faye-redis-ng 1.0.2 → 1.1.0

package/.github/SETUP.md

@@ -1,251 +0,0 @@
-# GitHub Actions Setup Guide
-
-This document explains how to set up automated publishing for faye-redis-ng using **Trusted Publishing (OIDC)**.
-
-## Prerequisites
-
-1. ✅ GitHub repository created
-2. ✅ npm account created (https://www.npmjs.com/signup)
-3. ✅ Package name `faye-redis-ng` available on npm
-
-## 🔒 What is Trusted Publishing?
-
-**Trusted Publishing** is npm's modern authentication method using OpenID Connect (OIDC). It's:
-- ✅ **More secure** - No tokens to manage or leak
-- ✅ **Easier** - No manual token creation needed
-- ✅ **Automatic** - GitHub authenticates directly with npm
-- ✅ **Recommended** by npm for all new projects
-
-**Old way**: Create npm token → Store in GitHub Secrets → Hope it doesn't leak
-**New way**: Configure once on npm → GitHub handles authentication automatically
-
----
-
-## Step 1: Configure Trusted Publishing on npm
-
-### 1.1 First Publish (Manual, One-time)
-
-For the **first publish only**, you need to create the package manually:
-
-```bash
-# Login to npm
-npm login
-
-# Publish the first version
-npm publish --access public
-```
-
-This creates the package on npm. After this, you can use automated publishing.
-
-### 1.2 Configure Trusted Publishing
-
-After the first manual publish:
-
-1. Go to your package on npm: `https://www.npmjs.com/package/faye-redis-ng`
-2. Click **Settings** tab
-3. Scroll to **Publishing access**
-4. Click **Add trusted publisher**
-5. Fill in the form:
-   - **Provider**: GitHub Actions
-   - **Repository owner**: `YOUR-GITHUB-USERNAME`
-   - **Repository name**: `faye-redis-ng`
-   - **Workflow name**: `publish.yml`
-   - **Environment name**: Leave empty (not using environments)
-6. Click **Add**
-
-**That's it!** No tokens needed, no GitHub secrets to manage.
-
-## Step 2: Verify Configuration
-
-Check your npm package settings page:
-- ✅ Trusted publisher should show: `github:YOUR-USERNAME/faye-redis-ng`
-- ✅ Workflow: `publish.yml`
-
-## Step 3: How to Publish
-
-Publishing is now fully automated! Here's the workflow:
-
-### Option A: Using Git Commands (Recommended)
-
-```bash
-# 1. Update version in package.json (already done for v1.0.1)
-
-# 2. Commit all changes
-git add .
-git commit -m "Release v1.0.1"
-
-# 3. Create and push tag
-git tag v1.0.1
-git push origin master
-git push origin v1.0.1
-
-# 4. GitHub Actions will automatically:
-#    ✓ Run tests
-#    ✓ Publish to npm
-#    ✓ Create GitHub Release
-```
-
-### Option B: Using npm version Command
-
-```bash
-# This automatically updates package.json, creates git tag, and commits
-npm version patch -m "Release %s"
-git push origin master --follow-tags
-
-# GitHub Actions will handle the rest!
-```
-
-## Step 4: Verify Automated Publishing
-
-After pushing a tag, check:
-
-1. **GitHub Actions Tab**:
-   - https://github.com/YOUR-USERNAME/faye-redis-ng/actions
-   - You should see "Publish to npm" workflow running
-
-2. **npm Package**:
-   - Wait 1-2 minutes
-   - Visit: https://www.npmjs.com/package/faye-redis-ng
-   - Verify new version is published
-
-3. **GitHub Releases**:
-   - https://github.com/YOUR-USERNAME/faye-redis-ng/releases
-   - A new release should be created automatically
-
-## Workflow Details
-
-### CI Workflow (ci.yml)
-
-Runs on every push and PR:
-- ✅ Syntax checks
-- ✅ Integration tests (with Redis)
-- ✅ Package validation
-
-### Publish Workflow (publish.yml)
-
-Runs when you push a tag (e.g., `v1.0.1`):
-- ✅ Verifies tag matches package.json version
-- ✅ Runs tests
-- ✅ Publishes to npm with provenance
-- ✅ Creates GitHub Release with changelog
-- ✅ Uploads package tarball to release
-
-## Version Bumping Guide
-
-### Patch Release (Bug fixes)
-```bash
-npm version patch
-# 1.0.1 → 1.0.2
-```
-
-### Minor Release (New features, backward compatible)
-```bash
-npm version minor
-# 1.0.1 → 1.1.0
-```
-
-### Major Release (Breaking changes)
-```bash
-npm version major
-# 1.0.1 → 2.0.0
-```
-
-Then push:
-```bash
-git push origin master --follow-tags
-```
-
-## Troubleshooting
-
-### "npm ERR! 403 Forbidden" or "E403"
-
-**Problem**: Trusted publishing not configured correctly
-
-**Solution**:
-1. Go to https://www.npmjs.com/package/faye-redis-ng/access
-2. Verify trusted publisher is configured
-3. Check repository owner and name match exactly
-4. Workflow name must be `publish.yml` (not `.github/workflows/publish.yml`)
-5. Try removing and re-adding the trusted publisher
-
-### "npm ERR! 404 Not Found"
-
-**Problem**: Package doesn't exist yet
-
-**Solution**: Do the first manual publish:
-```bash
-npm login
-npm publish --access public
-```
-Then configure trusted publishing on npm
-
-### "Version mismatch"
-
-**Problem**: Tag version doesn't match package.json
-
-**Solution**:
-```bash
-# If tag is v1.0.1 but package.json shows 1.0.0
-# Delete the tag
-git tag -d v1.0.1
-git push origin :refs/tags/v1.0.1
-
-# Update package.json version to 1.0.1
-# Then create tag again
-git tag v1.0.1
-git push origin v1.0.1
-```
-
-### Tests fail in CI but work locally
-
-**Problem**: Redis not available or different environment
-
-**Solution**:
-- The CI workflow includes Redis service
-- Check if test expects specific Redis configuration
-- Review workflow logs for specific errors
-
-## Security Best Practices
-
-✅ **DO**:
-- Use Trusted Publishing (already configured)
-- Enable 2FA on your npm account
-- Use npm provenance (already configured)
-- Keep your GitHub repository secure
-
-❌ **DON'T**:
-- Create automation tokens (not needed with Trusted Publishing)
-- Store npm tokens in GitHub Secrets (not needed)
-- Share publishing access unnecessarily
-
-## Manual Override
-
-If you need to publish manually (emergency or first publish):
-
-```bash
-# Publish manually
-npm login
-npm publish --access public
-```
-
-This works even with Trusted Publishing configured.
-
-## Next Steps
-
-After setup is complete:
-
-1. ✅ Test the workflow with a patch release
-2. ✅ Monitor first automated publish
-3. ✅ Update README with automation badges (optional)
-4. ✅ Set up branch protection rules (optional)
-
-## Questions?
-
-- GitHub Actions Docs: https://docs.github.com/en/actions
-- npm Publishing Guide: https://docs.npmjs.com/creating-and-publishing-scoped-public-packages
-- GitHub Actions for npm: https://docs.npmjs.com/generating-provenance-statements
-
----
-
-**Setup by**: Claude Code
-**Last updated**: January 2026

package/.github/TRUSTED_PUBLISHING.md

@@ -1,219 +0,0 @@
-# Trusted Publishing Quick Reference
-
-## What is Trusted Publishing?
-
-**Trusted Publishing** uses OpenID Connect (OIDC) to allow GitHub Actions to publish directly to npm without requiring authentication tokens.
-
-### Benefits
-
-✅ **More Secure**
-- No long-lived tokens to manage
-- No risk of token leakage in logs
-- Authentication happens per-publish
-
-✅ **Easier to Use**
-- No GitHub Secrets to configure
-- No token rotation needed
-- One-time setup on npm
-
-✅ **npm Recommended**
-- Official recommendation from npm
-- Industry best practice
-- Future-proof authentication
-
-## Setup (5 minutes)
-
-### Step 1: First Manual Publish
-
-```bash
-npm login
-npm publish --access public
-```
-
-This creates the package on npm. Only needed once.
-
-### Step 2: Configure Trusted Publisher
-
-1. **Go to your package settings**:
-   ```
-   https://www.npmjs.com/package/faye-redis-ng/settings
-   ```
-
-2. **Scroll to "Publishing access"**
-
-3. **Click "Add trusted publisher"**
-
-4. **Fill in the form**:
-   - **Provider**: Select "GitHub Actions"
-   - **Repository owner**: Your GitHub username (e.g., `johndoe`)
-   - **Repository name**: `faye-redis-ng`
-   - **Workflow name**: `publish.yml` (exactly this, not the full path)
-   - **Environment name**: Leave empty
-
-5. **Click "Add"**
-
-### Step 3: Verify
-
-Check that the trusted publisher appears:
-```
-Provider: GitHub Actions
-Repository: YOUR-USERNAME/faye-redis-ng
-Workflow: publish.yml
-```
-
-## How It Works
-
-```mermaid
-sequenceDiagram
-    participant Dev as Developer
-    participant GH as GitHub
-    participant npm as npm Registry
-
-    Dev->>GH: Push tag v1.0.1
-    GH->>GH: Run workflow
-    GH->>npm: Request OIDC token
-    npm->>npm: Verify repository & workflow
-    npm->>GH: Grant publish permission
-    GH->>npm: Publish package
-    npm->>Dev: Package published!
-```
-
-1. You push a git tag
-2. GitHub Actions workflow starts
-3. GitHub requests OIDC token from npm
-4. npm verifies the request matches trusted publisher config
-5. npm grants temporary publish permission
-6. GitHub publishes your package
-7. Done! Token expires immediately
-
-## Configuration in Workflow
-
-In `.github/workflows/publish.yml`:
-
-```yaml
-permissions:
-  id-token: write # Required for OIDC
-  contents: write # Required for GitHub Releases
-
-steps:
-  - name: Setup Node.js
-    uses: actions/setup-node@v4
-    with:
-      node-version: '22'
-      registry-url: 'https://registry.npmjs.org'
-      # No NODE_AUTH_TOKEN needed!
-
-  - name: Publish to npm
-    run: npm publish --access public --provenance
-    # No env variables needed!
-```
-
-## Troubleshooting
-
-### 403 Forbidden Error
-
-**Problem**: npm rejects publish with 403
-
-**Checklist**:
-- [ ] Did you do the first manual publish?
-- [ ] Is trusted publisher configured on npm?
-- [ ] Does repository owner match exactly?
-- [ ] Is workflow name exactly `publish.yml` (not full path)?
-- [ ] Is the package scoped correctly?
-
-**Solution**:
-1. Verify at: `https://www.npmjs.com/package/faye-redis-ng/access`
-2. Check repository name matches exactly
-3. Remove and re-add trusted publisher if needed
-
-### 404 Not Found Error
-
-**Problem**: Package doesn't exist
-
-**Solution**: Do the first manual publish:
-```bash
-npm login
-npm publish --access public
-```
-
-### Workflow Doesn't Run
-
-**Problem**: Push tag but no workflow triggered
-
-**Checklist**:
-- [ ] Tag starts with `v` (e.g., `v1.0.1`)
-- [ ] Workflow file exists: `.github/workflows/publish.yml`
-- [ ] GitHub Actions enabled in repository settings
-
-### Permission Denied
-
-**Problem**: "Permission denied" or "id-token: write not set"
-
-**Solution**: Check workflow has correct permissions:
-```yaml
-permissions:
-  id-token: write
-  contents: write
-```
-
-## Comparison: Token vs Trusted Publishing
-
-| Feature | npm Token | Trusted Publishing |
-|---------|-----------|-------------------|
-| **Setup** | Create token, add to secrets | Configure once on npm |
-| **Security** | Token can leak | No tokens to leak |
-| **Rotation** | Manual every 90 days | Automatic per-publish |
-| **Revocation** | Manual | Automatic on workflow end |
-| **Best Practice** | ❌ Legacy | ✅ Recommended |
-| **npm Recommendation** | No | Yes |
-
-## Migration from Token-Based
-
-If you're switching from token-based publishing:
-
-1. **Remove the token**:
-   - Go to GitHub: Settings → Secrets → Actions
-   - Delete `NPM_TOKEN` secret (if exists)
-
-2. **Remove from workflow**:
-   ```yaml
-   # Delete this:
-   env:
-     NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-   ```
-
-3. **Configure Trusted Publishing** (see Step 2 above)
-
-4. **Test**: Push a tag and verify it works
-
-## Resources
-
-- [npm Trusted Publishing Docs](https://docs.npmjs.com/generating-provenance-statements)
-- [GitHub OIDC Docs](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)
-- [Provenance Guide](https://docs.npmjs.com/generating-provenance-statements)
-
-## FAQ
-
-**Q: Do I need to do anything special in my workflow?**
-A: No! Just `npm publish` without any tokens.
-
-**Q: Can I still publish manually?**
-A: Yes! `npm login && npm publish` still works.
-
-**Q: Does this work with private packages?**
-A: Yes, works with both public and private packages.
-
-**Q: Can I use this with multiple repositories?**
-A: Yes, add each repository as a trusted publisher.
-
-**Q: What if I change the repository name?**
-A: Update the trusted publisher config on npm.
-
-**Q: Is this production-ready?**
-A: Yes! Used by thousands of packages, recommended by npm.
-
----
-
-**Last Updated**: January 2026
-**Status**: ✅ Production Ready
-**Security**: 🔒 Industry Best Practice

package/.github/workflows/ci.yml

@@ -1,70 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    strategy:
-      matrix:
-        node-version: [22.x]
-
-    services:
-      redis:
-        image: valkey/valkey:9-alpine
-        ports:
-          - 6379:6379
-        options: >-
-          --health-cmd "redis-cli ping"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
-      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node-version }}
-          cache: "npm"
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run syntax check
-        run: node -c faye-redis.js
-
-      - name: Verify package can be built
-        run: npm pack --dry-run
-
-  lint:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Check package.json validity
-        run: node -e "JSON.parse(require('fs').readFileSync('package.json', 'utf8'))"
-
-      - name: Verify files for npm package
-        run: |
-          echo "Files that will be published:"
-          npm pack --dry-run

package/.github/workflows/publish.yml

@@ -1,77 +0,0 @@
-name: Publish to npm
-
-on:
-  push:
-    tags:
-      - 'v*' # Triggers on version tags like v1.0.1, v1.2.0, etc.
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write # Needed to create GitHub releases
-      id-token: write # Needed for npm provenance and OIDC trusted publishing
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # Fetch all history for changelog
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '22'
-          registry-url: 'https://registry.npmjs.org'
-          # No need for NODE_AUTH_TOKEN with Trusted Publishing
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Verify package version matches tag
-        run: |
-          PACKAGE_VERSION=$(node -p "require('./package.json').version")
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-          if [ "$PACKAGE_VERSION" != "$TAG_VERSION" ]; then
-            echo "❌ Package version ($PACKAGE_VERSION) doesn't match tag version ($TAG_VERSION)"
-            exit 1
-          fi
-          echo "✅ Version match: $PACKAGE_VERSION"
-
-      - name: Run tests (if available)
-        run: npm test || echo "⚠️ Tests skipped (require Redis)"
-        continue-on-error: true
-
-      - name: Build package
-        run: npm pack
-
-      - name: Publish to npm (Trusted Publishing with OIDC)
-        run: npm publish --access public --provenance
-
-      - name: Extract changelog for this version
-        id: changelog
-        run: |
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-          # Extract changelog section for this version
-          CHANGELOG=$(awk "/## \[$TAG_VERSION\]/,/## \[/{if (/## \[/ && !/$TAG_VERSION/) exit; if (!/## \[$TAG_VERSION\]/) print}" CHANGELOG.md)
-          # Save to file for GitHub release
-          echo "$CHANGELOG" > .release-notes.md
-          echo "✅ Extracted changelog for v$TAG_VERSION"
-
-      - name: Create GitHub Release
-        uses: softprops/action-gh-release@v1
-        with:
-          files: '*.tgz'
-          body_path: .release-notes.md
-          draft: false
-          prerelease: false
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Success notification
-        run: |
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-          echo "🎉 Successfully published faye-redis-ng@$TAG_VERSION to npm"
-          echo "📦 Package: https://www.npmjs.com/package/faye-redis-ng"
-          echo "🏷️  Release: https://github.com/${{ github.repository }}/releases/tag/v$TAG_VERSION"