From d086e4feb269fee072eed710b1d46f27f9a30915 Mon Sep 17 00:00:00 2001
From: Erick Zhao <erick@hotmail.ca>
Date: Fri, 14 Mar 2025 10:33:12 -0700
Subject: [PATCH 1/2] build: use OIDC flow for docs publish (#225)

Co-authored-by: David Sanders <dsanders11@ucsbalum.com>
---
 .github/workflows/docs.yml | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index e7aec78..fb4d002 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -1,17 +1,18 @@
-name: Publish API documentation
+name: Publish documentation
 
 on:
   push:
     tags:
       - v[0-9]+.[0-9]+.[0-9]+*
 
-permissions: {}
+permissions:
+  id-token: write
+  contents: read
 
 jobs:
   docs:
-    runs-on: ubuntu-24
-    environment: 
-      name: publish-docs
+    runs-on: ubuntu-latest
+    environment: docs-publish
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # tag: v4.2.2
       - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a  # tag: v4.2.0
@@ -22,12 +23,14 @@ jobs:
         run: yarn --frozen-lockfile
       - name: Build API documentation
         run: yarn build:docs
+      - name: Azure login
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
+        with:
+          client-id: ${{ secrets.AZURE_OIDC_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_OIDC_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_OIDC_SUBSCRIPTION_ID }}
       - name: Upload to Azure Blob Storage
         uses: azure/cli@089eac9d8cc39f5d003e94f8b65efc51076c9cbd  # tag: v2.1.0
         with:
-          azcliversion: latest
           inlineScript: |
-            az storage blob upload-batch --account-name $ACCOUNT_NAME -d '$web/notarize/${{ github.ref_name }}' -s ./docs --overwrite --sas-token "$SAS_TOKEN"
-        env:
-          SAS_TOKEN: ${{ secrets.SAS_TOKEN }}
-          ACCOUNT_NAME: ${{ secrets.ACCOUNT_NAME }}
+            az storage blob upload-batch --account-name ${{ secrets.AZURE_ECOSYSTEM_PACKAGES_STORAGE_ACCOUNT_NAME }} -d '$web/notarize/${{ github.ref_name }}' -s ./docs --overwrite --auth-mode login

From 451b6e7fc7a8130b8d14ff5a04ffd1a28dbf250f Mon Sep 17 00:00:00 2001
From: Erick Zhao <erick@hotmail.ca>
Date: Fri, 21 Mar 2025 15:35:54 -0700
Subject: [PATCH 2/2] fix: remove `graceful-fs` and use direct imports (#229)

---------
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: Mark Lee <malept@users.noreply.github.com>
---
 package.json           |  2 --
 src/check-signature.ts |  2 +-
 src/helpers.ts         | 13 ++++++-------
 src/staple.ts          |  2 +-
 test/helpers.test.ts   | 22 +++++++++++++++++++---
 yarn.lock              | 19 -------------------
 6 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/package.json b/package.json
index 2064110..18cc890 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,6 @@
   "devDependencies": {
     "@tsconfig/node22": "^22.0.0",
     "@types/debug": "^4.1.12",
-    "@types/graceful-fs": "^4.1.9",
     "@types/node": "~22.10.7",
     "@types/promise-retry": "^1.1.3",
     "prettier": "^3.4.2",
@@ -46,7 +45,6 @@
   },
   "dependencies": {
     "debug": "^4.4.0",
-    "graceful-fs": "^4.2.11",
     "promise-retry": "^2.0.1"
   }
 }
diff --git a/src/check-signature.ts b/src/check-signature.ts
index 6bbac9b..11cf9fe 100644
--- a/src/check-signature.ts
+++ b/src/check-signature.ts
@@ -1,4 +1,4 @@
-import * as path from 'path';
+import path from 'node:path';
 
 import { spawn } from './spawn.js';
 import { NotaryToolNotarizeAppOptions } from './types.js';
diff --git a/src/helpers.ts b/src/helpers.ts
index 190da33..95bf98a 100644
--- a/src/helpers.ts
+++ b/src/helpers.ts
@@ -1,25 +1,24 @@
 import debug from 'debug';
-import * as fs from 'graceful-fs';
 
-import * as os from 'node:os';
-import * as path from 'node:path';
-import * as util from 'node:util';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
 
 const d = debug('electron-notarize:helpers');
 
 export async function withTempDir<T>(fn: (dir: string) => Promise<T>) {
-  const dir = await util.promisify(fs.mkdtemp)(path.resolve(os.tmpdir(), 'electron-notarize-'));
+  const dir = await fs.promises.mkdtemp(path.resolve(os.tmpdir(), 'electron-notarize-'));
   d('doing work inside temp dir:', dir);
   let result: T;
   try {
     result = await fn(dir);
   } catch (err) {
     d('work failed');
-    await util.promisify(fs.rm)(dir, { recursive: true, force: true });
+    await fs.promises.rm(dir, { recursive: true, force: true });
     throw err;
   }
   d('work succeeded');
-  await util.promisify(fs.rm)(dir, { recursive: true, force: true });
+  await fs.promises.rm(dir, { recursive: true, force: true });
   return result;
 }
 
diff --git a/src/staple.ts b/src/staple.ts
index d2cd662..25d1763 100644
--- a/src/staple.ts
+++ b/src/staple.ts
@@ -1,5 +1,5 @@
 import debug from 'debug';
-import * as path from 'path';
+import path from 'node:path';
 
 import { spawn } from './spawn.js';
 import { NotaryToolNotarizeAppOptions } from './types.js';
diff --git a/test/helpers.test.ts b/test/helpers.test.ts
index 3561da3..15f8331 100644
--- a/test/helpers.test.ts
+++ b/test/helpers.test.ts
@@ -1,9 +1,13 @@
-import { describe, expect, test } from 'vitest';
-import { parseNotarizationInfo } from '../src/helpers';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+import { describe, expect, it } from 'vitest';
+import { parseNotarizationInfo, withTempDir } from '../src/helpers';
 
 describe('helpers', () => {
   describe('parseNotarizationInfo', () => {
-    test('build a NotarizationInfo object', () => {
+    it('builds a NotarizationInfo object', () => {
       const output = `
 RequestUUID: 123
 Date: 2020-01-01
@@ -16,4 +20,16 @@ Status: unknown
       });
     });
   });
+
+  describe('withTempDir', async () => {
+    it('creates a temporary directory and cleans it up afterwards', async () => {
+      let tmp: string | undefined;
+      await withTempDir(async (dir) => {
+        tmp = dir;
+      });
+      expect(tmp).toBeDefined();
+      expect(tmp).toContain(path.join(os.tmpdir(), 'electron-notarize-'));
+      expect(fs.existsSync(tmp!)).toBe(false);
+    });
+  });
 });
diff --git a/yarn.lock b/yarn.lock
index 30d2588..93a07ad 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -244,25 +244,11 @@
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.6.tgz#628effeeae2064a1b4e79f78e81d87b7e5fc7b50"
   integrity sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==
 
-"@types/graceful-fs@^4.1.9":
-  version "4.1.9"
-  resolved "https://registry.yarnpkg.com/@types/graceful-fs/-/graceful-fs-4.1.9.tgz#2a06bc0f68a20ab37b3e36aa238be6abdf49e8b4"
-  integrity sha512-olP3sd1qOEe5dXTSaFvQG+02VdRXcdytWLAZsAq1PecU8uqQAhkrnbli7DagjtXKW/Bl7YJbUsa8MPcuc8LHEQ==
-  dependencies:
-    "@types/node" "*"
-
 "@types/ms@*":
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/@types/ms/-/ms-2.1.0.tgz#052aa67a48eccc4309d7f0191b7e41434b90bb78"
   integrity sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==
 
-"@types/node@*":
-  version "22.13.10"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-22.13.10.tgz#df9ea358c5ed991266becc3109dc2dc9125d77e4"
-  integrity sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==
-  dependencies:
-    undici-types "~6.20.0"
-
 "@types/node@~22.10.7":
   version "22.10.7"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-22.10.7.tgz#14a1ca33fd0ebdd9d63593ed8d3fbc882a6d28d7"
@@ -454,11 +440,6 @@ fsevents@~2.3.2, fsevents@~2.3.3:
   resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6"
   integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==
 
-graceful-fs@^4.2.11:
-  version "4.2.11"
-  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3"
-  integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==
-
 jsonc-parser@^3.2.0:
   version "3.2.1"
   resolved "https://registry.yarnpkg.com/jsonc-parser/-/jsonc-parser-3.2.1.tgz#031904571ccf929d7670ee8c547545081cb37f1a"