mirror of
https://github.com/ivabus/pantry
synced 2024-11-30 12:15:06 +03:00
2ff7403742
* Closes #1 * Using bun.sh binaries because we'll probs need to do the same for ziglang because ziglang OOMs during builds in CD * However in general we are happy to use the binaries the project built—they know what they are doing and we should trust them in that. * HOWEVER we should insist that they sign their binaries. Bun do not. * ALSO really we should insist on signed sources, see comments in the YAML for more discussion * Not using profile versions as they are not documented and seemingly less portable (based on reading the installer)
38 lines
1 KiB
YAML
38 lines
1 KiB
YAML
distributable:
|
||
url: https://github.com/oven-sh/bun/archive/refs/tags/bun-v{{version}}.tar.gz
|
||
|
||
warnings:
|
||
- vendored
|
||
|
||
versions:
|
||
github: oven-sh/bun
|
||
strip: /^Bun /
|
||
|
||
#FIXME proper system for re-using pre-built binaries
|
||
# we must require the vendor to provide signatures against a published public
|
||
# key. If they don’t then really we should build ourselves or warn the user
|
||
# about the fact.
|
||
# The thing is, we trust the sources implicitly currently because signing is
|
||
# so rare. The only way wide spread signing will occur is via our protocol.
|
||
|
||
build:
|
||
dependencies:
|
||
curl.se: '*'
|
||
info-zip.org/unzip: '*'
|
||
working-directory: ${{prefix}}
|
||
script: |
|
||
curl -Lfo bun.zip "https://github.com/oven-sh/bun/releases/download/bun-v{{version}}/bun-$PLATFORM.zip"
|
||
unzip bun.zip
|
||
mv bun-$PLATFORM bin
|
||
rm bun.zip
|
||
env:
|
||
darwin/aarch64: {PLATFORM: darwin-aarch64}
|
||
darwin/x86-64: {PLATFORM: darwin-x64}
|
||
linux/aarch64: {PLATFORM: linux-aarch64}
|
||
linux/x86-64: {PLATFORM: linux-x64}
|
||
|
||
test:
|
||
bun --help
|
||
|
||
provides:
|
||
- bin/bun
|