PyPI - wasm-action - Versions diffs - 0.0.5__tar.gz → 0.0.7__tar.gz - Mend

wasm-action 0.0.5tar.gz → 0.0.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

{wasm_action-0.0.5 → wasm_action-0.0.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: wasm-action
-Version: 0.0.5
+Version: 0.0.7
 Summary: Interact with WebAssembly registries.
 Requires-Dist: click>=8.2.1
 Requires-Dist: cryptography>=45.0.6
@@ -27,17 +27,21 @@ Description-Content-Type: text/markdown
 * Supported actions: push, pull
 * Supports Python 3.10+ on Linux, MacOS and Windows
+#### Planned
+* OCI registry support (a.k.a. Docker registry)
+* Convert between formats (wit/wasm)
 ## Usage
 ### Pull from registry
 ```
-      - uses: xelato/wasm-action
+      - uses: xelato/wasm-action@main
         with:
           action: pull
           registry: wa.dev
           package: component-book:adder
 ```
-To pull a private package define your [token](https://wa.dev/account/credentials/new):
+To pull a private package, define your [token](https://wa.dev/account/credentials/new):
 ```
         env:
           WARG_TOKEN: ${{ secrets.WARG_TOKEN }}
@@ -66,7 +70,7 @@ To pull a private package define your [token](https://wa.dev/account/credentials
 ### Push to registry
 ```
-      - uses: xelato/wasm-action
+      - uses: xelato/wasm-action@main
         with:
           action: push
           registry: wa.dev
@@ -77,8 +81,27 @@ To pull a private package define your [token](https://wa.dev/account/credentials
           WARG_PRIVATE_KEY: ${{ secrets.WARG_PRIVATE_KEY }}
 ```
+### Key generation
+New [token](https://wa.dev/account/credentials/new) registration and push to wa.dev require generation and configuration of a private/public key pair which can be facilitated with:
+```
+$ uv run wasm-action key
+{
+    "private": "ecdsa-p256:9y5nigLvFp3KZZQtuvN9DchpGIMUB4bwGAtkIoOCla4=",
+    "public": "ecdsa-p256:AvspSQWBK65ItTou/uVCi5qC4P+HBCi4R34OIPb3ILRl",
+    "id": "sha256:c836bd8a3082f2e8d70bdfa48296e580ab847fcdeadb351f448d03f152d44093"
+}
+```
+```
+# use private key to configure in github or save it elsewhere in a secure manner
+$ uvx wasm-action key | jq .private | pbcopy
+```
+```
+# use corresponding public key for new token registration at wa.dev
+$ pbpaste | uvx wasm-action key | jq .public
+```
 ## CLI
-The tool can be run without installing using [uv](https://docs.astral.sh/uv/).
+The tool can be run without installing, using [uv](https://docs.astral.sh/uv/).
 ```
 $ uvx wasm-action --help
 Usage: wasm-action [OPTIONS] COMMAND [ARGS]...
@@ -87,8 +110,10 @@ Options:
   --help  Show this message and exit.
 Commands:
-  pull  Pull from a WebAssembly registry
-  push  Push to a WebAssembly registry
+  key      Generate private key or read one from stdin
+  pull     Pull from registry
+  push     Push to registry
+  version  Print version
 ```
 ```
 $ uvx wasm-action pull --help

{wasm_action-0.0.5 → wasm_action-0.0.7}/README.md RENAMED Viewed

@@ -9,17 +9,21 @@
 * Supported actions: push, pull
 * Supports Python 3.10+ on Linux, MacOS and Windows
+#### Planned
+* OCI registry support (a.k.a. Docker registry)
+* Convert between formats (wit/wasm)
 ## Usage
 ### Pull from registry
 ```
-      - uses: xelato/wasm-action
+      - uses: xelato/wasm-action@main
         with:
           action: pull
           registry: wa.dev
           package: component-book:adder
 ```
-To pull a private package define your [token](https://wa.dev/account/credentials/new):
+To pull a private package, define your [token](https://wa.dev/account/credentials/new):
 ```
         env:
           WARG_TOKEN: ${{ secrets.WARG_TOKEN }}
@@ -48,7 +52,7 @@ To pull a private package define your [token](https://wa.dev/account/credentials
 ### Push to registry
 ```
-      - uses: xelato/wasm-action
+      - uses: xelato/wasm-action@main
         with:
           action: push
           registry: wa.dev
@@ -59,8 +63,27 @@ To pull a private package define your [token](https://wa.dev/account/credentials
           WARG_PRIVATE_KEY: ${{ secrets.WARG_PRIVATE_KEY }}
 ```
+### Key generation
+New [token](https://wa.dev/account/credentials/new) registration and push to wa.dev require generation and configuration of a private/public key pair which can be facilitated with:
+```
+$ uv run wasm-action key
+{
+    "private": "ecdsa-p256:9y5nigLvFp3KZZQtuvN9DchpGIMUB4bwGAtkIoOCla4=",
+    "public": "ecdsa-p256:AvspSQWBK65ItTou/uVCi5qC4P+HBCi4R34OIPb3ILRl",
+    "id": "sha256:c836bd8a3082f2e8d70bdfa48296e580ab847fcdeadb351f448d03f152d44093"
+}
+```
+```
+# use private key to configure in github or save it elsewhere in a secure manner
+$ uvx wasm-action key | jq .private | pbcopy
+```
+```
+# use corresponding public key for new token registration at wa.dev
+$ pbpaste | uvx wasm-action key | jq .public
+```
 ## CLI
-The tool can be run without installing using [uv](https://docs.astral.sh/uv/).
+The tool can be run without installing, using [uv](https://docs.astral.sh/uv/).
 ```
 $ uvx wasm-action --help
 Usage: wasm-action [OPTIONS] COMMAND [ARGS]...
@@ -69,8 +92,10 @@ Options:
   --help  Show this message and exit.
 Commands:
-  pull  Pull from a WebAssembly registry
-  push  Push to a WebAssembly registry
+  key      Generate private key or read one from stdin
+  pull     Pull from registry
+  push     Push to registry
+  version  Print version
 ```
 ```
 $ uvx wasm-action pull --help

{wasm_action-0.0.5 → wasm_action-0.0.7}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "wasm-action"
-version = "0.0.5"
+version = "0.0.7"
 description = "Interact with WebAssembly registries."
 readme = "README.md"
 requires-python = ">=3.10"

{wasm_action-0.0.5 → wasm_action-0.0.7}/src/wasm_action/cli.py RENAMED Viewed

@@ -1,8 +1,11 @@
 import sys
 import click
 import importlib.metadata
+import json
 from . import lib
+from .warg.crypto import generate_key
 @click.group()
 def cli():
@@ -64,5 +67,23 @@ def pull(registry, package, path=None, warg_token=None):
         sys.exit(1)
+@cli.command(help="Generate private key or read one from stdin")
+def key():
+    """Generate key in json format.
+    Either:
+     - generate a new key
+     - read a private key from standard input
+    """
+    if sys.stdin.isatty():
+        data = generate_key()
+    else:
+        # read private key from standard input
+        private_key = sys.stdin.read()
+        data = generate_key(private_key)
+        del data['private']
+    print(json.dumps(data, indent=4))
 if __name__ == "__main__":
     cli()

{wasm_action-0.0.5 → wasm_action-0.0.7}/src/wasm_action/lib.py RENAMED Viewed

@@ -5,7 +5,6 @@ import os
 import hashlib
 import base64
 import json
 import click
 import semver
 import validators

{wasm_action-0.0.5 → wasm_action-0.0.7}/src/wasm_action/warg/actions.py RENAMED Viewed

@@ -60,11 +60,14 @@ def warg_push(registry, warg_url, namespace, name, version, content_bytes, warg_
         # state: sourcing -> upload sources
         elif state == 'sourcing':
+            time.sleep(1)
             if 'missingContent' in res:
                 for _, data in res['missingContent'].items():
                     if 'upload' in data:
                         for upload in data['upload']:
-                            requests.put(upload['url'], data=content_bytes)
+                            r = requests.put(upload['url'], data=content_bytes)
+                            if r.status_code not in (200, 201):
+                                print(r.status_code, r.content)
         # state: rejected -> error
         elif state == 'rejected':

{wasm_action-0.0.5 → wasm_action-0.0.7}/src/wasm_action/warg/crypto.py RENAMED Viewed

@@ -38,9 +38,14 @@ class PrivateKey:
         """
         Decode a key in `<algo>:<base64>` format.
         """
-        if ':' not in text:
+        text = (text or '').strip()
+        if not text or ':' not in text:
             raise ValueError('required format: <algo>:<base64>')
+        # better interplay with jq, pbcopy, and pbpaste
+        if len(text)>1 and text.startswith('"') and text.endswith('"'):
+            text = text[1:-1]
         algo, key_b64 = text.split(':', 1)
         curve = cls.CURVES.get(algo)
@@ -48,7 +53,9 @@ class PrivateKey:
             raise ValueError('algorithm not supported: {}'.format(algo))
         key_bytes = base64.b64decode(key_b64)
-        # todo: compare bytes length with curve key length
+        # compare bytes length with curve key size
+        if len(key_bytes) * 8 != curve.key_size:
+            raise ValueError('key size mismatch')
         key_int = int.from_bytes(key_bytes, byteorder='big')
         key = ec.derive_private_key(key_int, curve=curve)
@@ -134,3 +141,17 @@ class PublicKey:
     def fingerprint(self):
         """Used as Key ID"""
         return "sha256:{}".format(hashlib.sha256(self.canonical().encode('ascii')).hexdigest())
+def generate_key(private_key:str=None):
+    """Generate key-pair."""
+    if private_key:
+        private = PrivateKey.load(private_key)
+    else:
+        private = PrivateKey.generate()
+    public = private.public_key()
+    return {
+        "private": private.canonical(),
+        "public": public.canonical(),
+        "id": public.fingerprint(),
+    }