Skip to content

Why???

Jump to bottom
Eugene Lazutkin edited this page Jul 15, 2020 · 11 revisions

There are bazillions helpers, which help to precompile artifacts and use them later on the user's computer. Unfortunately, they didn't fit my needs:

  • Frequently they are huge projects with a lot of dependencies that take care of many things automatically.
  • I want to avoid the dependency hell.
  • Usually, they require to set up some file hosting with secure uploads and downloads.
    • This is an extra dependency, which I should maintain and pay for.
  • I want to be sure that my users are secure.
    • I cannot review mounds of code on every release.
  • The inherent complexity (dependencies, a file service) makes the whole system too fragile, and prone to security glitches.

That's why I arrogantly decided that I can do better.

  • Both projects are essentially one-file utilities.
    • install-from-cache is less than 200 lines.
    • save-to-github is less than 100 lines.
    • Both files can be easily inspected to make sure there is no funny business or bugs.
  • Both projects have a minimal number of dependencies.
    • install-from-cache has no dependencies.
      • You can literally copy it to your project.
    • save-to-github has 1 (one) dependency.
      • It depends on @actions/github to save an artifact in the proper place.
      • It goes to your developer dependencies and doesn't need to be shipped or installed to end-users.
  • It uses GitHub releases to save and serve files.
    • It is free (at least now).
    • It uses a geographically distributed CDN.
    • It is easy to mirror a release (it is just files!) and mirror it locally.
  • Unobtrusive security is implemented by GitHub Actions.
    • save-to-github is automatically supplied with a secure token, so no need to mess with any settings. It just works.
    • For public repositories, actions are free (as of now). For private ones, the free tier includes 2,000 free minutes per month, which is enough for many projects.
  • Nowadays, when brotli compression is wildly supported and comes included with Node (since version 10) we can use it to reduce sizes of stored artifacts.
    • It irks me that almost nobody does it!
    • Smaller size ⇒ faster downloads! It is especially important for popular packages.
    • save-to-github uploads two versions of an artifact: br and gz. Both using the best compression parameters.
    • If an underlying Node does not support brotli, it is skipped.
      • install-from-cache skips its download.
      • save-to-github does not produce nor upload it.
    • install-from-cache checks a gz version if a br version was not available.

🔍 Search the wiki

install-artifact-from-github

Reference

Guides

Project

Used by node-re2

Clone this wiki locally