diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..586dd863f --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,132 @@ +name: Build node-oracledb packages + +on: + push: + tags: + - v* + workflow_dispatch: +permissions: + contents: read + +jobs: + build_linux_binaries: + name: Build binaries for Linux + runs-on: ${{ matrix.os }} + strategy: + matrix: + include: + - os: ubuntu-24.04 + platform: x64 + container: node:24 + - os: ubuntu-24.04-arm + platform: arm64 + container: node:24 + container: ${{ matrix.container }} + + steps: + - uses: actions/checkout@v6 + with: + submodules: true + + - name: Install build dependencies + run: apt-get update && apt-get install -y build-essential python3 + + - name: Install dependencies + run: npm install + + - name: Build binary artifacts + run: npm run buildbinary + + - name: Upload binary artifacts + uses: actions/upload-artifact@v6 + with: + name: oracledb_linux_${{ matrix.platform }} + path: package/Staging/ + + build_macos_binaries: + name: Build binary for macOS ${{ matrix.platform }} + runs-on: macos-14 # macOS ARM64 + + steps: + - uses: actions/checkout@v6 + with: + submodules: true + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '24' + + - name: Install dependencies + run: npm install + + - name: Build binary artifacts + run: npm run buildbinary + + - name: Upload binary artifacts + uses: actions/upload-artifact@v6 + with: + name: oracledb_macos_arm64 + path: package/Staging/ + + build_windows_binaries: + name: Build binary for Windows x64 + runs-on: windows-latest + + steps: + - uses: actions/checkout@v6 + with: + submodules: true + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '24' + + - name: Install dependencies + run: npm install + + - name: Build binary artifacts + run: npm run buildbinary + + - name: Upload binary artifacts + uses: actions/upload-artifact@v6 + with: + name: oracledb_windows_x64 + path: package/Staging/ + + combine_artifacts: + name: Combine binary artifacts and build package + needs: [build_linux_binaries, build_macos_binaries, build_windows_binaries] + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v6 + with: + submodules: true + + - name: Set up Node.js + uses: actions/setup-node@v6 + with: + node-version: '24' + + - name: Download binary artifacts + uses: actions/download-artifact@v6 + with: + path: package/ + + - name: Merge binary files + run: | + mkdir -p package/Staging + for dir in package/oracledb_*; do + mv "$dir"/* package/Staging/ || true + done + + - name: Build package + run: npm run buildpackage + + - name: Upload package artifact + uses: actions/upload-artifact@v6 + with: + name: node-oracledb-package + path: oracledb-*.tgz diff --git a/.github/workflows/macaron-check-github-actions.yml b/.github/workflows/macaron-check-github-actions.yml new file mode 100644 index 000000000..e625d3abc --- /dev/null +++ b/.github/workflows/macaron-check-github-actions.yml @@ -0,0 +1,32 @@ +name: Macaron check-github-actions +on: + push: + branches: + - main + paths: + - .github/workflows/** + pull_request: + paths: + - .github/workflows/** + workflow_dispatch: + schedule: + - cron: 20 15 * * 3 +permissions: + contents: read + +jobs: + macaron-check-github-actions: + name: Macaron policy verification + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + - name: Run Macaron Security Analysis + uses: oracle/macaron@b31acfe389133a5587d9639063ec70cb84e7bc47 # v0.23.0 + with: + repo_path: "https://github.com/${{ github.repository }}" + policy_file: check-github-actions + policy_purl: "pkg:github.com/${{ github.repository }}@.*" + reports_retention_days: 90