mirror of
https://gitee.com/spark-store-project/spark-store
synced 2026-04-26 09:20:18 +08:00
1270405907
- Set `shell: false` in `spawn` calls in `install-manager.ts` to prevent command injection. - Updated `AGENTS.md` to use the secure `shell: false` pattern in examples. - Removed `package-lock.json` from `.gitignore` to support reproducible builds. - Updated GitHub Actions workflows to use `npm install` instead of `npm ci` as a robust fallback. Co-authored-by: vmomenv <51269338+vmomenv@users.noreply.github.com>
144 lines
3.6 KiB
YAML
144 lines
3.6 KiB
YAML
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags:
|
|
- "*"
|
|
paths-ignore:
|
|
- "**.md"
|
|
- "**.spec.js"
|
|
- ".idea"
|
|
- ".vscode"
|
|
- ".dockerignore"
|
|
- "Dockerfile"
|
|
- ".gitignore"
|
|
- ".github/**"
|
|
- "!.github/workflows/build.yml"
|
|
- "!.github/workflows/test.yml"
|
|
pull_request:
|
|
branches: [main]
|
|
paths-ignore:
|
|
- "**.md"
|
|
- "**.spec.js"
|
|
- ".idea"
|
|
- ".vscode"
|
|
- ".dockerignore"
|
|
- "Dockerfile"
|
|
- ".gitignore"
|
|
- ".github/**"
|
|
- "!.github/workflows/build.yml"
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
- name: Run tests
|
|
run: npm run test
|
|
|
|
- name: Run lint
|
|
run: npm run lint
|
|
|
|
build:
|
|
needs: test
|
|
runs-on: ${{ matrix.os }}
|
|
container: ${{ matrix.docker_image }}
|
|
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest]
|
|
package: [deb, rpm]
|
|
architecture: [x64, arm64]
|
|
include:
|
|
- package: deb
|
|
docker_image: "debian:12"
|
|
- package: rpm
|
|
docker_image: "almalinux:8"
|
|
|
|
steps:
|
|
- name: Install Build Dependencies
|
|
if: matrix.package == 'deb'
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y curl git wget devscripts fakeroot equivs lintian python3
|
|
apt-get install -y build-essential
|
|
|
|
- name: Install Build Dependencies
|
|
if: matrix.package == 'rpm'
|
|
run: |
|
|
dnf install -y curl git wget rpm-build rpmdevtools rpmlint python3
|
|
dnf group install -y "Development Tools"
|
|
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: 20
|
|
|
|
- name: Install Dependencies
|
|
run: |
|
|
npm install
|
|
|
|
- name: Download host-spawn
|
|
shell: bash
|
|
run: |
|
|
if [ "${{ matrix.architecture }}" == "x64" ]; then
|
|
curl -fsSL -o ./extras/host-spawn https://github.com/1player/host-spawn/releases/latest/download/host-spawn-x86_64
|
|
elif [ "${{ matrix.architecture }}" == "arm64" ]; then
|
|
curl -fsSL -o ./extras/host-spawn https://github.com/1player/host-spawn/releases/latest/download/host-spawn-aarch64
|
|
fi
|
|
chmod +x ./extras/host-spawn
|
|
|
|
- name: Build Release Files
|
|
shell: bash
|
|
run: |
|
|
if [ "${{ matrix.package }}" == "deb" ]; then
|
|
npm run build:deb -- --${{ matrix.architecture }}
|
|
elif [ "${{ matrix.package }}" == "rpm" ]; then
|
|
npm run build:rpm -- --${{ matrix.architecture }}
|
|
fi
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Upload Artifact
|
|
uses: actions/upload-artifact@v6
|
|
with:
|
|
name: release_for_${{ matrix.package }}_${{ matrix.architecture }}
|
|
path: release/**/*.${{ matrix.package }}
|
|
retention-days: 5
|
|
|
|
release:
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
steps:
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@v7
|
|
with:
|
|
path: artifacts
|
|
|
|
- name: Upload to GitHub Release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
tag_name: ${{ github.ref_name }}
|
|
files: |
|
|
artifacts/**/*.deb
|
|
artifacts/**/*.rpm
|
|
generate_release_notes: true
|