Skip to content

Commit ca9f7f9

Browse files
mountaindudemountaindude
authored
Merge pull request #627 from mountaindude/sea
Sea
2 parents 57b1026 + d0c47c1 commit ca9f7f9

12 files changed

+7767
-7231
lines changed

.github/workflows/caxa.yml1

Lines changed: 0 additions & 205 deletions
This file was deleted.

.github/workflows/ci.yaml

Lines changed: 30 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
- name: Setup node
2828
uses: actions/setup-node@v4
2929
with:
30-
node-version: lts/*
30+
node-version: 23
3131

3232
- name: Install dependencies
3333
run: |
@@ -115,7 +115,6 @@ jobs:
115115
BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
116116
BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}
117117

118-
119118
# - name: Send job status to MQTT (starting job)
120119
# uses: potaesm/github-actions-mqtt-request@1.0.0
121120
# if: always()
@@ -129,7 +128,7 @@ jobs:
129128
# connectTimeout: 30000
130129

131130
test-winsrv:
132-
needs:
131+
needs:
133132
- test-macos
134133
runs-on:
135134
- self-hosted
@@ -224,7 +223,7 @@ jobs:
224223
BSI_CLOUD_LOGON_USERID: ${{ secrets.BSI_CLOUD_LOGON_USERID }}
225224
BSI_CLOUD_LOGON_PWD: ${{ secrets.BSI_CLOUD_LOGON_PWD }}
226225
BSI_CLOUD_APP_ID: ${{ secrets.BSI_CLOUD_APP_ID }}
227-
BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}
226+
BSI_CLOUD_COLLECTION_ID: ${{ secrets.BSI_CLOUD_COLLECTION_ID }}
228227

229228
- name: Run QSEoW tests
230229
run: |
@@ -264,9 +263,8 @@ jobs:
264263
# payload: '{ "type":"ci-test", "repo": "${{ github.repository }}", "job": "${{ github.job }}", "workflow": "${{ github.workflow }}", "nodeVersion": "${{ env.NODE_VERSION }}","status": "completed","conclusion":"${{ env.JOB_CONCLUSION }}" }'
265264
# connectTimeout: 30000
266265

267-
268266
release-please:
269-
needs:
267+
needs:
270268
- test-winsrv
271269
runs-on: ubuntu-latest
272270
outputs:
@@ -336,7 +334,7 @@ jobs:
336334
MACOS_CI_KEYCHAIN_PWD: ${{ secrets.PROD_MACOS_CI_KEYCHAIN_PWD }}
337335
PROD_MACOS_NOTARIZATION_APPLE_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_APPLE_ID }}
338336
PROD_MACOS_NOTARIZATION_TEAM_ID: ${{ secrets.PROD_MACOS_NOTARIZATION_TEAM_ID }}
339-
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
337+
PROD_MACOS_NOTARIZATION_PWD: ${{ secrets.PROD_MACOS_NOTARIZATION_PWD }}
340338
steps:
341339
- name: Release tag and upload url from previous job
342340
run: |
@@ -351,10 +349,6 @@ jobs:
351349
with:
352350
node-version: 23
353351

354-
- name: Install tool for creating stand-alone executables
355-
run: |
356-
npm install pkg --location=global
357-
358352
- name: Install dependencies
359353
run: |
360354
pwd
@@ -364,11 +358,23 @@ jobs:
364358
- name: Build binaries
365359
run: |
366360
cd src
361+
362+
# Create a single JS file using esbuild
367363
./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
364+
365+
# Generate blob to be injected into the binary
368366
node --experimental-sea-config sea-config.json
367+
368+
# Get a copy of the Node executable
369369
cp $(command -v node) ${DIST_FILE_NAME}
370+
371+
# Remove the signature from the Node executable
372+
codesign --remove-signature ${DIST_FILE_NAME}
373+
374+
# Inject the blob
370375
npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 --macho-segment-name NODE_SEA
371376
377+
# Start signing of the binary
372378
security delete-keychain build.keychain || true
373379
374380
# -------------------
@@ -385,7 +391,7 @@ jobs:
385391
security unlock-keychain -p "$MACOS_CI_KEYCHAIN_PWD" build.keychain
386392
security import certificate.p12 -k build.keychain -P "$MACOS_CERTIFICATE_PWD" -T /usr/bin/codesign
387393
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$MACOS_CI_KEYCHAIN_PWD" build.keychain
388-
394+
389395
codesign --force -s "$MACOS_CERTIFICATE_NAME" -v "./${DIST_FILE_NAME}" --deep --strict --options=runtime --timestamp --entitlements ../release-config/${DIST_FILE_NAME}.entitlements
390396
391397
# -------------------
@@ -462,10 +468,6 @@ jobs:
462468
with:
463469
node-version: 23
464470

465-
- name: Install tool for creating stand-alone executables
466-
run: |
467-
npm install pkg --location=global
468-
469471
- name: Install dependencies
470472
run: |
471473
pwd
@@ -475,8 +477,14 @@ jobs:
475477
- name: Build binaries
476478
run: |
477479
cd src
480+
481+
# Create a single JS file using esbuild
478482
./node_modules/.bin/esbuild "${env:DIST_FILE_NAME}.js" --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
483+
484+
# Generate blob to be injected into the binary
479485
node --experimental-sea-config sea-config.json
486+
487+
# Get a copy of the Node executable
480488
node -e "require('fs').copyFileSync(process.execPath, '${env:DIST_FILE_NAME}.exe')"
481489
482490
# -------------------
@@ -573,10 +581,6 @@ jobs:
573581
with:
574582
node-version: 23
575583

576-
- name: Install tool for creating stand-alone executables
577-
run: |
578-
npm install pkg --location=global
579-
580584
- name: Install dependencies
581585
run: |
582586
pwd
@@ -586,8 +590,14 @@ jobs:
586590
- name: Build binaries
587591
run: |
588592
cd src
593+
594+
# Create a single JS file using esbuild
589595
./node_modules/.bin/esbuild ${DIST_FILE_NAME}.js --bundle --outfile=build.cjs --format=cjs --platform=node --target=node23
596+
597+
# Generate blob to be injected into the binary
590598
node --experimental-sea-config sea-config.json
599+
600+
# Get a copy of the Node executable
591601
cp $(command -v node) ${DIST_FILE_NAME}
592602
npx postject ${DIST_FILE_NAME} NODE_SEA_BLOB sea-prep.blob --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2
593603

0 commit comments

Comments
 (0)