Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
ci-task-runner
Advanced tools
支持增量与多进程的构建任务调度器,大幅度提升 CI 服务器构建速度。
npm install ci-task-runner -g
1. 切换到项目目录,运行:
ci-task-runner --init
程序会在当前目录生成配置文件:.ci-task-runner.json。
2. 运行 ci-task-runner
ci-task-runner
在服务器上可以使用 CI 工具启动 ci-task-runner,参考: 持续集成。
.ci-task-runner.json 文件范例:
{
"modules": ["mod1", "mod2", "mod3"],
"cache": "dist/.ci-task-runner-cache.json",
"repository": "git",
"program": "cd ${modulePath} && webpack --color"
}
上述例子中:mod1、mod2、mod3 有变更会执行目录中的 webpack.config.js。
modules
模块列表。模块可以是目录名或文件名。
简写形式:{string[]}
{
"modules": ["mod1", "mod2", "mod3"]
}
对象形式:{Object[]}
{
"modules": [
"mod1",
"mod2",
{
"name": "mod3",
"dependencies": ["common/v1"],
"program": "cd ${modulePath} && gulp"
},
["mod4", "mod5"]
]
}
dependencies
与 program
会继承顶层的配置modules
支持配置并行任务,参考 多进程并行构建cache
ci-task-runner 缓存文件保存路径。
请在版本库中忽略
cache
的文件路径。
dependencies
模块外部依赖列表。如果模块目录依赖了目录外的库,可以在此手动指定依赖,这样外部库的更新也可以触发模块构建。
module-watch 使用 Git 或 Svn 来实现变更检测,所以其路径必须已经受版本管理。如果想监控 node_modules 的变更,可以指定:
"dependencies": ["package.json"]
。
repository
设置仓库的类型。支持 git 与 svn。
parallel
设置最大并行进程数。默认值为 require('os').cpus().length
。
program
构建器配置。
简写形式:{string}
{
"program": "cd ${modulePath} && node build.js"
}
对象形式:{Object}
{
"program": {
"command": "node build.js",
"options": {
"timeout": 360000
}
}
}
program.command
设置执行的构建命令。
程序会将
${moduleName}/node_modules/.bin
与node_modules/.bin
加入到环境变量PATH
中。
program.options
构建器进程配置。构建器会在子进程中运行,在这里设置进程的选项。参考:child_process.exec。
program.options
中的timeout
字段生效后会终止进程,并且抛出错误。这点和child_process.exec
不一样,它只抛出错误。
program
支持的字符串变量:
${moduleName}
模块名${modulePath}
模块绝对路径${moduleDirname}
等同于 path.diranme(modulePath)
,详情如果模块之间没有依赖,可以开启多进程构建,这样能够充分利用多核 CPU 加速构建。
modules 最外层的模块名是串行运行,如果遇到数组则会并行运行:
{
"modules": ["dll", ["mod1", "mod2", "mod3"]],
"cache": "dist/.ci-task-runner-cache.json",
"repository": "git",
"program": "cd ${modulePath} && webpack --color"
}
上述例子中:当 dll 构建完成后,mod1、mod2、mod3 会以多线程的方式并行构建。
{
"modules": ["dll", ["mod1", "mod2", "mod3"]],
"dependencies": ["dll", "package.json"],
"cache": "dist/.ci-task-runner-cache.json",
"repository": "git",
"program": "cd ${modulePath} && webpack --color"
}
上述例子中:当 dll 和 package.json 变更后,无论其他模块是否有修改都会被强制构建。
{
"modules": [
{
"name": "package.json",
"program": "npm install"
},
"dll",
["mod1", "mod2", "mod3"]
],
"dependencies": ["package.json", "dll"],
"cache": "dist/.ci-task-runner-cache.json",
"repository": "git",
"program": "cd ${modulePath} && webpack --color"
}
上述例子中:当 package.json 变更后,则会执行 npm install
安装项目依赖,让项目保持最新。
使用 CI 工具来在服务器上运行 ci-task-runner。
Webpack 遇到编译错误没有退出的问题参考:Webpack configuration.bail
相关工具:
CI 工具配置请参考相应的文档。
FAQs
this is a multiprocess building tasks scheduler
The npm package ci-task-runner receives a total of 4 weekly downloads. As such, ci-task-runner popularity was classified as not popular.
We found that ci-task-runner demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.