keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(npm-publish): keigit as primary registry, npmjs reserved for future

Browse source 
- _ts_packages/tsconfig.base.json: sourceMap=false, declarationMap=false
  (source maps leaked absolute dev paths in published tarballs).
- All 6 @keisei/* packages: publishConfig.registry = keigit.com.
  mcp-server bumped 0.14.5 -> 0.14.6 (republished without maps).
- .github/workflows/release.yml split into two jobs:
    npm-publish-keigit: primary. Activates on KEIGIT_NPM_TOKEN +
      KEIGIT_NPM_USER secrets. Publishes via direct curl PUT
      (Forgejo requires Basic auth; npm CLI sends Bearer).
    npm-publish-npmjs: reserved for future. Activates on NPM_TOKEN
      secret. Currently no token -> job skipped gracefully.

End-to-end verified: clean dir + scope @keisei -> keigit + npm install
pulls 145 deps, no leaked paths, no .map files in any of 6 packages.
This commit is contained in:
Parfii-bot 2026-05-16 23:21:44 +08:00
parent d4303483ca
commit 5a31670919
10 changed files with 152 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

123
.github/workflows/release.yml vendored
View file

@ -295,12 +295,116 @@ jobs:
done
echo "✓ Release $TAG published with all assets"
npm-publish:
name: Publish npm packages (optional)
# ─────────────────────────────────────────────────────────────────────
# npm publish — две независимые job'ы.
#
# PRIMARY: keigit.com (наш приватный Forgejo). Активируется когда
# установлен secret KEIGIT_NPM_TOKEN. Forgejo требует
# Basic-auth (`Authorization: Basic base64(user:token)`),
# поэтому публикация через прямой curl PUT с manual payload —
# npm CLI не умеет Basic для Forgejo packages API.
#
# FUTURE: registry.npmjs.org. Активируется когда установлен secret
# NPM_TOKEN. Сейчас не подключено (secret не задан) — job
# gracefully скипается. Оставлен для будущего публичного
# хостинга когда захотим.
# ─────────────────────────────────────────────────────────────────────
npm-publish-keigit:
name: Publish to keigit.com (primary)
needs: release
runs-on: ubuntu-latest
# Graceful skip: if NPM_TOKEN secret is not configured, the first step
# reports "skipped" and exits 0 — Rust-binary release above still succeeds.
steps:
- name: Check KEIGIT_NPM_TOKEN presence
id: have_token
env:
KEIGIT_NPM_TOKEN: ${{ secrets.KEIGIT_NPM_TOKEN }}
run: |
if [ -n "${KEIGIT_NPM_TOKEN:-}" ]; then
echo "present=1" >> "$GITHUB_OUTPUT"
else
echo "present=0" >> "$GITHUB_OUTPUT"
echo "::notice::KEIGIT_NPM_TOKEN not set — skipping keigit publish gracefully"
fi
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
if: steps.have_token.outputs.present == '1'
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
if: steps.have_token.outputs.present == '1'
with:
node-version: '20'
- name: Install deps
if: steps.have_token.outputs.present == '1'
working-directory: _ts_packages
run: npm ci
- name: Build workspaces
if: steps.have_token.outputs.present == '1'
working-directory: _ts_packages
run: npm run build --workspaces --if-present
- name: Publish each package via curl PUT
if: steps.have_token.outputs.present == '1'
working-directory: _ts_packages
env:
KEIGIT_NPM_TOKEN: ${{ secrets.KEIGIT_NPM_TOKEN }}
KEIGIT_NPM_USER: ${{ secrets.KEIGIT_NPM_USER }}
run: |
set -euo pipefail
: "${KEIGIT_NPM_USER:?KEIGIT_NPM_USER secret required (e.g. 'Parfionovich')}"
B64_AUTH=$(printf '%s' "${KEIGIT_NPM_USER}:${KEIGIT_NPM_TOKEN}" | base64 -w0)
for pkg in packages/*/; do
[ -f "$pkg/package.json" ] || continue
pkgname=$(jq -r '.name' "$pkg/package.json")
version=$(jq -r '.version' "$pkg/package.json")
short=$(echo "$pkgname" | cut -d/ -f2)
echo "::group::publish $pkgname@$version → keigit"
(
cd "$pkg"
npm pack >/dev/null
tarball="keisei-${short}-${version}.tgz"
[ -f "$tarball" ] || { echo "::warning::tarball $tarball missing"; exit 0; }
data=$(base64 -w0 "$tarball")
shasum=$(sha1sum "$tarball" | awk '{print $1}')
integrity="sha512-$(sha512sum "$tarball" | awk '{print $1}' | xxd -r -p | base64 -w0)"
size=$(stat -c '%s' "$tarball")
jq -n \
--arg name "$pkgname" --arg version "$version" \
--arg tarball "https://keigit.com/api/packages/keisei/npm/%40keisei%2F${short}/-/${version}/${short}-${version}.tgz" \
--arg shasum "$shasum" --arg integrity "$integrity" \
--arg data "$data" --argjson length "$size" \
--arg attach "${short}-${version}.tgz" --slurpfile pkg package.json \
'{ _id: $name, name: $name, "dist-tags": {latest: $version},
versions: { ($version): ($pkg[0] + {_id: ($name + "@" + $version), dist: {tarball: $tarball, shasum: $shasum, integrity: $integrity}}) },
_attachments: ({} | .[$attach] = { content_type:"application/octet-stream", data:$data, length:$length }) }' > payload.json
http=$(curl -sS -X PUT "https://keigit.com/api/packages/keisei/npm/@keisei%2F${short}" \
-H "Authorization: Basic ${B64_AUTH}" -H "Content-Type: application/json" \
--data-binary @payload.json -o resp.txt -w "%{http_code}")
if [ "$http" = "201" ]; then
echo "$pkgname@$version → keigit OK"
elif [ "$http" = "409" ] || grep -q "already exists" resp.txt 2>/dev/null; then
echo "::warning::$pkgname@$version already published (skipping)"
else
echo "::error::$pkgname@$version → HTTP $http"
cat resp.txt
exit 1
fi
rm -f "$tarball" payload.json resp.txt
)
echo "::endgroup::"
done
npm-publish-npmjs:
name: Publish to registry.npmjs.org (future, gracefully skipped)
needs: release
runs-on: ubuntu-latest
# FUTURE: добавит публичный хостинг через npmjs параллельно keigit.
# Сейчас secret NPM_TOKEN не установлен → job просто скипается.
# Когда захотим подключить — добавить secret NPM_TOKEN с
# https://www.npmjs.com/settings/<user>/tokens, scope=Automation.
steps:
- name: Check NPM_TOKEN presence
id: have_token
@ -311,7 +415,7 @@ jobs:
echo "present=1" >> "$GITHUB_OUTPUT"
else
echo "present=0" >> "$GITHUB_OUTPUT"
echo "::notice::NPM_TOKEN not set — skipping npm publish gracefully"
echo "::notice::NPM_TOKEN not set — skipping npmjs publish gracefully (keigit publish is primary)"
fi
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
@ -333,7 +437,7 @@ jobs:
working-directory: _ts_packages
run: npm run build --workspaces --if-present
- name: Publish each package
- name: Publish each package via npm CLI (override registry)
if: steps.have_token.outputs.present == '1'
working-directory: _ts_packages
env:
@ -342,9 +446,10 @@ jobs:
set -euo pipefail
for pkg in packages/*/; do
if [ -f "$pkg/package.json" ]; then
echo "::group::publish $pkg"
( cd "$pkg" && npm publish --access public ) \
|| echo "::warning::publish failed for $pkg (continuing)"
echo "::group::publish $pkg → npmjs"
# --registry overrides publishConfig.registry (keigit) for this run.
( cd "$pkg" && npm publish --access public --registry=https://registry.npmjs.org ) \
|| echo "::warning::npmjs publish failed for $pkg (continuing)"
echo "::endgroup::"
fi
done

6
_ts_packages/packages/gmail-adapter/package.json
View file

@ -30,5 +30,9 @@
"engines": {
"node": ">=18.0.0"
},
"author": "Denis Parfionovich <parfionovich@keilab.io>"
"author": "Denis Parfionovich <parfionovich@keilab.io>",
"publishConfig": {
"registry": "https://keigit.com/api/packages/keisei/npm/",
"access": "public"
}
}

6
_ts_packages/packages/grok-adapter/package.json
View file

@ -29,5 +29,9 @@
"engines": {
"node": ">=18.0.0"
},
"author": "Denis Parfionovich <parfionovich@keilab.io>"
"author": "Denis Parfionovich <parfionovich@keilab.io>",
"publishConfig": {
"registry": "https://keigit.com/api/packages/keisei/npm/",
"access": "public"
}
}

7
_ts_packages/packages/mcp-server/.npmignore Normal file
View file

@ -0,0 +1,7 @@
# Source maps leak absolute paths of dev machine.
# Tested 2026-05-15: dist/*.js.map content includes "/Users/<dev>/Projects/..." strings.
**/*.map
**/*.tsbuildinfo
src/
test/
tsconfig*.json

2
_ts_packages/packages/mcp-server/package.json
View file

@ -1,6 +1,6 @@
{
"name": "@keisei/mcp-server",
"version": "0.14.5",
"version": "0.14.6",
"description": "MCP server exposing KeiSeiKit Rust primitives as Model Context Protocol tools — published to keigit.com (Forgejo npm registry, public DNS)",
"type": "module",
"main": "./dist/index.js",

4
_ts_packages/packages/mcp-server/tsconfig.json
View file

@ -3,7 +3,9 @@
"compilerOptions": {
"outDir": "./dist",
"rootDir": "./src",
"types": ["node"]
"types": ["node"],
"sourceMap": false,
"declarationMap": false
},
"include": ["src/**/*"],
"exclude": ["dist", "node_modules", "test/**/*"]

6
_ts_packages/packages/recall-adapter/package.json
View file

@ -29,5 +29,9 @@
"engines": {
"node": ">=18.0.0"
},
"author": "Denis Parfionovich <parfionovich@keilab.io>"
"author": "Denis Parfionovich <parfionovich@keilab.io>",
"publishConfig": {
"registry": "https://keigit.com/api/packages/keisei/npm/",
"access": "public"
}
}

6
_ts_packages/packages/telegram-adapter/package.json
View file

@ -30,5 +30,9 @@
"engines": {
"node": ">=18.0.0"
},
"author": "Denis Parfionovich <parfionovich@keilab.io>"
"author": "Denis Parfionovich <parfionovich@keilab.io>",
"publishConfig": {
"registry": "https://keigit.com/api/packages/keisei/npm/",
"access": "public"
}
}

6
_ts_packages/packages/youtube-adapter/package.json
View file

@ -31,5 +31,9 @@
"engines": {
"node": ">=18.0.0"
},
"author": "Denis Parfionovich <parfionovich@keilab.io>"
"author": "Denis Parfionovich <parfionovich@keilab.io>",
"publishConfig": {
"registry": "https://keigit.com/api/packages/keisei/npm/",
"access": "public"
}
}

4
_ts_packages/tsconfig.base.json
View file

@ -14,8 +14,8 @@
"forceConsistentCasingInFileNames": true,
"skipLibCheck": true,
"declaration": true,
"declarationMap": true,
"sourceMap": true,
"declarationMap": false,
"sourceMap": false,
"composite": true,
"incremental": true
}