From 54b8d896c62bd9c20174d119a26a3e8824c7037c Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 12:49:12 +0530 Subject: [PATCH 01/15] Add GitHub Actions workflow for node-oracledb build This workflow builds node-oracledb packages for multiple platforms and manages staging artifacts. --- .github/workflows/main.yml | 84 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..b0837ed7c --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,84 @@ +name: Build node-oracledb Packages + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + build: + strategy: + matrix: + platform: + - windows-x64 + - linux-x64 + - linux-arm64 + - macos-arm64 + + runs-on: ${{ matrix.platform == 'windows-x64' && 'windows-latest' || matrix.platform == 'linux-x64' && 'ubuntu-latest' || matrix.platform == 'macos-arm64' && 'macos-14' || '[self-hosted, linux, ARM64]' }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: true + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install build dependencies (Linux) + if: contains(matrix.platform, 'linux') + run: sudo apt-get update && sudo apt-get install -y build-essential python3 + + - name: Install dependencies + run: npm install + + - name: Build binary + run: npm run buildbinary + + - name: Upload Staging artifact + uses: actions/upload-artifact@v4 + with: + name: staging-${{ matrix.platform }} + path: package/Staging/ + + package: + needs: build + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + submodules: true + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Download Staging artifacts + uses: actions/download-artifact@v4 + with: + path: package/ + + - name: Merge Staging files + run: | + mkdir -p package/Staging + for dir in package/staging-*; do + mv "$dir"/* package/Staging/ || true + done + + - name: Build package + run: npm run buildpackage + + - name: Upload package artifact + uses: actions/upload-artifact@v4 + with: + name: node-oracledb-package + path: oracledb-*.tgz From 2c34cc799b152b3282b0bbf1769f82942f0d1796 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 13:21:08 +0530 Subject: [PATCH 02/15] Refactor GitHub Actions workflow for package builds --- .github/workflows/main.yml | 105 ++++++++++++++++++++++++++++--------- 1 file changed, 81 insertions(+), 24 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b0837ed7c..881f3264a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,28 +1,61 @@ -name: Build node-oracledb Packages +name: Build node-oracledb packages on: push: - branches: - - main - pull_request: - branches: - - main + tags: + - v* + workflow_dispatch: + inputs: + tgt: + description: List of package targets to build + default: 'Linux, macOS, Windows' + required: false jobs: - build: + + build_linux_binaries: + name: Build binaries for Linux + if: contains(inputs.tgt, 'Linux') || inputs.tgt == '' + runs-on: ${{ matrix.os }} strategy: matrix: - platform: - - windows-x64 - - linux-x64 - - linux-arm64 - - macos-arm64 + include: + - os: ubuntu-latest + platform: x64 + container: node:20 + - os: ubuntu-latest # Adjust for ARM64 runner; GitHub has beta ARM64 runners + platform: arm64 + container: node:20-arm64 - runs-on: ${{ matrix.platform == 'windows-x64' && 'windows-latest' || matrix.platform == 'linux-x64' && 'ubuntu-latest' || matrix.platform == 'macos-arm64' && 'macos-14' || '[self-hosted, linux, ARM64]' }} + container: ${{ matrix.container }} steps: - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + submodules: true + + - name: Install build dependencies + run: apt-get update && apt-get install -y build-essential python3 + + - name: Install dependencies + run: npm install + + - name: Build binary + run: npm run buildbinary + + - name: Upload Staging artifact + uses: actions/upload-artifact@v4 + with: + name: Linux_${{ matrix.platform }}_staging + path: package/Staging/ + + build_macos_binaries: + name: Build binary for macOS ${{ matrix.platform }} + if: contains(inputs.tgt, 'macOS') || inputs.tgt == '' + runs-on: macos-14 # macOS ARM64 + + steps: + - uses: actions/checkout@v4 with: submodules: true @@ -31,9 +64,32 @@ jobs: with: node-version: '20' - - name: Install build dependencies (Linux) - if: contains(matrix.platform, 'linux') - run: sudo apt-get update && sudo apt-get install -y build-essential python3 + - name: Install dependencies + run: npm install + + - name: Build binary + run: npm run buildbinary + + - name: Upload Staging artifact + uses: actions/upload-artifact@v4 + with: + name: macos_arm64_staging + path: package/Staging/ + + build_windows_binaries: + name: Build binary for Windows x64 + if: contains(inputs.tgt, 'Windows') || inputs.tgt == '' + runs-on: windows-latest + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' - name: Install dependencies run: npm install @@ -44,16 +100,17 @@ jobs: - name: Upload Staging artifact uses: actions/upload-artifact@v4 with: - name: staging-${{ matrix.platform }} + name: windows_x64_staging path: package/Staging/ - package: - needs: build + combine_artifacts: + name: Combine artifacts and build package + if: ${{ always() }} + needs: [build_linux_binaries, build_macos_binaries, build_windows_binaries] runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v4 + - uses: actions/checkout@v4 with: submodules: true @@ -70,7 +127,7 @@ jobs: - name: Merge Staging files run: | mkdir -p package/Staging - for dir in package/staging-*; do + for dir in package/*_staging; do mv "$dir"/* package/Staging/ || true done From fe2359bb2e8901cda8426953fbdae36d44de0922 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 13:30:34 +0530 Subject: [PATCH 03/15] Update GitHub Actions to use Ubuntu 24.04 --- .github/workflows/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 881f3264a..cd5a408a3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,12 +20,12 @@ jobs: strategy: matrix: include: - - os: ubuntu-latest + - os: ubuntu-24.04 platform: x64 container: node:20 - - os: ubuntu-latest # Adjust for ARM64 runner; GitHub has beta ARM64 runners + - os: ubuntu-24.04-arm platform: arm64 - container: node:20-arm64 + container: node:20 container: ${{ matrix.container }} From 68f8ae2f05ab052b6385627ee1fbd32260758415 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 15:10:28 +0530 Subject: [PATCH 04/15] Rename upload artifact steps for binaries --- .github/workflows/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cd5a408a3..c624acd73 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -43,10 +43,10 @@ jobs: - name: Build binary run: npm run buildbinary - - name: Upload Staging artifact + - name: Upload Binary uses: actions/upload-artifact@v4 with: - name: Linux_${{ matrix.platform }}_staging + name: oracledb_linux_${{ matrix.platform }} path: package/Staging/ build_macos_binaries: @@ -70,10 +70,10 @@ jobs: - name: Build binary run: npm run buildbinary - - name: Upload Staging artifact + - name: Upload binary uses: actions/upload-artifact@v4 with: - name: macos_arm64_staging + name: oracledb_macos_arm64 path: package/Staging/ build_windows_binaries: @@ -97,10 +97,10 @@ jobs: - name: Build binary run: npm run buildbinary - - name: Upload Staging artifact + - name: Upload binary uses: actions/upload-artifact@v4 with: - name: windows_x64_staging + name: oracledb_windows_x64 path: package/Staging/ combine_artifacts: From 20674494091283b375b1b8e626905d2a26e01bdf Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 15:41:05 +0530 Subject: [PATCH 05/15] Rename steps for clarity in workflow file --- .github/workflows/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c624acd73..806927be6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -40,10 +40,10 @@ jobs: - name: Install dependencies run: npm install - - name: Build binary + - name: Build binary artifacts run: npm run buildbinary - - name: Upload Binary + - name: Upload binary artifacts uses: actions/upload-artifact@v4 with: name: oracledb_linux_${{ matrix.platform }} @@ -67,10 +67,10 @@ jobs: - name: Install dependencies run: npm install - - name: Build binary + - name: Build binary artifacts run: npm run buildbinary - - name: Upload binary + - name: Upload binary artifacts uses: actions/upload-artifact@v4 with: name: oracledb_macos_arm64 @@ -94,17 +94,17 @@ jobs: - name: Install dependencies run: npm install - - name: Build binary + - name: Build binary artifacts run: npm run buildbinary - - name: Upload binary + - name: Upload binary artifacts uses: actions/upload-artifact@v4 with: name: oracledb_windows_x64 path: package/Staging/ combine_artifacts: - name: Combine artifacts and build package + name: Combine binary artifacts and build package if: ${{ always() }} needs: [build_linux_binaries, build_macos_binaries, build_windows_binaries] runs-on: ubuntu-latest @@ -119,12 +119,12 @@ jobs: with: node-version: '20' - - name: Download Staging artifacts + - name: Download binary artifacts uses: actions/download-artifact@v4 with: - path: package/ + path: build/Release/ - - name: Merge Staging files + - name: Merge binary files run: | mkdir -p package/Staging for dir in package/*_staging; do From de94b260ef93bb2e8a37b3e25706cd19bf28f0f1 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 16:10:34 +0530 Subject: [PATCH 06/15] Change artifact download path and update merge logic --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 806927be6..88bc22739 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -122,12 +122,12 @@ jobs: - name: Download binary artifacts uses: actions/download-artifact@v4 with: - path: build/Release/ + path: package/ - name: Merge binary files run: | mkdir -p package/Staging - for dir in package/*_staging; do + for dir in package/oracledb_*; do mv "$dir"/* package/Staging/ || true done From b5e5893d166eb883e0c844e6fc744eaa579b3db6 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 16:18:59 +0530 Subject: [PATCH 07/15] Add build workflow configuration file --- .github/workflows/{main.yml => build.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{main.yml => build.yml} (100%) diff --git a/.github/workflows/main.yml b/.github/workflows/build.yml similarity index 100% rename from .github/workflows/main.yml rename to .github/workflows/build.yml From c1bca2582de2d66fbe8c3122a1e44e613971bf63 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 17:11:22 +0530 Subject: [PATCH 08/15] Add upload step for node-oracledb package --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 88bc22739..653ebebc5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -139,3 +139,4 @@ jobs: with: name: node-oracledb-package path: oracledb-*.tgz + From 6b8f6fbef4fad122f12553eb1c36dbb1bbc211bf Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 22:56:48 +0530 Subject: [PATCH 09/15] Refactor build workflow by removing inputs and conditions Removed workflow_dispatch input for package targets and simplified conditions for building binaries. --- .github/workflows/build.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 653ebebc5..89044967b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,18 +4,11 @@ on: push: tags: - v* - workflow_dispatch: - inputs: - tgt: - description: List of package targets to build - default: 'Linux, macOS, Windows' - required: false jobs: build_linux_binaries: name: Build binaries for Linux - if: contains(inputs.tgt, 'Linux') || inputs.tgt == '' runs-on: ${{ matrix.os }} strategy: matrix: @@ -51,7 +44,6 @@ jobs: build_macos_binaries: name: Build binary for macOS ${{ matrix.platform }} - if: contains(inputs.tgt, 'macOS') || inputs.tgt == '' runs-on: macos-14 # macOS ARM64 steps: @@ -78,7 +70,6 @@ jobs: build_windows_binaries: name: Build binary for Windows x64 - if: contains(inputs.tgt, 'Windows') || inputs.tgt == '' runs-on: windows-latest steps: From 9c0276450854c58a15b408316f03c7b7ffbe0b4e Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 23:03:39 +0530 Subject: [PATCH 10/15] Enable manual triggering of build workflow Add workflow_dispatch event with input for package targets. --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89044967b..299c6e4ae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,6 +4,12 @@ on: push: tags: - v* + workflow_dispatch: + inputs: + tgt: + description: List of package targets to build + default: 'Linux, macOS, Windows' + required: false jobs: From 17bd35002f3e082e25673ae578d848d7013b694a Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 23:10:40 +0530 Subject: [PATCH 11/15] Remove inputs from workflow dispatch Removed inputs section for workflow dispatch in build.yml --- .github/workflows/build.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 299c6e4ae..cdae00e26 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,11 +5,6 @@ on: tags: - v* workflow_dispatch: - inputs: - tgt: - description: List of package targets to build - default: 'Linux, macOS, Windows' - required: false jobs: From c8e78f5dcc10f150d432ec2cb9d9a7613d4b0dec Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Mon, 2 Feb 2026 23:21:26 +0530 Subject: [PATCH 12/15] Remove always() condition from combine_artifacts job Removed the conditional check to always run the combine_artifacts job. --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cdae00e26..4810fb965 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -97,7 +97,6 @@ jobs: combine_artifacts: name: Combine binary artifacts and build package - if: ${{ always() }} needs: [build_linux_binaries, build_macos_binaries, build_windows_binaries] runs-on: ubuntu-latest From 59cfe674a0e3a779352a4f7953ce6200ce321e78 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Tue, 3 Feb 2026 14:47:02 +0530 Subject: [PATCH 13/15] Refactor build.yml for Linux binary builds --- .github/workflows/build.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4810fb965..17824a152 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,7 +7,6 @@ on: workflow_dispatch: jobs: - build_linux_binaries: name: Build binaries for Linux runs-on: ${{ matrix.os }} @@ -20,7 +19,6 @@ jobs: - os: ubuntu-24.04-arm platform: arm64 container: node:20 - container: ${{ matrix.container }} steps: @@ -130,4 +128,3 @@ jobs: with: name: node-oracledb-package path: oracledb-*.tgz - From 18a5b3568b7dd9fb02585ccdc0267db65f8d01ca Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Fri, 24 Apr 2026 14:58:59 +0530 Subject: [PATCH 14/15] Upgrade Node.js and GitHub Actions versions Updated Node.js version and GitHub Actions versions in the build workflow. --- .github/workflows/build.yml | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 17824a152..586dd863f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,6 +5,8 @@ on: tags: - v* workflow_dispatch: +permissions: + contents: read jobs: build_linux_binaries: @@ -15,14 +17,14 @@ jobs: include: - os: ubuntu-24.04 platform: x64 - container: node:20 + container: node:24 - os: ubuntu-24.04-arm platform: arm64 - container: node:20 + container: node:24 container: ${{ matrix.container }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true @@ -36,7 +38,7 @@ jobs: run: npm run buildbinary - name: Upload binary artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: oracledb_linux_${{ matrix.platform }} path: package/Staging/ @@ -46,14 +48,14 @@ jobs: runs-on: macos-14 # macOS ARM64 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: - node-version: '20' + node-version: '24' - name: Install dependencies run: npm install @@ -62,7 +64,7 @@ jobs: run: npm run buildbinary - name: Upload binary artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: oracledb_macos_arm64 path: package/Staging/ @@ -72,14 +74,14 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: - node-version: '20' + node-version: '24' - name: Install dependencies run: npm install @@ -88,7 +90,7 @@ jobs: run: npm run buildbinary - name: Upload binary artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: oracledb_windows_x64 path: package/Staging/ @@ -99,17 +101,17 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: submodules: true - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@v6 with: - node-version: '20' + node-version: '24' - name: Download binary artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v6 with: path: package/ @@ -124,7 +126,7 @@ jobs: run: npm run buildpackage - name: Upload package artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v6 with: name: node-oracledb-package path: oracledb-*.tgz From 5464b0cb58b86c00021a1372b59f143f1914fec9 Mon Sep 17 00:00:00 2001 From: Sharad Chandran R Date: Fri, 24 Apr 2026 15:14:10 +0530 Subject: [PATCH 15/15] Add Macaron check GitHub Actions workflow --- .../macaron-check-github-actions.yml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/macaron-check-github-actions.yml diff --git a/.github/workflows/macaron-check-github-actions.yml b/.github/workflows/macaron-check-github-actions.yml new file mode 100644 index 000000000..e625d3abc --- /dev/null +++ b/.github/workflows/macaron-check-github-actions.yml @@ -0,0 +1,32 @@ +name: Macaron check-github-actions +on: + push: + branches: + - main + paths: + - .github/workflows/** + pull_request: + paths: + - .github/workflows/** + workflow_dispatch: + schedule: + - cron: 20 15 * * 3 +permissions: + contents: read + +jobs: + macaron-check-github-actions: + name: Macaron policy verification + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + - name: Run Macaron Security Analysis + uses: oracle/macaron@b31acfe389133a5587d9639063ec70cb84e7bc47 # v0.23.0 + with: + repo_path: "https://github.com/${{ github.repository }}" + policy_file: check-github-actions + policy_purl: "pkg:github.com/${{ github.repository }}@.*" + reports_retention_days: 90