Sync from Lovable project — 2026-03-04 14:31 UTC

github-actions[bot] · github-actions[bot] · commit 090148b879cd · 2026-03-04T14:31:33.000Z
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org/>
diff --git a/README.md b/README.md
@@ -0,0 +1,87 @@
+# AnchoringTrust/anchor-action
+
+Anchor build artifacts to Bitcoin. One line in your workflow, zero manual proof handling.
+
+## Usage
+
+```yaml
+- uses: AnchoringTrust/anchor-action@v1
+  with:
+    file: build/output.tar.gz
+  env:
+    UMARISE_API_KEY: ${{ secrets.UMARISE_API_KEY }}
+```
+
+That's it. Every build gets a `.proof` file — uploaded as a GitHub Actions artifact.
+
+## What happens
+
+1. Installs `@umarise/cli`
+2. Runs `umarise anchor <file>`
+3. Uploads `<file>.proof` as artifact
+
+The proof bundle contains `certificate.json` + `proof.ots`. Verifiable offline, independent of Umarise.
+
+## Inputs
+
+| Input | Required | Default | Description |
+|---|---|---|---|
+| `file` | ✅ | — | Path to the file to anchor |
+| `upload-artifact` | — | `true` | Upload `.proof` as GitHub Actions artifact |
+
+## Outputs
+
+| Output | Description |
+|---|---|
+| `origin-id` | The `origin_id` from Umarise |
+| `hash` | SHA-256 hash of the file |
+| `proof-path` | Local path to the `.proof` file |
+
+## Secrets
+
+Add `UMARISE_API_KEY` to your repository secrets:
+Settings → Secrets and variables → Actions → New repository secret.
+
+Get your key at [umarise.com/developers](https://umarise.com/developers).
+
+## Full example
+
+```yaml
+name: Build & Anchor
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build
+        run: tar czf build.tar.gz dist/
+
+      - name: Anchor to Bitcoin
+        uses: AnchoringTrust/anchor-action@v1
+        with:
+          file: build.tar.gz
+        env:
+          UMARISE_API_KEY: ${{ secrets.UMARISE_API_KEY }}
+```
+
+## Verify offline
+
+```bash
+# Download the .proof artifact from GitHub Actions
+unzip build.tar.gz.proof
+sha256sum build.tar.gz              # compare with certificate.json
+ots verify proof.ots                # verify against Bitcoin
+```
+
+No Umarise server needed for verification.
+
+## License
+
+Unlicense (Public Domain)
+
diff --git a/action.yml b/action.yml
@@ -0,0 +1,28 @@
+name: 'Umarise Anchor'
+description: 'Anchor files to Bitcoin via Umarise. Creates a .proof bundle for every build artifact.'
+author: 'Umarise'
+
+branding:
+  icon: 'shield'
+  color: 'gray-dark'
+
+inputs:
+  file:
+    description: 'Path to the file to anchor (e.g. build/output.tar.gz)'
+    required: true
+  upload-artifact:
+    description: 'Upload the .proof file as a GitHub Actions artifact (default: true)'
+    required: false
+    default: 'true'
+
+outputs:
+  origin-id:
+    description: 'The origin_id returned by Umarise'
+  hash:
+    description: 'The SHA-256 hash of the anchored file'
+  proof-path:
+    description: 'Path to the generated .proof file'
+
+runs:
+  using: 'node20'
+  main: 'dist/index.js'
diff --git a/package.json b/package.json
@@ -0,0 +1,19 @@
+{
+  "name": "umarise-anchor-action",
+  "version": "1.0.0",
+  "private": true,
+  "description": "GitHub Action — anchor files to Bitcoin via Umarise",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "ncc build src/index.js -o dist"
+  },
+  "dependencies": {
+    "@actions/core": "^1.11.1",
+    "@actions/exec": "^1.1.1",
+    "@actions/artifact": "^2.2.2"
+  },
+  "devDependencies": {
+    "@vercel/ncc": "^0.38.1"
+  },
+  "license": "Unlicense"
+}
diff --git a/src/index.js b/src/index.js
@@ -0,0 +1,62 @@
+/**
+ * AnchoringTrust/anchor-action
+ * 
+ * Thin wrapper around @umarise/cli.
+ * Installs the CLI, runs `umarise anchor <file>`, uploads the .proof artifact.
+ */
+
+const core = require('@actions/core');
+const exec = require('@actions/exec');
+const { DefaultArtifactClient } = require('@actions/artifact');
+const path = require('path');
+const fs = require('fs');
+
+async function run() {
+  try {
+    const file = core.getInput('file', { required: true });
+    const uploadArtifact = core.getInput('upload-artifact') !== 'false';
+
+    // Verify file exists
+    const absPath = path.resolve(file);
+    if (!fs.existsSync(absPath)) {
+      throw new Error(`File not found: ${file}`);
+    }
+
+    // Install @umarise/cli globally
+    core.info('Installing @umarise/cli...');
+    await exec.exec('npm', ['install', '-g', '@umarise/cli']);
+
+    // Run anchor command
+    core.info(`Anchoring ${file}...`);
+    let stdout = '';
+    await exec.exec('umarise', ['anchor', file], {
+      listeners: {
+        stdout: (data) => { stdout += data.toString(); },
+      },
+    });
+
+    // Parse output for origin_id and hash
+    const originMatch = stdout.match(/origin_id\s+([a-f0-9-]+)/i);
+    const hashMatch = stdout.match(/hash computed:\s+(sha256:[a-f0-9]+)/i);
+    const proofPath = `${absPath}.proof`;
+
+    if (originMatch) core.setOutput('origin-id', originMatch[1]);
+    if (hashMatch) core.setOutput('hash', hashMatch[1]);
+    core.setOutput('proof-path', proofPath);
+
+    // Upload .proof as artifact
+    if (uploadArtifact && fs.existsSync(proofPath)) {
+      core.info('Uploading .proof artifact...');
+      const artifactName = `${path.basename(file)}.proof`;
+      const client = new DefaultArtifactClient();
+      await client.uploadArtifact(artifactName, [proofPath], path.dirname(proofPath));
+      core.info(`✓ artifact uploaded: ${artifactName}`);
+    }
+
+    core.info('✓ anchor-action complete');
+  } catch (error) {
+    core.setFailed(error.message);
+  }
+}
+
+run();
