ci: merge workflows. test: mirror noble-curves

.github/workflows/release.yml

@@ -0,0 +1,57 @@
+name: Publish release
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+jobs:
+  publish-jsr:
+    name: Publish to JSR.io
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - run: npm install -g jsr
+      - run: jsr publish
+  publish-npm:
+    name: Publish to NPM
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: 22
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
+  standalone:
+    name: Upload files to GitHub Releases
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: 22
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+      - run: npm ci
+      - run: npm run build
+      - run: |
+          cd build
+          npm ci
+          npm run build:release
+          cd ..
+      - run: gh release upload ${{ github.event.release.tag_name }} test/build/noble-secp256k1.min.js test/build/noble-secp256k1.min.js.gz
+        env:
+          GH_TOKEN: ${{ github.token }}

.github/workflows/test-js.yml

@@ -0,0 +1,82 @@
+name: Run JS tests
+on:
+  - push
+  - pull_request
+jobs:
+  bun:
+    name: Bun
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 # v2.0.1
+      - run: bun install
+      - run: bun run build
+      - run: bun test/index.js
+  deno:
+    name: Deno
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: denoland/setup-deno@909cc5acb0fdd60627fb858598759246509fa755 # v2.0.2
+      - run: deno install
+      - run: deno task build
+      - run: deno --allow-env --allow-read --allow-write test/index.js
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+      - run: npm install
+      - run: npm run build --if-present
+      - run: npm run lint --if-present
+  node:
+    name: Node v${{ matrix.node }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node: [20, 22]
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: ${{ matrix.node }}
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+      - run: npm install
+      - run: npm run build --if-present
+      - run: npm test
+  node_polyfill:
+    name: Node v${{ matrix.node }} with polyfill
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node:
+          - 18
+          - 20
+          - 22
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          node-version: ${{ matrix.node }}
+      - run: npm install
+      - run: npm run build --if-present
+      - run: npm run test:webcrypto
+  coverage:
+    name: Measure coverage on Node
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
+      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4
+        with:
+          registry-url: 'https://registry.npmjs.org'
+          cache: npm
+      - run: npm install
+      - run: npm run build --if-present
+      - run: npm run test:coverage --if-present

test/basic.test.js

@@ -2,7 +2,6 @@ import { deepStrictEqual, throws } from 'node:assert';
 import { should, describe } from 'micro-should';
 import * as fc from 'fast-check';
 import * as ed25519 from '../index.js';
-import * as h from './ed25519.helpers.js';
 
 const CURVES = { ed25519 };
 const name = 'ed25519';

test/ed25519.test.js

@@ -1,14 +1,15 @@
+import { json } from './utils.js';
 import { deepStrictEqual, strictEqual, throws } from 'node:assert';
 import { readFileSync } from 'node:fs';
 import { bytesToHex, concatBytes, hexToBytes, utf8ToBytes, randomBytes } from '@noble/hashes/utils';
 import * as fc from 'fast-check';
 import { describe, should } from 'micro-should';
 import { ed25519 as ed, ED25519_TORSION_SUBGROUP, numberToBytesLE } from './ed25519.helpers.js';
 // Old vectors allow to test sign() because they include private key
-import { default as ed25519vectors_OLD } from './ed25519/ed25519_test_OLD.json' with { type: 'json' };
-import { default as ed25519vectors } from './wycheproof/ed25519_test.json' with { type: 'json' };
-import { default as zip215 } from './ed25519/zip215.json' with { type: 'json' };
-import { default as edgeCases } from './ed25519/edge-cases.json' with { type: 'json' };
+const ed25519vectors_OLD = json('./ed25519/ed25519_test_OLD.json');
+const ed25519vectors = json('./wycheproof/ed25519_test.json');
+const zip215 = json('./ed25519/zip215.json');
+const edgeCases = json('./ed25519/edge-cases.json');
 
 // Any changes to the file will need to be aware of the fact
 // the file is shared between noble-curves and noble-ed25519.
@@ -290,18 +291,22 @@ describe('ed25519', () => {
     const publicKey = ed.getPublicKey(privateKey);
 
     for (let i = 0; i < 100; i++) {
-      let payload = randomBytes(100);
-      let signature = ed.sign(payload, privateKey);
-      if (!ed.verify(signature, payload, publicKey)) {
+      let pay = randomBytes(100); // payload
+      let sig = ed.sign(pay, privateKey);
+      if (!ed.verify(sig, pay, publicKey))
         throw new Error('Signature verification failed');
-      }
-      const signatureCopy = Buffer.alloc(signature.byteLength);
-      signatureCopy.set(signature, 0); // <-- breaks
-      payload = payload.slice();
-      signature = signature.slice();
+      if (typeof Buffer === 'undefined') {
+        if (!ed.verify(sig.slice(), pay.slice(), publicKey))
+          throw new Error('Signature verification failed');
+      } else {
+        const signatureCopy = Buffer.alloc(sig.byteLength);
+        signatureCopy.set(sig, 0); // <-- breaks
+        pay = pay.slice();
+        sig = sig.slice();
 
-      if (!ed.verify(signatureCopy, payload, publicKey))
-        throw new Error('Copied signature verification failed');
+        if (!ed.verify(signatureCopy, pay, publicKey))
+          throw new Error('Copied signature verification failed');
+      }
     }
   });
 
@@ -327,7 +332,7 @@ describe('ed25519', () => {
       throws(() => {
         deepStrictEqual(ed.verify(sig, 'deadbeef', Point.BASE), false);
       });
-      deepStrictEqual(ed.verify(sig, 'deadbeef', Point.BASE.toRawBytes()), false);
+      deepStrictEqual(ed.verify(sig, 'be'.repeat(64), Point.BASE.toRawBytes()), false);
     });
   });
 
@@ -461,8 +466,4 @@ describe('ed25519', () => {
   });
 });
 
-// ESM is broken.
-import url from 'node:url';
-if (import.meta.url === url.pathToFileURL(process.argv[1]).href) {
-  should.run();
-}
+should.runWhen(import.meta.url);

test/ed25519.webcrypto.test.js

@@ -1,9 +1,7 @@
 import { webcrypto } from 'node:crypto';
 // @ts-ignore
 if (!globalThis.crypto) globalThis.crypto = webcrypto;
-
 import './ed25519.test.js';
-
 // Force ESM import to execute
 import { should } from 'micro-should';
-should.run();
+should.runWhen(import.meta.url);

test/index.js

@@ -1,6 +1,6 @@
 import { should } from 'micro-should';
-import * as t1 from './basic.test.js';
-import * as t2 from './ed25519.test.js';
-import * as t3 from './utils.test.js';
+import './basic.test.js';
+import './ed25519.test.js';
+import './utils.test.js';
 
-should.run();
+should.runWhen(import.meta.url);

test/utils.js

@@ -1,3 +1,21 @@
+import { readFileSync } from 'node:fs';
+import { dirname, join as joinPath } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const _dirname = dirname(fileURLToPath(import.meta.url));
+
+export function json(path) {
+  try {
+    // Node.js
+    return JSON.parse(readFileSync(joinPath(_dirname, path), { encoding: 'utf-8' }));
+  } catch {
+    // Bundler
+    const file = path.replace(/^\.\//, '').replace(/\.json$/, '');
+    if (path !== './' + file + '.json') throw new Error('Can not load non-json file');
+    return require('./' + file + '.json'); // in this form so that bundler can glob this
+  }
+}
+
 // Everything except undefined, string, Uint8Array
 const TYPE_TEST_BASE = [
   null,