Merge branch 'main' of https://github.com/ByteBardOrg/obfuscan #3
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish Core | |
| on: | |
| push: | |
| tags: | |
| - "core-v*" | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "SemVer version to publish (must match packages/core/package.json)" | |
| required: true | |
| type: string | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| publish-core: | |
| name: Publish @obfuscan/core | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: packages/core | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| registry-url: https://registry.npmjs.org | |
| - name: Resolve and validate version | |
| id: version | |
| env: | |
| INPUT_VERSION: ${{ inputs.version }} | |
| run: | | |
| if [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then | |
| EXPECTED_VERSION="${GITHUB_REF_NAME#core-v}" | |
| else | |
| EXPECTED_VERSION="${INPUT_VERSION}" | |
| fi | |
| PKG_VERSION="$(node -p "require('./package.json').version")" | |
| node -e " | |
| const semver = /^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-[0-9A-Za-z.-]+)?(?:\\+[0-9A-Za-z.-]+)?$/; | |
| const [expected, pkg] = process.argv.slice(1); | |
| if (!semver.test(expected)) { | |
| console.error('Expected version is not valid SemVer:', expected); | |
| process.exit(1); | |
| } | |
| if (!semver.test(pkg)) { | |
| console.error('package.json version is not valid SemVer:', pkg); | |
| process.exit(1); | |
| } | |
| if (expected !== pkg) { | |
| console.error('Version mismatch: expected ' + expected + ', package.json has ' + pkg); | |
| process.exit(1); | |
| } | |
| " "${EXPECTED_VERSION}" "${PKG_VERSION}" | |
| echo "version=${PKG_VERSION}" >> "${GITHUB_OUTPUT}" | |
| - name: Install dependencies | |
| run: npm ci --legacy-peer-deps | |
| - name: Build | |
| run: npm run build | |
| - name: Smoke test published entrypoint | |
| run: | | |
| node --input-type=module <<'NODE' | |
| import { scan } from './dist/index.js'; | |
| const result = await scan( | |
| { paths: ['a.js'] }, | |
| { | |
| fileResolver: async () => 'eval(atob("YQ=="));\n', | |
| logger: { debug() {}, info() {}, warn() {}, error() {} }, | |
| }, | |
| ); | |
| if (!result.findings.some(f => f.ruleId === 'obf.decode-then-exec.javascript')) { | |
| throw new Error('built package did not load rules and scan successfully'); | |
| } | |
| NODE | |
| - name: Test | |
| run: npm run test:all | |
| - name: Publish | |
| run: npm publish --access public --provenance | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |