Skip to content

deps: bump @helia/verified-fetch from 1.3.4 to 1.3.9 #435

deps: bump @helia/verified-fetch from 1.3.4 to 1.3.9

deps: bump @helia/verified-fetch from 1.3.4 to 1.3.9 #435

Workflow file for this run

name: CI
on:
push:
branches:
- main
pull_request:
branches:
- '**'
release:
types: [ published ]
workflow_dispatch:
env:
KUBO_VER: 'v0.27.0' # kubo daemon used for publishing to IPFS
CLUSTER_CTL_VER: 'v1.0.8' # ipfs-cluster-ctl used by publish-to-ipfs
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- name: Save ./dist output for later
uses: actions/upload-artifact@v4
with:
name: dist_${{ github.sha }}
path: dist
check:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npm run --if-present lint
- run: npm run --if-present dep-check
- run: npm run --if-present doc-check
test-node:
needs: build
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [windows-latest, ubuntu-latest, macos-latest]
node: [lts/*]
fail-fast: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npm run --if-present test:node
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: node
files: .coverage/*,packages/*/.coverage/*
test-chrome:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npx playwright install --with-deps
- run: npm run --if-present test:chrome
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: chrome
files: .coverage/*,packages/*/.coverage/*
test-chrome-webworker:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npm run --if-present test:chrome-webworker
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: chrome-webworker
files: .coverage/*,packages/*/.coverage/*
test-firefox:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npx playwright install --with-deps
- run: npm run --if-present test:firefox
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: firefox
files: .coverage/*,packages/*/.coverage/*
test-firefox-webworker:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npm run --if-present test:firefox-webworker
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: firefox-webworker
files: .coverage/*,packages/*/.coverage/*
test-webkit:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npm run --if-present test:webkit
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: webkit
files: .coverage/*,packages/*/.coverage/*
test-electron-main:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npx xvfb-maybe npm run --if-present test:electron-main
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: electron-main
files: .coverage/*,packages/*/.coverage/*
test-electron-renderer:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- uses: ipfs/aegir/actions/cache-node-modules@master
- run: npx xvfb-maybe npm run --if-present test:electron-renderer
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5
with:
flags: electron-renderer
files: .coverage/*,packages/*/.coverage/*
publish-to-ipfs:
# NOTE: workflow_dispatch here allows maintainer to manually run against any branch, and it will produce a CAR with CID that is pinned to our cluster
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'release' && github.event.action == 'published')
needs: build
runs-on: ubuntu-latest
environment: Deploy # Clusteer secrets
concurrency:
# only one job runs at a time == DNSLinks are updated in-order
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
outputs:
cid: ${{ steps.ipfs-import.outputs.cid }}
steps:
- uses: actions/checkout@v4
- name: Retrieve ./dist produced by build job
uses: actions/download-artifact@v4
with:
name: dist_${{ github.sha }}
path: dist
- uses: ipfs/download-ipfs-distribution-action@v1
with:
name: kubo
version: "${{ env.KUBO_VER }}"
- uses: ipfs/download-ipfs-distribution-action@v1
with:
name: ipfs-cluster-ctl
version: "${{ env.CLUSTER_CTL_VER }}"
- uses: ipfs/start-ipfs-daemon-action@v1
- name: Preconnect to cluster peers
run: |
ipfs-cluster-ctl --enc=json \
--host "/dnsaddr/ipfs-websites.collab.ipfscluster.io" \
--basic-auth "$CLUSTER_USER:$CLUSTER_PASSWORD" \
peers ls | tee cluster-peers-ls
for maddr in $(jq -r '.ipfs.addresses[]?' cluster-peers-ls); do
ipfs swarm peering add $maddr
ipfs swarm connect $maddr || true &
done
shell: bash
env:
CLUSTER_USER: ${{ secrets.CLUSTER_USER }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
- name: IPFS import of ./dist
id: ipfs-import
run: |
root_cid=$(ipfs add --cid-version 1 --inline --chunker size-262144 -Q -r --offline ./dist)
echo "cid=$root_cid" >> $GITHUB_OUTPUT
- name: ℹ️ Generated DAG and CID
run: ipfs dag stat --progress=false ${{ steps.ipfs-import.outputs.cid }}
- name: Create CAR file
run: ipfs dag export ${{ steps.ipfs-import.outputs.cid }} > dist_${{ github.sha }}.car
- name: Attach CAR to Github Action
uses: actions/upload-artifact@v4
with:
name: dist_${{ github.sha }}.car
path: dist_${{ github.sha }}.car
if-no-files-found: error
- name: Pin to ipfs-websites.collab.ipfscluster.io
run: |
ipfs-cluster-ctl --enc=json \
--host "/dnsaddr/ipfs-websites.collab.ipfscluster.io" \
--basic-auth "${CLUSTER_USER}:${CLUSTER_PASSWORD}" \
pin add \
--name "${{ github.repository }}/${{ github.sha }}" \
--wait \
"$PIN_CID"
env:
PIN_CID: ${{ steps.ipfs-import.outputs.cid }}
CLUSTER_USER: ${{ secrets.CLUSTER_USER }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
timeout-minutes: 60
- name: Attach the CAR to release if building a release tag
if: github.event_name == 'release' && github.event.action == 'published'
run: |
curl \
-XPOST \
-H "Authorization: Bearer ${{ secrets.UCI_GITHUB_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
--data-binary "@dist_${{ github.sha }}.car" \
"https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets?name=dist_${{ github.event.release.tag_name }}_${{ github.sha }}.car"
- name: Update DNSLink at inbrowser.dev (Staging for Dev Testing) if main branch was updated
if: (github.event_name == 'workflow_dispatch' || github.event_name == 'push') && github.ref == 'refs/heads/main'
run: |
curl --request PUT --header "Authorization: Bearer ${AUTH_TOKEN}" --header 'Content-Type: application/json' \
--url "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \
--data "{\"type\":\"TXT\",\"name\":\"_dnslink.${DNSLINK_NAME}\",\"content\":\"dnslink=/ipfs/${DNSLINK_CID}\",\"comment\":\"${{ github.repository }}/${{ github.sha }}\"}"
env:
DNSLINK_NAME: inbrowser.dev
DNSLINK_CID: ${{ steps.ipfs-import.outputs.cid }}
ZONE_ID: ${{ secrets.CF_INBROWSERDEV_ZONE_ID }}
RECORD_ID: ${{ secrets.CF_INBROWSERDEV_RECORD_ID }}
AUTH_TOKEN: ${{ secrets.CF_INBROWSERDEV_AUTH_TOKEN }}
- name: Update DNSLink at inbrowser.link (Stable Production) if new release was published
if: github.event_name == 'release' && github.event.action == 'published'
run: |
curl --request PUT --header "Authorization: Bearer ${AUTH_TOKEN}" --header 'Content-Type: application/json' \
--url "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \
--data "{\"type\":\"TXT\",\"name\":\"_dnslink.${DNSLINK_NAME}\",\"content\":\"dnslink=/ipfs/${DNSLINK_CID}\",\"comment\":\"${{ github.repository }}/${{ github.sha }}\"}"
env:
DNSLINK_NAME: inbrowser.link
DNSLINK_CID: ${{ steps.ipfs-import.outputs.cid }}
ZONE_ID: ${{ secrets.CF_INBROWSERLINK_ZONE_ID }}
RECORD_ID: ${{ secrets.CF_INBROWSERLINK_RECORD_ID }}
AUTH_TOKEN: ${{ secrets.CF_INBROWSERLINK_AUTH_TOKEN }}
pin-to-w3: # ported from ipfs/ipfs-webui
if: needs.publish-to-ipfs.outputs.cid
needs: publish-to-ipfs
runs-on: ubuntu-latest
environment: web3.storage
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: lts/*
- name: Retrieve CAR produced by publish-to-ipfs job
uses: actions/download-artifact@v4
with:
name: dist_${{ github.sha }}.car
- name: Pin with @web3-storage/w3cli
run: |
# ensure whoami
npx -y --package=@web3-storage/w3cli@latest -- w3 whoami
# convert base64 env var to file
echo $W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING | base64 -d > ipfs-webui-ci-space.ucan.proof
# Add space
export W3CLI_SPACE_DID=$(npx -y --package=@web3-storage/w3cli@latest -- w3 space add ipfs-webui-ci-space.ucan.proof)
# use space
npx -y --package=@web3-storage/w3cli@latest -- w3 space use $W3CLI_SPACE_DID
# upload car
npx -y --package=@web3-storage/w3cli@latest -- w3 up --no-wrap --car dist_${{ github.sha }}.car
env:
W3_STORE_NAME: ${{ secrets.W3_STORE_NAME }}
W3_AGENT_DID: ${{ secrets.W3_AGENT_DID }}
# W3_PRINCIPAL env name is expected by w3cli tool: https://github.com/web3-storage/w3cli#w3_principal
W3_PRINCIPAL: ${{ secrets.W3_AGENT_PRINCIPAL }}
W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING: ${{ secrets.W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING }}
pin-to-scaleway:
if: needs.publish-to-ipfs.outputs.cid
needs: publish-to-ipfs
runs-on: ubuntu-latest
environment: Scaleway
steps:
- uses: actions/checkout@v4
- uses: ipfs/download-ipfs-distribution-action@v1
with:
name: kubo
version: "${{ env.KUBO_VER }}"
- name: Init IPFS daemon
run: ipfs init --profile flatfs,server,randomports,lowpower
- uses: ipfs/start-ipfs-daemon-action@v1
- name: Retrieve CAR produced by publish-to-ipfs job
uses: actions/download-artifact@v4
with:
name: dist_${{ github.sha }}.car
- name: Import CAR to local Kubo
run: ipfs dag import --offline --pin-roots=true dist_${{ github.sha }}.car
- name: Set up and check Scaleway
id: scaleway
run: |
ipfs pin remote service add scaleway "$SCALEWAY_URL" "$SCALEWAY_SECRET"
echo "existing-pin=$(ipfs pin remote ls --service=scaleway --name=$CID)" >> $GITHUB_OUTPUT # using --name because --cid does not work with Scaleway (2024-Q1)
env:
CID: ${{ needs.publish-to-ipfs.outputs.cid }}
SCALEWAY_SECRET: ${{ secrets.SCALEWAY_SECRET }}
SCALEWAY_URL: ${{ secrets.SCALEWAY_URL }}
- name: Pin to Scaleway
if: ${{ steps.scaleway.outputs.existing-pin == '' }}
run: ipfs pin remote add --service=scaleway --name=$CID $CID # using --name because --cid does not work with Scaleway (2024-Q1)
env:
CID: ${{ needs.publish-to-ipfs.outputs.cid }}
smoke-test-fresh-p2p: # basic smoke test for getting DAG with Kubo
if: needs.publish-to-ipfs.outputs.cid
needs: publish-to-ipfs
runs-on: ubuntu-latest
steps:
- uses: ipfs/download-ipfs-distribution-action@v1
with:
name: kubo
version: "${{ env.KUBO_VER }}"
- uses: ipfs/start-ipfs-daemon-action@v1
- name: Confirm Kubo can fetch published DAG
run: ipfs dag stat ${{ needs.publish-to-ipfs.outputs.cid }}
release-please:
runs-on: ubuntu-latest
if: (github.event_name == 'workflow_dispatch' || github.event_name == 'push') && github.ref == 'refs/heads/main'
needs: [ build, check ]
permissions:
contents: write # to create release
pull-requests: write # to create release PR
steps:
- uses: google-github-actions/release-please-action@v4
with:
# NOTE: we need elevated PAT token for production DNSLink to be updated. this is because tags created by the default token
# will not trigger CI build, and we need publish-to-ipfs to run when a new release tag is created by this action
# https://github.com/google-github-actions/release-please-action?tab=readme-ov-file#github-credentials
token: ${{ secrets.UCI_GITHUB_TOKEN || github.token }}
release-type: node