From 3dcc2208f4584a60a7bc9ba01bb6ea556852bd60 Mon Sep 17 00:00:00 2001
From: "Valentin D. Pinkman" <valentin.dealmeida@ledger.fr>
Date: Wed, 2 Oct 2024 16:56:50 +0200
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=92=9A=20(release):=20Push=20snapshot?=
 =?UTF-8?q?=20release=20to=20jfrog?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/snapshot_release.yml | 59 +++++++++++++++++++++-----
 1 file changed, 48 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/snapshot_release.yml b/.github/workflows/snapshot_release.yml
index 269386700..3b79b381f 100644
--- a/.github/workflows/snapshot_release.yml
+++ b/.github/workflows/snapshot_release.yml
@@ -6,23 +6,29 @@ on:
     inputs:
       ref:
         description: The base branch to publish a snapshot release from
-        required: true
+        required: false
         default: "develop"
       tag:
         description: Snapshot version name
         required: false
-        default: ""
+        default: "develop"
 
 env:
   FORCE_COLOR: "1"
-  # if no inputs it's considered as a cron job
-  REF: ${{ inputs.ref || 'develop' }}
-  TAG: ${{ inputs.tag || 'develop' }}
-  NPM_TOKEN: ${{ secrets.NPMJS_TOKEN }}
+  REF: ${{ inputs.ref }}
+  TAG: ${{ inputs.tag }}
+  NPM_REGISTRY: jfrog.ledgerlabs.net/artifactory/api/npm/ldk-npm-prod-public
+
+permissions:
+  id-token: write
+  contents: write
+  pull-requests: write
+  # Need to attest artifacts
+  attestations: write
 
 jobs:
   snapshot:
-    runs-on: ubuntu-latest
+    runs-on: ledgerhq-device-sdk
     steps:
       - uses: actions/checkout@v4
         with:
@@ -31,14 +37,45 @@ jobs:
       - uses: LedgerHQ/device-sdk-ts/.github/actions/setup-toolchain-composite@develop
 
       - name: build libraries
-        run: pnpm build
+        run: pnpm build:libs
+
+      - name: Login to internal JFrog registry
+        id: jfrog-login
+        uses: LedgerHQ/actions-security/actions/jfrog-login@actions/jfrog-login-1
+
+      - name: Setup npm config for JFrog
+        env:
+          NPM_REGISTRY_TOKEN: ${{ steps.jfrog-login.outputs.oidc-token }}
+        run: |
+          cat << EOF | tee .npmrc
+          enable-pre-post-scripts=true
+          registry=https://${NPM_REGISTRY}/
+          //${NPM_REGISTRY}/:_authToken=${NPM_REGISTRY_TOKEN}
+          EOF
+
+      - name: Create dist directory to store tarball
+        run: mkdir -p dist
 
-      - name: create .npmrc
-        run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
+      # - name: create .npmrc
+      #   run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
 
       - name: create and publish snapshot release version
+        id: changesets
         run: |
           pnpm bump --snapshot ${{ env.TAG }}
           pnpm release --snapshot --no-git-tag --tag ${{ env.TAG }}
         env:
-          GITHUB_TOKEN: ${{ github.token }}
+          GITHUB_TOKEN: ${{ secrets.CI_BOT_TOKEN }}
+
+      - name: Attest tarball
+        if: steps.changesets.conclusion == 'success'
+        uses: LedgerHQ/actions-security/actions/attest@actions/attest-1
+        with:
+          subject-path: ./dist
+
+       # The action currently doesn't support pushing the blob to the registry
+      - name: Sign tarball
+        if: steps.changesets.conclusion == 'success'
+        uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
+        with:
+          path: ./dist
\ No newline at end of file

From b3c25e4d84cb362267d1cead76d87236ae095959 Mon Sep 17 00:00:00 2001
From: "Valentin D. Pinkman" <valentin.dealmeida@ledger.fr>
Date: Fri, 22 Nov 2024 11:17:14 +0100
Subject: [PATCH 2/2] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20(changesets):=20Update?=
 =?UTF-8?q?=20wrong=20changeset=20names?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .changeset/gorgeous-tables-cheer.md    | 2 +-
 .changeset/tall-hairs-cheer.md         | 2 +-
 .github/workflows/snapshot_release.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.changeset/gorgeous-tables-cheer.md b/.changeset/gorgeous-tables-cheer.md
index f8789f96e..42b2375ce 100644
--- a/.changeset/gorgeous-tables-cheer.md
+++ b/.changeset/gorgeous-tables-cheer.md
@@ -1,5 +1,5 @@
 ---
-"@ledgerhq/device-signer-kit-btc": patch
+"@ledgerhq/device-signer-kit-bitcoin": patch
 ---
 
 Set bitcoin-js as peer dep
diff --git a/.changeset/tall-hairs-cheer.md b/.changeset/tall-hairs-cheer.md
index 7bccebbc8..b3fd25586 100644
--- a/.changeset/tall-hairs-cheer.md
+++ b/.changeset/tall-hairs-cheer.md
@@ -2,4 +2,4 @@
 "@ledgerhq/device-signer-kit-bitcoin": minor
 ---
 
-Create device-signer-kit-btc package
+Create device-signer-kit-bitcoin package
diff --git a/.github/workflows/snapshot_release.yml b/.github/workflows/snapshot_release.yml
index 3b79b381f..8a9402701 100644
--- a/.github/workflows/snapshot_release.yml
+++ b/.github/workflows/snapshot_release.yml
@@ -78,4 +78,4 @@ jobs:
         if: steps.changesets.conclusion == 'success'
         uses: LedgerHQ/actions-security/actions/sign-blob@actions/sign-blob-1
         with:
-          path: ./dist
\ No newline at end of file
+          path: ./dist