Merge branch 'main' into chore/yarn3

.changeset/unlucky-scissors-wave.md

@@ -0,0 +1,2 @@
+---
+---

.github/dependabot.yml

@@ -0,0 +1,14 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      day: "monday"
+      interval: "weekly"
+  # To be added when a package manager decision has been taken
+  # - package-ecosystem: "npm" / "pnpm" # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem

.github/workflows/circleci.yml

@@ -1,5 +1,5 @@
-name: social connect
-run-name: social connect tests
+name: CI Checks
+run-name: ci checks
 
 # Dockefile for the self-hosted runner:
 # https://github.com/celo-org/infrastructure/blob/master/terraform/root-modules/gcp/integration-tests-gke/files/github-arc/Dockerfile-monorepo
@@ -38,7 +38,7 @@ env:
 
 jobs:
   install-dependencies:
-    name: Install dependencies
+    name: Install + Build +
     outputs:
       package-json-checksum: ${{ steps.node-checksums.outputs.PACKAGE_JSON_CHECKSUM }}
       # Propagate more outputs if you need https://github.com/tj-actions/changed-files#outputs
@@ -124,15 +124,6 @@ jobs:
         if: steps.cache_node.outputs.cache-hit != 'true'
         run: |
           yarn check-licenses
-      - name: Detect files changed in PR, and expose as output
-        id: changed-files
-        uses: tj-actions/changed-files@v37
-        with:
-          # Using comma as separator to be able to easily match full paths (using ,<path>)
-          separator: ','
-          # Checking if changed in the last 100 commits in PRs
-          fetch_depth: '150'
-      - run: echo ",${{ steps.changed-files.outputs.all_modified_files }}"
   lint-checks:
     name: Lint code
     runs-on: ['self-hosted', 'org', '8-cpu']
@@ -155,8 +146,20 @@ jobs:
           package-json-checksum: ${{ needs.install-dependencies.outputs.package-json-checksum }}
       - run: yarn run prettify:diff
       - run: yarn run lint
+      - name: Detect files changed in PR, and expose as output
+        id: changed-files
+        uses: tj-actions/changed-files@v37
+        with:
+          # Using comma as separator to be able to easily match full paths (using ,<path>)
+          separator: ','
+          # Checking if changed in the last 100 commits in PRs
+          fetch_depth: '150'
+      - run: echo ",${{ steps.changed-files.outputs.all_modified_files }}"
+      - name: Has Changeset
+        id: changeset
+        run: yarn changeset status --since origin/main
   general_test:
-    name: General jest test
+    name: General (identity + encrypted-backup) test
     runs-on: ['self-hosted', 'org', '8-cpu']
     container:
       image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/celo-monorepo:node18
@@ -172,30 +175,28 @@ jobs:
         uses: ./.github/actions/sync-workspace
         with:
           package-json-checksum: ${{ needs.install-dependencies.outputs.package-json-checksum }}
-      - name: Run Jest Tests
+      - name: Run Encrypted Backup tests
         run: |
-          mkdir -p test-results/jest
-          # Skipping packages that are tested in a specific job below
-          yarn run lerna \
-            --ignore @celo/identity \
-            run test
+          yarn --cwd=packages/sdk/encrypted-backup test
+      - name: Run Identity Tests
+        run: |
+          yarn --cwd=packages/sdk/identity test
       - name: Upload Jest Test Results
         uses: actions/upload-artifact@v3
         with:
           name: Jest Test Results
           path: test-results/jest
-
-
-  identity-tests:
-    name: Identity Tests
+  combiner-test:
+    name: Combiner test
     runs-on: ['self-hosted', 'org', '8-cpu']
     container:
       image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/celo-monorepo:node18
     timeout-minutes: 30
-    needs: [install-dependencies]
+    needs: install-dependencies
     if: |
       github.base_ref == 'main' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') ||
-      contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/common') ||
+      contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy/combiner') ||
+      contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') ||
       contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ||
       false
     steps:
@@ -209,25 +210,20 @@ jobs:
         uses: ./.github/actions/sync-workspace
         with:
           package-json-checksum: ${{ needs.install-dependencies.outputs.package-json-checksum }}
-      #- name: Generate DevChain
-      #  run: |
-      #    cd packages/sdk/identity
-      #    yarn test:reset
-      - name: Run tests
+      - name: Run Tests for combiner
         run: |
-          yarn --cwd=packages/sdk/identity test
+          yarn --cwd=packages/phone-number-privacy/combiner test:coverage
   odis-test:
-    name: ODIS test
+    name: ODIS (signer + common) test
+    needs: install-dependencies
     runs-on: ['self-hosted', 'org', '8-cpu']
     container:
       image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/celo-monorepo:node18
     timeout-minutes: 30
-    needs: [install-dependencies, lint-checks]
+
     if: |
       github.base_ref == 'main' || contains(github.base_ref, 'staging') || contains(github.base_ref, 'production') ||
       contains(needs.install-dependencies.outputs.all_modified_files, 'packages/phone-number-privacy') ||
-      contains(needs.install-dependencies.outputs.all_modified_files, 'packages/protocol') ||
-      contains(needs.install-dependencies.outputs.all_modified_files, 'packages/sdk') ||
       contains(needs.install-dependencies.outputs.all_modified_files, ',package.json') ||
       contains(needs.install-dependencies.outputs.all_modified_files, ',yarn.lock') ||
       false
@@ -245,9 +241,6 @@ jobs:
       - name: Run Tests for common package
         run: |
           yarn --cwd=packages/phone-number-privacy/common test:coverage
-      - name: Run Tests for combiner
-        run: |
-          yarn --cwd=packages/phone-number-privacy/combiner test:coverage
       - name: Run Tests for signer
         run: |
-          yarn --cwd=packages/phone-number-privacy/signer test:coverage
+          yarn --cwd=packages/phone-number-privacy/signer test:coverage

.github/workflows/odis-signer-container.yml

@@ -0,0 +1,44 @@
+---
+  name: Build ODIS signer image
+
+  on:
+    push:
+      paths:
+        - 'dockerfiles/phone-number-privacy/Dockerfile-signer'
+        - 'packages/phone-number-privacy/signer/**'
+      branches:
+        - main
+    pull_request:
+      paths:
+        - 'dockerfiles/phone-number-privacy/Dockerfile-signer'
+        - 'packages/phone-number-privacy/signer/**'
+    workflow_dispatch:
+
+  jobs:
+    odis-signer-build-dev:
+      uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+      name: Build us-west1-docker.pkg.dev/devopsre/dev-images/monorepo:${{ github.sha }}
+      if: |
+        github.ref != 'refs/heads/main'
+      with:
+        workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-social-connect/providers/github-by-repos
+        service-account: '[email protected]'
+        artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer
+        tag: ${{ github.sha }}
+        context: .
+        file: dockerfiles/phone-number-privacy/Dockerfile-signer
+        trivy: true
+
+    odis-signer-build:
+      uses: celo-org/reusable-workflows/.github/workflows/[email protected]
+      name: Build us-west1-docker.pkg.dev/devopsre/celo-monorepo/monorepo:${{ github.sha }}
+      if: |
+        github.ref == 'refs/heads/master'
+      with:
+        workload-id-provider: projects/1094498259535/locations/global/workloadIdentityPools/gh-social-connect-main/providers/github-by-repos
+        service-account: '[email protected]'
+        artifact-registry: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer
+        tag: ${{ github.sha }}
+        context: .
+        file: dockerfiles/phone-number-privacy/Dockerfile-signer
+        trivy: true

RELEASE.md

@@ -0,0 +1,40 @@
+# Release Process
+
+This repo uses changesets to determine what packages need a version bump.
+
+Each PR MUST be accompanied by a changeset unless it has zero affect on package consumers (ie changing github action workflows).
+
+To create a changeset run `changeset add` (or  `yarn cs`)
+
+This will bring up an interactive console which asks which packages are affect and if they require minor or major update.
+
+when time to release new versions of npm package run `changeset version` this will look thru the changeset files that have been generated since last release to bump the versions for package automatically to major if any changesets specify major change minor if only minor and patch if a the package had no changesets of its own but depends on one which will be updated.
+
+finally `changeset publish` will go thru and publish to npm the packages that need publishing.
+
+after go ahead and run `git push --follow-tags` to push git tags up to github.
+
+## for pre releasing
+
+changesets has 2 strategies for pre release versions.
+
+The first is to enter `pre` mode on changesets. [docs here](https://github.com/changesets/changesets/blob/main/docs/prereleases.md)
+
+```
+yarn changeset pre enter beta
+yarn changeset version
+git add .
+git commit -m "Enter prerelease mode and version packages"
+yarn changeset publish
+git push --follow-tags
+```
+
+The other is to append --snapshot. which is great for daily releases.
+
+```
+yarn changeset version --snapshot canary
+
+yarn changeset publish --no-git-tag --snapshot
+
+```
+<https://github.com/changesets/changesets/blob/main/docs/snapshot-releases.md>

dockerfiles/phone-number-privacy/Dockerfile → dockerfiles/phone-number-privacy/Dockerfile-signer

@@ -5,22 +5,10 @@ FROM scratch AS packages
 # Assemble all dependencies into the packages folder so the second stage can select whether to
 # include all packages, or just the phone-number-privacy packages.
 WORKDIR /celo-phone-number-privacy/
-COPY packages/typescript packages/typescript
-COPY packages/dev-utils packages/dev-utils
 COPY packages/phone-number-privacy/signer packages/phone-number-privacy/signer
 COPY packages/phone-number-privacy/common packages/phone-number-privacy/common
-COPY packages/protocol packages/protocol
-COPY packages/sdk/base packages/sdk/base
-COPY packages/sdk/connect packages/sdk/connect
-COPY packages/sdk/contractkit packages/sdk/contractkit
-COPY packages/sdk/cryptographic-utils packages/sdk/cryptographic-utils
-COPY packages/sdk/utils packages/sdk/utils
-COPY packages/sdk/phone-utils packages/sdk/phone-utils
-COPY packages/sdk/wallets/wallet-base packages/sdk/wallets/wallet-base
-COPY packages/sdk/wallets/wallet-hsm packages/sdk/wallets/wallet-hsm
-COPY packages/sdk/wallets/wallet-hsm-azure packages/sdk/wallets/wallet-hsm-azure
-COPY packages/sdk/wallets/wallet-local packages/sdk/wallets/wallet-local
-COPY packages/sdk/wallets/wallet-remote packages/sdk/wallets/wallet-remote
+COPY packages/sdk/encrypted-backup packages/sdk/encrypted-backup
+COPY packages/sdk/identity packages/sdk/identity
 
 ##### Main stage
 FROM node:18
@@ -30,12 +18,9 @@ WORKDIR /celo-phone-number-privacy/
 
 # Copy monorepo settings
 COPY lerna.json package.json yarn.lock ./
-COPY scripts/ scripts/
-COPY patches/ patches/
 
 # Makes build fail if it doesn't copy git, will be removed after build
 COPY .git .git
-COPY .gitmodules .gitmodules
 
 # Setting ONLY_PUBLISHED_DEPENDENCIES to true or any non-empty string results in only the
 # phone-number-privacy package being copied into the image, and therefore it will only build using
@@ -49,7 +34,6 @@ RUN yarn install --network-timeout 100000 --immutable && yarn cache clean
 RUN yarn build
 
 RUN rm -r .git
-RUN rm .gitmodules
 
 # Setup and run the signer application.
 ENV NODE_ENV production

packages/phone-number-privacy/combiner/test/end-to-end/domain.test.ts

@@ -30,7 +30,7 @@ import {
 } from '@celo/phone-number-privacy-common'
 import { defined, noNumber, noString } from '@celo/utils/lib/sign-typed-data-utils'
 import * as crypto from 'crypto'
-import 'isomorphic-fetch'
+import fetch from 'node-fetch'
 import { getCombinerVersion } from '../../src'
 import { getTestContextName } from './resources'
 

packages/phone-number-privacy/combiner/test/end-to-end/pnp.test.ts

@@ -13,7 +13,7 @@ import {
 import { normalizeAddressWith0x } from '@celo/utils/lib/address'
 import threshold_bls from 'blind-threshold-bls'
 import { randomBytes } from 'crypto'
-import 'isomorphic-fetch'
+import fetch from 'node-fetch'
 import { config as signerConfig } from '../../../signer/src/config'
 import { getCombinerVersion } from '../../src'
 import {

packages/phone-number-privacy/combiner/test/end-to-end/resources.ts

@@ -11,7 +11,6 @@ import {
   normalizeAddressWith0x,
   privateKeyToAddress,
 } from '@celo/utils/lib/address'
-import 'isomorphic-fetch'
 
 require('dotenv').config()