From a7b50d68417fa1e1bd28136bb23b0eb7e6991abc Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:03:01 +0200 Subject: [PATCH 1/9] ci(diagnosis-report): authenticate git push with GH_TOKEN persist-credentials: false strips the token from the origin remote, so the raw git push had no credentials and failed with 'could not read Username for https://github.com'. Push to an explicit x-access-token URL built from GH_TOKEN and github.repository. --- .github/workflows/diagnosis-report.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/diagnosis-report.yml b/.github/workflows/diagnosis-report.yml index f6f5d5f6..bde33556 100644 --- a/.github/workflows/diagnosis-report.yml +++ b/.github/workflows/diagnosis-report.yml @@ -34,6 +34,7 @@ jobs: GH_TOKEN: ${{ github.token }} BODY: ${{ github.event.issue.body }} ISSUE: ${{ github.event.issue.number }} + REPO: ${{ github.repository }} run: | set -euo pipefail @@ -64,7 +65,7 @@ jobs: fi git add "$file" git commit -m "diagnosis: update $host report (from #$ISSUE)" - git push -f origin "$branch" + git push -f "https://x-access-token:${GH_TOKEN}@github.com/${REPO}.git" "$branch" # One open PR per host branch: reuse it while it is open, open a new # one once the previous report has merged (a merged/closed PR for the From cea25e42974ed390afb8c2f4af08423026627d53 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:03:26 +0200 Subject: [PATCH 2/9] ci(deploy-docs): grant build job pages + id-token permissions actions/configure-pages calls the Pages API, but the top-level 'contents: read' permission gave the build job no pages scope, so it failed with 'Resource not accessible by integration' on Get Pages site. Grant the build job pages: write and id-token: write. --- .github/workflows/deploy-docs.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index 61dab6e7..8b2c541a 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -15,6 +15,10 @@ permissions: jobs: build: runs-on: ubuntu-latest + permissions: + contents: read + pages: write + id-token: write steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: From aaa255813d43712dc1ee1109697555db8da6d786 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:19:20 +0200 Subject: [PATCH 3/9] fix --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e3b07da..24deb681 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: node-version: 22 - name: Install workspace deps - run: npm ci + run: npm ci --ignore-scripts - name: Run codegen run: ./scripts/codegen.sh From 6fe4eb9a2ba243bdbc04e2c9607f4f4fc8deda98 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:28:37 +0200 Subject: [PATCH 4/9] ci: restore codegen npm install scripts --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24deb681..1e3b07da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: node-version: 22 - name: Install workspace deps - run: npm ci --ignore-scripts + run: npm ci - name: Run codegen run: ./scripts/codegen.sh From 7c1f42f91d609a512290b7544e037422f7a4658a Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:31:37 +0200 Subject: [PATCH 5/9] ci: skip package builds before codegen --- .github/workflows/ci.yml | 2 +- js/packages/truapi-host/package.json | 2 +- js/packages/truapi/package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e3b07da..2465c200 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: node-version: 22 - name: Install workspace deps - run: npm ci + run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts - name: Run codegen run: ./scripts/codegen.sh diff --git a/js/packages/truapi-host/package.json b/js/packages/truapi-host/package.json index 37590343..6c4a3515 100644 --- a/js/packages/truapi-host/package.json +++ b/js/packages/truapi-host/package.json @@ -31,7 +31,7 @@ "ensure-generated": "./scripts/ensure-generated.sh", "build": "tsc", "prebuild": "npm run ensure-generated", - "prepare": "npm run build", + "prepare": "if [ \"${TRUAPI_SKIP_PACKAGE_BUILD:-0}\" != \"1\" ]; then npm run build; fi", "codegen": "cargo run -p truapi-codegen -- --input ../../../target/doc/truapi.json --output ../truapi/src/generated --host-output src/generated", "typecheck": "npm run build", "pretest": "npm run ensure-generated", diff --git a/js/packages/truapi/package.json b/js/packages/truapi/package.json index 2a07be2e..dd15ccfe 100644 --- a/js/packages/truapi/package.json +++ b/js/packages/truapi/package.json @@ -64,7 +64,7 @@ "ensure-generated": "./scripts/ensure-generated.sh", "build": "tsc", "prebuild": "npm run ensure-generated", - "prepare": "npm run build", + "prepare": "if [ \"${TRUAPI_SKIP_PACKAGE_BUILD:-0}\" != \"1\" ]; then npm run build; fi", "codegen": "cargo run -p truapi-codegen -- --input ../../../target/doc/truapi.json --output src/generated --playground-output src/playground --explorer-output src/explorer", "typecheck": "npm run build", "pretest": "npm run ensure-generated", From a2f34c70319d3535fb3c2cf9b3ca62cb9ac58988 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:34:15 +0200 Subject: [PATCH 6/9] ci: avoid prepare builds in js jobs --- .github/workflows/ci.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2465c200..657a12bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,7 +114,7 @@ jobs: name: codegen-output - name: Install - run: npm ci + run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts - name: Build run: npm run build --prefix js/packages/truapi @@ -143,7 +143,9 @@ jobs: name: codegen-output - name: Install workspace deps + build @parity/truapi - run: npm ci + run: | + TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm run build --prefix js/packages/truapi - name: Install playground deps working-directory: playground @@ -186,7 +188,9 @@ jobs: name: codegen-output - name: Install workspace deps + build @parity/truapi - run: npm ci + run: | + TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm run build --prefix js/packages/truapi - name: Install explorer deps working-directory: explorer @@ -229,7 +233,9 @@ jobs: name: codegen-output - name: Build @parity/truapi - run: npm ci + run: | + TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm run build --prefix js/packages/truapi - name: Install dotli deps working-directory: hosts/dotli From e6217edeb30d7b366f09f6480090477dba87d212 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:45:22 +0200 Subject: [PATCH 7/9] ci: remove redundant build skip env --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 657a12bd..987dee35 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: node-version: 22 - name: Install workspace deps - run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + run: npm ci --ignore-scripts - name: Run codegen run: ./scripts/codegen.sh @@ -114,7 +114,7 @@ jobs: name: codegen-output - name: Install - run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + run: npm ci --ignore-scripts - name: Build run: npm run build --prefix js/packages/truapi @@ -144,7 +144,7 @@ jobs: - name: Install workspace deps + build @parity/truapi run: | - TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install playground deps @@ -189,7 +189,7 @@ jobs: - name: Install workspace deps + build @parity/truapi run: | - TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install explorer deps @@ -234,7 +234,7 @@ jobs: - name: Build @parity/truapi run: | - TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install dotli deps From 4d01225e96930e119156597a4607a1c26b79bbd6 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:47:08 +0200 Subject: [PATCH 8/9] Revert "ci: remove redundant build skip env" This reverts commit e6217edeb30d7b366f09f6480090477dba87d212. --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 987dee35..657a12bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: node-version: 22 - name: Install workspace deps - run: npm ci --ignore-scripts + run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts - name: Run codegen run: ./scripts/codegen.sh @@ -114,7 +114,7 @@ jobs: name: codegen-output - name: Install - run: npm ci --ignore-scripts + run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts - name: Build run: npm run build --prefix js/packages/truapi @@ -144,7 +144,7 @@ jobs: - name: Install workspace deps + build @parity/truapi run: | - npm ci --ignore-scripts + TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install playground deps @@ -189,7 +189,7 @@ jobs: - name: Install workspace deps + build @parity/truapi run: | - npm ci --ignore-scripts + TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install explorer deps @@ -234,7 +234,7 @@ jobs: - name: Build @parity/truapi run: | - npm ci --ignore-scripts + TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install dotli deps From cc22f87474f98fac89da2d523d0724ebf543c473 Mon Sep 17 00:00:00 2001 From: pgherveou Date: Fri, 5 Jun 2026 17:56:01 +0200 Subject: [PATCH 9/9] ci: remove package prepare builds --- .github/workflows/ci.yml | 10 +++++----- .github/workflows/release.yml | 4 +--- js/packages/truapi-host/package.json | 1 - js/packages/truapi/package.json | 1 - 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 657a12bd..987dee35 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -70,7 +70,7 @@ jobs: node-version: 22 - name: Install workspace deps - run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + run: npm ci --ignore-scripts - name: Run codegen run: ./scripts/codegen.sh @@ -114,7 +114,7 @@ jobs: name: codegen-output - name: Install - run: TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + run: npm ci --ignore-scripts - name: Build run: npm run build --prefix js/packages/truapi @@ -144,7 +144,7 @@ jobs: - name: Install workspace deps + build @parity/truapi run: | - TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install playground deps @@ -189,7 +189,7 @@ jobs: - name: Install workspace deps + build @parity/truapi run: | - TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install explorer deps @@ -234,7 +234,7 @@ jobs: - name: Build @parity/truapi run: | - TRUAPI_SKIP_PACKAGE_BUILD=1 npm ci --ignore-scripts + npm ci --ignore-scripts npm run build --prefix js/packages/truapi - name: Install dotli deps diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ab648b53..6a0a0914 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,13 +85,11 @@ jobs: env: STEPS_VERSION_OUTPUTS_TAG: ${{ steps.version.outputs.tag }} - # --ignore-scripts skips the `prepare` hook so we don't rebuild what - # the Build step just produced. - name: Pack package if: steps.version.outputs.proceed == 'true' run: | mkdir -p artifacts - (cd js/packages/truapi && npm pack --ignore-scripts --pack-destination "$GITHUB_WORKSPACE/artifacts/") + (cd js/packages/truapi && npm pack --pack-destination "$GITHUB_WORKSPACE/artifacts/") - name: Upload package artifacts if: steps.version.outputs.proceed == 'true' diff --git a/js/packages/truapi-host/package.json b/js/packages/truapi-host/package.json index 6c4a3515..343626e7 100644 --- a/js/packages/truapi-host/package.json +++ b/js/packages/truapi-host/package.json @@ -31,7 +31,6 @@ "ensure-generated": "./scripts/ensure-generated.sh", "build": "tsc", "prebuild": "npm run ensure-generated", - "prepare": "if [ \"${TRUAPI_SKIP_PACKAGE_BUILD:-0}\" != \"1\" ]; then npm run build; fi", "codegen": "cargo run -p truapi-codegen -- --input ../../../target/doc/truapi.json --output ../truapi/src/generated --host-output src/generated", "typecheck": "npm run build", "pretest": "npm run ensure-generated", diff --git a/js/packages/truapi/package.json b/js/packages/truapi/package.json index dd15ccfe..46ae9d73 100644 --- a/js/packages/truapi/package.json +++ b/js/packages/truapi/package.json @@ -64,7 +64,6 @@ "ensure-generated": "./scripts/ensure-generated.sh", "build": "tsc", "prebuild": "npm run ensure-generated", - "prepare": "if [ \"${TRUAPI_SKIP_PACKAGE_BUILD:-0}\" != \"1\" ]; then npm run build; fi", "codegen": "cargo run -p truapi-codegen -- --input ../../../target/doc/truapi.json --output src/generated --playground-output src/playground --explorer-output src/explorer", "typecheck": "npm run build", "pretest": "npm run ensure-generated",