fix(ci): add WASM asset preparation before CI tests #352
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: π CI Pipeline | ||
| # Dependencies: | ||
| # - SocketDev/socket-registry/.github/workflows/ci.yml | ||
| on: | ||
| push: | ||
| branches: [main] | ||
| tags: ['*'] | ||
| paths: | ||
| - 'packages/cli/**' | ||
| - 'pnpm-lock.yaml' | ||
| - 'package.json' | ||
| - '.github/workflows/ci.yml' | ||
| pull_request: | ||
| branches: [main] | ||
| paths: | ||
| - 'packages/cli/**' | ||
| - 'pnpm-lock.yaml' | ||
| - 'package.json' | ||
| - '.github/workflows/ci.yml' | ||
| workflow_dispatch: | ||
| inputs: | ||
| skip-tests: | ||
| description: 'Skip test execution' | ||
| required: false | ||
| type: boolean | ||
| default: false | ||
| node-versions: | ||
| description: 'Node.js versions to test (JSON array)' | ||
| required: false | ||
| type: string | ||
| default: '[20, 22, 24]' | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| prepare-wasm: | ||
| name: Prepare WASM Assets | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 | ||
| - uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 | ||
| - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | ||
| with: | ||
| node-version: 20 | ||
| cache: 'pnpm' | ||
| - name: Generate WASM cache keys | ||
| id: wasm-cache-keys | ||
| run: | | ||
| YOGA_HASH=$(find packages/yoga-layout -type f \( -name "*.cpp" -o -name "*.h" -o -name "*.mjs" -o -name "CMakeLists.txt" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "yoga-hash=$YOGA_HASH" >> $GITHUB_OUTPUT | ||
| AI_HASH=$(find packages/socketbin-cli-ai -type f \( -name "*.mjs" -o -name "*.ts" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "ai-hash=$AI_HASH" >> $GITHUB_OUTPUT | ||
| ONNX_HASH=$(find packages/onnx-runtime-builder -type f \( -name "*.mjs" -o -name "*.patch" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "onnx-hash=$ONNX_HASH" >> $GITHUB_OUTPUT | ||
| - name: Restore Yoga Layout WASM cache | ||
| id: yoga-cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/yoga-layout/build/wasm | ||
| key: yoga-wasm-${{ steps.wasm-cache-keys.outputs.yoga-hash }} | ||
| restore-keys: yoga-wasm- | ||
| - name: Restore AI models cache | ||
| id: ai-cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/socketbin-cli-ai/dist | ||
| key: ai-models-${{ steps.wasm-cache-keys.outputs.ai-hash }} | ||
| restore-keys: ai-models- | ||
| - name: Restore ONNX Runtime cache | ||
| id: onnx-cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/onnx-runtime-builder/dist | ||
| key: onnx-runtime-${{ steps.wasm-cache-keys.outputs.onnx-hash }} | ||
| restore-keys: onnx-runtime- | ||
| - name: Upload WASM artifacts for CI | ||
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 | ||
| with: | ||
| name: wasm-assets | ||
| path: | | ||
| packages/yoga-layout/build/wasm/ | ||
| packages/socketbin-cli-ai/dist/ | ||
| packages/onnx-runtime-builder/dist/ | ||
| retention-days: 1 | ||
| ci: | ||
| name: Run CI Pipeline | ||
| needs: prepare-wasm | ||
| uses: SocketDev/socket-registry/.github/workflows/ci.yml@d8ff3b0581d799466cfbf150f715c1a4bf9f84a5 # 2025-10-23 | ||
| with: | ||
| setup-script: 'mkdir -p packages/yoga-layout/build/wasm packages/socketbin-cli-ai/dist packages/onnx-runtime-builder/dist' | ||
|
Check failure on line 104 in .github/workflows/ci.yml
|
||
| test-setup-script: 'echo "=== Build Setup Debug ===" && pwd && echo "Before build:" && (ls -la packages/cli/ 2>/dev/null || dir packages\\cli\\ || true) && pnpm --filter @socketsecurity/cli run build && echo "After build:" && (ls -la packages/cli/dist/ 2>/dev/null || dir packages\\cli\\dist\\ || true) && echo "Checking cli.js:" && (ls -la packages/cli/dist/cli.js 2>/dev/null || dir packages\\cli\\dist\\cli.js || true) && echo "=== Build Setup Complete ==="' | ||
| lint-script: 'pnpm --filter @socketsecurity/cli run check' | ||
| type-check-script: 'pnpm --filter @socketsecurity/cli run type' | ||
| test-script: ${{ inputs.skip-tests && 'echo "Tests skipped"' || 'pnpm --filter @socketsecurity/cli run test:unit' }} | ||
| node-versions: ${{ inputs.node-versions || '[20, 22, 24]' }} | ||
| os-versions: '["ubuntu-latest", "macos-latest", "windows-latest"]' | ||
| fail-fast: false | ||
| artifacts-to-download: 'wasm-assets' | ||
| artifacts-path: '.' | ||
| e2e: | ||
| name: E2E Tests | ||
| needs: ci | ||
| runs-on: ${{ matrix.os }} | ||
| timeout-minutes: 20 | ||
| strategy: | ||
| fail-fast: true | ||
| matrix: | ||
| node-version: ${{ fromJSON(inputs.node-versions || '[20, 22, 24]') }} | ||
| os: [ubuntu-latest] | ||
| steps: | ||
| - uses: SocketDev/socket-registry/.github/actions/setup-and-install@51be85d39d3b4a42dd9d4712948b9d30a2e04794 | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
| - name: Generate WASM cache keys | ||
| id: wasm-cache-keys | ||
| shell: bash | ||
| run: | | ||
| YOGA_HASH=$(find packages/yoga-layout -type f \( -name "*.cpp" -o -name "*.h" -o -name "*.mjs" -o -name "CMakeLists.txt" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "yoga-hash=$YOGA_HASH" >> $GITHUB_OUTPUT | ||
| AI_HASH=$(find packages/socketbin-cli-ai -type f \( -name "*.mjs" -o -name "*.ts" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "ai-hash=$AI_HASH" >> $GITHUB_OUTPUT | ||
| ONNX_HASH=$(find packages/onnx-runtime-builder -type f \( -name "*.mjs" -o -name "*.patch" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "onnx-hash=$ONNX_HASH" >> $GITHUB_OUTPUT | ||
| - name: Restore Yoga Layout WASM cache | ||
| id: yoga-cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/yoga-layout/build/wasm | ||
| key: yoga-wasm-${{ steps.wasm-cache-keys.outputs.yoga-hash }} | ||
| restore-keys: yoga-wasm- | ||
| - name: Restore AI models cache | ||
| id: ai-cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/socketbin-cli-ai/dist | ||
| key: ai-models-${{ steps.wasm-cache-keys.outputs.ai-hash }} | ||
| restore-keys: ai-models- | ||
| - name: Restore ONNX Runtime cache | ||
| id: onnx-cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/onnx-runtime-builder/dist | ||
| key: onnx-runtime-${{ steps.wasm-cache-keys.outputs.onnx-hash }} | ||
| restore-keys: onnx-runtime- | ||
| - name: Build WASM assets on cache miss | ||
| if: steps.yoga-cache.outputs.cache-hit != 'true' || steps.ai-cache.outputs.cache-hit != 'true' || steps.onnx-cache.outputs.cache-hit != 'true' | ||
| run: | | ||
| echo "β οΈ WASM cache miss detected - building from source" | ||
| echo "This will take 30-60 minutes. Consider running build-wasm.yml workflow to prime cache." | ||
| echo "" | ||
| echo "Cache status:" | ||
| echo " Yoga Layout: ${{ steps.yoga-cache.outputs.cache-hit == 'true' && 'β cached' || 'β missing' }}" | ||
| echo " AI Models: ${{ steps.ai-cache.outputs.cache-hit == 'true' && 'β cached' || 'β missing' }}" | ||
| echo " ONNX Runtime: ${{ steps.onnx-cache.outputs.cache-hit == 'true' && 'β cached' || 'β missing' }}" | ||
| echo "" | ||
| # Install Emscripten if needed for Yoga/ONNX | ||
| if [ "${{ steps.yoga-cache.outputs.cache-hit }}" != "true" ] || [ "${{ steps.onnx-cache.outputs.cache-hit }}" != "true" ]; then | ||
| echo "Installing Emscripten..." | ||
| git clone https://github.com/emscripten-core/emsdk.git | ||
| cd emsdk | ||
| ./emsdk install latest | ||
| ./emsdk activate latest | ||
| source ./emsdk_env.sh | ||
| cd .. | ||
| fi | ||
| # Install Python deps if needed for AI models | ||
| if [ "${{ steps.ai-cache.outputs.cache-hit }}" != "true" ]; then | ||
| echo "Installing Python dependencies..." | ||
| pip install --upgrade pip | ||
| pip install transformers torch optimum[exporters] onnxruntime | ||
| fi | ||
| # Build missing WASM assets | ||
| if [ "${{ steps.yoga-cache.outputs.cache-hit }}" != "true" ]; then | ||
| echo "Building Yoga Layout WASM..." | ||
| pnpm --filter @socketsecurity/yoga-layout run build | ||
| fi | ||
| if [ "${{ steps.ai-cache.outputs.cache-hit }}" != "true" ]; then | ||
| echo "Building AI models..." | ||
| pnpm --filter @socketbin/cli-ai run build | ||
| fi | ||
| if [ "${{ steps.onnx-cache.outputs.cache-hit }}" != "true" ]; then | ||
| echo "Building ONNX Runtime..." | ||
| pnpm --filter @socketsecurity/onnx-runtime-builder run build | ||
| fi | ||
| echo "β WASM assets built successfully" | ||
| - name: Generate binary build cache key | ||
| id: build-cache-key | ||
| shell: bash | ||
| run: | | ||
| HASH=$(find build/patches packages/node-smol-builder scripts -type f \( -name "*.patch" -o -name "*.mjs" \) | sort | xargs shasum -a 256 | shasum -a 256 | cut -d' ' -f1) | ||
| echo "hash=$HASH" >> $GITHUB_OUTPUT | ||
| - name: Restore smol binary cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/node-smol-builder/dist/socket-smol-linux-x64 | ||
| key: node-smol-linux-x64-${{ steps.build-cache-key.outputs.hash }} | ||
| restore-keys: node-smol-linux-x64- | ||
| - name: Restore SEA binary cache | ||
| uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | ||
| with: | ||
| path: packages/node-sea-builder/dist/socket-sea-linux-x64 | ||
| key: node-sea-linux-x64-${{ steps.build-cache-key.outputs.hash }} | ||
| restore-keys: node-sea-linux-x64- | ||
| - name: Build CLI | ||
| working-directory: packages/cli | ||
| run: pnpm run build | ||
| - name: Run e2e tests | ||
| working-directory: packages/cli | ||
| env: | ||
| TEST_SEA_BINARY: '1' | ||
| TEST_SMOL_BINARY: '1' | ||
| SOCKET_CLI_API_TOKEN: ${{ secrets.SOCKET_CLI_API_TOKEN }} | ||
| run: pnpm run e2e-tests | ||
