@parity/product-deploy 0.7.28-rc.0

package/dist/chunk-5VZQ2KSU.js

@@ -0,0 +1,231 @@
+import {
+  PAID_PROOF_TAG,
+  PEOPLE_MEMBER_IDENTIFIER_HEX,
+  PGAS_ASSET_ID,
+  PGAS_ASSET_LOCATION,
+  PROOF_BYTES
+} from "./chunk-T7EEVWNU.js";
+import {
+  blake2_256,
+  bytesToHex,
+  concatBytes,
+  encodeMembers,
+  hexToBytes
+} from "./chunk-ZYVGHDMU.js";
+
+// src/personhood/bind-paid-alias.ts
+import { getSs58AddressInfo } from "polkadot-api";
+var PaidAliasBindingError = class extends Error {
+  kind;
+  dispatchError;
+  constructor(message, options = {}) {
+    super(message, options);
+    this.name = "PaidAliasBindingError";
+    this.kind = options.kind ?? "Unknown";
+    this.dispatchError = options.dispatchError;
+  }
+};
+var bindPaidAliasToAccount = async ({
+  peopleUnsafeApi,
+  ahUnsafeApi,
+  account,
+  memberKey,
+  contextBytes,
+  signCall,
+  buildRingProof,
+  progress
+}) => {
+  const people = peopleUnsafeApi;
+  const ah = ahUnsafeApi;
+  if (memberKey.length !== 32) {
+    throw new PaidAliasBindingError("memberKey must be 32 bytes", {
+      kind: "ClientError"
+    });
+  }
+  if (contextBytes.length !== 32) {
+    throw new PaidAliasBindingError("contextBytes must be 32 bytes", {
+      kind: "ClientError"
+    });
+  }
+  const fee = await ah.query.AliasAccounts.PaidAliasFee.getValue({ at: "best" });
+  if (fee === void 0) {
+    throw new PaidAliasBindingError(
+      "AliasAccounts.PaidAliasFee is unset \u2014 needs sudo `set_paid_alias_fee`",
+      { kind: "PaidAliasFeeUnset" }
+    );
+  }
+  const pgas = await ah.query.Assets.Account.getValue(
+    PGAS_ASSET_ID,
+    account,
+    { at: "best" }
+  );
+  const pgasBalance = pgas?.balance ?? 0n;
+  if (pgasBalance < fee) {
+    throw new PaidAliasBindingError(
+      `signer has ${pgasBalance.toString()} PGAS but PaidAliasFee is ${fee.toString()} \u2014 claim PGAS first`,
+      { kind: "InsufficientPgas" }
+    );
+  }
+  const position = await people.query.Members.Members.getValue(
+    PEOPLE_MEMBER_IDENTIFIER_HEX,
+    bytesToHex(memberKey),
+    { at: "best" }
+  );
+  if (!position || position.type !== "Included") {
+    throw new PaidAliasBindingError(
+      `member position is '${position?.type ?? "absent"}', expected 'Included'`,
+      { kind: "NotARecognizedPerson" }
+    );
+  }
+  const ringIndex = position.value.ring_index;
+  const allEntries = await people.query.Members.RingKeys.getEntries({
+    at: "best"
+  });
+  const pages = [];
+  const identHex = PEOPLE_MEMBER_IDENTIFIER_HEX.toLowerCase();
+  for (const entry of allEntries) {
+    if (entry.keyArgs[0].toLowerCase() !== identHex) continue;
+    if (Number(entry.keyArgs[1]) !== ringIndex) continue;
+    pages.push([Number(entry.keyArgs[2]), [...entry.value]]);
+  }
+  pages.sort((a, b) => a[0] - b[0]);
+  const ringKeys = pages.flatMap(([, ks]) => ks);
+  if (ringKeys.length === 0) {
+    throw new PaidAliasBindingError("ring has no members on People", {
+      kind: "ClientError"
+    });
+  }
+  const membersBytes = encodeMembers(ringKeys.map((k) => hexToBytes(k)));
+  const collectionId = await ah.constants.AliasAccounts.PeopleCollectionIdentifier();
+  const ringExp = await ah.constants.AliasAccounts.PeopleRingExponent();
+  const ringExponent = ringExp.type === "R2e9" ? 9 : ringExp.type === "R2e10" ? 10 : 14;
+  const ringRoots = await ah.query.MembersSubscriber.RingRoots.getValue(
+    collectionId,
+    ringIndex,
+    { at: "best" }
+  );
+  if (!ringRoots || ringRoots.length === 0) {
+    throw new PaidAliasBindingError(
+      "AH has no RingRoots for this (collection, ring_index)",
+      { kind: "RingRootNotFound" }
+    );
+  }
+  const latest = ringRoots[ringRoots.length - 1];
+  const revision = latest.revision;
+  const ss58Info = getSs58AddressInfo(account);
+  if (!ss58Info.isValid) {
+    throw new PaidAliasBindingError(`invalid SS58: ${account}`, {
+      kind: "ClientError"
+    });
+  }
+  const paidMsg = blake2_256(concatBytes(PAID_PROOF_TAG, ss58Info.publicKey));
+  const { proof, alias } = await buildRingProof({
+    ringExponent,
+    members: membersBytes,
+    context: contextBytes,
+    msg: paidMsg
+  });
+  if (proof.length !== PROOF_BYTES) {
+    throw new PaidAliasBindingError(
+      `ring proof must be ${PROOF_BYTES} bytes, got ${proof.length}`,
+      { kind: "ClientError" }
+    );
+  }
+  const tx = ah.tx.AliasAccounts.set_paid_alias_account({
+    proof: bytesToHex(proof),
+    collection: collectionId,
+    ring_index: ringIndex,
+    ring_revision: revision,
+    context: bytesToHex(contextBytes)
+  });
+  const submitOptions = {
+    customSignedExtensions: {
+      ChargeAssetTxPayment: {
+        value: { tip: 0n, asset_id: PGAS_ASSET_LOCATION }
+      }
+    }
+  };
+  const blockHash = await new Promise((resolve, reject) => {
+    let settled = false;
+    const fail = (err) => {
+      if (settled) return;
+      settled = true;
+      reject(err);
+    };
+    const succeed = (h) => {
+      if (settled) return;
+      settled = true;
+      resolve(h);
+    };
+    tx.signSubmitAndWatch(signCall, submitOptions).subscribe({
+      next: (event) => {
+        if (settled) return;
+        const ev = event;
+        if (ev.type === "broadcasted") {
+          progress?.onBroadcasted?.();
+          return;
+        }
+        if (ev.type === "txBestBlocksState" && ev.found) {
+          if (ev.ok === false) {
+            fail(
+              new PaidAliasBindingError(
+                "set_paid_alias_account dispatched but failed in-block",
+                {
+                  kind: narrowDispatchError(ev.dispatchError),
+                  dispatchError: ev.dispatchError
+                }
+              )
+            );
+            return;
+          }
+          if (ev.block) progress?.onBestBlock?.(ev.block.hash);
+          return;
+        }
+        if (ev.type === "finalized") {
+          if (ev.ok === false) {
+            fail(
+              new PaidAliasBindingError(
+                "set_paid_alias_account failed at finalization",
+                {
+                  kind: narrowDispatchError(ev.dispatchError),
+                  dispatchError: ev.dispatchError
+                }
+              )
+            );
+            return;
+          }
+          if (ev.block) succeed(ev.block.hash);
+        }
+      },
+      error: (err) => {
+        fail(
+          err instanceof PaidAliasBindingError ? err : new PaidAliasBindingError(
+            err instanceof Error ? `RPC rejected extrinsic: ${err.message}` : "RPC error during submitAndWatch",
+            { cause: err, kind: "RpcError" }
+          )
+        );
+      }
+    });
+  });
+  return { blockHash, alias };
+};
+var narrowDispatchError = (dispatchError) => {
+  if (typeof dispatchError === "object" && dispatchError !== null && "type" in dispatchError) {
+    const d = dispatchError;
+    if (d.type === "Module" && typeof d.value === "object" && d.value !== null) {
+      const v = d.value;
+      if (v.type === "AliasAccounts" && v.value?.type === "BadProof") {
+        return "BadProof";
+      }
+      if (v.type === "AliasAccounts" && v.value?.type === "PaidAliasFeeUnset") {
+        return "PaidAliasFeeUnset";
+      }
+    }
+  }
+  return "DispatchError";
+};
+
+export {
+  PaidAliasBindingError,
+  bindPaidAliasToAccount
+};

package/dist/chunk-ADNBLFDP.js

@@ -0,0 +1,225 @@
+import {
+  classifyErrorArea,
+  isInteractive,
+  promptYesNo
+} from "./chunk-43HLT335.js";
+import {
+  VERSION,
+  getCurrentSentryTraceId
+} from "./chunk-MFTODIIT.js";
+
+// src/bug-report.ts
+import { execSync, execFileSync } from "child_process";
+import * as os from "os";
+var _deployContext = {};
+function setDeployContext(ctx) {
+  _deployContext = { ..._deployContext, ...ctx };
+}
+function hasGhCli() {
+  try {
+    execSync("gh --version", { stdio: "pipe" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+var LOG_TAIL_BYTES = 32 * 1024;
+var _logBuffer = "";
+var _logCaptureInstalled = false;
+function installLogCapture() {
+  if (_logCaptureInstalled) return;
+  _logCaptureInstalled = true;
+  const append = (args) => {
+    const line = args.map((a) => typeof a === "string" ? a : safeStringify(a)).join(" ") + "\n";
+    _logBuffer += line;
+    if (_logBuffer.length > LOG_TAIL_BYTES * 2) {
+      _logBuffer = _logBuffer.slice(_logBuffer.length - LOG_TAIL_BYTES);
+    }
+  };
+  const wrap = (key) => {
+    const orig = console[key].bind(console);
+    console[key] = (...a) => {
+      append(a);
+      orig(...a);
+    };
+  };
+  wrap("log");
+  wrap("error");
+  wrap("warn");
+}
+function safeStringify(v) {
+  try {
+    if (v instanceof Error) return v.stack || v.message;
+    return JSON.stringify(v);
+  } catch {
+    return String(v);
+  }
+}
+function getCapturedTail() {
+  if (!_logBuffer) return "";
+  const tail = _logBuffer.length > LOG_TAIL_BYTES ? "\u2026 [truncated]\n" + _logBuffer.slice(_logBuffer.length - LOG_TAIL_BYTES) : _logBuffer;
+  return scrubSecrets(tail);
+}
+function scrubSecrets(text) {
+  if (!text) return text;
+  let out = text;
+  out = out.replace(/(--mnemonic(?:=|\s+))("[^"]*"|'[^']*'|\S+)/gi, "$1<REDACTED>");
+  out = out.replace(/(--password(?:=|\s+))("[^"]*"|'[^']*'|\S+)/gi, "$1<REDACTED>");
+  out = out.replace(/\b(MNEMONIC|PASSWORD|BULLETIN_MNEMONIC|GITHUB_TOKEN|GH_TOKEN|NPM_TOKEN|SENTRY_AUTH_TOKEN)=([^\s]+)/gi, "$1=<REDACTED>");
+  out = out.replace(/\b(ghp|ghs|gho|ghu|ghr)_[A-Za-z0-9]{20,}\b/g, "<REDACTED_TOKEN>");
+  out = out.replace(/\bgithub_pat_[A-Za-z0-9_]{20,}\b/g, "<REDACTED_TOKEN>");
+  out = out.replace(/\b(?:[a-z]{3,10}\s+){11}[a-z]{3,10}\b/g, "<REDACTED_MNEMONIC>");
+  out = out.replace(/([a-z][a-z0-9+.-]*:\/\/)[^:@\s]+:[^@\s]+@/gi, "$1<REDACTED>@");
+  return out;
+}
+function buildCliFlagsSummary(flags) {
+  const parts = [];
+  if (flags.jsMerkle) parts.push("--js-merkle");
+  if (flags.ghPagesMirror) parts.push("--gh-pages-mirror");
+  if (flags.publish) parts.push("--publish");
+  if (flags.unpublish) parts.push("--unpublish");
+  if (flags.failOnPublishError) parts.push("--fail-on-publish-error");
+  if (flags.poolSize != null) parts.push(`--pool-size ${String(flags.poolSize)}`);
+  if (typeof flags.tag === "string" && flags.tag) parts.push(`--tag ${flags.tag}`);
+  if (flags.mnemonic) parts.push("--mnemonic <set>");
+  if (flags.password) parts.push("--password <set>");
+  if (flags.derivationPath) parts.push("--derivation-path <set>");
+  if (typeof flags.rpc === "string" && flags.rpc) parts.push("--rpc <set>");
+  return parts.join(" ");
+}
+function buildReportBody(error) {
+  const lines = [
+    "## Environment",
+    "",
+    `- **bulletin-deploy**: ${VERSION}`,
+    `- **Node.js**: ${process.version}`,
+    `- **OS**: ${os.platform()} ${os.arch()} ${os.release()}`,
+    "",
+    "## Error",
+    "",
+    "```",
+    scrubSecrets(error.stack || error.message),
+    "```",
+    ""
+  ];
+  const ctx = _deployContext;
+  const traceId = getCurrentSentryTraceId();
+  const hasCtx = ctx.domain || ctx.repo || ctx.rpc || ctx.cliFlags || ctx.ci?.runUrl || traceId;
+  if (hasCtx) {
+    lines.push("## Deploy Context", "");
+    if (ctx.domain) lines.push(`- **Domain**: ${ctx.domain}`);
+    if (ctx.repo) lines.push(`- **Repo**: ${ctx.repo}`);
+    if (ctx.branch) lines.push(`- **Branch**: ${ctx.branch}`);
+    if (ctx.signerMode) lines.push(`- **Signer mode**: ${ctx.signerMode}`);
+    if (ctx.chunkCount != null) lines.push(`- **Chunks**: ${ctx.chunkCount}`);
+    if (ctx.totalSize) lines.push(`- **Total size**: ${ctx.totalSize}`);
+    if (ctx.rpc) lines.push(`- **RPC**: ${ctx.rpc}`);
+    if (ctx.deployTag) lines.push(`- **Deploy tag**: ${ctx.deployTag}`);
+    if (ctx.cliFlags) lines.push(`- **CLI flags**: \`${ctx.cliFlags}\``);
+    if (traceId) lines.push(`- **Sentry trace**: ${traceId}`);
+    lines.push("");
+  }
+  if (ctx.ci?.runUrl) {
+    lines.push("## CI", "");
+    lines.push(`- **Run**: ${ctx.ci.runUrl}`);
+    if (ctx.ci.workflow) lines.push(`- **Workflow**: ${ctx.ci.workflow}`);
+    if (ctx.ci.job) lines.push(`- **Job**: ${ctx.ci.job}`);
+    if (ctx.ci.sha) lines.push(`- **SHA**: ${ctx.ci.sha}`);
+    lines.push("");
+  }
+  const tail = getCapturedTail();
+  if (tail) {
+    lines.push("## Log tail", "", "<details><summary>Last ~32 KB of stdout/stderr (secrets scrubbed)</summary>", "", "```", tail.trimEnd(), "```", "", "</details>", "");
+  }
+  return lines.join("\n");
+}
+function buildTitle(error) {
+  const msg = error.message.slice(0, 60);
+  return `[deploy-bug] ${msg}`;
+}
+function buildLabels(error) {
+  const labels = ["bug", "auto-report"];
+  const area = classifyErrorArea(error.message);
+  if (area) labels.push(area);
+  return labels;
+}
+function createGhIssue(title, body, labels) {
+  const args = [
+    "issue",
+    "create",
+    "--repo",
+    "paritytech/bulletin-deploy",
+    "--title",
+    title,
+    ...labels.flatMap((l) => ["--label", l]),
+    "--body-file",
+    "-"
+  ];
+  const out = execFileSync("gh", args, { input: body, stdio: ["pipe", "pipe", "inherit"] });
+  return out.toString("utf8").trim();
+}
+function applyCoreLabels(issueUrl) {
+  try {
+    execFileSync(
+      "gh",
+      ["issue", "edit", issueUrl, "--add-label", "bug", "--add-label", "auto-report"],
+      { stdio: ["ignore", "pipe", "pipe"] }
+    );
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function offerBugReport(error) {
+  if (!isInteractive()) return;
+  const yes = await promptYesNo("\n   This looks like a bug. Open an issue with debug info? [Y/n] ");
+  if (!yes) return;
+  const title = buildTitle(error);
+  const body = buildReportBody(error);
+  const labels = buildLabels(error);
+  if (!hasGhCli()) {
+    console.error("\n   gh CLI not found. Debug info below \u2014 paste into a new issue:\n");
+    console.error(`   https://github.com/paritytech/bulletin-deploy/issues/new
+`);
+    printFallback(title, body, labels);
+    return;
+  }
+  try {
+    const url = createGhIssue(title, body, labels);
+    console.error(`   Issue created: ${url}`);
+    return;
+  } catch {
+  }
+  try {
+    console.error("   Retrying without labels...");
+    const url = createGhIssue(title, body, []);
+    const applied = applyCoreLabels(url);
+    if (applied) {
+      console.error(`   Issue created: ${url} (labels applied after retry)`);
+    } else {
+      console.error(`   Issue created: ${url} (labels could not be applied; please add 'bug' and 'auto-report' manually)`);
+    }
+  } catch {
+    console.error("   Failed to create issue. Debug info below:\n");
+    printFallback(title, body, labels);
+  }
+}
+function printFallback(title, body, labels) {
+  console.error(`   Title: ${title}`);
+  console.error(`   Labels: ${labels.join(", ")}
+`);
+  console.error(body);
+}
+
+export {
+  setDeployContext,
+  installLogCapture,
+  getCapturedTail,
+  scrubSecrets,
+  buildCliFlagsSummary,
+  buildReportBody,
+  buildTitle,
+  buildLabels,
+  createGhIssue,
+  offerBugReport
+};

package/dist/chunk-BMAEWZYV.js

@@ -0,0 +1,24 @@
+import {
+  MEMBER_ENTROPY_KEY
+} from "./chunk-T7EEVWNU.js";
+import {
+  blake2b256Keyed
+} from "./chunk-UPWEOGLQ.js";
+
+// src/personhood/member-key.ts
+import { mnemonicToEntropy } from "@polkadot-labs/hdkd-helpers";
+import * as verifiable from "verifiablejs/nodejs";
+function deriveMemberEntropy(mnemonic) {
+  const normalized = mnemonic.trim().split(/\s+/).join(" ");
+  const bip39Entropy = mnemonicToEntropy(normalized);
+  return blake2b256Keyed(bip39Entropy, MEMBER_ENTROPY_KEY);
+}
+function deriveMemberKey(mnemonic) {
+  const entropy = deriveMemberEntropy(mnemonic);
+  return verifiable.member_from_entropy(entropy);
+}
+
+export {
+  deriveMemberEntropy,
+  deriveMemberKey
+};

package/dist/chunk-C2TS5MER.js

@@ -0,0 +1,64 @@
+// src/chunker.ts
+var CHUNK_SIZE_TARGET = 1024 * 1024;
+var CHUNK_SIZE_MAX = 2 * 1024 * 1024 - 1024;
+function concat(parts) {
+  let total = 0;
+  for (const p of parts) total += p.length;
+  const out = new Uint8Array(total);
+  let off = 0;
+  for (const p of parts) {
+    out.set(p, off);
+    off += p.length;
+  }
+  return out;
+}
+function packSection(files) {
+  const chunks = [];
+  let buffer = [];
+  let bufferLen = 0;
+  const flush = () => {
+    if (bufferLen === 0) return;
+    chunks.push(concat(buffer));
+    buffer = [];
+    bufferLen = 0;
+  };
+  for (const file of files) {
+    const fileBytes = file.blocks.reduce((s, b) => s + b.length, 0);
+    if (fileBytes === 0) continue;
+    if (fileBytes > CHUNK_SIZE_TARGET) {
+      flush();
+      if (fileBytes > CHUNK_SIZE_MAX) {
+        for (const block of file.blocks) {
+          if (bufferLen + block.length > CHUNK_SIZE_MAX) {
+            flush();
+          }
+          buffer.push(block);
+          bufferLen += block.length;
+        }
+        flush();
+      } else {
+        for (const block of file.blocks) {
+          buffer.push(block);
+          bufferLen += block.length;
+          flush();
+        }
+      }
+    } else {
+      if (bufferLen + fileBytes > CHUNK_SIZE_TARGET) {
+        flush();
+      }
+      for (const block of file.blocks) {
+        buffer.push(block);
+        bufferLen += block.length;
+      }
+    }
+  }
+  flush();
+  return chunks;
+}
+
+export {
+  CHUNK_SIZE_TARGET,
+  CHUNK_SIZE_MAX,
+  packSection
+};