Skip to content
PR Build

feat: add support for encrypting secrets at rest #18

Sign in to view logs

feat: add support for encrypting secrets at rest

feat: add support for encrypting secrets at rest #18

Workflow file for this run

.github/workflows/pr-publish.yml at 6c0b0b8
name: PR Build
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
pull-requests: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v2
with:
bun-version: latest
- name: Install dependencies
run: bun install
- name: Type check
run: bun run typecheck
- name: Run tests
run: bun test
- name: Set PR version
run: |
PKG_VERSION=$(bun -e "console.log(require('./package.json').version)")
PR_VERSION="${PKG_VERSION}-pr.${{ github.event.pull_request.number }}.${GITHUB_SHA::7}"
echo "PR_VERSION=${PR_VERSION}" >> $GITHUB_ENV
bun -e "
const pkg = require('./package.json');
pkg.version = '${PR_VERSION}';
require('fs').writeFileSync('package.json', JSON.stringify(pkg, null, 2));
"
- name: Build Linux x64
run: bun build src/cli.ts --compile --minify --target=bun-linux-x64 --outfile burrow-linux-x64
- name: Build Linux ARM64
run: bun build src/cli.ts --compile --minify --target=bun-linux-arm64 --outfile burrow-linux-arm64
- name: Build macOS x64
run: bun build src/cli.ts --compile --minify --target=bun-darwin-x64 --outfile burrow-darwin-x64
- name: Build macOS ARM64
run: bun build src/cli.ts --compile --minify --target=bun-darwin-arm64 --outfile burrow-darwin-arm64
- name: Build Windows x64
run: bun build src/cli.ts --compile --minify --target=bun-windows-x64 --outfile burrow-windows-x64.exe
- name: Upload Linux x64
uses: actions/upload-artifact@v4
with:
name: burrow-pr-${{ github.event.pull_request.number }}-linux-x64
path: burrow-linux-x64
retention-days: 30
- name: Upload Linux ARM64
uses: actions/upload-artifact@v4
with:
name: burrow-pr-${{ github.event.pull_request.number }}-linux-arm64
path: burrow-linux-arm64
retention-days: 30
- name: Upload macOS x64
uses: actions/upload-artifact@v4
with:
name: burrow-pr-${{ github.event.pull_request.number }}-darwin-x64
path: burrow-darwin-x64
retention-days: 30
- name: Upload macOS ARM64
uses: actions/upload-artifact@v4
with:
name: burrow-pr-${{ github.event.pull_request.number }}-darwin-arm64
path: burrow-darwin-arm64
retention-days: 30
- name: Upload Windows x64
uses: actions/upload-artifact@v4
with:
name: burrow-pr-${{ github.event.pull_request.number }}-windows-x64
path: burrow-windows-x64.exe
retention-days: 30
- name: Post PR comment
uses: actions/github-script@v7
with:
script: |
const prNum = ${{ github.event.pull_request.number }};
const body = `## Build Artifacts Ready
**Version:** \`${{ env.PR_VERSION }}\`
| Platform | Artifact |
|----------|----------|
| Linux x64 | burrow-pr-${prNum}-linux-x64 |
| Linux ARM64 | burrow-pr-${prNum}-linux-arm64 |
| macOS x64 | burrow-pr-${prNum}-darwin-x64 |
| macOS ARM64 | burrow-pr-${prNum}-darwin-arm64 |
| Windows x64 | burrow-pr-${prNum}-windows-x64 |
### Quick Install (Linux/macOS)
\`\`\`bash
curl -fsSL https://i.captainsafia.sh/captainsafia/burrow/pr/${prNum} | sh
\`\`\`
Or download artifacts manually from the [Actions run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}).
`;
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const existingComment = comments.find(c =>
c.user.type === 'Bot' && c.body.includes('Build Artifacts Ready')
);
if (existingComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: existingComment.id,
body,
});
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body,
});
}