Merge remote-tracking branch 'origin/main' into nektro-patch-44307

2026-02-09 18:38:55 +00:00 · 2025-08-25 11:24:49 -07:00
parent 3ff6af3236 7c45ed97de
commit 5c8cfa44f3
424 changed files with 43409 additions and 7115 deletions
--- a/scripts/build.mjs
+++ b/scripts/build.mjs
@@ -5,7 +5,9 @@ import { chmodSync, cpSync, existsSync, mkdirSync, readFileSync } from "node:fs"
 import { basename, join, relative, resolve } from "node:path";
 import {
  formatAnnotationToHtml,
+  getSecret,
  isCI,
+  isWindows,
  parseAnnotations,
  printEnvironment,
  reportAnnotationToBuildKite,
@@ -214,14 +216,47 @@ function parseOptions(args, flags = []) {
 async function spawn(command, args, options, label) {
  const effectiveArgs = args.filter(Boolean);
  const description = [command, ...effectiveArgs].map(arg => (arg.includes(" ") ? JSON.stringify(arg) : arg)).join(" ");
+  let env = options?.env;
+
  console.log("$", description);

  label ??= basename(command);

  const pipe = process.env.CI === "true";
+
+  if (isBuildkite()) {
+    if (process.env.BUN_LINK_ONLY && isWindows) {
+      env ||= options?.env || { ...process.env };
+
+      // Pass signing secrets directly to the build process
+      // The PowerShell signing script will handle certificate decoding
+      env.SM_CLIENT_CERT_PASSWORD = getSecret("SM_CLIENT_CERT_PASSWORD", {
+        redact: true,
+        required: true,
+      });
+      env.SM_CLIENT_CERT_FILE = getSecret("SM_CLIENT_CERT_FILE", {
+        redact: true,
+        required: true,
+      });
+      env.SM_API_KEY = getSecret("SM_API_KEY", {
+        redact: true,
+        required: true,
+      });
+      env.SM_KEYPAIR_ALIAS = getSecret("SM_KEYPAIR_ALIAS", {
+        redact: true,
+        required: true,
+      });
+      env.SM_HOST = getSecret("SM_HOST", {
+        redact: true,
+        required: true,
+      });
+    }
+  }
+
  const subprocess = nodeSpawn(command, effectiveArgs, {
    stdio: pipe ? "pipe" : "inherit",
    ...options,
+    env,
  });

  let killedManually = false;
--- a/scripts/runner.node.mjs
+++ b/scripts/runner.node.mjs
@@ -188,9 +188,10 @@ let prFileCount = 0;
 if (isBuildkite) {
  try {
    console.log("on buildkite: collecting new files from PR");
+    const per_page = 50;
    for (let i = 1; i <= 5; i++) {
      const res = await fetch(
-        `https://api.github.com/repos/oven-sh/bun/pulls/${process.env.BUILDKITE_PULL_REQUEST}/files?per_page=50&page=${i}`,
+        `https://api.github.com/repos/oven-sh/bun/pulls/${process.env.BUILDKITE_PULL_REQUEST}/files?per_page=${per_page}&page=${i}`,
        {
          headers: {
            Authorization: `Bearer ${getSecret("GITHUB_TOKEN")}`,
@@ -200,6 +201,7 @@ if (isBuildkite) {
      const doc = await res.json();
      console.log(`-> page ${i}, found ${doc.length} items`);
      if (doc.length === 0) break;
+      if (doc.length < per_page) break;
      for (const { filename, status } of doc) {
        prFileCount += 1;
        if (status !== "added") continue;
@@ -564,6 +566,7 @@ async function runTests() {
            };
            if ((basename(execPath).includes("asan") || !isCI) && shouldValidateExceptions(testPath)) {
              env.BUN_JSC_validateExceptionChecks = "1";
+              env.BUN_JSC_dumpSimulatedThrows = "1";
            }
            return runTest(title, async () => {
              const { ok, error, stdout, crashes } = await spawnBun(execPath, {
@@ -1287,6 +1290,7 @@ async function spawnBunTest(execPath, testPath, options = { cwd }) {
  };
  if ((basename(execPath).includes("asan") || !isCI) && shouldValidateExceptions(relative(cwd, absPath))) {
    env.BUN_JSC_validateExceptionChecks = "1";
+    env.BUN_JSC_dumpSimulatedThrows = "1";
  }

  const { ok, error, stdout, crashes } = await spawnBun(execPath, {
@@ -2224,6 +2228,7 @@ function isAlwaysFailure(error) {
    error.includes("illegal instruction") ||
    error.includes("sigtrap") ||
    error.includes("error: addresssanitizer") ||
+    error.includes("internal assertion failure") ||
    error.includes("core dumped") ||
    error.includes("crash reported")
  );
--- a/scripts/vs-shell.ps1
+++ b/scripts/vs-shell.ps1
@@ -40,7 +40,25 @@ if ($args.Count -gt 0) {
    $commandArgs = @($args[1..($args.Count - 1)] | % {$_})
  }

-  Write-Host "$ $command $commandArgs"
+  # Don't print the full command as it may contain sensitive information like certificates
+  # Just show the command name and basic info
+  $displayArgs = @()
+  foreach ($arg in $commandArgs) {
+    if ($arg -match "^-") {
+      # Include flags
+      $displayArgs += $arg
+    } elseif ($arg -match "\.(mjs|js|ts|cmake|zig|cpp|c|h|exe)$") {
+      # Include file names
+      $displayArgs += $arg
+    } elseif ($arg.Length -gt 100) {
+      # Truncate long arguments (likely certificates or encoded data)
+      $displayArgs += "[REDACTED]"
+    } else {
+      $displayArgs += $arg
+    }
+  }
+  
+  Write-Host "$ $command $displayArgs"
  & $command $commandArgs
  exit $LASTEXITCODE
 }