fix(build): use container pnpm for Alpine Docker builds #651
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ⚡ CI | |
| # Dependencies: | |
| # - SocketDev/socket-registry/.github/workflows/ci.yml | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['*'] | |
| paths: | |
| - 'packages/cli/**' | |
| - 'pnpm-lock.yaml' | |
| - 'package.json' | |
| - '.github/workflows/ci.yml' | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'packages/cli/**' | |
| - 'pnpm-lock.yaml' | |
| - 'package.json' | |
| - '.github/workflows/ci.yml' | |
| workflow_dispatch: | |
| inputs: | |
| node-versions: | |
| description: 'Node.js versions to test (JSON array)' | |
| required: false | |
| type: string | |
| default: '["24.10.0"]' | |
| permissions: | |
| contents: read | |
| jobs: | |
| ci: | |
| name: Run CI Pipeline | |
| uses: SocketDev/socket-registry/.github/workflows/ci.yml@1a96ced97aaa85d61543351b90d6f463b983c46c # main | |
| with: | |
| test-setup-script: 'pnpm --filter @socketsecurity/cli run build' | |
| lint-script: 'pnpm --filter @socketsecurity/cli run check' | |
| type-check-script: 'pnpm --filter @socketsecurity/cli run type' | |
| test-script: 'echo "Tests run in sharded job below"' | |
| node-versions: ${{ inputs.node-versions || '["24.10.0"]' }} | |
| os-versions: '["ubuntu-latest"]' | |
| fail-fast: false | |
| max-parallel: 4 | |
| test-timeout-minutes: 15 | |
| # Sharded unit tests for faster CI. | |
| # Splits 2,819 tests across 3 shards (~16s per shard vs 48s monolithic). | |
| # Runs on Linux only to optimize CI runtime and build requirements. | |
| test-sharded: | |
| name: Unit Tests (Shard ${{ matrix.shard }}/3) | |
| needs: ci | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 4 | |
| matrix: | |
| node-version: ${{ fromJSON(inputs.node-versions || '["24.10.0"]') }} | |
| shard: [1, 2, 3] | |
| steps: | |
| - uses: SocketDev/socket-registry/.github/actions/setup-and-install@1a96ced97aaa85d61543351b90d6f463b983c46c # main | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Build CLI | |
| working-directory: packages/cli | |
| run: pnpm run build | |
| - name: Run unit tests (shard ${{ matrix.shard }}) | |
| working-directory: packages/cli | |
| run: pnpm test:unit --shard=${{ matrix.shard }}/3 | |
| # Binary distribution integration tests. | |
| # Tests the JS distribution and optionally SEA/smol if cached binaries are available. | |
| integration: | |
| name: Integration Tests | |
| needs: ci | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| node-version: ['24.10.0'] | |
| steps: | |
| - uses: SocketDev/socket-registry/.github/actions/setup-and-install@1a96ced97aaa85d61543351b90d6f463b983c46c # main | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Build CLI | |
| working-directory: packages/cli | |
| run: pnpm run build | |
| - name: Generate cache keys for binary distributions | |
| id: cache-keys | |
| shell: bash | |
| run: | | |
| # SEA cache key (matches build-sea.yml). | |
| SEA_HASH=$(find packages/node-sea-builder packages/cli/src -type f \( -name "*.mts" -o -name "*.ts" -o -name "*.mjs" -o -name "*.js" \) 2>/dev/null | sort | xargs sha256sum 2>/dev/null | sha256sum | cut -d' ' -f1 || echo "none") | |
| DEPS_HASH=$(find packages/bootstrap packages/socket -type f \( -name "*.mts" -o -name "*.ts" -o -name "*.mjs" -o -name "*.js" -o -name "*.json" \) ! -path "*/node_modules/*" ! -path "*/dist/*" ! -path "*/build/*" 2>/dev/null | sort | xargs sha256sum 2>/dev/null | sha256sum | cut -d' ' -f1 || echo "none") | |
| LOCK_HASH=$(sha256sum pnpm-lock.yaml 2>/dev/null | cut -d' ' -f1 || echo "none") | |
| SEA_DEPS_HASH=$(echo "$DEPS_HASH-$LOCK_HASH" | sha256sum | cut -d' ' -f1) | |
| SEA_COMBINED=$(echo "$SEA_HASH-$SEA_DEPS_HASH" | sha256sum | cut -d' ' -f1) | |
| echo "sea-hash=$SEA_COMBINED" >> $GITHUB_OUTPUT | |
| # Smol cache key (matches build-smol.yml). | |
| SMOL_HASH=$(find patches packages/node-smol-builder/patches packages/node-smol-builder/additions scripts -type f \( -name "*.patch" -o -name "*.template.patch" -o -name "*.mjs" -o -name "*.template.mjs" -o -name "*.h" -o -name "*.c" -o -name "*.cc" \) 2>/dev/null | sort | xargs sha256sum 2>/dev/null | sha256sum | cut -d' ' -f1 || echo "none") | |
| SMOL_DEPS_HASH=$(echo "$DEPS_HASH-$LOCK_HASH" | sha256sum | cut -d' ' -f1) | |
| SMOL_COMBINED=$(echo "$SMOL_HASH-$SMOL_DEPS_HASH" | sha256sum | cut -d' ' -f1) | |
| echo "smol-hash=$SMOL_COMBINED" >> $GITHUB_OUTPUT | |
| - name: Restore SEA binary cache | |
| id: sea-cache | |
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: packages/node-sea-builder/dist/ | |
| key: node-sea-linux-x64-${{ steps.cache-keys.outputs.sea-hash }} | |
| restore-keys: node-sea-linux-x64- | |
| - name: Restore smol binary cache | |
| id: smol-cache | |
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: packages/node-smol-builder/dist/ | |
| key: node-smol-linux-x64-${{ steps.cache-keys.outputs.smol-hash }} | |
| restore-keys: node-smol-linux-x64- | |
| - name: Setup cached binaries for testing | |
| id: setup-binaries | |
| shell: bash | |
| run: | | |
| echo "Setting up cached binaries for integration tests..." | |
| echo "" | |
| # Copy SEA binary from cache to expected test location. | |
| SEA_CACHED="packages/node-sea-builder/dist/sea/socket-linux-x64" | |
| SEA_TARGET="packages/node-sea-builder/dist/socket-sea" | |
| if [ -f "$SEA_CACHED" ]; then | |
| mkdir -p "$(dirname "$SEA_TARGET")" | |
| cp "$SEA_CACHED" "$SEA_TARGET" | |
| chmod +x "$SEA_TARGET" | |
| echo "✓ SEA binary restored from cache: $SEA_TARGET" | |
| echo "sea=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "✗ SEA binary not found in cache (expected: $SEA_CACHED)" | |
| echo "sea=false" >> $GITHUB_OUTPUT | |
| fi | |
| # Copy smol binary from cache to expected test location. | |
| SMOL_CACHED="packages/node-smol-builder/dist/socket-smol-linux-x64" | |
| SMOL_TARGET="packages/node-smol-builder/dist/socket-smol" | |
| if [ -f "$SMOL_CACHED" ]; then | |
| mkdir -p "$(dirname "$SMOL_TARGET")" | |
| cp "$SMOL_CACHED" "$SMOL_TARGET" | |
| chmod +x "$SMOL_TARGET" | |
| echo "✓ Smol binary restored from cache: $SMOL_TARGET" | |
| echo "smol=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "✗ Smol binary not found in cache (expected: $SMOL_CACHED)" | |
| echo "smol=false" >> $GITHUB_OUTPUT | |
| fi | |
| # JS distribution (always available after build). | |
| if [ -f "packages/cli/dist/index.js" ]; then | |
| echo "✓ JS distribution: packages/cli/dist/index.js" | |
| echo "js=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "✗ JS distribution: not found" | |
| echo "js=false" >> $GITHUB_OUTPUT | |
| fi | |
| echo "" | |
| echo "Integration tests will run against all available distributions." | |
| - name: Run integration tests (all available distributions) | |
| working-directory: packages/cli | |
| run: node scripts/integration.mjs --all | |
| e2e: | |
| name: E2E Tests | |
| needs: ci | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 20 | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| node-version: ['24.10.0'] | |
| os: [ubuntu-latest] | |
| steps: | |
| - uses: SocketDev/socket-registry/.github/actions/setup-and-install@1a96ced97aaa85d61543351b90d6f463b983c46c # main | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| - name: Build CLI | |
| working-directory: packages/cli | |
| run: pnpm run build | |
| - name: Run e2e tests | |
| working-directory: packages/cli | |
| env: | |
| SOCKET_CLI_API_TOKEN: ${{ secrets.SOCKET_CLI_API_TOKEN }} | |
| run: pnpm run e2e-tests |