From 5a28c2c670d8ed3b86279036351e9ecf81bb2e3d Mon Sep 17 00:00:00 2001
From: David Sanders <dsanders11@ucsbalum.com>
Date: Tue, 20 Aug 2024 13:21:07 -0700
Subject: [PATCH 1/2] ci: use GHA for CFA releases

---
 .circleci/config.yml          |  83 ---------------
 .github/workflows/release.yml |  52 +++++-----
 .releaserc.json               |   9 ++
 README.md                     |   2 +-
 package-lock.json             | 188 ----------------------------------
 package.json                  |   1 -
 script/publish.js             |  10 --
 7 files changed, 35 insertions(+), 310 deletions(-)
 delete mode 100644 .circleci/config.yml
 create mode 100644 .releaserc.json
 delete mode 100644 script/publish.js

diff --git a/.circleci/config.yml b/.circleci/config.yml
deleted file mode 100644
index 4196a1f..0000000
--- a/.circleci/config.yml
+++ /dev/null
@@ -1,83 +0,0 @@
-version: 2.1
-
-orbs:
-  node: electronjs/node@2.3.0
-
-jobs:
-  release:
-    docker:
-      - image: cimg/node:18.17
-    steps:
-      - checkout
-      - run:
-          name: Update Version
-          command: node script/update-version.js << pipeline.git.tag >>
-      - run:
-          name: Install Dependencies
-          command: npm ci
-      - run:
-          name: Obtain Publishing Credentials
-          command: npx @continuous-auth/circleci-oidc-github-auth@1.0.4
-      - run:
-          name: Confirm Version Updated
-          command: node -e "if (require('./package.json').version === '0.0.0-development') process.exit(1)"
-      - run:
-          name: Set NPM Credentials
-          command: echo //registry.npmjs.org/:_authToken=${NPM_TOKEN} > ~/.npmrc
-      - run:
-          name: Check NPM Credentials
-          command: npm whoami
-      - run:
-          name: CFA Publish
-          command: node script/publish.js
-          no_output_timeout: 30m
-
-workflows:
-  test_and_release:
-    jobs:
-      - node/test:
-          name: test-<< matrix.executor >>-<< matrix.node-version >>
-          pkg-manager: npm
-          post-node-js-install-steps:
-            - when:
-                condition: << pipeline.git.tag >>
-                steps:
-                  - run:
-                      name: Update Version
-                      command: node script/update-version.js << pipeline.git.tag >>
-            - unless:
-                condition: << pipeline.git.tag >>
-                steps:
-                  - run: echo 'export ELECTRON_MKSNAPSHOT_STABLE_FALLBACK=1' >> $BASH_ENV
-          test-steps:
-            - run: node --version
-            - run: npm --version
-            - run: npm test
-          use-test-steps: true
-          matrix:
-            alias: test
-            parameters:
-              executor:
-                - node/linux
-                - node/macos
-                - node/windows
-              node-version:
-                - '20.5.1'
-                - '18.17.0'
-                - '16.20.1'
-                - '14.21.3'
-            exclude:
-              - executor: node/macos
-                node-version: '14.21.3'
-          filters:
-            tags:
-              only: /.*/
-      - release:
-          requires:
-            - test
-          filters:
-            tags:
-              only: /^v.*/
-            branches:
-              ignore: /.*/
-          context: cfa-release
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fb42466..88d752e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,36 +7,34 @@ on:
           description: Electron version to use with "v" prefix (e.g. v30.0.0)
           required: true
 
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
 jobs:
-  smoke_test:
+  test:
+    uses: ./.github/workflows/test.yml
+    with:
+      electron-version: ${{ github.event.inputs.version }}
+  release:
     runs-on: ubuntu-latest
+    needs: test
+    environment: npm
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      id-token: write # for CFA and npm provenance
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: Setup Node.js
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
-          node-version: "20.10.0"
+          persist-credentials: false
+      - name: "Use Node.js ${{ matrix.node-version }}"
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version: "20.16.0"
       - name: Update Version
         run: node script/update-version.js ${{ github.event.inputs.version }}
-      - name: Install Dependencies
-        run: npm i
-      - name: Run Tests
-        run: npm test
-  create_new_version:
-    runs-on: ubuntu-latest
-    needs: smoke_test
-    permissions:
-      contents: write
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      # Tag here, the CircleCI workflow will trigger on the new tag and do the CFA publish
-      - name: Push New Tag
-        run: |
-          git tag ${{ github.event.inputs.version }}
-          git push origin ${{ github.event.inputs.version }}
-      - name: Create Release
-        run: |
-          gh release create ${{ github.event.inputs.version }} -t ${{ github.event.inputs.version }}
+      - name: Confirm Version Updated
+        run: node -e "if (require('./package.json').version === '0.0.0-development') process.exit(1)"
+      - uses: continuousauth/action@4396fa3eb7c9790548b9e2b6e4f527df5b861add # v1.0.1
+        with:
+          project-id: ${{ secrets.CFA_PROJECT_ID }}
+          secret: ${{ secrets.CFA_SECRET }}
+          npm-token: ${{ secrets.NPM_TOKEN }}
diff --git a/.releaserc.json b/.releaserc.json
new file mode 100644
index 0000000..152aec1
--- /dev/null
+++ b/.releaserc.json
@@ -0,0 +1,9 @@
+{
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@continuous-auth/semantic-release-npm",
+    "@semantic-release/github"
+  ],
+  "branches": ["main"]
+}
diff --git a/README.md b/README.md
index cdc4073..acef537 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Electron mksnapshot
 
-[![CircleCI Status](https://circleci.com/gh/electron/mksnapshot/tree/main.svg?style=shield)](https://circleci.com/gh/electron/mksnapshot/tree/main)
+[![Test](https://github.com/electron/mksnapshot/actions/workflows/test.yml/badge.svg)](https://github.com/electron/mksnapshot/actions/workflows/test.yml)
 [![npm:](https://img.shields.io/npm/v/electron-mksnapshot.svg)](https://www.npmjs.com/package/electron-mksnapshot)
 <br>
 [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
diff --git a/package-lock.json b/package-lock.json
index 3eb30d3..1c5ab4f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,7 +19,6 @@
         "mksnapshot": "mksnapshot.js"
       },
       "devDependencies": {
-        "@continuous-auth/client": "^2.2.2",
         "@electron/fiddle-core": "^1.3.0",
         "mocha": "^10.1.0",
         "semver": "^7.3.8",
@@ -49,15 +48,6 @@
         "js-tokens": "^4.0.0"
       }
     },
-    "node_modules/@continuous-auth/client": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/@continuous-auth/client/-/client-2.2.3.tgz",
-      "integrity": "sha512-UyKldKkntlaQyoDjURX42a5H6BiCpw/IPueLjbDUQX9UxJfI+duu4BTk/rbl8Z2jJaoRHWP74AQKyFmA48I3Ew==",
-      "dev": true,
-      "dependencies": {
-        "axios": "^1.6.2"
-      }
-    },
     "node_modules/@electron/fiddle-core": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/@electron/fiddle-core/-/fiddle-core-1.3.0.tgz",
@@ -442,23 +432,6 @@
       "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
       "dev": true
     },
-    "node_modules/asynckit": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
-      "dev": true
-    },
-    "node_modules/axios": {
-      "version": "1.7.4",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
-      "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
-      "dev": true,
-      "dependencies": {
-        "follow-redirects": "^1.15.6",
-        "form-data": "^4.0.0",
-        "proxy-from-env": "^1.1.0"
-      }
-    },
     "node_modules/balanced-match": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
@@ -673,18 +646,6 @@
       "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
       "dev": true
     },
-    "node_modules/combined-stream": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
-      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
-      "dev": true,
-      "dependencies": {
-        "delayed-stream": "~1.0.0"
-      },
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
     "node_modules/concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
@@ -848,15 +809,6 @@
         "node": ">= 4"
       }
     },
-    "node_modules/delayed-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/detect-node": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz",
@@ -1701,40 +1653,6 @@
       "integrity": "sha512-a1hQMktqW9Nmqr5aktAux3JMNqaucxGcjtjWnZLHX7yyPCmlSV3M54nGYbqT8K+0GhF3NBgmJCc3ma+WOgX8Jg==",
       "dev": true
     },
-    "node_modules/follow-redirects": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
-      "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
-      "dev": true,
-      "funding": [
-        {
-          "type": "individual",
-          "url": "https://github.com/sponsors/RubenVerborgh"
-        }
-      ],
-      "engines": {
-        "node": ">=4.0"
-      },
-      "peerDependenciesMeta": {
-        "debug": {
-          "optional": true
-        }
-      }
-    },
-    "node_modules/form-data": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
-      "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
-      "dev": true,
-      "dependencies": {
-        "asynckit": "^0.4.0",
-        "combined-stream": "^1.0.8",
-        "mime-types": "^2.1.12"
-      },
-      "engines": {
-        "node": ">= 6"
-      }
-    },
     "node_modules/fs-extra": {
       "version": "7.0.1",
       "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz",
@@ -2536,27 +2454,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/mime-db": {
-      "version": "1.52.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-      "dev": true,
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/mime-types": {
-      "version": "2.1.35",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-      "dev": true,
-      "dependencies": {
-        "mime-db": "1.52.0"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
     "node_modules/mimic-fn": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz",
@@ -3319,12 +3216,6 @@
       "integrity": "sha1-IS1b/hMYMGpCD2QCuOJv85ZHqEk=",
       "optional": true
     },
-    "node_modules/proxy-from-env": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
-      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
-      "dev": true
-    },
     "node_modules/pump": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz",
@@ -4249,15 +4140,6 @@
         "js-tokens": "^4.0.0"
       }
     },
-    "@continuous-auth/client": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/@continuous-auth/client/-/client-2.2.3.tgz",
-      "integrity": "sha512-UyKldKkntlaQyoDjURX42a5H6BiCpw/IPueLjbDUQX9UxJfI+duu4BTk/rbl8Z2jJaoRHWP74AQKyFmA48I3Ew==",
-      "dev": true,
-      "requires": {
-        "axios": "^1.6.2"
-      }
-    },
     "@electron/fiddle-core": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/@electron/fiddle-core/-/fiddle-core-1.3.0.tgz",
@@ -4557,23 +4439,6 @@
       "integrity": "sha512-iAB+JbDEGXhyIUavoDl9WP/Jj106Kz9DEn1DPgYw5ruDn0e3Wgi3sKFm55sASdGBNOQB8F59d9qQ7deqrHA8wQ==",
       "dev": true
     },
-    "asynckit": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==",
-      "dev": true
-    },
-    "axios": {
-      "version": "1.7.4",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
-      "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
-      "dev": true,
-      "requires": {
-        "follow-redirects": "^1.15.6",
-        "form-data": "^4.0.0",
-        "proxy-from-env": "^1.1.0"
-      }
-    },
     "balanced-match": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
@@ -4741,15 +4606,6 @@
       "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
       "dev": true
     },
-    "combined-stream": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
-      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
-      "dev": true,
-      "requires": {
-        "delayed-stream": "~1.0.0"
-      }
-    },
     "concat-map": {
       "version": "0.0.1",
       "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
@@ -4879,12 +4735,6 @@
         }
       }
     },
-    "delayed-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==",
-      "dev": true
-    },
     "detect-node": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz",
@@ -5529,23 +5379,6 @@
       "integrity": "sha512-a1hQMktqW9Nmqr5aktAux3JMNqaucxGcjtjWnZLHX7yyPCmlSV3M54nGYbqT8K+0GhF3NBgmJCc3ma+WOgX8Jg==",
       "dev": true
     },
-    "follow-redirects": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
-      "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
-      "dev": true
-    },
-    "form-data": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz",
-      "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==",
-      "dev": true,
-      "requires": {
-        "asynckit": "^0.4.0",
-        "combined-stream": "^1.0.8",
-        "mime-types": "^2.1.12"
-      }
-    },
     "fs-extra": {
       "version": "7.0.1",
       "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-7.0.1.tgz",
@@ -6167,21 +6000,6 @@
         }
       }
     },
-    "mime-db": {
-      "version": "1.52.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-      "dev": true
-    },
-    "mime-types": {
-      "version": "2.1.35",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-      "dev": true,
-      "requires": {
-        "mime-db": "1.52.0"
-      }
-    },
     "mimic-fn": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz",
@@ -6762,12 +6580,6 @@
       "integrity": "sha1-IS1b/hMYMGpCD2QCuOJv85ZHqEk=",
       "optional": true
     },
-    "proxy-from-env": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
-      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
-      "dev": true
-    },
     "pump": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz",
diff --git a/package.json b/package.json
index 9e792ee..3dc9291 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,6 @@
     "temp": "^0.8.3"
   },
   "devDependencies": {
-    "@continuous-auth/client": "^2.2.2",
     "@electron/fiddle-core": "^1.3.0",
     "mocha": "^10.1.0",
     "semver": "^7.3.8",
diff --git a/script/publish.js b/script/publish.js
deleted file mode 100644
index 4cd8776..0000000
--- a/script/publish.js
+++ /dev/null
@@ -1,10 +0,0 @@
-// Publish the package in the CWD with an OTP code from CFA
-const { getOtp } = require('@continuous-auth/client')
-const { spawnSync } = require('child_process')
-
-async function publish () {
-  const { status } = spawnSync('npm', ['publish', '--otp', await getOtp()])
-  process.exit(status)
-}
-
-publish()

From eaeaef27af58febdce270b2e14f1a42ee95ec792 Mon Sep 17 00:00:00 2001
From: David Sanders <dsanders11@ucsbalum.com>
Date: Tue, 20 Aug 2024 13:51:51 -0700
Subject: [PATCH 2/2] ci: remove unnecessary permissions

---
 .github/workflows/release.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 88d752e..e6e921c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,10 +17,7 @@ jobs:
     needs: test
     environment: npm
     permissions:
-      contents: write # to be able to publish a GitHub release
       id-token: write # for CFA and npm provenance
-      issues: write # to be able to comment on released issues
-      pull-requests: write # to be able to comment on released pull requests
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with: