Bundle the prebuilt et client at pack time

Download and package the et binaries produced by build-et-binaries:

- resolve-et-bin-release picks the latest et-bin-* release; fetch-et-binaries
  downloads the platform client into resources/et/, verifying SHA256SUMS.
- et-extra-resources emits the electron-builder extraResources entry only
  when the binary is on disk, so pack still works without a bundled et.
- electron-builder.config.cjs wires et into the mac/win/linux bundles;
  package.json adds the fetch:et scripts.
This commit is contained in:
lateautumn233
2026-06-02 15:36:14 +08:00
parent a4bf2234cd
commit 95208294b0
8 changed files with 1130 additions and 4 deletions

View File

@@ -1,4 +1,5 @@
const { moshExtraResources } = require('./scripts/mosh-extra-resources.cjs');
const { etExtraResources } = require('./scripts/et-extra-resources.cjs');
/**
* @type {import('electron-builder').Configuration}
@@ -98,7 +99,7 @@ module.exports = {
NSMicrophoneUsageDescription: 'Netcatty may use the microphone for audio',
NSLocalNetworkUsageDescription: 'Netcatty needs local network access for SSH connections'
},
extraResources: moshExtraResources('darwin')
extraResources: [...moshExtraResources('darwin'), ...etExtraResources('darwin')]
},
dmg: {
title: '${productName}',
@@ -125,7 +126,7 @@ module.exports = {
arch: ['x64', 'arm64']
}
],
extraResources: moshExtraResources('win32')
extraResources: [...moshExtraResources('win32'), ...etExtraResources('win32')]
},
portable: {
artifactName: '${productName}-${version}-portable-${os}-${arch}.${ext}',
@@ -146,7 +147,7 @@ module.exports = {
icon: 'public/icon-win.png',
target: ['AppImage', 'deb', 'rpm'],
category: 'Development',
extraResources: moshExtraResources('linux')
extraResources: [...moshExtraResources('linux'), ...etExtraResources('linux')]
},
deb: {
// Use gzip instead of default xz(lzma) for better compatibility with

View File

@@ -12,11 +12,13 @@
"netcatty-tool-cli": "./electron/cli/netcatty-tool-cli.cjs"
},
"scripts": {
"dev": "npm run fetch:mosh:dev && npm run lint && concurrently -k \"vite\" \"npm:dev:electron\"",
"dev": "npm run fetch:mosh:dev && npm run fetch:et:dev && npm run lint && concurrently -k \"vite\" \"npm:dev:electron\"",
"dev:electron": "wait-on http-get://localhost:5173 && cross-env VITE_DEV_SERVER_URL=http://localhost:5173 node electron/launch.cjs",
"prebuild": "node scripts/copy-monaco.cjs",
"fetch:mosh": "node scripts/fetch-mosh-binaries.cjs",
"fetch:mosh:dev": "node scripts/fetch-mosh-binaries.cjs --host --resolve-release",
"fetch:et": "node scripts/fetch-et-binaries.cjs",
"fetch:et:dev": "node scripts/fetch-et-binaries.cjs --host --resolve-release",
"build": "vite build",
"preview": "vite preview",
"start": "node electron/launch.cjs",

View File

@@ -0,0 +1,76 @@
// Compute the platform-specific `extraResources` entry for bundling the
// EternalTerminal `et` client. Lives under scripts/ (eslint-ignored) so it
// can use Node CommonJS globals freely; consumed from
// electron-builder.config.cjs.
//
// Binaries are produced by .github/workflows/build-et-binaries.yml and
// downloaded into resources/et/<platform-arch>/ by
// scripts/fetch-et-binaries.cjs (gated on ET_BIN_RELEASE).
//
// We only emit the directive when the binary is actually on disk so that
// `npm run pack` keeps working without a bundled et — for example, when the
// developer skipped the fetch step or the relevant arch hasn't been built
// yet.
//
// Unlike mosh-client, `et` is a pure network-transport client and does not
// render a terminal locally, so there is no terminfo bundle to package.
const fs = require("node:fs");
const path = require("node:path");
function requestedArch() {
return process.env.npm_config_arch || process.env.npm_config_target_arch || process.arch;
}
function hasFile(file) {
return fs.existsSync(file) && fs.statSync(file).isFile();
}
function hasDir(dir) {
return fs.existsSync(dir) && fs.statSync(dir).isDirectory();
}
function etExtraResources(platform) {
const etRoot = path.resolve(process.cwd(), "resources", "et");
if (!fs.existsSync(etRoot)) return [];
if (platform === "darwin") {
const file = path.join(etRoot, "darwin-universal", "et");
if (!hasFile(file)) return [];
return [
{ from: "resources/et/darwin-universal/", to: "et/", filter: ["et"] },
];
}
if (platform === "linux") {
const arch = requestedArch();
const file = path.join(etRoot, `linux-${arch}`, "et");
if (!hasFile(file)) return [];
return [
{ from: `resources/et/linux-${arch}/`, to: "et/", filter: ["et"] },
];
}
if (platform === "win32") {
const arch = requestedArch();
const exe = path.join(etRoot, `win32-${arch}`, "et.exe");
const dllDir = path.join(etRoot, `win32-${arch}`, `et-win32-${arch}-dlls`);
if (!hasFile(exe)) return [];
const resources = [
{ from: `resources/et/win32-${arch}/`, to: "et/", filter: ["et.exe"] },
];
// Static MSVC builds ship no DLLs; only package the directory when a
// dynamically-linked build produced one.
if (hasDir(dllDir)) {
resources.push({
from: `resources/et/win32-${arch}/et-win32-${arch}-dlls/`,
to: `et/et-win32-${arch}-dlls/`,
filter: ["**/*"],
});
}
return resources;
}
return [];
}
module.exports = { etExtraResources };

View File

@@ -0,0 +1,107 @@
const test = require("node:test");
const assert = require("node:assert/strict");
const fs = require("node:fs");
const os = require("node:os");
const path = require("node:path");
const { etExtraResources } = require("./et-extra-resources.cjs");
function makeTmp(t) {
const dir = fs.mkdtempSync(path.join(os.tmpdir(), "netcatty-et-resources-"));
t.after(() => {
if (process.cwd().startsWith(dir)) process.chdir(os.tmpdir());
fs.rmSync(dir, { recursive: true, force: true });
});
return dir;
}
function withCwdAndArch(t, cwd, arch) {
const oldCwd = process.cwd();
const oldArch = process.env.npm_config_arch;
process.chdir(cwd);
process.env.npm_config_arch = arch;
t.after(() => {
process.chdir(oldCwd);
if (oldArch === undefined) delete process.env.npm_config_arch;
else process.env.npm_config_arch = oldArch;
});
}
function writeFile(filePath) {
fs.mkdirSync(path.dirname(filePath), { recursive: true });
fs.writeFileSync(filePath, "x");
}
test("etExtraResources returns concrete Linux arch paths", (t) => {
const root = makeTmp(t);
withCwdAndArch(t, root, "x64");
writeFile(path.join(root, "resources", "et", "linux-x64", "et"));
const got = etExtraResources("linux");
assert.deepEqual(got, [
{ from: "resources/et/linux-x64/", to: "et/", filter: ["et"] },
]);
});
test("etExtraResources returns concrete Linux arm64 paths", (t) => {
const root = makeTmp(t);
withCwdAndArch(t, root, "arm64");
writeFile(path.join(root, "resources", "et", "linux-arm64", "et"));
const got = etExtraResources("linux");
assert.deepEqual(got, [
{ from: "resources/et/linux-arm64/", to: "et/", filter: ["et"] },
]);
});
test("etExtraResources packages the universal Darwin binary", (t) => {
const root = makeTmp(t);
withCwdAndArch(t, root, "x64");
writeFile(path.join(root, "resources", "et", "darwin-universal", "et"));
const got = etExtraResources("darwin");
assert.deepEqual(got, [
{ from: "resources/et/darwin-universal/", to: "et/", filter: ["et"] },
]);
});
test("etExtraResources returns concrete Windows arch paths only when that arch exists", (t) => {
const root = makeTmp(t);
withCwdAndArch(t, root, "x64");
writeFile(path.join(root, "resources", "et", "win32-x64", "et.exe"));
const got = etExtraResources("win32");
assert.deepEqual(got, [
{ from: "resources/et/win32-x64/", to: "et/", filter: ["et.exe"] },
]);
process.env.npm_config_arch = "arm64";
assert.deepEqual(etExtraResources("win32"), []);
});
test("etExtraResources packages an optional Windows DLL directory when present", (t) => {
const root = makeTmp(t);
withCwdAndArch(t, root, "x64");
writeFile(path.join(root, "resources", "et", "win32-x64", "et.exe"));
writeFile(path.join(root, "resources", "et", "win32-x64", "et-win32-x64-dlls", "vcruntime140.dll"));
const got = etExtraResources("win32");
assert.deepEqual(got, [
{ from: "resources/et/win32-x64/", to: "et/", filter: ["et.exe"] },
{
from: "resources/et/win32-x64/et-win32-x64-dlls/",
to: "et/et-win32-x64-dlls/",
filter: ["**/*"],
},
]);
});
test("etExtraResources returns [] when the binary is missing", (t) => {
const root = makeTmp(t);
withCwdAndArch(t, root, "x64");
fs.mkdirSync(path.join(root, "resources", "et"), { recursive: true });
assert.deepEqual(etExtraResources("linux"), []);
assert.deepEqual(etExtraResources("darwin"), []);
assert.deepEqual(etExtraResources("win32"), []);
});

View File

@@ -0,0 +1,341 @@
#!/usr/bin/env node
/* eslint-disable no-console */
//
// Download platform-specific EternalTerminal `et` client binaries built by
// the `build-et-binaries` GitHub Actions workflow into resources/et/, so
// electron-builder can bundle them via `extraResources`. Designed to be
// idempotent and safe to skip in dev / CI matrix legs that don't ship et
// (e.g. when ET_BIN_RELEASE is unset).
//
// Usage:
// node scripts/fetch-et-binaries.cjs # all platforms
// node scripts/fetch-et-binaries.cjs --platform=darwin --arch=universal
// node scripts/fetch-et-binaries.cjs --host --resolve-release
//
// Env knobs:
// ET_BIN_RELEASE — release tag in ${ET_BIN_OWNER}/${ET_BIN_REPO}.
// Skip the whole step if unset (printed as a notice so
// the build doesn't silently miss the bundling).
// ET_BIN_OWNER — defaults to the GITHUB_REPOSITORY owner, or 'binaricat'
// ET_BIN_REPO — default 'Netcatty-et-bin' (a dedicated binary
// repository so the client repo stays source-only).
// ET_BIN_BASE_URL — full override (e.g. for staging / local mirror).
// ET_BIN_RES_DIR — override output dir for tests.
// ET_BIN_ALLOW_UNVERIFIED=true — explicit local escape hatch for mirrors
// without SHA256SUMS. Never use for release builds.
const fs = require("node:fs");
const path = require("node:path");
const http = require("node:http");
const https = require("node:https");
const os = require("node:os");
const crypto = require("node:crypto");
const { execFileSync } = require("node:child_process");
const { main: resolveEtBinRelease } = require("./resolve-et-bin-release.cjs");
const ROOT = path.resolve(__dirname, "..");
const DEFAULT_RES_DIR = path.join(ROOT, "resources", "et");
// (file basename in the release -> platform-arch subdir under resources/et/)
// Using flat names in the release for SHA256SUMS readability, then fanning
// out into platform-arch subdirs locally. Every target is a tar.gz bundle
// containing the single `et` (or `et.exe`) client binary. `et` is a pure
// network-transport client, so — unlike mosh-client — there is no terminfo
// to bundle.
const TARGETS = [
{ platform: "linux", arch: "x64", file: "et-linux-x64.tar.gz", localDir: "linux-x64", extract: "tar.gz" },
{ platform: "linux", arch: "arm64", file: "et-linux-arm64.tar.gz", localDir: "linux-arm64", extract: "tar.gz" },
{ platform: "darwin", arch: "universal", file: "et-darwin-universal.tar.gz", localDir: "darwin-universal", extract: "tar.gz" },
{ platform: "win32", arch: "x64", file: "et-win32-x64.tar.gz", localDir: "win32-x64", extract: "tar.gz" },
];
function log(msg) { console.log(`[fetch-et-binaries] ${msg}`); }
function warn(msg) { console.warn(`[fetch-et-binaries] WARN ${msg}`); }
function transferFor(url) {
const protocol = new URL(url).protocol;
if (protocol === "https:") return https;
if (protocol === "http:") return http;
throw new Error(`unsupported protocol for ${url}`);
}
function follow(url, depth = 0) {
return new Promise((resolve, reject) => {
if (depth > 5) return reject(new Error("too many redirects"));
transferFor(url).get(url, (res) => {
if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
res.resume();
resolve(follow(new URL(res.headers.location, url).toString(), depth + 1));
return;
}
if (res.statusCode !== 200) {
res.resume();
reject(new Error(`HTTP ${res.statusCode} for ${url}`));
return;
}
const chunks = [];
res.on("data", (c) => chunks.push(c));
res.on("end", () => resolve(Buffer.concat(chunks)));
res.on("error", reject);
}).on("error", reject);
});
}
function parseSums(text) {
const map = new Map();
for (const line of text.split(/\r?\n/)) {
const m = line.match(/^([0-9a-f]{64})\s+\*?\s*(\S+)\s*$/i);
if (m) map.set(m[2], m[1].toLowerCase());
}
return map;
}
async function fetchSums(baseUrl, { allowUnverified = false } = {}) {
try {
const buf = await follow(`${baseUrl}/SHA256SUMS`);
return parseSums(buf.toString("utf8"));
} catch (err) {
if (allowUnverified) {
warn(`could not fetch SHA256SUMS from ${baseUrl} (${err.message})`);
return new Map();
}
throw new Error(`could not fetch SHA256SUMS from ${baseUrl} (${err.message})`);
}
}
function assertSafeTarEntry(entry) {
const name = entry.trim();
if (!name) throw new Error("tarball contains an empty entry name");
if (name.startsWith("/") || name.startsWith("\\") || /^[A-Za-z]:/.test(name)) {
throw new Error(`tarball contains an absolute path: ${name}`);
}
if (name.includes("\\")) {
throw new Error(`tarball contains a Windows-style path: ${name}`);
}
const parts = name.split("/");
if (parts.includes("..")) {
throw new Error(`tarball contains a parent-directory path: ${name}`);
}
}
function resolveTarArchiveInvocation(archivePath, platform = process.platform) {
const pathApi = platform === "win32" ? path.win32 : path;
return {
cwd: pathApi.dirname(archivePath),
archive: pathApi.basename(archivePath),
};
}
function listTarEntries(archivePath) {
const { cwd, archive } = resolveTarArchiveInvocation(archivePath);
const out = execFileSync("tar", ["-tzf", archive], { cwd, encoding: "utf8" });
return out.split(/\r?\n/).filter(Boolean);
}
function validateTarEntries(entries) {
if (entries.length === 0) throw new Error("tarball is empty");
for (const entry of entries) assertSafeTarEntry(entry);
}
function chmodExecutable(filePath) {
if (process.platform !== "win32" && fs.existsSync(filePath) && !fs.lstatSync(filePath).isSymbolicLink()) {
try { fs.chmodSync(filePath, 0o755); } catch { /* ignore */ }
}
}
function parseEtBinRepository(env) {
const githubOwner = (env.GITHUB_REPOSITORY || "").split("/")[0];
return {
owner: env.ET_BIN_OWNER || githubOwner || "binaricat",
repo: env.ET_BIN_REPO || "Netcatty-et-bin",
};
}
function resolveHostTarget(opts = {}) {
const platform = opts.platform || process.platform;
const arch = opts.arch || process.arch;
if (platform === "darwin") return { platform: "darwin", arch: "universal" };
if (platform === "linux" && (arch === "x64" || arch === "arm64")) return { platform, arch };
if (platform === "win32" && arch === "x64") return { platform, arch };
throw new Error(`No bundled et target for ${platform}-${arch}`);
}
function assertExtractedTreeSafe(root) {
const stack = [root];
while (stack.length > 0) {
const dir = stack.pop();
for (const name of fs.readdirSync(dir)) {
const file = path.join(dir, name);
const stat = fs.lstatSync(file);
if (stat.isSymbolicLink()) {
throw new Error(`tarball contains a symbolic link: ${path.relative(root, file)}`);
}
if (stat.isDirectory()) {
stack.push(file);
continue;
}
if (!stat.isFile()) {
throw new Error(`tarball contains an unsupported file type: ${path.relative(root, file)}`);
}
}
}
}
function normalizeWindowsBundle(extractDir, target) {
const genericExe = path.join(extractDir, "et.exe");
const legacyExe = path.join(extractDir, `et-${target.platform}-${target.arch}.exe`);
if (!fs.existsSync(genericExe) && fs.existsSync(legacyExe)) {
fs.renameSync(legacyExe, genericExe);
}
if (!fs.existsSync(genericExe) || !fs.lstatSync(genericExe).isFile()) {
throw new Error(`${target.file} did not contain et.exe`);
}
// A statically-linked MSVC build ships no DLLs; the DLL directory is
// optional and only present for dynamically-linked builds.
chmodExecutable(genericExe);
}
function normalizePosixBundle(extractDir, target) {
const binary = path.join(extractDir, "et");
const legacyBinary = path.join(extractDir, `et-${target.platform}-${target.arch}`);
if (!fs.existsSync(binary) && fs.existsSync(legacyBinary)) {
fs.renameSync(legacyBinary, binary);
}
if (!fs.existsSync(binary) || !fs.lstatSync(binary).isFile()) {
throw new Error(`${target.file} did not contain et`);
}
chmodExecutable(binary);
}
function normalizeBundle(extractDir, target) {
if (target.platform === "win32") return normalizeWindowsBundle(extractDir, target);
return normalizePosixBundle(extractDir, target);
}
function replaceDir(srcDir, destDir) {
fs.rmSync(destDir, { recursive: true, force: true });
fs.mkdirSync(path.dirname(destDir), { recursive: true });
try {
fs.renameSync(srcDir, destDir);
} catch (err) {
if (!err || err.code !== "EXDEV") throw err;
fs.cpSync(srcDir, destDir, { recursive: true });
fs.rmSync(srcDir, { recursive: true, force: true });
}
}
function unpackTarGz(buf, target, { resDir }) {
const tmpRoot = fs.mkdtempSync(path.join(os.tmpdir(), "netcatty-et-"));
const archive = path.join(tmpRoot, "bundle.tar.gz");
const extractDir = path.join(tmpRoot, "extract");
const destDir = path.join(resDir, target.localDir);
fs.mkdirSync(extractDir, { recursive: true });
try {
fs.writeFileSync(archive, buf);
validateTarEntries(listTarEntries(archive));
const archiveInvocation = resolveTarArchiveInvocation(archive);
execFileSync("tar", ["-xzf", archiveInvocation.archive, "-C", path.basename(extractDir)], {
cwd: archiveInvocation.cwd,
stdio: "inherit",
});
assertExtractedTreeSafe(extractDir);
normalizeBundle(extractDir, target);
replaceDir(extractDir, destDir);
} finally {
fs.rmSync(tmpRoot, { recursive: true, force: true });
}
return destDir;
}
async function fetchOne(target, sums, opts) {
const { baseUrl, resDir, allowUnverified = false } = opts;
const url = `${baseUrl}/${target.file}`;
let buf;
try {
buf = await follow(url);
} catch (err) {
throw new Error(`download failed for ${target.file}: ${err.message}`);
}
const expected = sums.get(target.file);
const actual = crypto.createHash("sha256").update(buf).digest("hex");
if (expected && expected !== actual) {
throw new Error(`SHA256 mismatch for ${target.file}: expected ${expected}, got ${actual}`);
}
if (!expected) {
if (!allowUnverified) {
throw new Error(`no SHA256 entry for ${target.file}`);
}
warn(`no SHA256 entry for ${target.file} - accepting actual ${actual}`);
}
const destDir = unpackTarGz(buf, target, { resDir });
log(`unpacked ${target.file} into ${path.relative(ROOT, destDir)}/ (sha256=${actual})`);
return true;
}
async function main(argv = process.argv.slice(2), env = process.env) {
const platformArg = (argv.find((a) => a.startsWith("--platform=")) || "").split("=")[1];
const archArg = (argv.find((a) => a.startsWith("--arch=")) || "").split("=")[1];
let hostTarget = null;
if (argv.includes("--host")) {
try {
hostTarget = resolveHostTarget({ platform: platformArg || process.platform, arch: archArg || process.arch });
} catch (err) {
warn(`${err.message} - skipping host et fetch.`);
return 0;
}
}
let release = env.ET_BIN_RELEASE;
if (!release && argv.includes("--resolve-release")) {
release = await resolveEtBinRelease(env);
}
if (!release) {
log("ET_BIN_RELEASE is unset - skipping. Set it (e.g. et-bin-6.2.10-1) to bundle et into the package.");
return 0;
}
const { owner, repo } = parseEtBinRepository(env);
const baseUrl = env.ET_BIN_BASE_URL ||
`https://github.com/${owner}/${repo}/releases/download/${encodeURIComponent(release)}`;
const resDir = path.resolve(env.ET_BIN_RES_DIR || DEFAULT_RES_DIR);
const allowUnverified = env.ET_BIN_ALLOW_UNVERIFIED === "true";
const platformFilter = hostTarget?.platform || platformArg;
const archFilter = hostTarget?.arch || archArg;
log(`release=${release} owner=${owner} repo=${repo}`);
const sums = await fetchSums(baseUrl, { allowUnverified });
let ok = 0;
let total = 0;
for (const target of TARGETS) {
if (platformFilter && target.platform !== platformFilter) continue;
if (archFilter && target.arch !== archFilter) continue;
total += 1;
if (await fetchOne(target, sums, { baseUrl, resDir, allowUnverified })) ok += 1;
}
log(`done - ${ok}/${total} binaries written`);
if (ok < total) throw new Error(`only wrote ${ok}/${total} requested binaries`);
return 0;
}
if (require.main === module) {
main().catch((err) => {
console.error(`[fetch-et-binaries] FATAL ${err.message}`);
process.exit(1);
});
}
module.exports = {
TARGETS,
parseEtBinRepository,
replaceDir,
resolveHostTarget,
resolveTarArchiveInvocation,
parseSums,
validateTarEntries,
assertExtractedTreeSafe,
unpackTarGz,
normalizeBundle,
main,
};

View File

@@ -0,0 +1,278 @@
const test = require("node:test");
const assert = require("node:assert/strict");
const fs = require("node:fs");
const http = require("node:http");
const os = require("node:os");
const path = require("node:path");
const { execFile, execFileSync } = require("node:child_process");
const { promisify } = require("node:util");
const crypto = require("node:crypto");
const script = path.resolve(__dirname, "fetch-et-binaries.cjs");
const execFileAsync = promisify(execFile);
const {
parseEtBinRepository,
replaceDir,
resolveHostTarget,
resolveTarArchiveInvocation,
} = require("./fetch-et-binaries.cjs");
function makeTmp(t) {
const dir = fs.mkdtempSync(path.join(os.tmpdir(), "netcatty-fetch-et-"));
t.after(() => fs.rmSync(dir, { recursive: true, force: true }));
return dir;
}
function sha256(buf) {
return crypto.createHash("sha256").update(buf).digest("hex");
}
function makeTarGz(t, entries) {
const dir = makeTmp(t);
for (const [name, contents] of Object.entries(entries)) {
const file = path.join(dir, name);
fs.mkdirSync(path.dirname(file), { recursive: true });
fs.writeFileSync(file, contents);
}
// Use cwd + a relative archive name so GNU tar (Git Bash on Windows) does
// not treat a "C:" drive prefix in the archive path as a remote host.
const outDir = makeTmp(t);
execFileSync("tar", ["-czf", "bundle.tar.gz", "-C", dir, "."], { cwd: outDir, stdio: "pipe" });
return fs.readFileSync(path.join(outDir, "bundle.tar.gz"));
}
async function serveAssets(t, assets) {
const server = http.createServer((req, res) => {
const name = decodeURIComponent(req.url.split("/").pop());
if (!Object.prototype.hasOwnProperty.call(assets, name)) {
res.writeHead(404);
res.end("missing");
return;
}
res.writeHead(200);
res.end(assets[name]);
});
await new Promise((resolve) => server.listen(0, "127.0.0.1", resolve));
t.after(() => server.close());
return `http://127.0.0.1:${server.address().port}`;
}
test("fetch-et-binaries defaults to the dedicated et binary repository", () => {
assert.deepEqual(parseEtBinRepository({}), { owner: "binaricat", repo: "Netcatty-et-bin" });
assert.deepEqual(parseEtBinRepository({ GITHUB_REPOSITORY: "owner/project" }), {
owner: "owner",
repo: "Netcatty-et-bin",
});
assert.deepEqual(
parseEtBinRepository({ GITHUB_REPOSITORY: "owner/project", ET_BIN_OWNER: "bin", ET_BIN_REPO: "binaries" }),
{ owner: "bin", repo: "binaries" },
);
});
test("resolveHostTarget maps the local platform to the bundled target", () => {
assert.deepEqual(resolveHostTarget({ platform: "darwin", arch: "arm64" }), { platform: "darwin", arch: "universal" });
assert.deepEqual(resolveHostTarget({ platform: "darwin", arch: "x64" }), { platform: "darwin", arch: "universal" });
assert.deepEqual(resolveHostTarget({ platform: "linux", arch: "x64" }), { platform: "linux", arch: "x64" });
assert.deepEqual(resolveHostTarget({ platform: "linux", arch: "arm64" }), { platform: "linux", arch: "arm64" });
assert.deepEqual(resolveHostTarget({ platform: "win32", arch: "x64" }), { platform: "win32", arch: "x64" });
assert.throws(() => resolveHostTarget({ platform: "freebsd", arch: "x64" }), /No bundled et target/);
});
test("tar archive invocation uses a relative archive name for Windows paths", () => {
assert.deepEqual(
resolveTarArchiveInvocation(
"C:\\Users\\RUNNER~1\\AppData\\Local\\Temp\\netcatty-et-abc\\bundle.tar.gz",
"win32",
),
{
cwd: "C:\\Users\\RUNNER~1\\AppData\\Local\\Temp\\netcatty-et-abc",
archive: "bundle.tar.gz",
},
);
});
test("replaceDir falls back to copy when rename crosses devices", (t) => {
const root = makeTmp(t);
const src = path.join(root, "src");
const dest = path.join(root, "dest");
fs.mkdirSync(src);
fs.writeFileSync(path.join(src, "et.exe"), "exe");
const originalRenameSync = fs.renameSync;
fs.renameSync = (from, to) => {
if (from === src && to === dest) {
const error = new Error("cross-device link not permitted");
error.code = "EXDEV";
throw error;
}
return originalRenameSync(from, to);
};
t.after(() => {
fs.renameSync = originalRenameSync;
});
replaceDir(src, dest);
assert.equal(fs.existsSync(src), false);
assert.equal(fs.readFileSync(path.join(dest, "et.exe"), "utf8"), "exe");
});
test("fetch-et-binaries host mode skips unsupported local targets", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const baseUrl = await serveAssets(t, { SHA256SUMS: "" });
const { stderr } = await execFileAsync(
process.execPath,
[script, "--host", "--platform=win32", "--arch=arm64"],
{
env: {
...process.env,
ET_BIN_RELEASE: "test",
ET_BIN_BASE_URL: baseUrl,
ET_BIN_RES_DIR: resDir,
CI: "true",
},
stdio: "pipe",
},
);
assert.match(stderr, /No bundled et target for win32-arm64/);
assert.equal(fs.existsSync(resDir), false);
});
test("fetch-et-binaries skips when ET_BIN_RELEASE is unset", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const { stdout } = await execFileAsync(process.execPath, [script], {
env: { ...process.env, ET_BIN_RELEASE: "", ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
});
assert.match(stdout, /ET_BIN_RELEASE is unset/);
assert.equal(fs.existsSync(resDir), false);
});
test("fetch-et-binaries unpacks the Linux tarball", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const tar = makeTarGz(t, { et: "binary" });
const baseUrl = await serveAssets(t, {
"et-linux-x64.tar.gz": tar,
SHA256SUMS: `${sha256(tar)} et-linux-x64.tar.gz\n`,
});
await execFileAsync(process.execPath, [script, "--platform=linux", "--arch=x64"], {
env: { ...process.env, ET_BIN_RELEASE: "test", ET_BIN_BASE_URL: baseUrl, ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
});
assert.equal(fs.existsSync(path.join(resDir, "linux-x64", "et")), true);
assert.equal(fs.readFileSync(path.join(resDir, "linux-x64", "et"), "utf8"), "binary");
});
test("fetch-et-binaries unpacks the Darwin universal tarball", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const tar = makeTarGz(t, { et: "binary" });
const baseUrl = await serveAssets(t, {
"et-darwin-universal.tar.gz": tar,
SHA256SUMS: `${sha256(tar)} et-darwin-universal.tar.gz\n`,
});
await execFileAsync(process.execPath, [script, "--platform=darwin", "--arch=universal"], {
env: { ...process.env, ET_BIN_RELEASE: "test", ET_BIN_BASE_URL: baseUrl, ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
});
assert.equal(fs.existsSync(path.join(resDir, "darwin-universal", "et")), true);
});
test("fetch-et-binaries normalizes a static Windows tarball with no DLLs", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const tar = makeTarGz(t, { "et.exe": "exe" });
const baseUrl = await serveAssets(t, {
"et-win32-x64.tar.gz": tar,
SHA256SUMS: `${sha256(tar)} et-win32-x64.tar.gz\n`,
});
await execFileAsync(process.execPath, [script, "--platform=win32", "--arch=x64"], {
env: { ...process.env, ET_BIN_RELEASE: "test", ET_BIN_BASE_URL: baseUrl, ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
});
assert.equal(fs.existsSync(path.join(resDir, "win32-x64", "et.exe")), true);
});
test("fetch-et-binaries packages an optional Windows DLL directory when present", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const tar = makeTarGz(t, { "et.exe": "exe", "et-win32-x64-dlls/vcruntime140.dll": "dll" });
const baseUrl = await serveAssets(t, {
"et-win32-x64.tar.gz": tar,
SHA256SUMS: `${sha256(tar)} et-win32-x64.tar.gz\n`,
});
await execFileAsync(process.execPath, [script, "--platform=win32", "--arch=x64"], {
env: { ...process.env, ET_BIN_RELEASE: "test", ET_BIN_BASE_URL: baseUrl, ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
});
assert.equal(fs.existsSync(path.join(resDir, "win32-x64", "et.exe")), true);
assert.equal(fs.existsSync(path.join(resDir, "win32-x64", "et-win32-x64-dlls", "vcruntime140.dll")), true);
});
test("fetch-et-binaries rejects a tarball without et", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const tar = makeTarGz(t, { "readme.txt": "nope" });
const baseUrl = await serveAssets(t, {
"et-linux-x64.tar.gz": tar,
SHA256SUMS: `${sha256(tar)} et-linux-x64.tar.gz\n`,
});
await assert.rejects(
execFileAsync(process.execPath, [script, "--platform=linux", "--arch=x64"], {
env: { ...process.env, ET_BIN_RELEASE: "test", ET_BIN_BASE_URL: baseUrl, ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
}),
/did not contain et/,
);
});
test("fetch-et-binaries fails when SHA256SUMS lacks the requested asset", async (t) => {
const resDir = path.join(makeTmp(t), "resources", "et");
const tar = makeTarGz(t, { et: "binary" });
const baseUrl = await serveAssets(t, {
"et-linux-x64.tar.gz": tar,
SHA256SUMS: `${sha256(Buffer.from("other"))} other-file\n`,
});
await assert.rejects(
execFileAsync(process.execPath, [script, "--platform=linux", "--arch=x64"], {
env: { ...process.env, ET_BIN_RELEASE: "test", ET_BIN_BASE_URL: baseUrl, ET_BIN_RES_DIR: resDir, CI: "true" },
stdio: "pipe",
}),
/no SHA256 entry/,
);
});
test("fetch-et-binaries rejects symlinks inside tarballs", { skip: process.platform === "win32" }, async (t) => {
const srcDir = makeTmp(t);
fs.writeFileSync(path.join(srcDir, "outside"), "outside");
fs.symlinkSync(path.join(srcDir, "outside"), path.join(srcDir, "et"));
const outDir = makeTmp(t);
execFileSync("tar", ["-czf", "symlink.tar.gz", "-C", srcDir, "et"], { cwd: outDir, stdio: "pipe" });
const tar = fs.readFileSync(path.join(outDir, "symlink.tar.gz"));
const baseUrl = await serveAssets(t, {
"et-linux-x64.tar.gz": tar,
SHA256SUMS: `${sha256(tar)} et-linux-x64.tar.gz\n`,
});
await assert.rejects(
execFileAsync(process.execPath, [script, "--platform=linux", "--arch=x64"], {
env: {
...process.env,
ET_BIN_RELEASE: "test",
ET_BIN_BASE_URL: baseUrl,
ET_BIN_RES_DIR: path.join(makeTmp(t), "resources", "et"),
CI: "true",
},
stdio: "pipe",
}),
/symbolic link|did not contain et/,
);
});

View File

@@ -0,0 +1,187 @@
#!/usr/bin/env node
/* eslint-disable no-console */
//
// Resolve the EternalTerminal `et` client binary release used by
// build-packages.
//
// Priority:
// 1. ET_BIN_RELEASE from workflow input / repository variable.
// 2. Latest non-draft, non-prerelease GitHub Release whose tag is
// et-bin-* in ET_BIN_OWNER/ET_BIN_REPO. By default this is a
// dedicated sibling binary repository named Netcatty-et-bin.
//
// In GitHub Actions, the resolved tag is written back to $GITHUB_ENV so
// later steps can run scripts/fetch-et-binaries.cjs without duplicating
// release discovery logic.
const fs = require("node:fs");
const https = require("node:https");
const TAG_RE = /^et-bin-[A-Za-z0-9._-]+$/;
function log(msg) {
console.log(`[resolve-et-bin-release] ${msg}`);
}
function validateReleaseTag(tag) {
const value = String(tag || "").trim();
if (!TAG_RE.test(value)) {
throw new Error(`invalid et binary release tag: ${tag}`);
}
return value;
}
function parseRepository(env) {
const owner = env.ET_BIN_OWNER || (env.GITHUB_REPOSITORY || "").split("/")[0] || "binaricat";
const repo = env.ET_BIN_REPO || "Netcatty-et-bin";
return { owner, repo };
}
function releaseTimestamp(release) {
const raw = release.published_at || release.created_at || "";
const value = Date.parse(raw);
return Number.isNaN(value) ? 0 : value;
}
function pickLatestEtBinRelease(releases) {
return releases
.map((release, index) => ({ release, index }))
.filter(({ release }) => {
return release
&& TAG_RE.test(String(release.tag_name || ""))
&& release.draft !== true
&& release.prerelease !== true;
})
.sort((a, b) => {
const diff = releaseTimestamp(b.release) - releaseTimestamp(a.release);
return diff || a.index - b.index;
})[0]?.release.tag_name;
}
function parseNextLink(linkHeader) {
if (!linkHeader) return null;
for (const part of String(linkHeader).split(",")) {
const match = part.match(/^\s*<([^>]+)>\s*;\s*(.+)\s*$/);
if (!match) continue;
const rel = match[2].split(";").some((attr) => attr.trim() === 'rel="next"');
if (rel) return match[1];
}
return null;
}
function requestJsonWithHeaders(url, env, depth = 0) {
return new Promise((resolve, reject) => {
if (depth > 5) {
reject(new Error("too many redirects while looking up et binary releases"));
return;
}
const headers = {
Accept: "application/vnd.github+json",
"User-Agent": "netcatty-et-release-resolver",
"X-GitHub-Api-Version": "2022-11-28",
};
const token = env.GITHUB_TOKEN || env.GH_TOKEN;
if (token) headers.Authorization = `Bearer ${token}`;
https.get(url, { headers }, (res) => {
const location = res.headers.location;
if (res.statusCode >= 300 && res.statusCode < 400 && location) {
res.resume();
resolve(requestJsonWithHeaders(new URL(location, url).toString(), env, depth + 1));
return;
}
const chunks = [];
res.on("data", (chunk) => chunks.push(chunk));
res.on("end", () => {
const body = Buffer.concat(chunks).toString("utf8");
if (res.statusCode !== 200) {
reject(new Error(`GitHub API returned HTTP ${res.statusCode}: ${body.slice(0, 300)}`));
return;
}
try {
resolve({ json: JSON.parse(body), headers: res.headers });
} catch (err) {
reject(new Error(`GitHub API returned invalid JSON: ${err.message}`));
}
});
res.on("error", reject);
}).on("error", reject);
});
}
async function loadReleases(env, request = requestJsonWithHeaders) {
if (env.ET_BIN_RELEASES_JSON) {
const parsed = JSON.parse(env.ET_BIN_RELEASES_JSON);
if (!Array.isArray(parsed)) {
throw new Error("ET_BIN_RELEASES_JSON must be a JSON array");
}
return parsed;
}
const { owner, repo } = parseRepository(env);
const apiBase = (env.GITHUB_API_URL || "https://api.github.com").replace(/\/+$/, "");
let url = `${apiBase}/repos/${encodeURIComponent(owner)}/${encodeURIComponent(repo)}/releases?per_page=100`;
log(`looking up latest et-bin-* release in ${owner}/${repo}`);
const releases = [];
const seen = new Set();
while (url) {
if (seen.has(url)) {
throw new Error(`GitHub API pagination looped while looking up releases: ${url}`);
}
seen.add(url);
const { json, headers = {} } = await request(url, env);
if (!Array.isArray(json)) {
throw new Error("GitHub API releases response was not an array");
}
releases.push(...json);
url = parseNextLink(headers.link);
}
return releases;
}
function exportRelease(release, env) {
if (env.GITHUB_ENV) {
fs.appendFileSync(env.GITHUB_ENV, `ET_BIN_RELEASE=${release}\n`, "utf8");
}
}
async function main(env = process.env) {
if (String(env.ET_BIN_RELEASE || "").trim()) {
const release = validateReleaseTag(env.ET_BIN_RELEASE);
exportRelease(release, env);
log(`using ET_BIN_RELEASE=${release}`);
return release;
}
const releases = await loadReleases(env);
const release = pickLatestEtBinRelease(releases);
if (!release) {
throw new Error(
"could not find a non-draft et-bin-* release in the et binary repository. Publish build-et-binaries artifacts with release_tag (for example et-bin-6.2.10-1) before packaging.",
);
}
const validated = validateReleaseTag(release);
exportRelease(validated, env);
log(`resolved ET_BIN_RELEASE=${validated}`);
return validated;
}
if (require.main === module) {
main().catch((err) => {
console.error(`[resolve-et-bin-release] FATAL ${err.message}`);
process.exit(1);
});
}
module.exports = {
loadReleases,
parseNextLink,
validateReleaseTag,
parseRepository,
pickLatestEtBinRelease,
main,
};

View File

@@ -0,0 +1,134 @@
const test = require("node:test");
const assert = require("node:assert/strict");
const fs = require("node:fs");
const os = require("node:os");
const path = require("node:path");
const {
loadReleases,
main,
parseRepository,
parseNextLink,
pickLatestEtBinRelease,
validateReleaseTag,
} = require("./resolve-et-bin-release.cjs");
function makeTmp(t) {
const dir = fs.mkdtempSync(path.join(os.tmpdir(), "netcatty-resolve-et-"));
t.after(() => fs.rmSync(dir, { recursive: true, force: true }));
return dir;
}
test("validateReleaseTag accepts only et binary release tags", () => {
assert.equal(validateReleaseTag("et-bin-6.2.10-1"), "et-bin-6.2.10-1");
assert.throws(() => validateReleaseTag("v1.2.3"), /invalid et binary release tag/);
assert.throws(() => validateReleaseTag("et-bin-../bad"), /invalid et binary release tag/);
});
test("parseRepository falls back to the dedicated et binary repository", () => {
assert.deepEqual(parseRepository({}), { owner: "binaricat", repo: "Netcatty-et-bin" });
assert.deepEqual(parseRepository({ GITHUB_REPOSITORY: "owner/project" }), {
owner: "owner",
repo: "Netcatty-et-bin",
});
assert.deepEqual(
parseRepository({ GITHUB_REPOSITORY: "owner/project", ET_BIN_OWNER: "bin", ET_BIN_REPO: "binaries" }),
{ owner: "bin", repo: "binaries" },
);
});
test("pickLatestEtBinRelease ignores non-packaging releases", () => {
const got = pickLatestEtBinRelease([
{ tag_name: "v1.0.0", published_at: "2026-03-01T00:00:00Z" },
{ tag_name: "et-bin-6.2.10-3", draft: true, published_at: "2026-04-01T00:00:00Z" },
{ tag_name: "et-bin-6.2.10-4", prerelease: true, published_at: "2026-04-02T00:00:00Z" },
{ tag_name: "et-bin-6.2.10-1", published_at: "2026-02-01T00:00:00Z" },
{ tag_name: "et-bin-6.2.10-2", published_at: "2026-03-01T00:00:00Z" },
]);
assert.equal(got, "et-bin-6.2.10-2");
});
test("parseNextLink reads the next GitHub pagination URL", () => {
const link = [
'<https://api.github.com/repos/owner/repo/releases?per_page=100&page=1>; rel="prev"',
'<https://api.github.com/repos/owner/repo/releases?per_page=100&page=3>; rel="next"',
'<https://api.github.com/repos/owner/repo/releases?per_page=100&page=9>; rel="last"',
].join(", ");
assert.equal(
parseNextLink(link),
"https://api.github.com/repos/owner/repo/releases?per_page=100&page=3",
);
assert.equal(parseNextLink('<https://api.github.com/repos/owner/repo/releases?page=1>; rel="last"'), null);
});
test("loadReleases follows GitHub pagination until the last page", async () => {
const requested = [];
const got = await loadReleases({ GITHUB_REPOSITORY: "owner/repo" }, async (url) => {
requested.push(url);
if (url.includes("page=2")) {
return {
json: [{ tag_name: "et-bin-6.2.10-1", published_at: "2026-01-01T00:00:00Z" }],
headers: {},
};
}
return {
json: [{ tag_name: "v1.0.0", published_at: "2026-01-01T00:00:00Z" }],
headers: {
link: '<https://api.github.com/repos/owner/repo/releases?per_page=100&page=2>; rel="next"',
},
};
});
assert.deepEqual(got.map((release) => release.tag_name), ["v1.0.0", "et-bin-6.2.10-1"]);
assert.equal(requested.length, 2);
});
test("loadReleases rejects pagination loops", async () => {
await assert.rejects(
loadReleases({ GITHUB_REPOSITORY: "owner/repo" }, async (url) => ({
json: [],
headers: { link: `<${url}>; rel="next"` },
})),
/pagination looped/,
);
});
test("main keeps an explicit ET_BIN_RELEASE and exports it", async (t) => {
const githubEnv = path.join(makeTmp(t), "github-env");
const got = await main({
ET_BIN_RELEASE: "et-bin-6.2.10-1",
GITHUB_ENV: githubEnv,
});
assert.equal(got, "et-bin-6.2.10-1");
assert.equal(fs.readFileSync(githubEnv, "utf8"), "ET_BIN_RELEASE=et-bin-6.2.10-1\n");
});
test("main resolves the latest release from the release list and exports it", async (t) => {
const githubEnv = path.join(makeTmp(t), "github-env");
const got = await main({
GITHUB_ENV: githubEnv,
ET_BIN_RELEASES_JSON: JSON.stringify([
{ tag_name: "et-bin-6.2.10-1", published_at: "2026-01-01T00:00:00Z" },
{ tag_name: "et-bin-6.2.10-2", published_at: "2026-02-01T00:00:00Z" },
]),
});
assert.equal(got, "et-bin-6.2.10-2");
assert.equal(fs.readFileSync(githubEnv, "utf8"), "ET_BIN_RELEASE=et-bin-6.2.10-2\n");
});
test("main fails when no usable release exists", async () => {
await assert.rejects(
main({
ET_BIN_RELEASES_JSON: JSON.stringify([
{ tag_name: "v1.0.0", published_at: "2026-01-01T00:00:00Z" },
{ tag_name: "et-bin-6.2.10-1", draft: true, published_at: "2026-02-01T00:00:00Z" },
]),
}),
/could not find/,
);
});