Update node version #4575
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Node CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - 'v*' | |
| workflow_dispatch: | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| depscan: | |
| continue-on-error: true | |
| runs-on: ["self-hosted", "ubuntu", "arm64"] | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '23' | |
| - name: Trim CI agent | |
| run: | | |
| rm -rf /tmp/docker-images-* /tmp/atom-usages-* /tmp/atom-reachables-* | |
| - name: pnpm install | |
| run: | | |
| corepack pnpm install --config.strict-dep-builds=true | |
| python3 -m pip install --pre owasp-depscan atom-tools | |
| - name: check sbom for vulns | |
| run: | | |
| node bin/cdxgen.js -t js -o $(pwd)/reports/sbom-build-js.cdx.json --no-recurse --profile research $(pwd) | |
| docker pull ghcr.io/cyclonedx/cdxgen:master | |
| node bin/cdxgen.js -t docker -o $(pwd)/reports/sbom-container-js.cdx.json ghcr.io/cyclonedx/cdxgen:master | |
| depscan --src $(pwd) --bom-dir $(pwd)/reports --reports-dir $(pwd)/reports --reachability-analyzer SemanticReachability --explain | |
| env: | |
| COLUMNS: 140 | |
| CDXGEN_DEBUG_MODE: debug | |
| JAVA_TOOL_OPTIONS: "-XX:UseSVE=0 -Dfile.encoding=UTF-8" | |
| matrix-unit-test: | |
| permissions: | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: ['20.x', '21.x', '22.x', '23.x', '24.x'] | |
| os: ['ubuntu-22.04', 'ubuntu-24.04', 'windows-latest', 'windows-11-arm', 'ubuntu-22.04-arm', 'ubuntu-24.04-arm', 'macos-latest', 'macos-13'] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: pnpm install, build and test | |
| run: | | |
| npm install -g pnpm@latest | |
| pnpm install --config.strict-dep-builds=true | |
| pnpm test | |
| pnpm publish --access=public --dry-run --no-git-checks | |
| env: | |
| CI: true | |
| NPM_CONFIG_PROVENANCE: true | |
| deno-build: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: [windows, macos, ubuntu] | |
| deno_version: [2.x] | |
| include: | |
| - os: windows | |
| build: | | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --include=./data --include=./package.json --output cdxgenx.exe bin/cdxgen.js | |
| .\cdxgenx.exe --help | |
| (Get-FileHash .\cdxgenx.exe).hash | Out-File -FilePath .\cdxgenx.exe.sha256 | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,osRelease,homedir --allow-write --allow-net --node-modules-dir=auto --allow-ffi --allow-scripts=npm:[email protected] --include=./data --include=./package.json --include=node_modules/.deno/[email protected]/node_modules/sqlite3/build/Release --output evinse.exe bin/evinse.js | |
| .\evinse.exe --help | |
| (Get-FileHash .\evinse.exe).hash | Out-File -FilePath .\evinse.exe.sha256 | |
| artifact: cdxgenx.exe | |
| - os: macos | |
| build: | | |
| rm -rf node_modules | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target x86_64-apple-darwin --output cdxgenx-darwin-amd64 bin/cdxgen.js | |
| ./cdxgenx-darwin-amd64 --help | |
| shasum -a 256 cdxgenx-darwin-amd64 > cdxgenx-darwin-amd64.sha256 | |
| rm -rf node_modules | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --target aarch64-apple-darwin --output cdxgenx-darwin-arm64 bin/cdxgen.js | |
| shasum -a 256 cdxgenx-darwin-arm64 > cdxgenx-darwin-arm64.sha256 | |
| rm -rf node_modules | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --node-modules-dir=auto --allow-ffi --allow-scripts=npm:[email protected] --include=./data --include=./package.json --include=node_modules/.deno/[email protected]/node_modules/sqlite3/build/Release --target aarch64-apple-darwin --output evinse-darwin-arm64 bin/evinse.js | |
| shasum -a 256 evinse-darwin-arm64 > evinse-darwin-arm64.sha256 | |
| ./evinse-darwin-arm64 --help | |
| artifact: cdxgenx-darwin-arm64 | |
| - os: ubuntu | |
| build: | | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --include=./data --include=./package.json --output cdxgenx bin/cdxgen.js | |
| shasum -a 256 cdxgenx > cdxgenx.sha256 | |
| chmod + cdxgenx | |
| ./cdxgenx --help | |
| deno compile --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net --node-modules-dir=auto --allow-ffi --allow-scripts=npm:[email protected] --include=./data --include=./package.json --include=node_modules/.deno/[email protected]/node_modules/sqlite3/build/Release --output evinse bin/evinse.js | |
| shasum -a 256 evinse > evinse.sha256 | |
| chmod + evinse | |
| ./evinse --help | |
| artifact: cdxgenx | |
| runs-on: ${{ matrix.os }}-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: denoland/setup-deno@v2 | |
| with: | |
| deno-version: v${{ matrix.deno_version }} | |
| - name: deno compile | |
| run: | | |
| deno info bin/cdxgen.js | |
| deno info bin/evinse.js | |
| mkdir build | |
| ${{ matrix.build }} | |
| continue-on-error: true |