From 28e67e58208a13bd5f9afb19b6a2e57f904eec80 Mon Sep 17 00:00:00 2001 From: vnugent Date: Wed, 15 May 2024 17:46:36 -0400 Subject: Squashed commit of the following: commit e6b4e605622f2b323fd3fe0aa01000f3986e3bba Author: vnugent Date: Wed May 15 16:35:06 2024 -0400 build: Fix ssl container dir, and certificate automation commit a710553aa5c0484b6934b8a5d4d16b1eb3ff2a88 Author: vnugent Date: Wed May 15 15:37:53 2024 -0400 ci: Admin form clear, polish build and release taskfiels commit 372eb6a32a9891afb5035caa0805e8ed878416d8 Author: vnugent Date: Tue May 14 22:27:10 2024 -0400 default read secret pepper from file for bare-metal builds commit 1b7270b40b65ef089bf40a14065227f742b8507e Author: vnugent Date: Tue May 14 21:52:03 2024 -0400 chore: make container slightly easier to setup commit 2deda50a167286bc93fd3871a1fd6dbf9f43c81f Merge: 28f0f77 96ae7b0 Author: vnugent Date: Sun Apr 28 10:54:09 2024 -0400 Merge branch 'master' into develop commit 28f0f774da975c04271445761b2de31aecf969ff Author: vnugent Date: Sat Apr 27 23:11:48 2024 -0400 Add --no-cache arg to build image args commit 22a1f5d374ec1a487944c6303066d0f15617cb12 Author: vnugent Date: Sat Apr 27 18:47:25 2024 -0400 fix: Upstream patch missing ! in middlware commit f40ca2d4c26f81276d58760152592a918bf3cd87 Author: vnugent Date: Sat Apr 27 18:36:01 2024 -0400 chore: package updates commit d7a3c957467e65ea7176170fba3c280ac18ac17e Author: vnugent Date: Sun Apr 21 12:02:57 2024 -0400 chore: Package updates and minor QOL patches commit 97a5bded5122708cf39d0e86bc24a5f31755bdd1 Merge: 56e0a38 5877c86 Author: vnugent Date: Tue Apr 9 17:38:02 2024 -0400 Merge branch 'master' into develop commit 56e0a38b2ca246e8beeaef3c6c4b9c0ce7d0f09b Author: vnugent Date: Tue Apr 9 17:35:13 2024 -0400 chore(app): Update deps, login spinner, curl msg, view prep commit 0945210c0492dd8a8de99ccd8e5e66cf05e3a1c1 Merge: 24fac82 3c15d54 Author: vnugent Date: Tue Apr 2 14:58:59 2024 -0400 Merge branch 'master' into develop commit 24fac82efe9e5c18e86ed535678640e7401472db Author: vnugent Date: Tue Apr 2 14:54:20 2024 -0400 ci: Configure manual dep versions commit d2ae31ec919d72e66d8b40db8394b55efd6ea6d3 Author: vnugent Date: Sun Mar 31 22:19:53 2024 -0400 ci: Native compression support for win commit fa7fdef79c6d468022b77f81314ac129fe0cdc32 Merge: 308092d a01220a Author: vnugent Date: Wed Mar 13 21:26:55 2024 -0400 Merge branch 'master' into develop commit 308092d6d743d0ba8f7ca86fd77e9c837dc46e88 Merge: 48637a8 9134093 Author: vnugent Date: Wed Mar 13 21:01:02 2024 -0400 Merge branch 'master' into develop commit 48637a8781fc951c307216f604fc1610e68691c3 Merge: 1e08c6d e326736 Author: vnugent Date: Wed Mar 13 16:20:35 2024 -0400 Merge branch 'master' into develop commit 1e08c6d2112459dc02a0ab873123c4a363b01d21 Author: vnugent Date: Wed Mar 13 16:17:58 2024 -0400 ci: verified container build ready for next release commit 85a1e5b7cc5c99e97a2d4e99bbceb0d2139742ff Author: vnugent Date: Tue Mar 12 22:05:16 2024 -0400 ci: exciting bare-metal build process, os support, smaller packages commit 748cdbf4880d830fd794e92856e8c35a46e4f884 Author: vnugent Date: Mon Mar 11 21:21:18 2024 -0400 feat(app): #1 update libs & add curl support --- ci/config/SessionProvider.json | 6 ++- ci/config/config.json | 2 +- ci/container/Dockerfile | 11 ++-- ci/container/Taskfile.yaml | 12 +++-- ci/container/docker-compose.yaml | 11 ++-- ci/container/run.sh | 7 +++ ci/install.ps1 | 4 ++ ci/install.taskfile.yaml | 5 +- ci/plugins.taskfile.yaml | 17 +++--- ci/release.taskfile.yaml | 21 ++++++++ ci/taskfile.yaml | 114 +++++++++++++++++++++++++++------------ 11 files changed, 152 insertions(+), 58 deletions(-) (limited to 'ci') diff --git a/ci/config/SessionProvider.json b/ci/config/SessionProvider.json index e281edf..6828114 100644 --- a/ci/config/SessionProvider.json +++ b/ci/config/SessionProvider.json @@ -16,6 +16,10 @@ //time (in seconds) a session is valid for "valid_for_sec": 3600, //The maxium number of connections waiting for the cache server responses - "max_waiting_connections": 100 + "max_waiting_connections": 100, + //Enforce strict cross-origin session checks + "strict_cors": true, + ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen) + "strict_tls_protocol": true } } \ No newline at end of file diff --git a/ci/config/config.json b/ci/config/config.json index 37b952a..0d8b839 100644 --- a/ci/config/config.json +++ b/ci/config/config.json @@ -177,6 +177,6 @@ //Global secrets object, used by the host and pluings for a specialized secrets "secrets": { //"db_password": "" - "passwords": "yourbase64passwordsecret" + "passwords": "file://secrets/password-pepper.txt" } } diff --git a/ci/container/Dockerfile b/ci/container/Dockerfile index a6d35d4..4580e48 100644 --- a/ci/container/Dockerfile +++ b/ci/container/Dockerfile @@ -5,7 +5,7 @@ FROM alpine:3.19 as native-cont #install public libs and build tools -RUN apk update && apk add --no-cache build-base cmake npm git +RUN apk update && apk add --no-cache build-base cmake npm git openssl #most universal way to use Task is from NPM RUN npm install -g @go-task/cli @@ -15,12 +15,12 @@ WORKDIR /build COPY app/ . #build internal libraries and copy the libraries to the /lib output directory -RUN mkdir out/ +RUN mkdir out/ ssl/ RUN task build-libs #APP CONTAINER #move into a clean dotnet apline lean image -FROM mcr.microsoft.com/dotnet/runtime:8.0.2-alpine3.19-amd64 as app-cont +FROM mcr.microsoft.com/dotnet/runtime:8.0.3-alpine3.19-amd64 as app-cont LABEL name="vnuge/simple-bookmark" LABEL maintainer="Vaughn Nugent " @@ -31,6 +31,8 @@ COPY app/ /app #pull compiled libs from build container COPY --from=native-cont /build/out /app/lib +#copy self signed ssl certs for first startup +COPY --from=native-cont /build/ssl /app/ssl RUN apk update && apk add --no-cache gettext icu-libs dumb-init curl @@ -83,8 +85,9 @@ ENV VNCACHE_CACHE_PUBLIC_KEY="" #HTTP/PROXY Config ENV HTTP_DOWNSTREAM_SERVERS=[] -ENV SSL_JSON="{}" ENV HTTP_TRACE_ON=false +#set default certificate files to the self signed ones created in the build container +ENV SSL_JSON='{"cert": "ssl/cert.pem", "privkey":"ssl/key.pem"}' #run the init script within dumb-init ENTRYPOINT ["dumb-init", "--"] diff --git a/ci/container/Taskfile.yaml b/ci/container/Taskfile.yaml index 69dff71..1d52697 100644 --- a/ci/container/Taskfile.yaml +++ b/ci/container/Taskfile.yaml @@ -8,6 +8,7 @@ version: "3" vars: INCLUDE_FILES: "Dockerfile, docker-compose.yaml" + CERT_KEY_PARAMS: "ec -pkeyopt ec_paramgen_curve:secp384r1" includes: install: @@ -19,6 +20,9 @@ tasks: build-libs: vars: OUT_DIR: "{{.USER_WORKING_DIR}}/out" + SSL_DIR: "{{.USER_WORKING_DIR}}/ssl" + HOSTNAME: + sh: echo $HOSTNAME #build stage generates the following libraries generates: @@ -31,10 +35,12 @@ tasks: - cd lib/argon2/ && task && cp build/libargon2.so {{.OUT_DIR}}/libargon2.so #build rpmalloc library - cd lib/vnlib_rpmalloc/ && task && cp build/libvn_rpmalloc.so {{.OUT_DIR}}/libvn_rpmalloc.so - #install zlib and brotli native libraries from the source repos (they dont have active releases anymore :() + #build compression - cd lib/vnlib_compress/ && task && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so - #build native compression lib and put in lib dir - - cd lib/vnlib_compress && cmake -B./build && cmake --build build/ --config Release && cp build/libvn_compress.so {{.OUT_DIR}}/libvn_compress.so + + #create a fresh self-signed cert for the container during build + - openssl req -new -x509 -days 365 -keyout {{.SSL_DIR}}/key.pem -out {{.SSL_DIR}}/cert.pem -newkey {{.CERT_KEY_PARAMS}} --nodes -subj "/CN={{.HOSTNAME}}" + - echo "WARNING Self signed certificate created during build stage, DO NOT COPY THIS IMAGE" #called from ci pipline to build the package build: diff --git a/ci/container/docker-compose.yaml b/ci/container/docker-compose.yaml index 465615d..63de647 100644 --- a/ci/container/docker-compose.yaml +++ b/ci/container/docker-compose.yaml @@ -11,7 +11,9 @@ services: volumes: - ./data:/app/data - ./assets:/app/usr/assets:ro - - ./ssl:/app/ssl:ro + #uncomment to use your own ssl certs, otherwise a build-time cert will be used + #- ./ssl/cert.pem:/app/ssl/cert.pem:ro + #- ./ssl/key.pem:/app/ssl/key.pem:ro ports: - 8080:8080 environment: @@ -34,7 +36,7 @@ services: MAX_LOGIN_ATTEMPS: "10" #SECRETS - PASSWORD_PEPPER: "" + PASSWORD_PEPPER: "" #A base64 encoded secret is required. raw string, vault://, file:// allowed DATABASE_PASSWORD: "" REDIS_PASSWORD: "" #if MEMCACHE_ONLY is false, then the following keys are required to connect to a VNCACHE cluster @@ -44,7 +46,6 @@ services: #HTTP HTTP_DOWNSTREAM_SERVERS: '[]' HTTP_TRACE_ON: "false" - #SSL_JSON: '{"cert": "ssl/cert.pem", "privkey":"ssl/priv.pem"}' - - SERVER_ARGS: "" + + SERVER_ARGS: "--setup" #remove the setup flag after you are done setting up the server diff --git a/ci/container/run.sh b/ci/container/run.sh index c780929..b452f2a 100644 --- a/ci/container/run.sh +++ b/ci/container/run.sh @@ -2,6 +2,8 @@ #this script will be invoked by dumb-init in the container on statup and is located at /app +echo "Generating configuration files" + rm -rf config && mkdir config #substitude all -template files in the config-templates dir and write them to the config dir @@ -9,7 +11,12 @@ for file in config-templates/*-template.json; do envsubst < $file > config/$(basename $file -template.json).json done +echo "Complete" + +echo "Merging your asset files" cp usr/assets/* plugins/assets/ -rf +echo "Complete" #start the server +echo "Starting the server" dotnet webserver/VNLib.WebServer.dll --config config/config.json --input-off $SERVER_ARGS \ No newline at end of file diff --git a/ci/install.ps1 b/ci/install.ps1 index 7a5c455..b15dfc2 100644 --- a/ci/install.ps1 +++ b/ci/install.ps1 @@ -1,5 +1,9 @@ param([String] $BaseUrl, [String] $ModuleName, [String] $ProjectName, [String]$FileName, [String]$Version) +#random delays to space out the downloads +$randomDelay = Get-Random -Minimum 300 -Maximum 1000 +Start-Sleep -Milliseconds $randomDelay + $_src = "$BaseUrl/$ModuleName/$Version/$ProjectName/$FileName" #download the latest version diff --git a/ci/install.taskfile.yaml b/ci/install.taskfile.yaml index 898958b..587ac86 100644 --- a/ci/install.taskfile.yaml +++ b/ci/install.taskfile.yaml @@ -16,4 +16,7 @@ tasks: - cd {{.DIR}} && powershell "{{ .PROJECT_DIR }}/install.ps1" -BaseUrl {{.BUILDS_URL}} -ModuleName {{.MODULE_NAME}} -ProjectName {{.PROJECT_NAME}} -FileName {{.FILE_NAME}} -Version {{.VERSION}} - cd {{.DIR}} && tar -xzf {{.FILE_NAME}} #remove the archive file - - cd {{.DIR}} && powershell -Command "rm {{.FILE_NAME}}" \ No newline at end of file + - cd {{.DIR}} && powershell -Command "rm {{.FILE_NAME}}" + #remove all pckage.json files that could cause build issues + - cmd: cd {{.DIR}} && powershell 'Get-ChildItem -Path . -Recurse -File -Filter "package.json" | Remove-Item -Force' + ignore_error: true \ No newline at end of file diff --git a/ci/plugins.taskfile.yaml b/ci/plugins.taskfile.yaml index df930db..7cb508c 100644 --- a/ci/plugins.taskfile.yaml +++ b/ci/plugins.taskfile.yaml @@ -26,13 +26,14 @@ tasks: - install-argon2-lib - install-compression - install-sqlite + - install-router + - install-accounts + - install-sessions + - install-vncache + - install-vncache-sessions + - install-users cmds: - - task: install-accounts - - task: install-router - - task: install-sessions - - task: install-vncache - - task: install-vncache-sessions - - task: install-users + - echo "Installing and configuring plugins and UI" - task: build-bookmarks @@ -157,8 +158,6 @@ tasks: DIR: './lib/vnlib_compress' VERSION: '{{.CORE_VERSION}}' - - cd 'lib/vnlib_compress' && powershell rm package.json - install-argon2-lib: cmds: #install the argon2 binary for Windows @@ -180,7 +179,7 @@ tasks: VERSION: '{{.CORE_VERSION}}' #remove unneeded files - - for: [ man, latex, kats, argon2-specs.pdf, package.json ] + - for: [ man, latex, kats, argon2-specs.pdf ] cmd: powershell -Command "rm ./lib/argon2/{{.ITEM}} -Recurse" ignore_error: true diff --git a/ci/release.taskfile.yaml b/ci/release.taskfile.yaml index 4268f25..14806bc 100644 --- a/ci/release.taskfile.yaml +++ b/ci/release.taskfile.yaml @@ -9,16 +9,19 @@ vars: SSL_DIR: "ssl" DATA_DIR: "data" DEFAULT_EC_CURVE: "secp384r1" + PASS_PEPPER_SIZE: 64 tasks: default: desc: "Runs the Simple-Bookmark server" + interactive: true cmds: - task: run run: desc: "Runs the Simple-Bookmark server" silent: true + interactive: true env: #libraries intentionally do not have extensions, for cross-platform compatibility, the server will load them regardless VNLIB_SHARED_HEAP_FILE_PATH: lib/vnlib_rpmalloc.dll @@ -69,8 +72,26 @@ tasks: platforms: [ windows/amd64 ] ignore_error: true + create-pepper: + desc: "Generates a new pepper for hashing passwords." + vars: + PEPPER_FILE: "secrets/password-pepper.txt" + cmds: + - cmd: mkdir secrets/ + platforms: [ linux, darwin ] + ignore_error: true + - cmd: powershell -Command "mkdir secrets/" + platforms: [ windows/amd64 ] + ignore_error: true + + - cmd: openssl rand -base64 {{.PASS_PEPPER_SIZE}} > {{.PEPPER_FILE}} + platforms: [ linux, darwin ] + + - echo "DO NOT EVER LOSE OR UPDATE THIS FILE!" + create-cert: desc: "Genereates a new self-signed TLS certificate" + interactive: true cmds: - openssl req -new -x509 -days 365 -keyout {{.SSL_DIR}}/key.pem -out {{.SSL_DIR}}/cert.pem -newkey ec -pkeyopt ec_paramgen_curve:{{.DEFAULT_EC_CURVE}} --nodes diff --git a/ci/taskfile.yaml b/ci/taskfile.yaml index c35b226..0267dec 100644 --- a/ci/taskfile.yaml +++ b/ci/taskfile.yaml @@ -36,7 +36,11 @@ tasks: ignore_error: true - task: plugins:all + #remove runtime-shared libs before they are copied + - task: prune-plugin-libs - task: install-webserver + + #runtimes must be pruned for specific targets - task: prune-runtimes #run container build last @@ -59,20 +63,27 @@ tasks: #remove the executable since its not needed - cmd: cd webserver/ && powershell -Command "rm VNlib.WebServer" - - for: [ windows-x86_64, linux-x86_64, osx-x86_64, windows-arm, linux-arm, osx-arm ] - task: create-env - vars: - TARGET_OS: '{{.ITEM}}' + - task: parallel-envs + + parallel-envs: + deps: + - task: create-env + vars: { TARGET_OS: 'windows-x86_64' } + - task: create-env + vars: { TARGET_OS: 'linux-x86_64' } + - task: create-env + vars: { TARGET_OS: 'osx-x86_64' } + - task: create-env + vars: { TARGET_OS: 'windows-arm' } + - task: create-env + vars: { TARGET_OS: 'linux-arm' } + - task: create-env + vars: { TARGET_OS: 'osx-arm' } postbuild_success: cmds: - #make bin dir - cmd: powershell -Command "mkdir bin -Force" - ignore_error: true - - for: [ windows-x86_64, linux-x86_64, osx-x86_64, windows-arm, linux-arm, osx-arm ] - task: pack - vars: - TARGET_OS: '{{.ITEM}}' + - task: pb-parallel #cleanup unnecessary build files that clog up the pipeline - for: [ build, plugins, dist, lib, webserver ] @@ -80,11 +91,25 @@ tasks: ignore_error: true - task: container:postbuild_success - - build-container: + + pb-parallel: + internal: true + deps: + - task: pack + vars: { TARGET_OS: 'windows-x86_64' } + - task: pack + vars: { TARGET_OS: 'linux-x86_64' } + - task: pack + vars: { TARGET_OS: 'osx-x86_64' } + - task: pack + vars: { TARGET_OS: 'windows-arm' } + - task: pack + vars: { TARGET_OS: 'linux-arm' } + - task: pack + vars: { TARGET_OS: 'osx-arm' } cmds: - - task: container:build - + - echo "Packing complete" + create-env: vars: BUILD_DIR: './build/{{.TARGET_OS}}' @@ -107,38 +132,59 @@ tasks: ignore_error: true - cd build/{{.TARGET_OS}} && tar -czf ../../bin/{{.TARGET_OS}}-release.tgz . - prune-runtimes: + prune-plugin-libs: cmds: + - for: ['vnlib.utils.dll' , 'vnlib.net.http.dll', 'VNLib.Hashing.Portable.dll', 'VNLib.Plugins.Essentials.dll', 'VNLib.Plugins.dll', 'Serilog.dll', 'Serilog.Sinks.Console.dll', 'Serilog.Sinks.File.dll'] + cmd: cd plugins && powershell 'Get-ChildItem -Path . -Recurse -File -Filter "{{.ITEM}}" | Remove-Item -Force' + + prune-runtimes: + deps: #prune sqlite runtime native libraries that Im not targeting #windows - - for: ['browser-wasm', 'linux-arm', 'linux-arm64', 'linux-armel', 'linux-mips64', 'linux-musl-arm', 'linux-musl-arm64', 'linux-musl-x64', 'linux-ppc64le', 'linux-s390x', 'linux-x64', 'linux-x86', 'maccatalyst-arm64', 'maccatalyst-x64', 'osx-arm64', 'osx-x64', 'win-arm', 'win-arm64' ] - cmd: cd build/windows-x86_64/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" - ignore_error: true - + - task: prune-files + vars: + ITEMS: 'browser-wasm,linux-arm,linux-arm64,linux-armel,linux-mips64,linux-musl-arm,linux-musl-arm64,linux-musl-x64,linux-ppc64le,linux-s390x,linux-x64,linux-x86,maccatalyst-arm64,maccatalyst-x64,osx-arm64,osx-x64,win-arm,win-arm64' + DIR: 'windows-x86_64' + #windows arm - - for: ['browser-wasm', 'linux-arm', 'linux-arm64', 'linux-armel', 'linux-mips64', 'linux-musl-arm', 'linux-musl-arm64', 'linux-musl-x64', 'linux-ppc64le', 'linux-s390x', 'linux-x64', 'linux-x86', 'maccatalyst-arm64', 'maccatalyst-x64', 'osx-arm64', 'osx-x64', 'win-x86', 'win-x64' ] - cmd: cd build/windows-arm/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" - ignore_error: true + - task: prune-files + vars: + ITEMS: 'browser-wasm,linux-arm,linux-arm64,linux-armel,linux-mips64,linux-musl-arm,linux-musl-arm64,linux-musl-x64,linux-ppc64le,linux-s390x,linux-x64,linux-x86,maccatalyst-arm64,maccatalyst-x64,osx-arm64,osx-x64,win-x86,win-x64' + DIR: 'windows-arm' #linux x64 - - for: ['browser-wasm', 'linux-arm', 'linux-arm64', 'linux-armel', 'linux-musl-arm', 'linux-musl-arm64', 'maccatalyst-arm64', 'maccatalyst-x64', 'osx-arm64', 'osx-x64', 'win-arm', 'win-arm64', 'win-x86', 'win-x64' ] - cmd: cd build/linux-x86_64/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" - ignore_error: true + - task: prune-files + vars: + ITEMS: 'browser-wasm,linux-arm,linux-arm64,linux-armel,linux-musl-arm,linux-musl-arm64,maccatalyst-arm64,maccatalyst-x64,osx-arm64,osx-x64,win-arm,win-arm64,win-x86,win-x64' + DIR: 'linux-x86_64' #linux arm - - for: ['browser-wasm', 'linux-mips64', 'linux-musl-x64', 'linux-ppc64le', 'linux-s390x', 'linux-x64', 'linux-x86', 'maccatalyst-arm64', 'maccatalyst-x64', 'osx-arm64', 'osx-x64', 'win-arm', 'win-arm64', 'win-x86', 'win-x64' ] - cmd: cd build/linux-arm/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" - ignore_error: true + - task: prune-files + vars: + ITEMS: 'browser-wasm,linux-mips64,linux-musl-x64,linux-ppc64le,linux-s390x,linux-x64,linux-x86,maccatalyst-arm64,maccatalyst-x64,osx-arm64,osx-x64,win-arm,win-arm64,win-x86,win-x64' + DIR: 'linux-arm' #osx x64 - - for: ['browser-wasm', 'linux-arm', 'linux-arm64', 'linux-armel', 'linux-mips64', 'linux-musl-arm', 'linux-musl-arm64', 'linux-musl-x64', 'linux-ppc64le', 'linux-s390x', 'linux-x64', 'linux-x86', 'maccatalyst-arm64', 'win-arm', 'win-arm64', 'win-x86', 'win-x64' ] - cmd: cd build/osx-x86_64/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" - ignore_error: true + - task: prune-files + vars: + ITEMS: 'browser-wasm,linux-arm,linux-arm64,linux-armel,linux-mips64,linux-musl-arm,linux-musl-arm64,linux-musl-x64,linux-ppc64le,linux-s390x,linux-x64,linux-x86,maccatalyst-arm64,win-arm,win-arm64,win-x86,win-x64' + DIR: 'osx-x86_64' #osx arm - - for: ['browser-wasm', 'linux-arm', 'linux-arm64', 'linux-armel', 'linux-mips64', 'linux-musl-arm', 'linux-musl-arm64', 'linux-musl-x64', 'linux-ppc64le', 'linux-s390x', 'linux-x64', 'linux-x86', 'maccatalyst-x64', 'osx-x64', 'win-arm', 'win-arm64', 'win-x86', 'win-x64' ] - cmd: cd build/osx-arm/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" - ignore_error: true + - task: prune-files + vars: + ITEMS: 'browser-wasm,linux-arm,linux-arm64,linux-armel,linux-mips64,linux-musl-arm,linux-musl-arm64,linux-musl-x64,linux-ppc64le,linux-s390x,linux-x64,linux-x86,maccatalyst-x64,osx-x64,win-arm,win-arm64,win-x86,win-x64' + DIR: 'osx-arm' + + cmds: + - echo "Pruning runtime files" + + prune-files: + internal: true + cmds: + - for: { var: ITEMS, split: ','} + cmd: cd build/{{.DIR}}/{{.SQLITE_OUT_DIR}}/runtimes && powershell -Command "rm {{.ITEM}} -Recurse -Force" + ignore_error: true clean: ignore_error: true -- cgit