github/libhalo
1
1
Fork 0
mirror of https://github.com/arx-research/libhalo.git synced 2026-01-09 13:18:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

CI: Bump yarn version and remove npm release token, add provenance (#487)

Browse Source
This commit is contained in:
Michał Leszczyński
2025-12-17 01:49:30 +01:00
committed by GitHub
parent 1a06befdc1
commit 76e2392b11
16 changed files with 5641 additions and 6034 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
.github/workflows/check_cli.yml → .github/workflows/check.yml vendored
View File

@@ -1,4 +1,4 @@
name: Check halocli tool name: Check build
on: on:
push: push:
@@ -15,8 +15,8 @@ on:
- master - master
jobs: jobs:
check_cli_tool: check:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- name: Install native dependencies (Linux) - name: Install native dependencies (Linux)
run: | run: |
@@ -27,32 +27,35 @@ jobs:
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: 20 node-version: 20
- name: Install dependencies (root) - name: Enable corepack
run: |
corepack enable
- name: Install dependencies
run: |
yarn workspaces focus --all
yarn install --immutable
- name: Run tsc (core)
run: | run: |
cd core cd core
yarn install --frozen-lockfile --production=false yarn tsc
- name: Run tsc (root) - name: Run webpack (core)
run: | run: |
cd core cd core
./node_modules/.bin/tsc yarn webpack
- name: Run webpack (root) - name: Run tsc (cli)
run: |
cd core
./node_modules/.bin/webpack
- name: Install dependencies (cli)
run: | run: |
cd cli cd cli
yarn install --frozen-lockfile --production=false yarn tsc
- name: Run tsc (root) - name: Run webpack (cli)
run: | run: |
cd cli cd cli
./node_modules/.bin/tsc yarn webpack
- name: Run webpack (root)
run: |
cd cli
./node_modules/.bin/webpack
mv dist_webpack/* . mv dist_webpack/* .
- name: Package HaLo CLI tool (Linux) - name: Package HaLo CLI tool (Linux)
run: | run: |
cd cli cd cli
./node_modules/.bin/pkg --compress GZip -t node20-linux-x64 -c package.json -o dist/halocli entry_cli.bundle.cjs cp package.json orig-package.json
npx json-merger orig-package.json bin-cli.json -p -o package.json
yarn pkg --compress GZip -t node20-linux-x64 -o dist/halocli .
chmod +x ./dist/halocli
./dist/halocli cli_version

39
.github/workflows/check_lib.yml vendored
View File

@@ -1,39 +0,0 @@
name: Check libhalo.js
on:
push:
paths-ignore:
- 'README.md'
- 'cli/README.md'
- 'docs/**'
pull_request:
paths-ignore:
- 'README.md'
- 'cli/README.md'
- 'docs/**'
branches:
- master
jobs:
check_js_lib:
runs-on: ubuntu-22.04
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Install Node.JS
uses: actions/setup-node@v4
with:
node-version: 20
- name: Install dependencies (root)
run: |
cd core
yarn install --frozen-lockfile --production=false
- name: Run tsc (root)
run: |
cd core
./node_modules/.bin/tsc
./node_modules/.bin/tsc -p tsconfig.commonjs.json
- name: Run webpack (root)
run: |
cd core
./node_modules/.bin/webpack

60
.github/workflows/prod_build_cli.yml vendored
View File

@@ -60,43 +60,49 @@ jobs:
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: 20 node-version: 20
cache: 'yarn' - name: Enable corepack
cache-dependency-path: '**/yarn.lock' run: |
- name: Install dependencies (root) corepack enable
- name: Install dependencies
shell: bash shell: bash
run: |
yarn workspaces focus --all
yarn install --immutable
- name: Run tsc (core)
run: | run: |
cd core cd core
yarn install --frozen-lockfile --production=false yarn tsc
./node_modules/.bin/tsc - name: Run webpack (core)
- name: Install dependencies (cli) run: |
shell: bash cd core
yarn webpack
- name: Run tsc (cli)
run: | run: |
cd cli cd cli
yarn install --frozen-lockfile --production=false yarn tsc
- name: Build libhalo with webpack
shell: bash
run: |
cd core
./node_modules/.bin/webpack
- name: Build halo-tools with webpack - name: Build halo-tools with webpack
shell: bash shell: bash
run: | run: |
cd cli cd cli
./node_modules/.bin/webpack yarn webpack
mv dist_webpack/* . mv dist_webpack/* .
mkdir build mkdir build
cp node_modules/@pokusew/pcsclite/build/Release/pcsclite.node build/pcsclite.node cp ../node_modules/@pokusew/pcsclite/build/Release/pcsclite.node build/pcsclite.node
cp package.json orig-package.json
- name: Package HaLo CLI tool (Linux) - name: Package HaLo CLI tool (Linux)
if: matrix.platform == 'ubuntu' if: matrix.platform == 'ubuntu'
shell: bash shell: bash
run: | run: |
cd cli cd cli
node ./build_scripts/ci_scripts.js --platform linux --product cli node ./build_scripts/ci_scripts.js --platform linux --product cli
./node_modules/.bin/pkg --compress GZip -t node20-linux-x64 -c package.json -o dist/halocli entry_cli.bundle.cjs npx json-merger orig-package.json bin-cli.json -p -o package.json
yarn pkg --compress GZip -t node20-linux-x64 -o dist/halocli .
node ./build_scripts/ci_scripts.js --platform linux --product bridge node ./build_scripts/ci_scripts.js --platform linux --product bridge
./node_modules/.bin/pkg --compress GZip -t node20-linux-x64 -c package.json -o dist/halo-bridge entry_bridge.bundle.cjs npx json-merger orig-package.json bin-bridge.json -p -o package.json
yarn pkg --compress GZip -t node20-linux-x64 -o dist/halo-bridge .
node ./build_scripts/ci_scripts.js --platform linux --product gateway node ./build_scripts/ci_scripts.js --platform linux --product gateway
./node_modules/.bin/pkg --compress GZip -t node20-linux-x64 -c package.json -o dist/halo-gateway entry_gateway.bundle.cjs npx json-merger orig-package.json bin-gateway.json -p -o package.json
yarn pkg --compress GZip -t node20-linux-x64 -o dist/halo-gateway .
- name: Package HaLo CLI tool (Windows) - name: Package HaLo CLI tool (Windows)
if: matrix.platform == 'windows' if: matrix.platform == 'windows'
shell: bash shell: bash
@@ -105,7 +111,8 @@ jobs:
node ./build_scripts/ci_scripts.js --platform windows --product cli node ./build_scripts/ci_scripts.js --platform windows --product cli
export PKG_CACHE_PATH='./.pkg-cache/' export PKG_CACHE_PATH='./.pkg-cache/'
export PKG_IGNORE_TAG='1' export PKG_IGNORE_TAG='1'
./node_modules/.bin/pkg --compress GZip -t node20-win-x64 -c package.json -o dist/halocli.exe entry_cli.bundle.cjs npx json-merger orig-package.json bin-cli.json -p -o package.json
yarn pkg --compress GZip -t node20-win-x64 -o dist/halocli.exe .
- name: Package HaLo Bridge tool (Windows) - name: Package HaLo Bridge tool (Windows)
if: matrix.platform == 'windows' if: matrix.platform == 'windows'
shell: bash shell: bash
@@ -114,7 +121,8 @@ jobs:
node ./build_scripts/ci_scripts.js --platform windows --product bridge node ./build_scripts/ci_scripts.js --platform windows --product bridge
export PKG_CACHE_PATH='./.pkg-cache/' export PKG_CACHE_PATH='./.pkg-cache/'
export PKG_IGNORE_TAG='1' export PKG_IGNORE_TAG='1'
./node_modules/.bin/pkg --compress GZip -t node20-win-x64 -c package.json -o dist/halo-bridge.exe entry_bridge.bundle.cjs npx json-merger orig-package.json bin-bridge.json -p -o package.json
yarn pkg --compress GZip -t node20-win-x64 -o dist/halo-bridge.exe .
- name: Package HaLo Gateway tool (Windows) - name: Package HaLo Gateway tool (Windows)
if: matrix.platform == 'windows' if: matrix.platform == 'windows'
shell: bash shell: bash
@@ -123,18 +131,22 @@ jobs:
node ./build_scripts/ci_scripts.js --platform windows --product gateway node ./build_scripts/ci_scripts.js --platform windows --product gateway
export PKG_CACHE_PATH='./.pkg-cache/' export PKG_CACHE_PATH='./.pkg-cache/'
export PKG_IGNORE_TAG='1' export PKG_IGNORE_TAG='1'
./node_modules/.bin/pkg --compress GZip -t node20-win-x64 -c package.json -o dist/halo-gateway.exe entry_gateway.bundle.cjs npx json-merger orig-package.json bin-gateway.json -p -o package.json
yarn pkg --compress GZip -t node20-win-x64 -o dist/halo-gateway.exe .
- name: Package HaLo CLI tool (MacOS) - name: Package HaLo CLI tool (MacOS)
if: matrix.platform == 'macos' if: matrix.platform == 'macos'
shell: bash shell: bash
run: | run: |
cd cli cd cli
node ./build_scripts/ci_scripts.js --platform macos --product cli node ./build_scripts/ci_scripts.js --platform macos --product cli
./node_modules/.bin/pkg --compress GZip -t node20-macos-x64 -c package.json -o dist/halocli entry_cli.bundle.cjs npx json-merger orig-package.json bin-cli.json -p -o package.json
yarn pkg --compress GZip -t node20-macos-x64 -o dist/halocli .
node ./build_scripts/ci_scripts.js --platform macos --product bridge node ./build_scripts/ci_scripts.js --platform macos --product bridge
./node_modules/.bin/pkg --compress GZip -t node20-macos-x64 -c package.json -o dist/halo-bridge entry_bridge.bundle.cjs npx json-merger orig-package.json bin-bridge.json -p -o package.json
yarn pkg --compress GZip -t node20-macos-x64 -o dist/halo-bridge .
node ./build_scripts/ci_scripts.js --platform macos --product gateway node ./build_scripts/ci_scripts.js --platform macos --product gateway
./node_modules/.bin/pkg --compress GZip -t node20-macos-x64 -c package.json -o dist/halo-gateway entry_gateway.bundle.cjs npx json-merger orig-package.json bin-gateway.json -p -o package.json
yarn pkg --compress GZip -t node20-macos-x64 -o dist/halo-gateway .
mv "macos_bridge_app" "dist/HaLo CLI Bridge Server.app" mv "macos_bridge_app" "dist/HaLo CLI Bridge Server.app"
mv "macos_pkgbuild_scripts" "dist/macos_pkgbuild_scripts" mv "macos_pkgbuild_scripts" "dist/macos_pkgbuild_scripts"
mv "Entitlements.plist" "dist/Entitlements.plist" mv "Entitlements.plist" "dist/Entitlements.plist"

36
.github/workflows/prod_build_lib.yml vendored
View File

@@ -8,7 +8,7 @@ on:
jobs: jobs:
create_release: create_release:
name: Create libhalo release name: Create libhalo release
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- name: Prepare version number - name: Prepare version number
id: parse_version id: parse_version
@@ -42,26 +42,33 @@ jobs:
build_js_lib: build_js_lib:
name: Build libhalo and release name: Build libhalo and release
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
permissions: permissions:
contents: write contents: write
id-token: write id-token: write
needs: create_release needs: create_release
steps: steps:
- name: Install native dependencies (Linux)
run: |
sudo apt-get update && sudo apt-get install -y libpcsclite-dev
- name: Checkout the repository - name: Checkout the repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install Node.JS - name: Install Node.JS
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: 20 node-version: 20
- name: Enable corepack
run: |
corepack enable
- name: Install dependencies (root) - name: Install dependencies (root)
run: | run: |
cd core cd core
yarn install --frozen-lockfile --production=false yarn workspaces focus --all
yarn install --immutable
- name: Run webpack - name: Run webpack
run: | run: |
cd core cd core
webpack yarn webpack
- name: Download release upload URL - name: Download release upload URL
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@@ -121,13 +128,16 @@ jobs:
publish_npm: publish_npm:
name: Publish libhalo package name: Publish libhalo package
environment: prod-npm environment: prod-npm
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
permissions: permissions:
contents: write contents: write
packages: write packages: write
id-token: write id-token: write
needs: create_release needs: create_release
steps: steps:
- name: Install native dependencies (Linux)
run: |
sudo apt-get update && sudo apt-get install -y libpcsclite-dev
- name: Download release upload URL - name: Download release upload URL
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@@ -143,22 +153,24 @@ jobs:
with: with:
node-version: 20 node-version: 20
registry-url: 'https://registry.npmjs.org' registry-url: 'https://registry.npmjs.org'
- name: Enable corepack
run: |
corepack enable
- name: Run yarn install - name: Run yarn install
run: | run: |
yarn workspaces focus --all
yarn install --immutable
cd core cd core
yarn install --frozen-lockfile --production=false yarn tsc
./node_modules/.bin/tsc yarn tsc -p tsconfig.commonjs.json
./node_modules/.bin/tsc -p tsconfig.commonjs.json
- name: Publish package to npmjs - name: Publish package to npmjs
run: cd core && yarn publish run: cd core && yarn publish --provenance
env:
NODE_AUTH_TOKEN: ${{ secrets.RELEASE_NPM_TOKEN }}
- name: Re-setup Node.JS with GitHub pkg - name: Re-setup Node.JS with GitHub pkg
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: 20 node-version: 20
registry-url: https://npm.pkg.github.com/ registry-url: https://npm.pkg.github.com/
- name: Publish package to GitHub - name: Publish package to GitHub
run: cd core && yarn publish run: cd core && yarn publish --provenance
env: env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

1
.yarnrc.yml Normal file
View File

@@ -0,0 +1 @@
nodeLinker: node-modules

3
cli/bin-bridge.json Normal file
View File

@@ -0,0 +1,3 @@
{
"bin": "entry_bridge.bundle.cjs"
}

3
cli/bin-cli.json Normal file
View File

@@ -0,0 +1,3 @@
{
"bin": "entry_cli.bundle.cjs"
}

3
cli/bin-gateway.json Normal file
View File

@@ -0,0 +1,3 @@
{
"bin": "entry_gateway.bundle.cjs"
}

10
cli/package.json
View File

@@ -39,11 +39,10 @@
}, },
"type": "module", "type": "module",
"scripts": { "scripts": {
"test": "echo \"Error: no test specified\" && exit 1", "test": "echo \"Error: no test specified\" && exit 1"
"reload-libhalo": "cd ../core && yarn && yarn tsc && yarn webpack && cd ../cli && yarn add ../core"
}, },
"dependencies": { "dependencies": {
"@arx-research/libhalo": "../core", "@arx-research/libhalo": "workspace:*",
"argparse": "^2.0.1", "argparse": "^2.0.1",
"bufferutil": "^4.0.9", "bufferutil": "^4.0.9",
"express": "^5.1.0", "express": "^5.1.0",
@@ -62,7 +61,7 @@
"@types/jsonwebtoken": "^9.0.9", "@types/jsonwebtoken": "^9.0.9",
"@types/nunjucks": "^3.2.6", "@types/nunjucks": "^3.2.6",
"@types/ws": "^8.18.1", "@types/ws": "^8.18.1",
"@yao-pkg/pkg": "^6.4.0", "@yao-pkg/pkg": "6.4.0",
"eslint": "^9.25.0", "eslint": "^9.25.0",
"resedit": "^2.0.3", "resedit": "^2.0.3",
"ts-loader": "^9.5.2", "ts-loader": "^9.5.2",
@@ -70,6 +69,5 @@
"typescript-eslint": "^8.30.1", "typescript-eslint": "^8.30.1",
"webpack": "^5.99.6", "webpack": "^5.99.6",
"webpack-cli": "^6.0.1" "webpack-cli": "^6.0.1"
}, }
"packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
} }

3591
cli/yarn.lock
View File

File diff suppressed because it is too large Load Diff

5
core/package.json
View File

@@ -72,7 +72,7 @@
"ethers": "^6.13.5", "ethers": "^6.13.5",
"jose": "^6.0.13", "jose": "^6.0.13",
"js-sha256": "^0.11.0", "js-sha256": "^0.11.0",
"pbkdf2": "^3.1.2", "pbkdf2": "^3.1.3",
"qrcode": "^1.5.4", "qrcode": "^1.5.4",
"query-string": "^9.1.1", "query-string": "^9.1.1",
"strongly-typed-events": "^3.0.11", "strongly-typed-events": "^3.0.11",
@@ -93,6 +93,5 @@
"typescript-eslint": "^8.30.1", "typescript-eslint": "^8.30.1",
"webpack": "^5.99.6", "webpack": "^5.99.6",
"webpack-cli": "^6.0.1" "webpack-cli": "^6.0.1"
}, }
"packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
} }

4
core/src.ts/halo/jwe_util.ts
View File

@@ -18,6 +18,8 @@ class JWEUtil {
.replaceAll('/', '_') .replaceAll('/', '_')
.replaceAll('==', ''); .replaceAll('==', '');
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-expect-error
this.sharedKeyObj = await subtle.importKey("raw", sharedKey, "AES-GCM", true, [ this.sharedKeyObj = await subtle.importKey("raw", sharedKey, "AES-GCM", true, [
"encrypt", "encrypt",
"decrypt", "decrypt",
@@ -38,6 +40,8 @@ class JWEUtil {
.replaceAll('-', '+') .replaceAll('-', '+')
.replaceAll('_', '/'); .replaceAll('_', '/');
const sharedKeyBuf = Buffer.from(fixedKeyStr, 'base64'); const sharedKeyBuf = Buffer.from(fixedKeyStr, 'base64');
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-expect-error
this.sharedKeyObj = await subtle.importKey("raw", sharedKeyBuf, "AES-GCM", true, [ this.sharedKeyObj = await subtle.importKey("raw", sharedKeyBuf, "AES-GCM", true, [
"encrypt", "encrypt",
"decrypt", "decrypt",

6
core/webpack.config.js
View File

@@ -34,9 +34,9 @@ export default {
}, },
fallback: { fallback: {
vm: false, vm: false,
buffer: resolve(__dirname, './node_modules/buffer/index.js'), buffer: resolve(__dirname, '../node_modules/buffer/index.js'),
crypto: resolve(__dirname, './node_modules/crypto-browserify'), crypto: resolve(__dirname, '../node_modules/crypto-browserify'),
stream: resolve(__dirname, './node_modules/stream-browserify') stream: resolve(__dirname, '../node_modules/stream-browserify')
}, },
}, },
plugins: [ plugins: [

2336
core/yarn.lock
View File

File diff suppressed because it is too large Load Diff

7
package.json Normal file
View File

@@ -0,0 +1,7 @@
{
"workspaces": [
"core",
"cli"
],
"packageManager": "yarn@4.12.0"
}

5528
yarn.lock Normal file
View File

File diff suppressed because it is too large Load Diff