From 9b39b7ac04f37dbd7504c053a2649019fe14e885 Mon Sep 17 00:00:00 2001 From: jupblb Date: Mon, 1 Jun 2026 15:15:40 +0200 Subject: [PATCH 1/6] Publish TypeScript bindings to npm --- .github/workflows/release.yaml | 41 ++++++++++++++++++++++++++++++- .gitignore | 3 +++ bindings/typescript/package.json | 21 ++++++++++++++-- bindings/typescript/tsconfig.json | 16 ++++++++---- checks.nix | 2 +- 5 files changed, 74 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9c47a93a..a028ea74 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -131,6 +131,45 @@ jobs: MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} + publish-npm: + needs: publish + runs-on: ubuntu-latest + permissions: + contents: read + # Required for `npm publish --provenance` to mint an OIDC token + # that npm verifies against this workflow's identity. + id-token: write + steps: + - uses: actions/checkout@v6 + with: + ref: v${{ inputs.version }} + - uses: actions/setup-node@v6 + with: + node-version: 22 + registry-url: https://registry.npmjs.org + cache: npm + cache-dependency-path: bindings/typescript/package-lock.json + - name: Install dependencies + run: npm ci + working-directory: bindings/typescript + - name: Build + run: npm run build + working-directory: bindings/typescript + - name: Stage LICENSE into package + run: cp LICENSE bindings/typescript/LICENSE + - name: Publish to npm + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: | + OUTPUT=$(npm publish --access public --provenance 2>&1) && exit 0 + if echo "$OUTPUT" | grep -qE "(cannot publish over the previously published versions|EPUBLISHCONFLICT|You cannot publish over the previously published versions)"; then + echo "Package version already published, skipping" + else + echo "$OUTPUT" + exit 1 + fi + working-directory: bindings/typescript + build-go-binaries: needs: publish permissions: @@ -192,7 +231,7 @@ jobs: gh release upload "$TAG" "$ASSET.tar.gz" "$ASSET.tar.gz.sha256" --clobber finalize-release: - needs: [release-crate, build-go-binaries, publish-jvm-bindings] + needs: [release-crate, build-go-binaries, publish-jvm-bindings, publish-npm] runs-on: ubuntu-latest permissions: contents: write diff --git a/.gitignore b/.gitignore index 8348665d..d501303f 100644 --- a/.gitignore +++ b/.gitignore @@ -29,4 +29,7 @@ dist-newstyle/ # Nix output /result +# TypeScript bindings build output +/bindings/typescript/dist/ + vendor/ diff --git a/bindings/typescript/package.json b/bindings/typescript/package.json index 546a58e1..f517d17e 100644 --- a/bindings/typescript/package.json +++ b/bindings/typescript/package.json @@ -2,11 +2,28 @@ "name": "@scip-code/scip", "version": "0.8.0", "description": "Generated TypeScript definitions for the Semantic Code Intelligence Protocol.", - "repository": "https://github.com/scip-code/scip/bindings/typescript", + "repository": { + "type": "git", + "url": "https://github.com/scip-code/scip", + "directory": "bindings/typescript" + }, "author": "Sourcegraph", "license": "Apache-2.0", + "type": "module", + "main": "./dist/scip_pb.js", + "types": "./dist/scip_pb.d.ts", + "exports": { + ".": { + "types": "./dist/scip_pb.d.ts", + "import": "./dist/scip_pb.js" + } + }, + "files": ["dist"], "sideEffects": false, - "private": false, + "scripts": { + "build": "tsc", + "typecheck": "tsc --noEmit" + }, "dependencies": { "@bufbuild/protobuf": "^2.11.0" }, diff --git a/bindings/typescript/tsconfig.json b/bindings/typescript/tsconfig.json index 38262ef0..ca06db1d 100644 --- a/bindings/typescript/tsconfig.json +++ b/bindings/typescript/tsconfig.json @@ -1,9 +1,15 @@ { "compilerOptions": { - "target": "ES2020", - "module": "ES2020", - "moduleResolution": "bundler", + "target": "ES2022", + "module": "NodeNext", + "moduleResolution": "NodeNext", + "outDir": "dist", "rootDir": ".", - "strict": true - } + "declaration": true, + "declarationMap": true, + "sourceMap": true, + "strict": true, + "skipLibCheck": true + }, + "include": ["scip_pb.ts"] } diff --git a/checks.nix b/checks.nix index 5ed23c74..fda571d9 100644 --- a/checks.nix +++ b/checks.nix @@ -146,7 +146,7 @@ npmDepsHash = "sha256-c+UXwcqJVmRvaIwmzjj42gbmu0X/iEUJUiTcqfXNDvg="; buildPhase = '' runHook preBuild - npx tsc --noEmit + npm run build runHook postBuild ''; installPhase = "touch $out"; From 00e49a34da11d5ecd23d18f8f16a1ca7502d7ef9 Mon Sep 17 00:00:00 2001 From: jupblb Date: Mon, 1 Jun 2026 15:17:53 +0200 Subject: [PATCH 2/6] Use JS-DevTools/npm-publish action --- .github/workflows/release.yaml | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a028ea74..e4c672e3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -136,8 +136,6 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - # Required for `npm publish --provenance` to mint an OIDC token - # that npm verifies against this workflow's identity. id-token: write steps: - uses: actions/checkout@v6 @@ -146,7 +144,6 @@ jobs: - uses: actions/setup-node@v6 with: node-version: 22 - registry-url: https://registry.npmjs.org cache: npm cache-dependency-path: bindings/typescript/package-lock.json - name: Install dependencies @@ -157,18 +154,12 @@ jobs: working-directory: bindings/typescript - name: Stage LICENSE into package run: cp LICENSE bindings/typescript/LICENSE - - name: Publish to npm - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - run: | - OUTPUT=$(npm publish --access public --provenance 2>&1) && exit 0 - if echo "$OUTPUT" | grep -qE "(cannot publish over the previously published versions|EPUBLISHCONFLICT|You cannot publish over the previously published versions)"; then - echo "Package version already published, skipping" - else - echo "$OUTPUT" - exit 1 - fi - working-directory: bindings/typescript + - uses: JS-DevTools/npm-publish@v4 + with: + token: ${{ secrets.NPM_TOKEN }} + package: bindings/typescript + access: public + provenance: true build-go-binaries: needs: publish From 8077a3bbd996884840f9d19fdded86341b151c60 Mon Sep 17 00:00:00 2001 From: jupblb Date: Mon, 1 Jun 2026 16:17:29 +0200 Subject: [PATCH 3/6] Symlink LICENSE in bindings/typescript --- .github/workflows/release.yaml | 10 ++++++++-- bindings/typescript/LICENSE | 1 + bindings/typescript/package.json | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) create mode 120000 bindings/typescript/LICENSE diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e4c672e3..11c0448b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -152,8 +152,14 @@ jobs: - name: Build run: npm run build working-directory: bindings/typescript - - name: Stage LICENSE into package - run: cp LICENSE bindings/typescript/LICENSE + # bindings/typescript/LICENSE is a symlink to ../../LICENSE in the + # source tree (matching bindings/haskell and bindings/rust), but + # npm-pack drops symlinks. Replace it with a regular file so the + # published tarball carries the license text. + - name: Materialize LICENSE for npm pack + run: | + rm -f bindings/typescript/LICENSE + cp LICENSE bindings/typescript/LICENSE - uses: JS-DevTools/npm-publish@v4 with: token: ${{ secrets.NPM_TOKEN }} diff --git a/bindings/typescript/LICENSE b/bindings/typescript/LICENSE new file mode 120000 index 00000000..30cff740 --- /dev/null +++ b/bindings/typescript/LICENSE @@ -0,0 +1 @@ +../../LICENSE \ No newline at end of file diff --git a/bindings/typescript/package.json b/bindings/typescript/package.json index f517d17e..fa67399e 100644 --- a/bindings/typescript/package.json +++ b/bindings/typescript/package.json @@ -18,7 +18,7 @@ "import": "./dist/scip_pb.js" } }, - "files": ["dist"], + "files": ["dist", "LICENSE"], "sideEffects": false, "scripts": { "build": "tsc", From 692c9eeafb0a72fde13bb4159f713e01ed9ffdc1 Mon Sep 17 00:00:00 2001 From: jupblb Date: Tue, 2 Jun 2026 11:03:06 +0200 Subject: [PATCH 4/6] Use npm trusted publishing --- .github/workflows/release.yaml | 16 ++++++++++++++-- bindings/typescript/package.json | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 11c0448b..cefec733 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -136,6 +136,12 @@ jobs: runs-on: ubuntu-latest permissions: contents: read + # Required for npm trusted publishing: GitHub mints an OIDC token + # for this workflow run, and npm verifies it against the trusted + # publisher configured at + # https://www.npmjs.com/package/@scip-code/scip/access + # (org=scip-code, repo=scip, workflow=release.yaml). No NPM_TOKEN + # secret is needed. id-token: write steps: - uses: actions/checkout@v6 @@ -143,7 +149,10 @@ jobs: ref: v${{ inputs.version }} - uses: actions/setup-node@v6 with: - node-version: 22 + # Node 24 ships npm >=11.5.1, the minimum for trusted + # publishing. (Node 22 LTS is stuck on npm 10.x for its + # lifecycle.) + node-version: 24 cache: npm cache-dependency-path: bindings/typescript/package-lock.json - name: Install dependencies @@ -160,9 +169,12 @@ jobs: run: | rm -f bindings/typescript/LICENSE cp LICENSE bindings/typescript/LICENSE + # JS-DevTools/npm-publish reads the registry first and is a no-op + # if @scip-code/scip@ is already published, so this job + # is safely re-runnable. With no `token:` input and `id-token: + # write` granted above, the action authenticates via OIDC. - uses: JS-DevTools/npm-publish@v4 with: - token: ${{ secrets.NPM_TOKEN }} package: bindings/typescript access: public provenance: true diff --git a/bindings/typescript/package.json b/bindings/typescript/package.json index fa67399e..bd3f48a9 100644 --- a/bindings/typescript/package.json +++ b/bindings/typescript/package.json @@ -4,7 +4,7 @@ "description": "Generated TypeScript definitions for the Semantic Code Intelligence Protocol.", "repository": { "type": "git", - "url": "https://github.com/scip-code/scip", + "url": "git+https://github.com/scip-code/scip.git", "directory": "bindings/typescript" }, "author": "Sourcegraph", From 0f03399759f5feebcc014409cb07ed93640bdbe5 Mon Sep 17 00:00:00 2001 From: jupblb Date: Tue, 2 Jun 2026 11:14:12 +0200 Subject: [PATCH 5/6] Trim comments in publish-npm job --- .github/workflows/release.yaml | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index cefec733..6a3f780d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -136,22 +136,14 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - # Required for npm trusted publishing: GitHub mints an OIDC token - # for this workflow run, and npm verifies it against the trusted - # publisher configured at - # https://www.npmjs.com/package/@scip-code/scip/access - # (org=scip-code, repo=scip, workflow=release.yaml). No NPM_TOKEN - # secret is needed. - id-token: write + id-token: write # npm trusted-publishing OIDC steps: - uses: actions/checkout@v6 with: ref: v${{ inputs.version }} - uses: actions/setup-node@v6 with: - # Node 24 ships npm >=11.5.1, the minimum for trusted - # publishing. (Node 22 LTS is stuck on npm 10.x for its - # lifecycle.) + # Trusted publishing needs npm >=11.5.1; Node 22 LTS ships npm 10.x. node-version: 24 cache: npm cache-dependency-path: bindings/typescript/package-lock.json @@ -161,18 +153,11 @@ jobs: - name: Build run: npm run build working-directory: bindings/typescript - # bindings/typescript/LICENSE is a symlink to ../../LICENSE in the - # source tree (matching bindings/haskell and bindings/rust), but - # npm-pack drops symlinks. Replace it with a regular file so the - # published tarball carries the license text. + # LICENSE is a symlink in-tree (matches bindings/{haskell,rust}); npm-pack drops symlinks. - name: Materialize LICENSE for npm pack run: | rm -f bindings/typescript/LICENSE cp LICENSE bindings/typescript/LICENSE - # JS-DevTools/npm-publish reads the registry first and is a no-op - # if @scip-code/scip@ is already published, so this job - # is safely re-runnable. With no `token:` input and `id-token: - # write` granted above, the action authenticates via OIDC. - uses: JS-DevTools/npm-publish@v4 with: package: bindings/typescript From 2c131c6c300b02e3cb8dc9271f0e3c1f5f03ea8c Mon Sep 17 00:00:00 2001 From: jupblb Date: Tue, 2 Jun 2026 11:24:05 +0200 Subject: [PATCH 6/6] Add README for npm package page --- bindings/typescript/README.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 bindings/typescript/README.md diff --git a/bindings/typescript/README.md b/bindings/typescript/README.md new file mode 100644 index 00000000..cf8016cf --- /dev/null +++ b/bindings/typescript/README.md @@ -0,0 +1,31 @@ +# `@scip-code/scip` + +Generated TypeScript definitions for the [SCIP Code Intelligence Protocol]. + +## Install + +``` sh +npm install @scip-code/scip +``` + +The package is ESM-only and ships with `.d.ts` declarations. Peer-style runtime +dependency on [`@bufbuild/protobuf`], which is installed transitively. + +## Use + +``` ts +import { fromBinary, toBinary } from "@bufbuild/protobuf"; +import { IndexSchema } from "@scip-code/scip"; +import { readFileSync } from "node:fs"; + +const bytes = readFileSync("index.scip"); +const index = fromBinary(IndexSchema, bytes); + +console.log(index.metadata?.projectRoot); +for (const doc of index.documents) { + console.log(doc.relativePath, doc.occurrences.length); +} +``` + + [SCIP Code Intelligence Protocol]: https://github.com/scip-code/scip + [`@bufbuild/protobuf`]: https://www.npmjs.com/package/@bufbuild/protobuf