Feat/new upstream commits

.github/dependabot.yml

@@ -13,15 +13,30 @@ updates:
       pydantic-deps:
         patterns:
           - "pydantic*"
+      pip-deps:
+        patterns:
+          - "*"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      docker-deps:
+        patterns:
+          - "*"
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "weekly"
-  - package-ecosystem: "npm"
+    groups:
+      actions-deps:
+        patterns:
+          - "*"
+  - package-ecosystem: "uv"
     directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      uv-deps:
+        patterns:
+          - "*"

.github/release_template.md

@@ -20,12 +20,12 @@
 
 # Building process
 
-Release assets were built using Github Actions and [this workflow run](`[WORKFLOW-RUN-URL]`). You can establish the provenance of this build using [our artifact attestations](https://github.com/eth-educators/ethstaker-deposit-cli/attestations).
+Release assets were built using Github Actions and [this workflow run](`[WORKFLOW-RUN-URL]`). You can establish the provenance of this build using [our artifact attestations](https://github.com/ethstaker/ethstaker-deposit-cli/attestations).
 
 With [the GitHub CLI](https://cli.github.com/) installed, a simple way to verify these assets is to run this command while replacing `[filename]` with the path to the downloaded asset:
 
 ```console
-gh attestation verify [filename] --repo eth-educators/ethstaker-deposit-cli
+gh attestation verify [filename] --repo ethstaker/ethstaker-deposit-cli
 ```
 
 This step requires you to be online. If you want to perform this offline, follow [these instructions from GitHub](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/verifying-attestations-offline).
@@ -40,4 +40,4 @@ This step requires you to be online. If you want to perform this offline, follow
 
 ## License
 
-By downloading and using this software, you agree to the [license](LICENSE).
+By downloading and using this software, you agree to the [license](LICENSE).

.github/workflows/build.yml

@@ -21,29 +21,15 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-22.04, ubuntu-22.04-arm, macos-13, macos-latest, windows-latest, windows-11-arm]
+        os: [ubuntu-22.04, ubuntu-22.04-arm, macos-15-intel, macos-latest, windows-latest, windows-11-arm]
         python-version: ["3.12"]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
           cache: 'pip'
-      - name: Install rustup (Windows 11 ARM64)
-        if: matrix.os == 'windows-11-arm'
-        shell: pwsh
-        run: |
-          Invoke-WebRequest -Uri "https://static.rust-lang.org/rustup/dist/aarch64-pc-windows-msvc/rustup-init.exe" -OutFile rustup-init.exe
-          .\rustup-init.exe --default-toolchain none -y
-          "$env:USERPROFILE\.cargo\bin" | Out-File -Append -Encoding ascii $env:GITHUB_PATH
-          "CARGO_HOME=$env:USERPROFILE\.cargo" | Out-File -Append -Encoding ascii $env:GITHUB_ENV
-      - name: Install Rust (Windows 11 ARM64)
-        if: matrix.os == 'windows-11-arm'
-        shell: pwsh
-        run: |
-          rustup install stable
-          rustup target add aarch64-pc-windows-msvc
       - name: Set up variables (Linux & macOS)
         if: ${{ startsWith(matrix.os, 'ubuntu-') || startsWith(matrix.os, 'macos-') }}
         env:
@@ -117,7 +103,7 @@ jobs:
           $env:CHECKSUM_FILE_NAME_PATH = ("output\artifacts\" + $env:ZIP_FILE_NAME + ".sha256")
           certUtil -hashfile $env:ZIP_FILE_NAME SHA256 | findstr /i /v "SHA256" | findstr /i /v "CertUtil" > $env:CHECKSUM_FILE_NAME_PATH
       - name: Generate artifacts attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: output/artifacts/*
       - name: Archive production artifacts
@@ -137,11 +123,11 @@ jobs:
       metadata: ${{ steps.push.outputs.metadata }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
       - name: Log in to the Container registry
         # This pinned action came from docker/login-action@v3, releases can be found on https://github.com/docker/login-action/releases
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -150,7 +136,7 @@ jobs:
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         # This pinned action came from docker/metadata-action@v5, releases can be found on https://github.com/docker/metadata-action/releases
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804
+        uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
       # Set up Qemu for multi-arch build
@@ -160,7 +146,7 @@ jobs:
       # Set up buildx for multi-arch build
       - name: Set up Docker Buildx
         # This pinned action came from docker/setup-buildx-action@v3, releases can be found on https://github.com/docker/setup-buildx-action/releases
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435
       # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
       # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
@@ -174,10 +160,10 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-      
-      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." 
+
+      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
       - name: Generate artifact attestation
-        uses: actions/attest-build-provenance@v2
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
           subject-digest: ${{ steps.push.outputs.digest }}
@@ -188,14 +174,14 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Download build binaries
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           path: assets/
           pattern: binary-*
       - name: Create draft release
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         env:
           DOCKER_IMAGE_METADATA: '${{ needs.build-and-push-docker.outputs.metadata }}'
         with:

.github/workflows/comment.yml

@@ -19,7 +19,7 @@ jobs:
       coverage: ${{ steps.output.outputs.coverage }}
     steps:
       - name: Get coverage job success
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         env:
           WORKFLOW_RUN_ID: '${{ github.event.workflow_run.id }}'
         with:
@@ -58,14 +58,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: results
           run-id: ${{ github.event.workflow_run.id }}
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Comment on PR
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/docs.yml

@@ -13,7 +13,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Setup mdBook
         # This pinned action came from peaceiris/actions-mdbook@v2, releases can be found on https://github.com/peaceiris/actions-mdbook/releases

.github/workflows/runner.yml

@@ -13,9 +13,9 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: 3.12
           cache: 'pip'
@@ -28,7 +28,7 @@ jobs:
       - name: Run linter
         run: ruff check ./ethstaker_deposit ./tests
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
           node-version: 'latest'
       - name: Install jsonlint
@@ -48,42 +48,26 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, ubuntu-24.04-arm, macos-13, macos-latest, windows-latest, windows-11-arm]
-        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
+        os: [ubuntu-latest, ubuntu-24.04-arm, macos-15-intel, macos-latest, windows-latest, windows-11-arm]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
         exclude:
-          - os: windows-11-arm
-            python-version: "3.9"
           - os: windows-11-arm
             python-version: "3.10"
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
           cache: 'pip'
-      - name: Install rustup (Windows 11 ARM64)
-        if: matrix.os == 'windows-11-arm'
-        shell: pwsh
-        run: |
-          Invoke-WebRequest -Uri "https://static.rust-lang.org/rustup/dist/aarch64-pc-windows-msvc/rustup-init.exe" -OutFile rustup-init.exe
-          .\rustup-init.exe --default-toolchain none -y
-          "$env:USERPROFILE\.cargo\bin" | Out-File -Append -Encoding ascii $env:GITHUB_PATH
-          "CARGO_HOME=$env:USERPROFILE\.cargo" | Out-File -Append -Encoding ascii $env:GITHUB_ENV
-      - name: Install Rust (Windows 11 ARM64)
-        if: matrix.os == 'windows-11-arm'
-        shell: pwsh
-        run: |
-          rustup install stable
-          rustup target add aarch64-pc-windows-msvc
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r requirements.txt -r requirements_test.txt
       - name: Run tests
         run: |
           coverage run --data-file=.coverage.${{ matrix.os }}.${{ matrix.python-version }} -m pytest tests
-      - name: Upload coverage data 
+      - name: Upload coverage data
         uses: actions/upload-artifact@v4
         with:
           name: coverage-${{ matrix.os }}-${{ matrix.python-version }}
@@ -99,14 +83,14 @@ jobs:
       actions: read
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: 3.12
           cache: 'pip'
       - name: Download coverage data
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
       - name: Merge coverage data
         id: merge
         run: |
@@ -134,5 +118,5 @@ jobs:
       - name: Upload final coverage text report
         uses: actions/upload-artifact@v4
         with:
-          name: results 
-          path: results/ 
+          name: results
+          path: results/

.pre-commit-config.yaml

@@ -7,7 +7,7 @@ repos:
     rev: v1.14.1
     hooks:
     - id: mypy
-      additional_dependencies: 
+      additional_dependencies:
         - click==8.1.8
         - eth-typing==5.1.0
         - eth-utils==5.1.0

Makefile

@@ -1,7 +1,7 @@
 VENV_NAME?=venv
 VENV_ACTIVATE=. $(VENV_NAME)/bin/activate
 PYTHON=${VENV_NAME}/bin/python3.12
-DOCKER_IMAGE="eth-educators/ethstaker-deposit-cli:latest"
+DOCKER_IMAGE="ghcr.io/ethstaker/ethstaker-deposit-cli:latest"
 
 help:
 	@echo "clean - remove build and Python file artifacts"

build_configs/windows/build.spec

@@ -1,40 +1,40 @@
-# -*- mode: python ; coding: utf-8 -*-
-from PyInstaller.utils.hooks import copy_metadata
-
-datas = [
-    ('..\\..\\ethstaker_deposit\\key_handling\\key_derivation\\word_lists\\*.txt', '.\\ethstaker_deposit\\key_handling\\key_derivation\\word_lists'),
-    ('..\\..\\ethstaker_deposit\\intl', '.\\ethstaker_deposit\\intl'),
-]
-datas += copy_metadata('py_ecc')
-datas += copy_metadata('ssz')
-
-block_cipher = None
-
-
-a = Analysis(['..\\..\\ethstaker_deposit\\deposit.py'],
-             binaries=[],
-             datas=datas,
-             hiddenimports=[],
-             hookspath=[],
-             runtime_hooks=[],
-             excludes=['FixTk', 'tcl', 'tk', '_tkinter', 'tkinter', 'Tkinter'],
-             win_no_prefer_redirects=False,
-             win_private_assemblies=False,
-             cipher=block_cipher,
-             noarchive=False)
-pyz = PYZ(a.pure, a.zipped_data,
-             cipher=block_cipher)
-exe = EXE(pyz,
-          a.scripts,
-          a.binaries,
-          a.zipfiles,
-          a.datas,
-          [],
-          name='deposit',
-          debug=False,
-          bootloader_ignore_signals=False,
-          strip=False,
-          upx=True,
-          upx_exclude=[],
-          runtime_tmpdir=None,
-          console=True )
+# -*- mode: python ; coding: utf-8 -*-
+from PyInstaller.utils.hooks import copy_metadata
+
+datas = [
+    ('..\\..\\ethstaker_deposit\\key_handling\\key_derivation\\word_lists\\*.txt', '.\\ethstaker_deposit\\key_handling\\key_derivation\\word_lists'),
+    ('..\\..\\ethstaker_deposit\\intl', '.\\ethstaker_deposit\\intl'),
+]
+datas += copy_metadata('py_ecc')
+datas += copy_metadata('ssz')
+
+block_cipher = None
+
+
+a = Analysis(['..\\..\\ethstaker_deposit\\deposit.py'],
+             binaries=[],
+             datas=datas,
+             hiddenimports=[],
+             hookspath=[],
+             runtime_hooks=[],
+             excludes=['FixTk', 'tcl', 'tk', '_tkinter', 'tkinter', 'Tkinter'],
+             win_no_prefer_redirects=False,
+             win_private_assemblies=False,
+             cipher=block_cipher,
+             noarchive=False)
+pyz = PYZ(a.pure, a.zipped_data,
+             cipher=block_cipher)
+exe = EXE(pyz,
+          a.scripts,
+          a.binaries,
+          a.zipfiles,
+          a.datas,
+          [],
+          name='deposit',
+          debug=False,
+          bootloader_ignore_signals=False,
+          strip=False,
+          upx=True,
+          upx_exclude=[],
+          runtime_tmpdir=None,
+          console=True )

deposit.sh

@@ -21,7 +21,7 @@ elif [[ "$OSTYPE" == "msys" ]] || [[ "$OSTYPE" == "cygwin" ]]; then
     python -m ethstaker_deposit "$@"
 
 else
-    echo "Sorry, to run deposit-cli on" $(uname -s)", please see the trouble-shooting on https://github.com/eth-educators/ethstaker-deposit-cli"
+    echo "Sorry, to run deposit-cli on" $(uname -s)", please see the trouble-shooting on https://github.com/ethstaker/ethstaker-deposit-cli"
     exit 1
 
 fi