joaoh82 / rust_sqlite / 24911275553
69%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 29
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 66.922%. Remained the same
24911275553

push

github

web-flow 
Phase 6g: add publish-nodejs to release.yml (npm via OIDC) (#28)

Two new jobs following the Phase 6f pattern:

  - build-nodejs-binaries (matrix, 4 cells)
  - publish-nodejs        (aggregate + npm publish + GitHub Release)

**Bundled-binaries architecture**: the `sqlrite` npm package ships
every platform's `.node` binary inside one tarball (~15 MiB),
picked at require time by napi's generated `index.js` dispatcher
based on process.platform / process.arch. Simpler than managing
N+1 npm packages (main + one per platform) — the cost is a bigger
download, acceptable for a database driver people install once.

**Why build/publish split**: same reason as publish-python — if
each matrix cell ran `npm publish` independently, a mid-matrix
failure would leave npm with some-but-not-all binaries and no
clean rollback. Aggregator downloads every platform's `.node`
binary into sdk/nodejs/ alongside the napi-generated `index.js`
dispatcher (uploaded by the Linux x86_64 cell only — it's
identical across build platforms), then does one atomic
`npm publish --provenance`.

**Matrix** mirrors publish-ffi / publish-desktop / publish-python
so all publish jobs share one consistent OS/arch pattern:

  ubuntu-latest     → linux-x64-gnu    (sqlrite.linux-x64-gnu.node)
  ubuntu-24.04-arm  → linux-arm64-gnu  (sqlrite.linux-arm64-gnu.node)
  macos-latest      → darwin-arm64     (sqlrite.darwin-arm64.node)
  windows-latest    → win32-x64-msvc   (sqlrite.win32-x64-msvc.node)

**Authentication via npm OIDC trusted publishing** — zero
long-lived NPM_TOKEN. The publish-nodejs job has `permissions:
id-token: write` and lives in the `release` GitHub environment.
npm-side config is one-time trusted-publisher registration on
npmjs.com (docs/release-secrets.md). `--provenance` flag attaches
a sigstore-signed attestation linking the published package to
this exact GitHub Actions run — npm's equivalent of PyPI's
PEP 740 attestations that worked first-try in the v0.1.4 canary.

**Wiring:**... (continued)

4012 of 5995 relevant lines covered (66.92%)

1.23 hits per line

Jobs
ID Job ID Ran Files Coverage
1 24911275553.1 29
66.92
 GitHub Action Run
Source Files on build 24911275553