Skip to content

chore: Cleanup the repo before releasing #3678

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aterga merged 3 commits into from
Mar 13, 2026
Merged

chore: Cleanup the repo before releasing #3678

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9109603
first
aterga Mar 13, 2026
e1c7cde
save
aterga Mar 13, 2026
0352964
Fix README text
aterga Mar 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions .github/actions/release/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,13 @@ This action creates nice release notes.

To try the action locally, run the following:

``` bash
```bash
$ # The list of files for which we compute the sha256
$ # (those file must exist, though they don't need to have meaningful content)
$ export INPUT_ASSETS='internet_identity_production.wasm.gz
internet_identity_dev.wasm.gz
internet_identity_test.wasm.gz
archive.wasm.gz'
$ export INPUT_PRODUCTION_ASSET=internet_identity_production.wasm.gz
$ export RELEASE_TAG=release-2023-08-11 # Does not need to exist
# If you want to test the CI links to the sha256sum steps, also provide a valid INPUT_WORKFLOW_JOBS
# The easiest way to get example data to use for INPUT_WORKFLOW_JOBS is to grab it from the last release CI run
Expand Down
55 changes: 25 additions & 30 deletions .github/actions/release/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,36 +1,31 @@
name: 'release notes'
description: 'Prepares release notes, including download links for our artifacts.'
name: "release notes"
description: "Prepares release notes, including download links for our artifacts."
inputs:
assets:
description: "Assets to upload"
required: true
default: ""
production_asset:
description: "Name of the production asset"
required: true
default: ""
changelog:
description: "Content of the changelog section"
required: true
default: ""
workflow_jobs:
description: "JSON array of workflow jobs (to generate the links to the workflow runs)"
required: true
default: ""
assets:
description: "Assets to upload"
required: true
default: ""
changelog:
description: "Content of the changelog section"
required: true
default: ""
workflow_jobs:
description: "JSON array of workflow jobs (to generate the links to the workflow runs)"
required: true
default: ""
outputs:
notes-file:
description: The release-notes file
value: ${{ steps.release-notes.outputs.notes-file }}
runs:
using: 'composite'
steps:
- name: 'Create release notes'
shell: bash
id: release-notes
env:
INPUT_PRODUCTION_ASSET: ${{ inputs.production_asset }}
INPUT_ASSETS: ${{ inputs.assets }}
INPUT_CHANGELOG: ${{ inputs.changelog }}
INPUT_WORKFLOW_JOBS: ${{ inputs.workflow_jobs }}
run: |
${{ github.action_path }}/run.sh
using: "composite"
steps:
- name: "Create release notes"
shell: bash
id: release-notes
env:
INPUT_ASSETS: ${{ inputs.assets }}
INPUT_CHANGELOG: ${{ inputs.changelog }}
INPUT_WORKFLOW_JOBS: ${{ inputs.workflow_jobs }}
run: |
${{ github.action_path }}/run.sh
17 changes: 5 additions & 12 deletions .github/actions/release/run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@

set -euo pipefail

PRODUCTION_ASSET=${INPUT_PRODUCTION_ASSET:?No production asset specified}
RELEASE_TAG=${RELEASE_TAG:-${GITHUB_REF_NAME:?No value for tag}}

# Starting the "intro" section where we display a short intro
Expand All @@ -14,16 +13,14 @@ cat > "$section_intro" << EOF
This is Internet Identity release [$RELEASE_TAG](https://github.com/dfinity/internet-identity/releases/tag/$RELEASE_TAG) for commit [$GITHUB_SHA](https://github.com/dfinity/internet-identity/commit/$GITHUB_SHA).
EOF

# Starting the "build flavors" section where we add the shas of all input assets
# Starting the artifacts section where we add the shas of all input assets
section_build_flavors=$(mktemp)

# Start the body with a paragraph and table headers
# NOTE: throughout the doc we link to the current release (not to master) because things might
# change
cat > "$section_build_flavors" <<EOF
## Build flavors

For more information please see the [Build flavors](https://github.com/dfinity/internet-identity/tree/$RELEASE_TAG#build-features-and-flavors) section of the README.
## Artifacts

| Filename | sha256 (links to CI Run) |
| --- | --- |
Expand All @@ -38,7 +35,9 @@ To build the wasm modules yourself and verify their hashes, run the following co
\`\`\`
git pull # to ensure you have the latest changes.
git checkout $GITHUB_SHA
./scripts/verify-hash --ii-hash $(shasum -a 256 "$PRODUCTION_ASSET" | cut -d ' ' -f1) --iife-hash $(shasum -a 256 internet_identity_frontend.wasm.gz | cut -d ' ' -f1)
./scripts/verify-hash \
--ii-hash $(shasum -a 256 "internet_identity_production.wasm.gz" | cut -d ' ' -f1) \
--iife-hash $(shasum -a 256 internet_identity_frontend.wasm.gz | cut -d ' ' -f1)
\`\`\`

Make sure to compare the hashes also with the proposal payload when verifying canister upgrade proposals.
Expand Down Expand Up @@ -95,12 +94,6 @@ do

# Get the shasum and capture the sha (using only POSIX sed)
shasum -a 256 "$filename" | sed -r "s%^([a-z0-9]+)[[:space:]][[:space:]](.*)$%|$download|$sha|%" >> "$section_build_flavors"

# Mention production asset in intro section
if [[ "$filename" == "$PRODUCTION_ASSET" ]]
then
shasum -a 256 "$filename" | sed -r "s%^([a-z0-9]+)[[:space:]][[:space:]](.*)$%The sha256 of production asset [\2]($download_link) is [\1]($run_link).%" >> "$section_intro"
fi
done <<< "$INPUT_ASSETS"

>&2 echo "Creating release notes"
Expand Down
4 changes: 0 additions & 4 deletions .github/workflows/canister-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -813,12 +813,8 @@ jobs:
with:
assets: |
internet_identity_production.wasm.gz
internet_identity_dev.wasm.gz
internet_identity_test.wasm.gz
internet_identity_frontend.wasm.gz
archive.wasm.gz
vc_demo_issuer.wasm.gz
production_asset: internet_identity_production.wasm.gz
changelog: ${{ steps.changelog.outputs.result }}
workflow_jobs: ${{ steps.pipeline-jobs.outputs.result }}

Expand Down
2 changes: 0 additions & 2 deletions HACKING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ This document explains how to build the Wasm module of the Internet Identity can

> 💡 The simplest way to build the code is to use the [Docker build][docker-build].

> 💡 Make sure to read up on the [build features and flavors][features-and-flavors].

The build requires the following dependencies:

- [`dfx`](https://github.com/dfinity/sdk/releases/latest) version 0.10.0 or later
Expand Down
52 changes: 1 addition & 51 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,6 @@ For more information, see [What is Internet Identity?](https://internetcomputer.
- [Architecture Overview](#architecture-overview)
- [Building with Docker](#building-with-docker)
- [Integration with Internet Identity](#integration-with-internet-identity)
- [Build Features and Flavors](#build-features-and-flavors)
- [Features](#features)
- [Flavors](#flavors)
- [Stable Memory Compatibility](#stable-memory-compatibility)
- [Getting Help](#getting-help)
- [Links](#links)
Expand Down Expand Up @@ -102,9 +99,7 @@ $ ./scripts/docker-build

The [`Dockerfile`](./Dockerfile) specifies build instructions for Internet Identity. Building the `Dockerfile` will result in a scratch container that contains the Wasm module at `/internet_identity.wasm.gz`.

> 💡 The build can be customized with [build features](#build-features-and-flavors).

We recommend using the [`docker-build`](./scripts/docker-build) script. It simplifies the usage of [build features](#build-features-and-flavors) and extracts the Wasm module from the final scratch container.
We recommend using the [`docker-build`](./scripts/docker-build) script. It extracts the Wasm module from the final scratch container.

> 💡 You can find instructions for building the code without Docker in the [HACKING] document.

Expand All @@ -114,51 +109,6 @@ The [`using-dev-build`](./demos/using-dev-build) demo shows a documented example

If you're interested in the infrastructure of how to get the Internet Identity canister and how to test it within your app, check out [`using-dev-build`](./demos/using-dev-build), which uses the Internet Identity development canister.

## Build Features and Flavors

The Internet Identity build can be customized to include [features](#features) that are
useful when developing and testing. We provide pre-built [flavors](#flavors)
of Internet Identity that include different sets of features.

### Features

These options can be used both when building [with docker](#building-with-docker) and
[without docker][hacking]. The features are enabled by setting the corresponding
environment variable to `1`. Any other string, as well as not setting the
environment variable, will disable the feature.

For instance:

```bash
$ II_FETCH_ROOT_KEY=1 dfx build
$ II_DUMMY_CAPTCHA=1 II_DUMMY_AUTH=1 ./scripts/docker-build
```

⚠️ These options should only ever be used during development as they effectively poke security holes in Internet Identity

The features are described below:

<!-- NOTE: If you add a feature here, add it to 'features.ts' in the frontend
codebase too, even if the feature only impacts the canister code and not the
frontend. -->

| Environment variable | Description |
| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `II_FETCH_ROOT_KEY` | When enabled, this instructs the frontend code to fetch the "root key" from the replica.<br/>The Internet Computer (https://ic0.app) uses a private key to sign responses. This private key not being available locally, the (local) replica generates its own. This option effectively tells the Internet Identity frontend to fetch the public key from the replica it connects to. When this option is _not_ enabled, the Internet Identity frontend code will use the (hard coded) public key of the Internet Computer. |
| `II_DUMMY_CAPTCHA` | When enabled, the CAPTCHA challenge (sent by the canister code to the frontend code) is always the known string `"a"`. This is useful for automated testing. |
| `II_DUMMY_AUTH` | When enabled, the frontend code will use a known, stable private key for registering anchors and authenticating. This means that all anchors will have the same public key(s). In particular this bypasses the WebAuthn flows (TouchID, Windows Hello, etc), which simplifies automated testing. |
| `II_DEV_CSP` | When enabled, the content security policy is weakend to allow connections to II using HTTP and allow II to connect via http in order to facilitate development. |

### Flavors

We offer some pre-built Wasm modules that contain flavors, i.e. sets of features targeting a particular use case. Flavors can be downloaded from the table below for the latest release or from the [release page](https://github.com/dfinity/internet-identity/releases) for a particular release.

| Flavor | Description | |
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :--------------------------------------------------------------------------------------------------------------: |
| Production | This is the production build deployed to https://identity.internetcomputer.org. Includes none of the build features. | [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_production.wasm.gz) |
| Test | This flavor is used by Internet Identity's test suite. It fully supports authentication but uses a known CAPTCHA value for test automation. Includes the following features: <br/><ul><li><code>II_FETCH_ROOT_KEY</code></li><li><code>II_DUMMY_CAPTCHA</code></li></ul> | [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_test.wasm.gz) |
| Development | This flavor contains a version of Internet Identity that effectively performs no checks. It can be useful for external developers who want to integrate Internet Identity in their project and care about the general Internet Identity authentication flow, without wanting to deal with authentication and, in particular, WebAuthentication. Includes the following features: <br/><ul><li><code>II_FETCH_ROOT_KEY</code></li><li><code>II_DUMMY_CAPTCHA</code></li><li><code>II_DUMMY_AUTH</code></li><li><code>II_DEV_CSP</code></li></ul><br/>See the [`using-dev-build`](demos/using-dev-build/README.md) project for an example on how to use this flavor. | [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_dev.wasm.gz) |

## Stable Memory Compatibility

Internet Identity requires data in stable memory to have a specific layout in order to be upgradeable. The layout has been changed multiple times in the past. This is why II stable memory is versioned and each version of II is only compatible to some stable memory versions.
Expand Down
Loading
Loading