# Copyright 2025 Signal Messenger, LLC # SPDX-License-Identifier: AGPL-3.0-only name: Publish on: workflow_dispatch: inputs: dry_run: description: "Just build, don't publish" default: false required: false type: boolean npm_tag: description: 'NPM tag' required: true default: 'latest' jobs: prebuild: strategy: matrix: os: [windows-latest, macos-latest] buildType: ['production', 'profiling'] include: - os: macos-latest target: arm64 cross-target: x64 rust-cross-target: x86_64-apple-darwin - os: windows-latest target: x64 cross-target: arm64 rust-cross-target: aarch64-pc-windows-msvc runs-on: ${{ matrix.os }} timeout-minutes: 30 steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup pnpm uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 with: version: 10.18.1 - name: Get Node version from .nvmrc id: get-nvm-version shell: bash run: echo "node-version=$(cat .nvmrc)" >> $GITHUB_OUTPUT - name: Setup node.js uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version-file: '.nvmrc' - name: Update package.json if: ${{ matrix.buildType == 'profiling' }} run: pnpm version prerelease --no-git-tag-version --preid profiling - name: Install node_modules run: pnpm install --frozen-lockfile - run: rustup toolchain install $(cat rust-toolchain) --profile minimal --target ${{ matrix.rust-cross-target }} - name: Install dump_syms run: cargo install dump_syms --no-default-features --features cli - name: Prebuild ${{ matrix.target }} run: | pnpm prebuildify --target '${{ steps.get-nvm-version.outputs.node-version }}' --arch ${{ matrix.target }} - name: Prebuild ${{ matrix.cross-target }} run: pnpm prebuildify --target '${{ steps.get-nvm-version.outputs.node-version }}' --arch ${{ matrix.cross-target }} - name: Upload artifacts uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: sqlcipher-${{matrix.buildType}}-${{matrix.os}} path: prebuilds/* prebuild_linux: runs-on: ubuntu-latest timeout-minutes: 30 strategy: matrix: buildType: ['production', 'profiling'] steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup pnpm uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 with: version: 10.18.1 - name: Get Node version from .nvmrc id: get-nvm-version shell: bash run: echo "node-version=$(cat .nvmrc)" >> $GITHUB_OUTPUT - name: Setup node.js uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version-file: '.nvmrc' - name: Update package.json if: ${{ matrix.buildType == 'profiling' }} run: pnpm version prerelease --no-git-tag-version --preid profiling - name: Build in docker container run: ./docker-prebuildify.sh - name: Upload artifacts uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 with: name: sqlcipher-${{matrix.buildType}}-linux-latest path: prebuilds/* publish: name: Publish permissions: # Required for OIDC id-token: 'write' # Needed for ncipollo/release-action. contents: 'write' runs-on: ubuntu-latest needs: [prebuild, prebuild_linux] timeout-minutes: 45 steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup pnpm uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 with: version: 10.18.1 - name: Setup node.js uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0 with: node-version-file: '.nvmrc' registry-url: 'https://registry.npmjs.org/' - name: Update npm run: npm install -g npm@latest - name: Download built production libraries uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.19.1 with: pattern: sqlcipher-production-* path: prebuilds merge-multiple: true - name: Install node_modules run: pnpm install --frozen-lockfile - name: Build run: pnpm build - name: Lint run: pnpm lint - name: Production Tests run: pnpm test env: PREBUILDS_ONLY: 1 - name: Publish production run: pnpm publish --tag '${{ github.event.inputs.npm_tag }}' --access public --no-git-checks ${{ inputs.dry_run && '--dry-run' || ''}} - name: Rename symbols run: | mv prebuilds/darwin-arm64/node_sqlcipher.sym prebuilds/node_sqlcipher_darwin_arm64.sym mv prebuilds/darwin-x64/node_sqlcipher.sym prebuilds/node_sqlcipher_darwin_x64.sym mv prebuilds/linux-arm64/node_sqlcipher.sym prebuilds/node_sqlcipher_linux_arm64.sym mv prebuilds/linux-x64/node_sqlcipher.sym prebuilds/node_sqlcipher_linux_x64.sym mv prebuilds/win32-arm64/node_sqlcipher.sym prebuilds/node_sqlcipher_win32_arm64.sym mv prebuilds/win32-x64/node_sqlcipher.sym prebuilds/node_sqlcipher_win32_x64.sym # This step is expected to fail if not run on a tag. - name: Upload debug info to release uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0 with: allowUpdates: true artifactErrorsFailBuild: true artifacts: prebuilds/node_sqlcipher_*.sym - name: Update package.json version to profiling run: pnpm version prerelease --no-git-tag-version --preid profiling - name: Remove production prebuilds run: rm -rf prebuilds - name: Download built profiling libraries uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.19.1 with: pattern: sqlcipher-profiling-* path: prebuilds merge-multiple: true - name: Profiling build tests run: pnpm test env: PREBUILDS_ONLY: 1 - name: Publish profiling run: pnpm publish --tag 'profiling' --access public --no-git-checks ${{ inputs.dry_run && '--dry-run' || ''}}