Skip to content

fix: JS values being leaked #12

fix: JS values being leaked

fix: JS values being leaked #12

Workflow file for this run

# One approach to testing changes to the asset upload to release process is to:
# 1. Fork this repo to your personal account
# 2. Go into the repo settings on your fork, go to _Actions_, go to _General_, under _Workflow permissions_, select _Read and Write permissions_, then _Save_
# 3. Add your fork as a new remote and push your branch to it
# 4. Publish a release in your personal fork with the target of the release set to the branch with your changes
# 5. Confirm the workflow completes and that assets are attached to the release as expected
name: Build Assets
on:
# Build and attach assets to any published releases
release:
types:
- published
# Test on main
push:
branches:
- main
jobs:
compile_core:
name: compile_core
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- name: Install wizer
env:
WIZER_VERSION: 3.0.1
run: |
wget -nv https://github.com/bytecodealliance/wizer/releases/download/v${{ env.WIZER_VERSION }}/wizer-v${{ env.WIZER_VERSION }}-x86_64-macos.tar.xz -O /tmp/wizer.tar.xz
mkdir /tmp/wizer
tar xvf /tmp/wizer.tar.xz --strip-components=1 -C /tmp/wizer
echo "/tmp/wizer" >> $GITHUB_PATH
- name: Make core
run: make core
- name: Upload core binary to artifacts
uses: actions/upload-artifact@v4
with:
name: engine
path: target/wasm32-wasi/release/javy_core.wasm
- name: Upload quickjs_provider to artifacts
uses: actions/upload-artifact@v4
with:
name: provider
path: target/wasm32-wasi/release/javy_quickjs_provider.wasm
- name: Wizen and archive wizened quickjs_provider
run: |
wizer target/wasm32-wasi/release/javy_quickjs_provider.wasm --allow-wasi --wasm-bulk-memory true -o target/wasm32-wasi/release/javy_quickjs_provider_wizened.wasm
gzip -k -f target/wasm32-wasi/release/javy_quickjs_provider_wizened.wasm && mv target/wasm32-wasi/release/javy_quickjs_provider_wizened.wasm.gz javy-quickjs_provider.wasm.gz
- name: Upload archived quickjs_provider to artifacts
uses: actions/upload-artifact@v4
with:
name: javy-quickjs_provider.wasm.gz
path: javy-quickjs_provider.wasm.gz
- name: Upload archived quickjs_provider to release
if: github.event_name == 'release'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release upload ${{ github.event.release.tag_name }} javy-quickjs_provider.wasm.gz
- name: Generate archived quickjs_provider hash
run: shasum -a 256 javy-quickjs_provider.wasm.gz | awk '{ print $1 }' > javy-quickjs_provider.wasm.gz.sha256
- name: Upload asset hash to artifacts
uses: actions/upload-artifact@v4
with:
name: javy-quickjs_provider.wasm.gz.sha256
path: javy-quickjs_provider.wasm.gz.sha256
- name: Upload asset hash to release
if: github.event_name == 'release'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release upload ${{ github.event.release.tag_name }} javy-quickjs_provider.wasm.gz.sha256
compile_cli:
name: compile_cli-${{ matrix.name }}
needs: compile_core
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- name: linux
os: ubuntu-20.04 # Use oldest supported non-deprecated version so we link against older glibc version which allows running binary on a wider set of Linux systems
path: target/x86_64-unknown-linux-gnu/release/javy
asset_name: javy-x86_64-linux-${{ github.event.release.tag_name }}
shasum_cmd: sha256sum
target: x86_64-unknown-linux-gnu
- name: linux-arm64
os: ubuntu-20.04 # Use oldest supported non-deprecated version so we link against older glibc version which allows running binary on a wider set of Linux systems
path: target/aarch64-unknown-linux-gnu/release/javy
asset_name: javy-arm-linux-${{ github.event.release.tag_name }}
shasum_cmd: sha256sum
target: aarch64-unknown-linux-gnu
- name: macos
os: macos-latest
path: target/x86_64-apple-darwin/release/javy
asset_name: javy-x86_64-macos-${{ github.event.release.tag_name }}
shasum_cmd: shasum -a 256
target: x86_64-apple-darwin
- name: macos-arm64
os: macos-latest
path: target/aarch64-apple-darwin/release/javy
asset_name: javy-arm-macos-${{ github.event.release.tag_name }}
shasum_cmd: shasum -a 256
target: aarch64-apple-darwin
- name: windows
os: windows-latest
path: target\x86_64-pc-windows-msvc\release\javy.exe
asset_name: javy-x86_64-windows-${{ github.event.release.tag_name }}
shasum_cmd: sha256sum
target: x86_64-pc-windows-msvc
steps:
- uses: actions/checkout@v4
# Should no-op except for macos-arm and linux-arm cases where that target won't be installed
- name: Install target
run: rustup target add ${{ matrix.target }}
# wasmtime-fiber and binaryen fail to compile without this
- name: Install Aarch64 GCC toolchain
run: sudo apt-get update && sudo apt-get --assume-yes install gcc-aarch64-linux-gnu g++-aarch64-linux-gnu
if: matrix.target == 'aarch64-unknown-linux-gnu'
- uses: actions/download-artifact@v4
with:
name: engine
path: target/wasm32-wasi/release/
- uses: actions/download-artifact@v4
with:
name: provider
path: target/wasm32-wasi/release/
- name: Build CLI ${{ matrix.os }}
run: cargo build --release --target ${{ matrix.target }} --package javy-cli
env:
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
- name: Archive assets
run: gzip -k -f ${{ matrix.path }} && mv ${{ matrix.path }}.gz ${{ matrix.asset_name }}.gz
- name: Upload assets to artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.asset_name }}.gz
path: ${{ matrix.asset_name }}.gz
- name: Upload assets to release
if: github.event_name == 'release'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release upload ${{ github.event.release.tag_name }} ${{ matrix.asset_name }}.gz
- name: Generate asset hash
run: ${{ matrix.shasum_cmd }} ${{ matrix.asset_name }}.gz | awk '{ print $1 }' > ${{ matrix.asset_name }}.gz.sha256
- name: Upload asset hash to artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.asset_name }}.gz.sha256
path: ${{ matrix.asset_name }}.gz.sha256
- name: Upload asset hash to release
if: github.event_name == 'release'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release upload ${{ github.event.release.tag_name }} ${{ matrix.asset_name }}.gz.sha256