From 158fbec32c9119167e27ac90b2d7b61a016280b1 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <84793247+mkardous-silabs@users.noreply.github.com>
Date: Fri, 25 Jul 2025 19:57:39 +0200
Subject: [PATCH 1/2] Delete deprecated automation file (#144)

---
 .github/workflows/publish-provisoning.yaml | 150 ---------------------
 1 file changed, 150 deletions(-)
 delete mode 100644 .github/workflows/publish-provisoning.yaml

diff --git a/.github/workflows/publish-provisoning.yaml b/.github/workflows/publish-provisoning.yaml
deleted file mode 100644
index d863ad1ec..000000000
--- a/.github/workflows/publish-provisoning.yaml
+++ /dev/null
@@ -1,150 +0,0 @@
-name: Publish provisioning Libraries
-on:
-  repository_dispatch:
-    types: [trigger-publish-provisioning-libs]
-    
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  publish-libs:
-    if: startsWith(github.event.client_payload.branch, 'release_') || github.event.client_payload.branch == 'main'
-    runs-on: ubuntu-latest
-
-    concurrency:
-      group: ${{ github.event.client_payload.branch }}-publish-provisioning-libs
-      cancel-in-progress: true
-
-    env:
-      PLATFORMS: '["MG24", "MGM24", "MG26", "SI917", "SI917_PSA"]'
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.client_payload.branch }}
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-      - name: Install required packages
-        run: npm install unzipper @actions/core
-
-      - name: Define downloadAndExtractArtifact function
-        id: define-function
-        run: |
-          echo "module.exports = async function downloadAndExtractArtifact(github, core, artifactName, downloadPath, filePath, branch) {
-            const fs = require('fs');
-            const path = require('path');
-            const unzipper = require('unzipper');
-
-            const provisioningRepo = 'matter_provisioning';
-            const repoOwner = 'SiliconLabsSoftware';
-
-            const artifacts = await github.rest.actions.listArtifactsForRepo({
-              owner: repoOwner,
-              repo: provisioningRepo,
-              ref: branch
-            });
-
-            const filteredArtifacts = artifacts.data.artifacts
-              .filter(a => a.name === artifactName)
-              .sort((a, b) => new Date(b.created_at) - new Date(a.created_at));
-
-            if (filteredArtifacts.length === 0) {
-              core.setFailed(`Artifact ${artifactName} not found`);
-              return;
-            }
-
-            const latestArtifact = filteredArtifacts[0];
-
-            const { data: artifactData } = await github.rest.actions.downloadArtifact({
-              owner: repoOwner,
-              repo: provisioningRepo,
-              artifact_id: latestArtifact.id,
-              archive_format: 'zip'
-            });
-
-            fs.mkdirSync(downloadPath, { recursive: true });
-            fs.writeFileSync(filePath, Buffer.from(artifactData));
-
-            fs.createReadStream(filePath)
-              .pipe(unzipper.Extract({ path: downloadPath }))
-              .on('close', () => {
-                console.log(`Downloaded and extracted ${artifactName} to ${downloadPath}`);
-                fs.unlinkSync(filePath); // Delete the .zip file after extraction
-              })
-              .on('error', (error) => {
-                console.error(`Error extracting ${artifactName}: ${error.message}`);
-                core.setFailed(`Failed to extract ${artifactName}: ${error.message}`);
-              });
-          }" > downloadAndExtractArtifactSource.js
-
-      - name: Download Built Libraries
-        uses: actions/github-script@v7
-        env:
-          BRANCH: ${{ github.event.client_payload.branch }}
-        with:
-          github-token: ${{ secrets.WORKFLOW_TOKEN }}
-          script: |           
-            const path = require('path');
-            const downloadAndExtractArtifact = require('./downloadAndExtractArtifactSource');
-            const platforms = JSON.parse(process.env.PLATFORMS);
-            const branch = process.env.BRANCH;
-
-            for (const platform of platforms) {
-              const downloadPath = path.join(process.env.GITHUB_WORKSPACE, 'provision/libs');
-              const filePath = path.join(downloadPath, `built-libraries-${platform}.zip`);
-              await downloadAndExtractArtifact(github, core, `built-libraries-${platform}`, downloadPath, filePath, branch);
-            }
-
-      - name: Download Headers
-        uses: actions/github-script@v7
-        env:
-          BRANCH: ${{ github.event.client_payload.branch }}
-        with:
-          github-token: ${{ secrets.WORKFLOW_TOKEN }}
-          script: |
-            const path = require('path');
-            const downloadAndExtractArtifact = require('./downloadAndExtractArtifactSource');            
-            const branch = process.env.BRANCH;
-
-            const downloadPath = path.join(process.env.GITHUB_WORKSPACE, 'provision/headers');
-            const filePath = path.join(downloadPath, 'headers.zip');
-            await downloadAndExtractArtifact(github, core, 'headers', downloadPath, filePath, branch);
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
-        with:
-          title: "Update provisioning libraries and headers for ${{ github.event.client_payload.branch }}"
-          body: "This PR updates the provisioning libraries and headers for the ${{ github.event.client_payload.branch }} branch."
-          commit-message: "Update provisioning libraries and headers"
-          base: ${{ github.event.client_payload.branch }}
-          branch: automation/update_${{ github.event.client_payload.branch }}_provisioning
-          add-paths: 'provision'
-          author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-          committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
-          token: ${{ secrets.GITHUB_TOKEN }}
-      
-      # This step is necessary since the bot doesn't have the necessary permissions to trigger the CI
-      - name: Close and re-open PR to trigger the CI
-        if: ${{ github.actor == 'github-actions[bot]' }}
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.WORKFLOW_TOKEN }}
-          script: |
-            await github.rest.pulls.update({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.payload.pull_request.number,
-              state: 'closed'
-            });
-
-            await github.rest.pulls.update({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.payload.pull_request.number,
-              state: 'open'
-            });
\ No newline at end of file

From 487812e786016989457aeede30605bcdd03fc659 Mon Sep 17 00:00:00 2001
From: lpbeliveau-silabs <louis-philip.beliveau@silabs.com>
Date: Wed, 6 Aug 2025 18:24:15 -0400
Subject: [PATCH 2/2] Added Header to allow migration of credential using the
 provisioning Storage

---
 provision/headers/ProvisionStorage.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/provision/headers/ProvisionStorage.h b/provision/headers/ProvisionStorage.h
index ce629ba66..284ee9e82 100644
--- a/provision/headers/ProvisionStorage.h
+++ b/provision/headers/ProvisionStorage.h
@@ -243,7 +243,12 @@ struct Storage : public GenericStorage,
 
     CHIP_ERROR DecryptUsingOtaTlvEncryptionKey(MutableByteSpan & block, uint32_t & mIVOffset);
     CHIP_ERROR GetOtaTlvEncryptionKeyId(uint32_t & value) override;
+    
+    //
+    // Migration
+    //
 
+    CHIP_ERROR MigrateAttestationCredentialAPI();
     //
     // Other
     //