upgrade keytar toolchain to modern Node versions, add support for pac…

…kaging on arm (#1)

* upgrade keytar toolchain to modern Node versions, add support for packaging on arm

* other CI fixes

* also use python3 now

* and one more python mention

* upgrade codeql build to latest versions of dependencies

* use configured node version instead of hard-coding where possible

* add missing dependencies for codeql

* maybe just some dependencies

.github/workflows/ci.yml

@@ -8,17 +8,16 @@ on:
   pull_request:
     branches: [ master ]
 
+permissions:
+  contents: write # to allow workflow to publish release
+
 jobs:
   build:
     name: ${{ matrix.friendlyName }}
-    env:
-      CC: "clang"
-      CXX: "clang++"
-      npm_config_clang: "1"
 
     strategy:
       matrix:
-        node-version: [15.x]
+        node-version: [22.x]
         os: [ubuntu-20.04, windows-2019, macos-latest]
         include:
           - os: ubuntu-20.04
@@ -31,11 +30,11 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+    - uses: actions/checkout@v4
+    - name: Install Node.js
+      uses: actions/setup-node@v4
       with:
-        node-version: ${{ matrix.node-version }}
+        node-version-file: '.node-version'
     - run: |
         sudo apt-get install gnome-keyring \
                              libsecret-1-dev \
@@ -44,16 +43,7 @@ jobs:
       if: ${{ matrix.os == 'ubuntu-20.04' }}
       name: Install additional dependencies
 
-    # This step can be removed as soon as official Windows arm64 builds are published:
-    # https://github.com/nodejs/build/issues/2450#issuecomment-705853342
-    - run: |
-        $NodeVersion = (node --version) -replace '^.'
-        $NodeFallbackVersion = "15.8.0"
-        & .\script\download-node-lib-win-arm64.ps1 $NodeVersion $NodeFallbackVersion
-      if: ${{ matrix.os == 'windows-2019' }}
-      name: Install Windows arm64 node.lib
-
-    - run: npm install
+    - run: npm ci
       name: Setup environment
 
     - run: npm run build
@@ -93,6 +83,7 @@ jobs:
         docker run --rm -v ${PWD}:/project node-keytar/i386 /bin/bash -c "cd /project && npm run prebuild-napi-ia32 && rm -rf build"
         docker build -t node-keytar/arm64-cross-compile docker/arm64-cross-compile
         docker run --rm -v ${PWD}:/project node-keytar/arm64-cross-compile /bin/bash -c "cd /project && npm run prebuild-napi-arm64 && rm -rf build"
+        docker run --rm -v ${PWD}:/project node-keytar/arm64-cross-compile /bin/bash -c "cd /project && npm run prebuild-napi-arm && rm -rf build"
         docker build -t node-keytar/armv7l-cross-compile docker/armv7l-cross-compile
         docker run --rm -v ${PWD}:/project node-keytar/armv7l-cross-compile /bin/bash -c "cd /project && npm run prebuild-napi-armv7l"
       if: ${{ matrix.os == 'ubuntu-20.04' }}
@@ -103,37 +94,34 @@ jobs:
       name: List prebuilds
 
     - name: Upload prebuilds to GitHub
-      run: npm run upload
+      run: npx prebuild --verbose --upload-all ${{ secrets.GITHUB_TOKEN }}
       if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
-      env:
-        GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   alpine-build:
     runs-on: ubuntu-latest
-    container: node:15-alpine3.12
+    container: node:22-alpine3.20
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: install additional dependencies
       run: |
-        apk add g++ make python2 libsecret-dev
+        apk add g++ make python3 libsecret-dev
 
-    - run: npm install
+    - run: npm ci
       name: Setup environment
 
     - run: |
         npm run prebuild-napi-x64
         npm run prebuild-napi-arm64
+        npm run prebuild-napi-arm
       name: Prebuild
 
     - run: |
         ls prebuilds/
       name: List prebuilds
 
     - name: Upload prebuilds to GitHub
-      run: npm run upload
+      run: npx prebuild --verbose --upload-all ${{ secrets.GITHUB_TOKEN }}
       if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
-      env:
-        GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   # Separate step for publishing to NPM so we're sure that generating + uploading prebuilds worked on all platforms
   npm-publish:
@@ -143,17 +131,17 @@ jobs:
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Use Node.js 15
-      uses: actions/setup-node@v1
+    - uses: actions/checkout@v4
+    - name: Install NodeJS
+      uses: actions/setup-node@v4
       with:
-        node-version: 15.x
+        node-version-file: '.node-version'
         registry-url: 'https://registry.npmjs.org'
 
     - run: sudo apt-get install libsecret-1-dev
       name: Install additional dependencies
 
-    - run: npm install
+    - run: npm ci
       name: Setup environment
 
     - run: npm publish --access public

.github/workflows/codeql.yml

@@ -11,24 +11,29 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, windows-2019, macos-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         include:
           - os: ubuntu-latest
             friendlyName: Ubuntu
-          - os: windows-2019
+          - os: windows-latest
             friendlyName: Windows
           - os: macos-latest
             friendlyName: macOS
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: javascript, cpp
 
+    - run: |
+        sudo apt-get install libsecret-1-dev
+      if: ${{ matrix.os == 'ubuntu-latest' }}
+      name: Install additional dependencies
+
     # Setup dependencies (and build native modules from source)
     - name: Install dependencies
       run: |
@@ -37,4 +42,4 @@ jobs:
 
     # Run code analysis
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

.node-version

@@ -1 +1 @@
-14.15.1
+22.13.1

docker/arm64-cross-compile/Dockerfile

@@ -1,9 +1,9 @@
-FROM debian:buster
+FROM debian:bookworm
 
 RUN dpkg --add-architecture arm64
 RUN apt-get update && apt-get install -y --no-install-recommends \
   crossbuild-essential-arm64 \
-  python \
+  python3 \
   git \
   pkg-config \
   fakeroot \
@@ -25,5 +25,5 @@ ENV AS=/usr/bin/aarch64-linux-gnu-as \
   FC=/usr/bin/aarch64-linux-gnu-gfortran \
   PKG_CONFIG_PATH=/usr/lib/aarch64-linux-gnu/pkgconfig
 
-RUN curl -sL https://deb.nodesource.com/setup_15.x | bash -
+RUN curl -sL https://deb.nodesource.com/setup_22.x | bash -
 RUN apt-get install -y nodejs

docker/armv7l-cross-compile/Dockerfile

@@ -1,9 +1,9 @@
-FROM debian:buster
+FROM debian:bookworm
 
 RUN dpkg --add-architecture armhf
 RUN apt-get update && apt-get install -y --no-install-recommends \
   crossbuild-essential-armhf \
-  python \
+  python3 \
   git \
   pkg-config \
   fakeroot \
@@ -25,5 +25,5 @@ ENV AS=/usr/bin/arm-linux-gnueabihf-as \
   FC=/usr/bin/arm-linux-gnueabihf-gfortran \
   PKG_CONFIG_PATH=/usr/lib/arm-linux-gnueabihf/pkgconfig
 
-RUN curl -sL https://deb.nodesource.com/setup_15.x | bash -
+RUN curl -sL https://deb.nodesource.com/setup_22.x | bash -
 RUN apt-get install -y nodejs

docker/i386/Dockerfile

@@ -1,4 +1,4 @@
-FROM i386/debian:stretch
+FROM i386/debian:bullseye
 
 RUN apt-get update
 RUN apt-get install --quiet --yes \
@@ -9,8 +9,9 @@ RUN apt-get install --quiet --yes \
     python \
     libsecret-1-dev
 
-RUN curl -sL https://deb.nodesource.com/setup_9.x | bash -
-RUN apt-get install -y nodejs
+RUN curl -sL 'https://unofficial-builds.nodejs.org/download/release/v20.12.2/node-v20.12.2-linux-x86.tar.xz' | xzcat | tar -vx  --strip-components=1 -C /usr/local/
+
+RUN node -v
 
 ENV CC clang
 ENV CXX clang++