From f85824248b67315e86478562c091a8fdc46dda44 Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 13:03:39 -0700 Subject: [PATCH 1/8] Use SLSA publish action to include verified build source --- .github/workflows/publish.yaml | 37 +++++++++++++++++++++++++--------- package.json | 3 +++ test/runTests.js | 13 +++++++++--- 3 files changed, 40 insertions(+), 13 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 9a88554..89a846a 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,16 +5,33 @@ on: types: [created] jobs: - publish-npm: + build: + permissions: + id-token: write # For signing + contents: read # For repo checkout. + actions: read # For getting workflow run info. + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.7.0 + with: + run-scripts: "i, test" + publish: + needs: [build] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - name: Set up Node registry authentication + uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 with: - node-version: 14 - registry-url: https://registry.npmjs.org/ - - run: npm i - - run: node test/validateModuleExportsMatchCommonJS/index.js - - run: npm publish - env: - NODE_AUTH_TOKEN: ${{secrets.npm_token}} + node-version: 18 + registry-url: "https://registry.npmjs.org" + + - name: publish + id: publish + uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@4314fec3d06bb217f163b89466dcd34be65b9bf1 # v1.6.0 + with: + access: public + node-auth-token: ${{ secrets.npm_token }} + package-name: ${{ needs.build.outputs.package-name }} + package-download-name: ${{ needs.build.outputs.package-download-name }} + package-download-sha256: ${{ needs.build.outputs.package-download-sha256 }} + provenance-name: ${{ needs.build.outputs.provenance-name }} + provenance-download-name: ${{ needs.build.outputs.provenance-download-name }} + provenance-download-sha256: ${{ needs.build.outputs.provenance-download-sha256 }} diff --git a/package.json b/package.json index f7284f5..1f860bc 100644 --- a/package.json +++ b/package.json @@ -43,5 +43,8 @@ }, "./*": "./*", "./": "./" + }, + "scripts": { + "test": "node ./test/runTests.js && node test/validateModuleExportsMatchCommonJS/index.js" } } diff --git a/test/runTests.js b/test/runTests.js index 51090c1..b301b5f 100644 --- a/test/runTests.js +++ b/test/runTests.js @@ -14,7 +14,14 @@ const tests = filesInTest // Support setting up the test node modules if (!filesInTest.includes("node_modules")) { console.log("Installing Deps..."); - spawnSync("npm", ["install"], { cwd: __dirname }); + const res = spawnSync("npm", ["install"], { cwd: __dirname, shell: true }); + if (res.error) { + console.error(res.error); + process.exit(res.error.errno || -1); + } + if (res.output) { + console.log(res.output.toString()); + } console.log("Installed"); } @@ -37,13 +44,13 @@ for (const test of tests) { if (pgkJSON.dependencies || pgkJSON.devDependencies) { const nodeModsInstalled = fs.existsSync(path.join(__dirname, test, "node_modules")); if (!nodeModsInstalled) { - spawnSync("npm", ["install"], { cwd: path.join(__dirname, test) }); + spawnSync("npm", ["install"], { cwd: path.join(__dirname, test), shell: true }); } } // Run the test command const results = spawnSync("npm", ["test"], { cwd: path.join(__dirname, test) }); - console.log(results.stdout.toString()) + console.log((results.stdout || "").toString()) if (results.status) { console.log(chalk.bold.red("Error running test: ") + chalk.bold(test)) console.log(results.stderr.toString()) From b6cb2d2edf68f706144ea66361ee305f53a7454a Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 13:19:32 -0700 Subject: [PATCH 2/8] Add last shell: true --- test/runTests.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/runTests.js b/test/runTests.js index b301b5f..aff35c4 100644 --- a/test/runTests.js +++ b/test/runTests.js @@ -49,7 +49,7 @@ for (const test of tests) { } // Run the test command - const results = spawnSync("npm", ["test"], { cwd: path.join(__dirname, test) }); + const results = spawnSync("npm", ["test"], { cwd: path.join(__dirname, test), shell: true }); console.log((results.stdout || "").toString()) if (results.status) { console.log(chalk.bold.red("Error running test: ") + chalk.bold(test)) From eb4e7d68a3ab607164bdee7b1624dcd5800521cf Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 13:24:32 -0700 Subject: [PATCH 3/8] Fix test shell commands to also work on windows --- test/rollup-modules/package.json | 2 +- test/snowpack-modules/package.json | 2 +- test/vite/package.json | 2 +- test/webpack-4-modules/package.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/rollup-modules/package.json b/test/rollup-modules/package.json index 7a9215a..4163d84 100644 --- a/test/rollup-modules/package.json +++ b/test/rollup-modules/package.json @@ -1,5 +1,5 @@ { "scripts": { - "test": "../node_modules/.bin/rollup -c rollup.config.js && node build/index.js" + "test": "..\\node_modules\\.bin\\rollup -c rollup.config.js && node build/index.js" } } diff --git a/test/snowpack-modules/package.json b/test/snowpack-modules/package.json index ca7826b..67d2098 100644 --- a/test/snowpack-modules/package.json +++ b/test/snowpack-modules/package.json @@ -2,7 +2,7 @@ "type": "module", "scripts": { - "test": "../node_modules/.bin/snowpack build; node build/index.js" + "test": "..\\node_modules\\.bin\\snowpack build && node build/index.js" }, "engines": { "node": "14" diff --git a/test/vite/package.json b/test/vite/package.json index 3609e6b..8b09130 100644 --- a/test/vite/package.json +++ b/test/vite/package.json @@ -1,5 +1,5 @@ { "scripts": { - "test": "../node_modules/.bin/vite build && node build/index.js" + "test": "..\\node_modules\\.bin\\vite build && node build/index.js" } } diff --git a/test/webpack-4-modules/package.json b/test/webpack-4-modules/package.json index 3601cac..1eaee64 100644 --- a/test/webpack-4-modules/package.json +++ b/test/webpack-4-modules/package.json @@ -1,5 +1,5 @@ { "scripts": { - "test": "../node_modules/.bin/webpack && node build/main.js" + "test": "..\\node_modules\\.bin\\webpack && node build/main.js" } } From 04d5d66fe7ec4fefb27489cdd17acbe27686def0 Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 13:34:16 -0700 Subject: [PATCH 4/8] Just stop using relative paths to bin files --- test/rollup-modules/package.json | 2 +- test/snowpack-modules/package.json | 2 +- test/vite/package.json | 2 +- test/webpack-4-modules/package.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/rollup-modules/package.json b/test/rollup-modules/package.json index 4163d84..8dab5af 100644 --- a/test/rollup-modules/package.json +++ b/test/rollup-modules/package.json @@ -1,5 +1,5 @@ { "scripts": { - "test": "..\\node_modules\\.bin\\rollup -c rollup.config.js && node build/index.js" + "test": "rollup -c rollup.config.js && node build/index.js" } } diff --git a/test/snowpack-modules/package.json b/test/snowpack-modules/package.json index 67d2098..af661be 100644 --- a/test/snowpack-modules/package.json +++ b/test/snowpack-modules/package.json @@ -2,7 +2,7 @@ "type": "module", "scripts": { - "test": "..\\node_modules\\.bin\\snowpack build && node build/index.js" + "test": "snowpack build && node build/index.js" }, "engines": { "node": "14" diff --git a/test/vite/package.json b/test/vite/package.json index 8b09130..35ff03b 100644 --- a/test/vite/package.json +++ b/test/vite/package.json @@ -1,5 +1,5 @@ { "scripts": { - "test": "..\\node_modules\\.bin\\vite build && node build/index.js" + "test": "vite build && node build/index.js" } } diff --git a/test/webpack-4-modules/package.json b/test/webpack-4-modules/package.json index 1eaee64..04c09f4 100644 --- a/test/webpack-4-modules/package.json +++ b/test/webpack-4-modules/package.json @@ -1,5 +1,5 @@ { "scripts": { - "test": "..\\node_modules\\.bin\\webpack && node build/main.js" + "test": "webpack && node build/main.js" } } From 3cf542723232db756b22395a02d9ef3b0242a6bf Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 14:54:38 -0700 Subject: [PATCH 5/8] Use the same npm version across all node versions tested to bin files are loaded in the same way --- .github/workflows/CI.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 305f5c0..8194794 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -18,6 +18,9 @@ jobs: with: node-version: ${{ matrix.node-version }} + - name: Update npm + run: npm i -g npm@9.7.1 + - name: Run tests run: node ./test/runTests.js From 0f7429f092f7e7655c192dcb3ed4326a104bfbbd Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 14:57:04 -0700 Subject: [PATCH 6/8] Older npm (why do we still test on node 12, again?) --- .github/workflows/CI.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 8194794..5409198 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -19,7 +19,7 @@ jobs: node-version: ${{ matrix.node-version }} - name: Update npm - run: npm i -g npm@9.7.1 + run: npm i -g npm@8.19.4 - name: Run tests run: node ./test/runTests.js From 51e946d1b4736c0dbe6cc6c7d081619fe94a4bd5 Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 16:31:03 -0700 Subject: [PATCH 7/8] Use 1.7.0 SHA, add npm run i alias for npm i --- .github/workflows/publish.yaml | 2 +- package.json | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 89a846a..f5c5f8a 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -25,7 +25,7 @@ jobs: - name: publish id: publish - uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@4314fec3d06bb217f163b89466dcd34be65b9bf1 # v1.6.0 + uses: slsa-framework/slsa-github-generator/actions/nodejs/publish@e55b76ce421082dfa4b34a6ac3c5e59de0f3bb58 # v1.7.0 with: access: public node-auth-token: ${{ secrets.npm_token }} diff --git a/package.json b/package.json index 1f860bc..970f621 100644 --- a/package.json +++ b/package.json @@ -45,6 +45,7 @@ "./": "./" }, "scripts": { + "i": "npm i", "test": "node ./test/runTests.js && node test/validateModuleExportsMatchCommonJS/index.js" } } From 8ed2bbe9a3c1aad53b1148c4da5d530093969ea3 Mon Sep 17 00:00:00 2001 From: Wesley Wigham Date: Wed, 14 Jun 2023 16:38:40 -0700 Subject: [PATCH 8/8] Test in seperate build phase from packaging --- .github/workflows/publish.yaml | 15 +++++++++++++-- package.json | 1 - 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index f5c5f8a..8840e4d 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,14 +5,25 @@ on: types: [created] jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Use node version 18 + uses: actions/setup-node@v1 + with: + node-version: 18 + - name: Update npm + run: npm i -g npm@8.19.4 + - name: Run tests + run: npm run test build: + needs: [test] permissions: id-token: write # For signing contents: read # For repo checkout. actions: read # For getting workflow run info. uses: slsa-framework/slsa-github-generator/.github/workflows/builder_nodejs_slsa3.yml@v1.7.0 - with: - run-scripts: "i, test" publish: needs: [build] runs-on: ubuntu-latest diff --git a/package.json b/package.json index 970f621..1f860bc 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,6 @@ "./": "./" }, "scripts": { - "i": "npm i", "test": "node ./test/runTests.js && node test/validateModuleExportsMatchCommonJS/index.js" } }