-
Notifications
You must be signed in to change notification settings - Fork 45
feat: SDK update for version 22.2.2 #332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -43,9 +43,21 @@ jobs: | |
| sudo make | ||
| sudo make install | ||
|
|
||
| - name: Install dependencies and build for Linux and Windows | ||
| - name: Install dependencies | ||
| run: bun install --frozen-lockfile | ||
|
|
||
| - name: Fetch keyring native bindings for all targets | ||
| run: | | ||
| version="$(bun -e 'console.log(require("@napi-rs/keyring/package.json").version)')" | ||
| for triple in darwin-arm64 darwin-x64 linux-x64-gnu linux-arm64-gnu win32-x64-msvc win32-arm64-msvc; do | ||
| dir="node_modules/@napi-rs/keyring-$triple" | ||
| [ -d "$dir" ] && continue | ||
| mkdir -p "$dir" | ||
| curl -fsSL "https://registry.npmjs.org/@napi-rs/keyring-$triple/-/keyring-$triple-$version.tgz" | tar -xz -C "$dir" --strip-components=1 | ||
| done | ||
|
Comment on lines
+49
to
+57
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The release workflow now fetches non-host keyring packages before compiling, but the CI build path still cross-compiles the same binaries without this step and only checks that output files are non-empty. When keyring embedding breaks for a non-host target, CI can still pass while the release-only path is the first place that exercises the new behavior. Please share this fetch/setup step with CI or add a CI check that confirms the compiled binaries contain the expected native keyring binding for each target. |
||
|
|
||
| - name: Build for Linux and Windows | ||
| run: | | ||
| bun install --frozen-lockfile | ||
| bun run linux-x64 | ||
| bun run linux-arm64 | ||
| bun run mac-x64 | ||
|
|
||
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This step downloads native packages outside the lockfile-verified install path and pipes them directly into
tar. If the registry or a proxy returns a corrupted or tampered@napi-rs/keyring-*tarball, the workflow can embed that native code into signed release binaries without checking the integrity already recorded in the lockfiles. Please fetch these packages through the package manager or verify each tarball against lockfile integrity before extraction.