deps: bump @helia/verified-fetch from 1.3.4 to 1.3.9 #435
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- '**' | |
release: | |
types: [ published ] | |
workflow_dispatch: | |
env: | |
KUBO_VER: 'v0.27.0' # kubo daemon used for publishing to IPFS | |
CLUSTER_CTL_VER: 'v1.0.8' # ipfs-cluster-ctl used by publish-to-ipfs | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- name: Save ./dist output for later | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist_${{ github.sha }} | |
path: dist | |
check: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npm run --if-present lint | |
- run: npm run --if-present dep-check | |
- run: npm run --if-present doc-check | |
test-node: | |
needs: build | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [windows-latest, ubuntu-latest, macos-latest] | |
node: [lts/*] | |
fail-fast: true | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npm run --if-present test:node | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: node | |
files: .coverage/*,packages/*/.coverage/* | |
test-chrome: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npx playwright install --with-deps | |
- run: npm run --if-present test:chrome | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: chrome | |
files: .coverage/*,packages/*/.coverage/* | |
test-chrome-webworker: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npm run --if-present test:chrome-webworker | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: chrome-webworker | |
files: .coverage/*,packages/*/.coverage/* | |
test-firefox: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npx playwright install --with-deps | |
- run: npm run --if-present test:firefox | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: firefox | |
files: .coverage/*,packages/*/.coverage/* | |
test-firefox-webworker: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npm run --if-present test:firefox-webworker | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: firefox-webworker | |
files: .coverage/*,packages/*/.coverage/* | |
test-webkit: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npm run --if-present test:webkit | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: webkit | |
files: .coverage/*,packages/*/.coverage/* | |
test-electron-main: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npx xvfb-maybe npm run --if-present test:electron-main | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: electron-main | |
files: .coverage/*,packages/*/.coverage/* | |
test-electron-renderer: | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- uses: ipfs/aegir/actions/cache-node-modules@master | |
- run: npx xvfb-maybe npm run --if-present test:electron-renderer | |
- uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 | |
with: | |
flags: electron-renderer | |
files: .coverage/*,packages/*/.coverage/* | |
publish-to-ipfs: | |
# NOTE: workflow_dispatch here allows maintainer to manually run against any branch, and it will produce a CAR with CID that is pinned to our cluster | |
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'release' && github.event.action == 'published') | |
needs: build | |
runs-on: ubuntu-latest | |
environment: Deploy # Clusteer secrets | |
concurrency: | |
# only one job runs at a time == DNSLinks are updated in-order | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
outputs: | |
cid: ${{ steps.ipfs-import.outputs.cid }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Retrieve ./dist produced by build job | |
uses: actions/download-artifact@v4 | |
with: | |
name: dist_${{ github.sha }} | |
path: dist | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
with: | |
name: kubo | |
version: "${{ env.KUBO_VER }}" | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
with: | |
name: ipfs-cluster-ctl | |
version: "${{ env.CLUSTER_CTL_VER }}" | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
- name: Preconnect to cluster peers | |
run: | | |
ipfs-cluster-ctl --enc=json \ | |
--host "/dnsaddr/ipfs-websites.collab.ipfscluster.io" \ | |
--basic-auth "$CLUSTER_USER:$CLUSTER_PASSWORD" \ | |
peers ls | tee cluster-peers-ls | |
for maddr in $(jq -r '.ipfs.addresses[]?' cluster-peers-ls); do | |
ipfs swarm peering add $maddr | |
ipfs swarm connect $maddr || true & | |
done | |
shell: bash | |
env: | |
CLUSTER_USER: ${{ secrets.CLUSTER_USER }} | |
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} | |
- name: IPFS import of ./dist | |
id: ipfs-import | |
run: | | |
root_cid=$(ipfs add --cid-version 1 --inline --chunker size-262144 -Q -r --offline ./dist) | |
echo "cid=$root_cid" >> $GITHUB_OUTPUT | |
- name: ℹ️ Generated DAG and CID | |
run: ipfs dag stat --progress=false ${{ steps.ipfs-import.outputs.cid }} | |
- name: Create CAR file | |
run: ipfs dag export ${{ steps.ipfs-import.outputs.cid }} > dist_${{ github.sha }}.car | |
- name: Attach CAR to Github Action | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist_${{ github.sha }}.car | |
path: dist_${{ github.sha }}.car | |
if-no-files-found: error | |
- name: Pin to ipfs-websites.collab.ipfscluster.io | |
run: | | |
ipfs-cluster-ctl --enc=json \ | |
--host "/dnsaddr/ipfs-websites.collab.ipfscluster.io" \ | |
--basic-auth "${CLUSTER_USER}:${CLUSTER_PASSWORD}" \ | |
pin add \ | |
--name "${{ github.repository }}/${{ github.sha }}" \ | |
--wait \ | |
"$PIN_CID" | |
env: | |
PIN_CID: ${{ steps.ipfs-import.outputs.cid }} | |
CLUSTER_USER: ${{ secrets.CLUSTER_USER }} | |
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} | |
timeout-minutes: 60 | |
- name: Attach the CAR to release if building a release tag | |
if: github.event_name == 'release' && github.event.action == 'published' | |
run: | | |
curl \ | |
-XPOST \ | |
-H "Authorization: Bearer ${{ secrets.UCI_GITHUB_TOKEN }}" \ | |
-H "Content-Type: application/octet-stream" \ | |
--data-binary "@dist_${{ github.sha }}.car" \ | |
"https://api.github.com/repos/${{ github.repository }}/releases/${{ github.event.release.id }}/assets?name=dist_${{ github.event.release.tag_name }}_${{ github.sha }}.car" | |
- name: Update DNSLink at inbrowser.dev (Staging for Dev Testing) if main branch was updated | |
if: (github.event_name == 'workflow_dispatch' || github.event_name == 'push') && github.ref == 'refs/heads/main' | |
run: | | |
curl --request PUT --header "Authorization: Bearer ${AUTH_TOKEN}" --header 'Content-Type: application/json' \ | |
--url "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \ | |
--data "{\"type\":\"TXT\",\"name\":\"_dnslink.${DNSLINK_NAME}\",\"content\":\"dnslink=/ipfs/${DNSLINK_CID}\",\"comment\":\"${{ github.repository }}/${{ github.sha }}\"}" | |
env: | |
DNSLINK_NAME: inbrowser.dev | |
DNSLINK_CID: ${{ steps.ipfs-import.outputs.cid }} | |
ZONE_ID: ${{ secrets.CF_INBROWSERDEV_ZONE_ID }} | |
RECORD_ID: ${{ secrets.CF_INBROWSERDEV_RECORD_ID }} | |
AUTH_TOKEN: ${{ secrets.CF_INBROWSERDEV_AUTH_TOKEN }} | |
- name: Update DNSLink at inbrowser.link (Stable Production) if new release was published | |
if: github.event_name == 'release' && github.event.action == 'published' | |
run: | | |
curl --request PUT --header "Authorization: Bearer ${AUTH_TOKEN}" --header 'Content-Type: application/json' \ | |
--url "https://api.cloudflare.com/client/v4/zones/${ZONE_ID}/dns_records/${RECORD_ID}" \ | |
--data "{\"type\":\"TXT\",\"name\":\"_dnslink.${DNSLINK_NAME}\",\"content\":\"dnslink=/ipfs/${DNSLINK_CID}\",\"comment\":\"${{ github.repository }}/${{ github.sha }}\"}" | |
env: | |
DNSLINK_NAME: inbrowser.link | |
DNSLINK_CID: ${{ steps.ipfs-import.outputs.cid }} | |
ZONE_ID: ${{ secrets.CF_INBROWSERLINK_ZONE_ID }} | |
RECORD_ID: ${{ secrets.CF_INBROWSERLINK_RECORD_ID }} | |
AUTH_TOKEN: ${{ secrets.CF_INBROWSERLINK_AUTH_TOKEN }} | |
pin-to-w3: # ported from ipfs/ipfs-webui | |
if: needs.publish-to-ipfs.outputs.cid | |
needs: publish-to-ipfs | |
runs-on: ubuntu-latest | |
environment: web3.storage | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: lts/* | |
- name: Retrieve CAR produced by publish-to-ipfs job | |
uses: actions/download-artifact@v4 | |
with: | |
name: dist_${{ github.sha }}.car | |
- name: Pin with @web3-storage/w3cli | |
run: | | |
# ensure whoami | |
npx -y --package=@web3-storage/w3cli@latest -- w3 whoami | |
# convert base64 env var to file | |
echo $W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING | base64 -d > ipfs-webui-ci-space.ucan.proof | |
# Add space | |
export W3CLI_SPACE_DID=$(npx -y --package=@web3-storage/w3cli@latest -- w3 space add ipfs-webui-ci-space.ucan.proof) | |
# use space | |
npx -y --package=@web3-storage/w3cli@latest -- w3 space use $W3CLI_SPACE_DID | |
# upload car | |
npx -y --package=@web3-storage/w3cli@latest -- w3 up --no-wrap --car dist_${{ github.sha }}.car | |
env: | |
W3_STORE_NAME: ${{ secrets.W3_STORE_NAME }} | |
W3_AGENT_DID: ${{ secrets.W3_AGENT_DID }} | |
# W3_PRINCIPAL env name is expected by w3cli tool: https://github.com/web3-storage/w3cli#w3_principal | |
W3_PRINCIPAL: ${{ secrets.W3_AGENT_PRINCIPAL }} | |
W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING: ${{ secrets.W3CLI_SPACE_DELEGATION_PROOF_BASE64_STRING }} | |
pin-to-scaleway: | |
if: needs.publish-to-ipfs.outputs.cid | |
needs: publish-to-ipfs | |
runs-on: ubuntu-latest | |
environment: Scaleway | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
with: | |
name: kubo | |
version: "${{ env.KUBO_VER }}" | |
- name: Init IPFS daemon | |
run: ipfs init --profile flatfs,server,randomports,lowpower | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
- name: Retrieve CAR produced by publish-to-ipfs job | |
uses: actions/download-artifact@v4 | |
with: | |
name: dist_${{ github.sha }}.car | |
- name: Import CAR to local Kubo | |
run: ipfs dag import --offline --pin-roots=true dist_${{ github.sha }}.car | |
- name: Set up and check Scaleway | |
id: scaleway | |
run: | | |
ipfs pin remote service add scaleway "$SCALEWAY_URL" "$SCALEWAY_SECRET" | |
echo "existing-pin=$(ipfs pin remote ls --service=scaleway --name=$CID)" >> $GITHUB_OUTPUT # using --name because --cid does not work with Scaleway (2024-Q1) | |
env: | |
CID: ${{ needs.publish-to-ipfs.outputs.cid }} | |
SCALEWAY_SECRET: ${{ secrets.SCALEWAY_SECRET }} | |
SCALEWAY_URL: ${{ secrets.SCALEWAY_URL }} | |
- name: Pin to Scaleway | |
if: ${{ steps.scaleway.outputs.existing-pin == '' }} | |
run: ipfs pin remote add --service=scaleway --name=$CID $CID # using --name because --cid does not work with Scaleway (2024-Q1) | |
env: | |
CID: ${{ needs.publish-to-ipfs.outputs.cid }} | |
smoke-test-fresh-p2p: # basic smoke test for getting DAG with Kubo | |
if: needs.publish-to-ipfs.outputs.cid | |
needs: publish-to-ipfs | |
runs-on: ubuntu-latest | |
steps: | |
- uses: ipfs/download-ipfs-distribution-action@v1 | |
with: | |
name: kubo | |
version: "${{ env.KUBO_VER }}" | |
- uses: ipfs/start-ipfs-daemon-action@v1 | |
- name: Confirm Kubo can fetch published DAG | |
run: ipfs dag stat ${{ needs.publish-to-ipfs.outputs.cid }} | |
release-please: | |
runs-on: ubuntu-latest | |
if: (github.event_name == 'workflow_dispatch' || github.event_name == 'push') && github.ref == 'refs/heads/main' | |
needs: [ build, check ] | |
permissions: | |
contents: write # to create release | |
pull-requests: write # to create release PR | |
steps: | |
- uses: google-github-actions/release-please-action@v4 | |
with: | |
# NOTE: we need elevated PAT token for production DNSLink to be updated. this is because tags created by the default token | |
# will not trigger CI build, and we need publish-to-ipfs to run when a new release tag is created by this action | |
# https://github.com/google-github-actions/release-please-action?tab=readme-ov-file#github-credentials | |
token: ${{ secrets.UCI_GITHUB_TOKEN || github.token }} | |
release-type: node |