmongocrypt.ref}`); + +if (!args.clean && !libmongocryptAlreadyClonedAndCheckedOut) { + console.error('fetching libmongocrypt...', args.libmongocrypt); + await fs.rm(libmongocryptRoot, { recursive: true, force: true }); + await run('git', ['clone', args.libmongocrypt.url, libmongocryptRoot]); + await run('git', ['fetch', '--tags'], { cwd: libmongocryptRoot }); + await run('git', ['checkout', args.libmongocrypt.ref, '-b', `r-${args.libmongocrypt.ref}`], { cwd: libmongocryptRoot }); +} else { + console.error('libmongocrypt already up to date...', args.libmongocrypt); +} + +const libmongocryptBuiltVersion = await fs.readFile(path.join(libmongocryptRoot, 'VERSION_CURRENT'), 'utf8').catch(() => ''); +const libmongocryptAlreadyBuilt = libmongocryptBuiltVersion.trim() === args.libmongocrypt.ref; + +if (!args.clean && !libmongocryptAlreadyBuilt) { + console.error('building libmongocrypt...\n', args); + + const nodeDepsRoot = path.resolve('deps'); + const nodeBuildRoot = path.resolve(nodeDepsRoot, 'tmp', 'libmongocrypt-build'); + + await fs.rm(nodeBuildRoot, { recursive: true, force: true }); + await fs.mkdir(nodeBuildRoot, { recursive: true }); + + const CMAKE_FLAGS = toFlags({ + /** + * We provide crypto hooks from Node.js binding to openssl (so disable system crypto) + * TODO: NODE-5455 + * + * One thing that is not obvious from the build instructions for libmongocrypt + * and the Node.js bindings is that the Node.js driver uses libmongocrypt in + * DISABLE_NATIVE_CRYPTO aka nocrypto mode, that is, instead of using native + * system libraries for crypto operations, it provides callbacks to libmongocrypt + * which, in the Node.js addon case, call JS functions that in turn call built-in + * Node.js crypto methods. + * + * That’s way more convoluted than it needs to be, considering that we always + * have a copy of OpenSSL available directly, but for now it seems to make sense + * to stick with what the Node.js addon does here. + */ + DDISABLE_NATIVE_CRYPTO: '1', + /** A consistent name for the output "library" directory */ + DCMAKE_INSTALL_LIBDIR: 'lib', + /** No warnings allowed */ + DENABLE_MORE_WARNINGS_AS_ERRORS: 'ON', + /** Where to build libmongocrypt */ + DCMAKE_PREFIX_PATH: nodeDepsRoot, + /** + * Where to install libmongocrypt + * Note that `binding.gyp` will set `./deps/include` + * as an include path if BUILD_TYPE=static + */ + DCMAKE_INSTALL_PREFIX: nodeDepsRoot + }); + + const WINDOWS_CMAKE_FLAGS = + process.platform === 'win32' // Windows is still called "win32" when it is 64-bit + ? toFlags({ Thost: 'x64', A: 'x64', DENABLE_WINDOWS_STATIC_RUNTIME: 'ON' }) + : []; + + const MACOS_CMAKE_FLAGS = + process.platform === 'darwin' // The minimum macos target version we want for + ? toFlags({ DCMAKE_OSX_DEPLOYMENT_TARGET: '10.12' }) + : []; + + await run('cmake', [...CMAKE_FLAGS, ...WINDOWS_CMAKE_FLAGS, ...MACOS_CMAKE_FLAGS, libmongocryptRoot], { cwd: nodeBuildRoot }); + await run('cmake', ['--build', '.', '--target', 'install', '--config', 'RelWithDebInfo'], { cwd: nodeBuildRoot }); +} else { + console.error('libmongocrypt already built...'); +} + +await run('npm', ['install', '--ignore-scripts']); +await run('npm', ['run', 'rebuild'], { env: { ...process.env, BUILD_TYPE: 'static' } }); \ No newline at end of file From 94146c2403113fe4f1c6eee4a882aeee89ad603e Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 22 May 2024 10:45:22 -0600 Subject: [PATCH 02/15] add test and lint --- .github/workflows/lint.yml | 38 ++++++++++++++++++++++++++++++++++++++ .github/workflows/test.yml | 31 +++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..89f651e --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,38 @@ +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + build: + runs-on: ubuntu-latest + + name: Lint ${{ matrix.lint-target }} + strategy: + matrix: + lint-target: ["c++", "typescript"] + + steps: + - uses: actions/checkout@v4 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + - name: "Build libmongocrypt" + shell: bash + run: | + node .github/scripts/libmongocrypt.mjs + npm install + npm run prebuild + + - if: matrix.lint-target == 'c++' + shell: bash + run: | + npm run check:clang-format + + - if: matrix.lint-target == 'typescript' + shell: bash + run: | + npm run check:eslint diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..880c9c3 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,31 @@ +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + build: + + name: Test (Node ${{ matrix.node-version }}) + runs-on: ubuntu-latest + + strategy: + matrix: + node-version: [16.x, 18.x, 20.x] + + steps: + - uses: actions/checkout@v4 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + cache: 'npm' + - name: "Build libmongocrypt" + shell: bash + run: | + node .github/scripts/libmongocrypt.mjs + npm install + npm run prebuild + - run: npm test + From 6a851a3f646b789c972007242c80dc18aef93b05 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 22 May 2024 10:46:42 -0600 Subject: [PATCH 03/15] remove unnecessary fiels --- .github/workflows/codeql.yml | 95 -------------------------- build.mjs | 125 ----------------------------------- 2 files changed, 220 deletions(-) delete mode 100644 .github/workflows/codeql.yml delete mode 100644 build.mjs diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 472a29e..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,95 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - schedule: - - cron: '15 14 * * 6' - -jobs: - analyze: - name: Analyze (${{ matrix.language }}) - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners (GitHub.com only) - # Consider using larger runners or machines with greater resources for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read - - strategy: - fail-fast: false - matrix: - include: - - language: 'c-cpp' - build-mode: 'manual' - sourceDirectory: './addon' - - language: 'javascript-typescript' - build-mode: 'none' - sourceDirectory: "./src" - # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' - # Use `c-cpp` to analyze code written in C, C++ or both - # Use 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, - # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. - # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how - # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - source-root: ${{ matrix.sourceDirectory }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # If the analyze step fails for one of the languages you are analyzing with - # "We were unable to automatically build your code", modify the matrix above - # to set the build mode to "manual" for that language. Then modify this step - # to build your code. - # ℹ️ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - if: matrix.build-mode == 'manual' - shell: bash - run: | - npm install - node ./github/workflows/libmongocrypt.mjs - npm run prebuild - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "/language:${{matrix.language}}" diff --git a/build.mjs b/build.mjs deleted file mode 100644 index aea1f78..0000000 --- a/build.mjs +++ /dev/null @@ -1,125 +0,0 @@ -import util from 'node:util'; -import process from 'node:process'; -import fs from 'node:fs/promises'; -import child_process from 'node:child_process'; -import events from 'node:events'; -import path from 'node:path'; - -async function parseArguments() { - const jsonImport = { [process.version.split('.').at(0) === 'v16' ? 'assert' : 'with']: { type: 'json' } }; - const pkg = (await import('./package.json', jsonImport)).default; - const libmongocryptVersion = pkg['mongodb:libmongocrypt']; - - const options = { - url: { short: 'u', type: 'string', default: 'https://github.com/mongodb/libmongocrypt.git' }, - libversion: { short: 'l', type: 'string', default: libmongocryptVersion }, - clean: { short: 'c', type: 'boolean' }, - help: { short: 'h', type: 'boolean' } - }; - - const args = util.parseArgs({ args: process.argv.slice(2), options, allowPositionals: false }); - - if (args.values.help) { - console.log( - `${process.argv[1]} ${[...Object.keys(options)] - .filter(k => k !== 'help') - .map(k => `[--${k}=${options[k].type}]`) - .join(' ')}` - ); - process.exit(0); - } - - return { - libmongocrypt: { url: args.values.url, ref: args.values.libversion }, - clean: args.values.clean - }; -} - -/** `xtrace` style command runner, uses spawn so that stdio is inherited */ -async function run(command, args = [], options = {}) { - console.error(`+ ${command} ${args.join(' ')}`, options.cwd ? `(in: ${options.cwd})` : ''); - await events.once(child_process.spawn(command, args, { stdio: 'inherit', ...options }), 'exit'); -} - -/** CLI flag maker: `toFlags({a: 1, b: 2})` yields `['-a=1', '-b=2']` */ -function toFlags(object) { - return Array.from(Object.entries(object)).map(([k, v]) => `-${k}=${v}`); -} - -const args = await parseArguments(); -const libmongocryptRoot = path.resolve('_libmongocrypt'); - -const currentLibMongoCryptBranch = await fs.readFile(path.join(libmongocryptRoot, '.git', 'HEAD'), 'utf8').catch(() => '') -const libmongocryptAlreadyClonedAndCheckedOut = currentLibMongoCryptBranch.trim().endsWith(`r-${args.libmongocrypt.ref}`); - -if (!args.clean && !libmongocryptAlreadyClonedAndCheckedOut) { - console.error('fetching libmongocrypt...', args.libmongocrypt); - await fs.rm(libmongocryptRoot, { recursive: true, force: true }); - await run('git', ['clone', args.libmongocrypt.url, libmongocryptRoot]); - await run('git', ['fetch', '--tags'], { cwd: libmongocryptRoot }); - await run('git', ['checkout', args.libmongocrypt.ref, '-b', `r-${args.libmongocrypt.ref}`], { cwd: libmongocryptRoot }); -} else { - console.error('libmongocrypt already up to date...', args.libmongocrypt); -} - -const libmongocryptBuiltVersion = await fs.readFile(path.join(libmongocryptRoot, 'VERSION_CURRENT'), 'utf8').catch(() => ''); -const libmongocryptAlreadyBuilt = libmongocryptBuiltVersion.trim() === args.libmongocrypt.ref; - -if (!args.clean && !libmongocryptAlreadyBuilt) { - console.error('building libmongocrypt...\n', args); - - const nodeDepsRoot = path.resolve('deps'); - const nodeBuildRoot = path.resolve(nodeDepsRoot, 'tmp', 'libmongocrypt-build'); - - await fs.rm(nodeBuildRoot, { recursive: true, force: true }); - await fs.mkdir(nodeBuildRoot, { recursive: true }); - - const CMAKE_FLAGS = toFlags({ - /** - * We provide crypto hooks from Node.js binding to openssl (so disable system crypto) - * TODO: NODE-5455 - * - * One thing that is not obvious from the build instructions for libmongocrypt - * and the Node.js bindings is that the Node.js driver uses libmongocrypt in - * DISABLE_NATIVE_CRYPTO aka nocrypto mode, that is, instead of using native - * system libraries for crypto operations, it provides callbacks to libmongocrypt - * which, in the Node.js addon case, call JS functions that in turn call built-in - * Node.js crypto methods. - * - * That’s way more convoluted than it needs to be, considering that we always - * have a copy of OpenSSL available directly, but for now it seems to make sense - * to stick with what the Node.js addon does here. - */ - DDISABLE_NATIVE_CRYPTO: '1', - /** A consistent name for the output "library" directory */ - DCMAKE_INSTALL_LIBDIR: 'lib', - /** No warnings allowed */ - DENABLE_MORE_WARNINGS_AS_ERRORS: 'ON', - /** Where to build libmongocrypt */ - DCMAKE_PREFIX_PATH: nodeDepsRoot, - /** - * Where to install libmongocrypt - * Note that `binding.gyp` will set `./deps/include` - * as an include path if BUILD_TYPE=static - */ - DCMAKE_INSTALL_PREFIX: nodeDepsRoot - }); - - const WINDOWS_CMAKE_FLAGS = - process.platform === 'win32' // Windows is still called "win32" when it is 64-bit - ? toFlags({ Thost: 'x64', A: 'x64', DENABLE_WINDOWS_STATIC_RUNTIME: 'ON' }) - : []; - - const MACOS_CMAKE_FLAGS = - process.platform === 'darwin' // The minimum macos target version we want for - ? toFlags({ DCMAKE_OSX_DEPLOYMENT_TARGET: '10.12' }) - : []; - - await run('cmake', [...CMAKE_FLAGS, ...WINDOWS_CMAKE_FLAGS, ...MACOS_CMAKE_FLAGS, libmongocryptRoot], { cwd: nodeBuildRoot }); - await run('cmake', ['--build', '.', '--target', 'install', '--config', 'RelWithDebInfo'], { cwd: nodeBuildRoot }); -} else { - console.error('libmongocrypt already built...'); -} - -await run('npm', ['install', '--ignore-scripts']); -await run('npm', ['run', 'rebuild'], { env: { ...process.env, BUILD_TYPE: 'static' } }); \ No newline at end of file From 03521248179e49d6c2191b21efc88b74e57d9262 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 22 May 2024 10:47:31 -0600 Subject: [PATCH 04/15] add names --- .github/workflows/lint.yml | 2 ++ .github/workflows/test.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 89f651e..4a7ed10 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,3 +1,5 @@ +name: Lint + on: push: branches: [ "main" ] diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 880c9c3..4cd2857 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,3 +1,5 @@ +name: Test + on: push: branches: [ "main" ] From 039f9ed1b41a2e50a49de96622d7222ccaf2aeb2 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 22 May 2024 10:48:11 -0600 Subject: [PATCH 05/15] add names --- .github/workflows/lint.yml | 2 +- .github/workflows/test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4a7ed10..836f66c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: build: runs-on: ubuntu-latest - name: Lint ${{ matrix.lint-target }} + name: ${{ matrix.lint-target }} strategy: matrix: lint-target: ["c++", "typescript"] diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4cd2857..8a1171e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ on: jobs: build: - name: Test (Node ${{ matrix.node-version }}) + name: Node ${{ matrix.node-version }} runs-on: ubuntu-latest strategy: From 74f96c8c0f0e3a668d3fce07b102c79f997e8bc1 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Wed, 22 May 2024 10:48:50 -0600 Subject: [PATCH 06/15] parameterize build platform for action --- .github/workflows/test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8a1171e..f72e5d5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,11 +10,12 @@ jobs: build: name: Node ${{ matrix.node-version }} - runs-on: ubuntu-latest + runs-on: ${{matrix.platform}} strategy: matrix: node-version: [16.x, 18.x, 20.x] + platform: [ubuntu-latest] steps: - uses: actions/checkout@v4 From 7c24f0aeda0629c9e9d73f88f10353116eb5a095 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Fri, 31 May 2024 13:56:20 -0600 Subject: [PATCH 07/15] add testing to build pipelien --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1270be7..f83316e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,6 +20,10 @@ jobs: run: node .github/scripts/libmongocrypt.mjs ${{ runner.os == 'Windows' && '--build' || '' }} shell: bash + - name: Test ${{ matrix.os }} + shell: bash + run: npm run test + - id: upload name: Upload prebuild uses: actions/upload-artifact@v4 From 3ce81081c23cb9685b0926d9cdb5d54d9ead6fd9 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 3 Jun 2024 10:45:39 -0600 Subject: [PATCH 08/15] test in build pipeline too --- .github/docker/Dockerfile.glibc | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/docker/Dockerfile.glibc b/.github/docker/Dockerfile.glibc index c114db0..8130edd 100644 --- a/.github/docker/Dockerfile.glibc +++ b/.github/docker/Dockerfile.glibc @@ -5,6 +5,7 @@ WORKDIR /mongodb-client-encryption COPY . . RUN node /mongodb-client-encryption/.github/scripts/libmongocrypt.mjs +RUN npm run test FROM scratch From a1761bdf3e63a7f2d98293cf825975bb0665e18a Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 3 Jun 2024 11:08:37 -0600 Subject: [PATCH 09/15] misc cleanup and test fix --- .github/workflows/build.yml | 2 +- test/release.test.ts | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f83316e..49a4107 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,7 @@ on: branches: [main] workflow_dispatch: {} -name: build +name: Build and Test jobs: host_builds: diff --git a/test/release.test.ts b/test/release.test.ts index 11e1250..65b6503 100644 --- a/test/release.test.ts +++ b/test/release.test.ts @@ -24,8 +24,14 @@ const REQUIRED_FILES = [ describe(`Release ${packFile}`, function () { this.timeout(10000); + beforeEach(function() { + if (process.arch !== 'x64') { + this.skip(); + } + }); + let tarFileList; - before(() => { + beforeEach(() => { expect(fs.existsSync(packFile)).to.equal(false); cp.execSync('npm pack', { stdio: 'ignore' }); tarFileList = []; @@ -38,7 +44,7 @@ describe(`Release ${packFile}`, function () { }); }); - after(() => { + afterEach(() => { fs.unlinkSync(packFile); }); From d2a2b76a14538b4724c8697d75f928d0b88a424e Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 3 Jun 2024 11:29:01 -0600 Subject: [PATCH 10/15] fix release test --- .github/workflows/build.yml | 2 ++ .github/workflows/test.yml | 34 ---------------------------------- test/release.test.ts | 4 +++- 3 files changed, 5 insertions(+), 35 deletions(-) delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 49a4107..fc7b721 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,6 +13,7 @@ jobs: matrix: os: [macos-11, macos-latest, windows-2019] runs-on: ${{ matrix.os }} + name: ${{ matrox.os }} steps: - uses: actions/checkout@v4 @@ -41,6 +42,7 @@ jobs: strategy: matrix: linux_arch: [s390x, arm64, amd64] + name: ${{ matrox.linux_arch }} steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index f72e5d5..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Test - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -jobs: - build: - - name: Node ${{ matrix.node-version }} - runs-on: ${{matrix.platform}} - - strategy: - matrix: - node-version: [16.x, 18.x, 20.x] - platform: [ubuntu-latest] - - steps: - - uses: actions/checkout@v4 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: ${{ matrix.node-version }} - cache: 'npm' - - name: "Build libmongocrypt" - shell: bash - run: | - node .github/scripts/libmongocrypt.mjs - npm install - npm run prebuild - - run: npm test - diff --git a/test/release.test.ts b/test/release.test.ts index 65b6503..a82c79b 100644 --- a/test/release.test.ts +++ b/test/release.test.ts @@ -45,7 +45,9 @@ describe(`Release ${packFile}`, function () { }); afterEach(() => { - fs.unlinkSync(packFile); + if (process.arch === 'x64') { + fs.unlinkSync(packFile); + } }); for (const requiredFile of REQUIRED_FILES) { From aea19c615ee35d905f90794e164300b1d40aee63 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 3 Jun 2024 11:30:52 -0600 Subject: [PATCH 11/15] revert changes to build? --- .github/workflows/build.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fc7b721..49a4107 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,7 +13,6 @@ jobs: matrix: os: [macos-11, macos-latest, windows-2019] runs-on: ${{ matrix.os }} - name: ${{ matrox.os }} steps: - uses: actions/checkout@v4 @@ -42,7 +41,6 @@ jobs: strategy: matrix: linux_arch: [s390x, arm64, amd64] - name: ${{ matrox.linux_arch }} steps: - uses: actions/checkout@v4 From b55e2fb17006f3893e249acb94a3b83723b8ff6a Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Mon, 3 Jun 2024 12:07:29 -0600 Subject: [PATCH 12/15] add convenience method for install and fix lint --- package.json | 1 + test/release.test.ts | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 090045a..b7dc921 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ "lib": "lib" }, "scripts": { + "install:libmongocrypt": "node .github/scripts/libmongocrypt.mjs", "install": "prebuild-install --runtime napi || node-gyp rebuild", "clang-format": "clang-format --style=file:.clang-format --Werror -i addon/*", "check:eslint": "eslint src test", diff --git a/test/release.test.ts b/test/release.test.ts index a82c79b..c503c22 100644 --- a/test/release.test.ts +++ b/test/release.test.ts @@ -24,7 +24,7 @@ const REQUIRED_FILES = [ describe(`Release ${packFile}`, function () { this.timeout(10000); - beforeEach(function() { + beforeEach(function () { if (process.arch !== 'x64') { this.skip(); } From a1e3822cbe8c780bd50ab1dd661aa0017203799f Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 11 Jun 2024 09:33:13 -0600 Subject: [PATCH 13/15] Update .github/docker/Dockerfile.glibc Co-authored-by: Neal Beeken --- .github/docker/Dockerfile.glibc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/docker/Dockerfile.glibc b/.github/docker/Dockerfile.glibc index 8130edd..d15188a 100644 --- a/.github/docker/Dockerfile.glibc +++ b/.github/docker/Dockerfile.glibc @@ -4,7 +4,7 @@ FROM $NODE_BUILD_IMAGE AS build WORKDIR /mongodb-client-encryption COPY . . -RUN node /mongodb-client-encryption/.github/scripts/libmongocrypt.mjs +RUN npm run install:libmongocrypt RUN npm run test FROM scratch From d57e9b08589931802d03228c29d62b49eff6d584 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 11 Jun 2024 09:34:31 -0600 Subject: [PATCH 14/15] Update .github/workflows/lint.yml --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 836f66c..93efe5e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,7 +25,7 @@ jobs: - name: "Build libmongocrypt" shell: bash run: | - node .github/scripts/libmongocrypt.mjs + npm run install:libmongocrypt npm install npm run prebuild From 5dbd605f2aa2c230fb7223b16fec7e2da44cc5f2 Mon Sep 17 00:00:00 2001 From: Bailey Pearson Date: Tue, 11 Jun 2024 09:35:03 -0600 Subject: [PATCH 15/15] Update .github/workflows/lint.yml --- .github/workflows/lint.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 93efe5e..5b71978 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,8 +26,6 @@ jobs: shell: bash run: | npm run install:libmongocrypt - npm install - npm run prebuild - if: matrix.lint-target == 'c++' shell: bash