chore: migrate npm package from @dfinity/vetkeys to @icp-sdk/vetkeys#384
Open
chore: migrate npm package from @dfinity/vetkeys to @icp-sdk/vetkeys#384
Conversation
9 tasks
marc0olo
force-pushed
the
chore/migrate-vetkeys-to-icp-sdk
branch
from
fac0edb to
7b04d22
Compare
- Rename package to @icp-sdk/vetkeys and switch from npm to pnpm - Add pnpm-workspace.yaml and pnpm-lock.yaml, remove package-lock.json - Add .cz.toml for Commitizen with npm/ tag prefix (scopes JS/TS releases in multi-lib repo) - Add create-npm-release-pr.yml and release-npm.yml workflows (triggered by npm/* tags) - Remove publish-frontend.yml (superseded by release-npm.yml) - Update frontend.yml and publish-frontend-docs.yml to use pnpm - Fix TypeScript 5.9 compatibility: tighten Uint8Array<ArrayBuffer> generics in utils.ts and encrypted_maps/index.ts - Drop isomorphic-fetch and happy-dom devDependencies (Node.js 22 provides native Web Crypto and fetch) - Change vitest default environment from happy-dom to node - Update @module JSDoc tags and example imports to @icp-sdk/vetkeys - Bump typescript-eslint to ^8.59.0 for TypeScript 5.9 peer dep support - Update CHANGELOG.md with migration note and TypeScript 5.9 fix entry Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Drop .cz.toml and the create-npm-release-pr workflow — version bumps and changelog entries are now done manually. Strip the Python/Commitizen setup steps from release-npm.yml and replace the generate-release-notes action with an inline awk step that extracts the latest section from CHANGELOG.md. Update README with step-by-step release instructions covering regular and beta releases, the npm/ tag convention, and the npm deprecation note. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Release process is internal; it should not appear on the npm package page. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… to release-npm.yml Rename for consistency: both JS/TS and Rust release workflows now follow the release-<lang>.yml pattern. Add workflow_dispatch trigger to release-npm.yml with dry-run input (default true) so the build and pack steps can be validated without publishing. Publish to npm and GitHub release creation are gated on dry-run != true. Also consolidate three separate version-extraction steps into one and replace the dfinity/ci-tools is-beta-tag action with inline shell logic. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…lows Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add full version output to fix artifact glob for beta releases: pnpm pack produces icp-sdk-vetkeys-0.5.0-beta.1.tgz but the pattern was using major_minor_patch (0.5.0), so the artifact would not be found - RELEASING.md: clarify step 3 — update date from "Unreleased" rather than adding a new section; the awk extracts this verbatim into release notes - RELEASING.md: add dry-run step before tagging Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous SHA (a7487ba4) was invalid; correct commit SHA is a7487c7e. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
pnpm does not hoist transitive dependencies into the root node_modules, so @noble/curves and @noble/hashes (used directly in utils.ts but only transitively available via @icp-sdk/core) were unresolvable by TypeScript in CI. Declaring them explicitly fixes the build. The two unused @ts-expect-error warnings were a consequence: when the modules were unresolvable bls12_381 became any, so the htfDefaults property-access error those directives suppress never fired.
Restores the security audit that existed in the original publish-frontend.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix pnpm/action-setup SHA in publish-frontend-docs.yml to match the correct v4.1.0 commit (a7487c7e, same as frontend.yml) - Use github.sha instead of hardcoded 'main' for the GitHub release target commit — ensures the release points at the tagged commit, not the current HEAD of main Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
marc0olo
force-pushed
the
chore/migrate-vetkeys-to-icp-sdk
branch
from
7b04d22 to
c22f444
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@dfinity/vetkeysto@icp-sdk/vetkeysand switches from npm to pnpmrelease-npm.yml(tag-triggered, replacespublish-frontend.yml) andrelease-rust.yml(renamed frompublish-ic-vetkeys.yml) — both pinned to commit SHAsRELEASING.mdwith documented release process for all three libraries (npm fully documented; Rust and Motoko marked TODO)@noble/curvesand@noble/hashesas explicitdevDependencies— pnpm does not hoist transitive deps, so they must be declared directlyisomorphic-fetchandhappy-dom(Node.js 22 provides native Web Crypto andfetch); changes vitest default environment fromhappy-domtonodetypescript-eslintto^8.59.0for TypeScript 5.9 peer-dep supportCHANGELOG.mdwith migration note and TypeScript 5.9 fix entryRelease flow (once merged into main)
Follow the steps in
RELEASING.mdto cut the 0.5.0 release.Notes
@dfinity/vetkeyson npm (requires@dfinityorg access) is a separate post-release stepFollow-up suggestions
The
release-npm.ymlworkflow introduced here creates a GitHub Release with CHANGELOG notes, a.tgzartifact, provenance attestation (NPM_CONFIG_PROVENANCE=true), a dependency audit, and aworkflow_dispatchdry-run mode. The Rust and Motoko release workflows could be aligned with the same approach — adding GitHub Releases with CHANGELOG notes, dry-run support viaworkflow_dispatch, and an audit/test step gated before publish.Closes #382