Skip to content

chore: Update GitHub workflows for npm publishing #511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rekmarks merged 6 commits into from
May 5, 2025
Merged

chore: Update GitHub workflows for npm publishing #511

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b4e4695
chore: Update build-lint-test.yml per MetaMask/core
rekmarks May 5, 2025
125a873
chore: Update main.yml per MetaMask/core
rekmarks May 5, 2025
b255bc7
chore: Update publish workflows per MetaMask/core
rekmarks May 5, 2025
ca5c1ef
fix: Unredact some necessary stuff from lint-build-test.yml
rekmarks May 5, 2025
9ed7637
chore: Update PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD per their docs
rekmarks May 5, 2025
7a60a44
chore: Also skip playwright browser downloads for integration tests
rekmarks May 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
161 changes: 52 additions & 109 deletions .github/workflows/lint-build-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,14 @@ jobs:
strategy:
matrix:
node-version: [20.x, 22.x]
outputs:
child-workspace-package-names: ${{ steps.workspace-package-names.outputs.child-workspace-package-names }}
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 yarn --immutable
- name: Fetch workspace package names
id: workspace-package-names
run: |
echo "child-workspace-package-names=$(yarn workspaces list --json | jq --slurp --raw-output 'map(.name) | @json')" >> "$GITHUB_OUTPUT"
shell: bash
is-high-risk-environment: false
cache-node-modules: ${{ matrix.node-version == '22.x' }}
env:
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1

lint:
name: Lint
Expand All @@ -40,19 +27,12 @@ jobs:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 yarn --immutable
is-high-risk-environment: false
env:
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
- run: yarn lint
- name: Require clean working directory
shell: bash
Expand All @@ -70,19 +50,12 @@ jobs:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 yarn --immutable
is-high-risk-environment: false
env:
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
- run: yarn changelog:validate
- name: Require clean working directory
shell: bash
Expand All @@ -100,19 +73,12 @@ jobs:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 yarn --immutable
is-high-risk-environment: false
env:
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
- run: yarn build
- name: Require clean working directory
shell: bash
Expand All @@ -130,19 +96,12 @@ jobs:
matrix:
node-version: [20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: yarn --immutable
is-high-risk-environment: false
env:
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
- name: Rebuild SQLite3
run: |
cd node_modules/better-sqlite3
Expand All @@ -158,6 +117,29 @@ jobs:
exit 1
fi

integration:
name: Integration Tests
runs-on: ubuntu-latest
needs: [prepare]
strategy:
matrix:
node-version: [20.x, 22.x]
steps:
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
env:
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
- run: yarn test:integration
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
fi

e2e:
name: E2E Tests
runs-on: ubuntu-latest
Expand All @@ -166,19 +148,10 @@ jobs:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: yarn --immutable
is-high-risk-environment: false
- name: Rebuild SQLite3
run: |
cd node_modules/better-sqlite3
Expand All @@ -201,33 +174,3 @@ jobs:
echo "Working tree dirty at end of job"
exit 1
fi

integration:
name: Integration Tests
runs-on: ubuntu-latest
needs: [prepare]
strategy:
matrix:
node-version: [20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Install Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: yarn --immutable
- run: yarn test:integration
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
fi
31 changes: 23 additions & 8 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ on:
branches: [main]
pull_request:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ !contains(github.ref, 'refs/heads/main') }}

jobs:
check-workflows:
name: Check workflows
Expand All @@ -19,6 +23,18 @@ jobs:
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash

analyse-code:
name: Code scanner
needs: check-workflows
uses: ./.github/workflows/security-code-scanner.yml
permissions:
actions: read
contents: read
security-events: write
secrets:
SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}

lint-build-test:
name: Lint, build, and test
needs: check-workflows
Expand All @@ -27,18 +43,15 @@ jobs:
is-release:
name: Determine whether this is a release merge commit
needs: lint-build-test
if: github.event_name == 'push'
runs-on: ubuntu-latest
# Filtering by `push` events ensures that we only release from the `main` branch, which is a
# requirement for our npm publishing environment.
# The commit author should always be 'github-actions' for releases created by the
# 'create-release-pr' workflow, so we filter by that as well to prevent accidentally
# triggering a release.
if: github.event_name == 'push' && startsWith(github.event.head_commit.author.name, 'github-actions')
outputs:
IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
steps:
- id: is-release
uses: MetaMask/action-is-release@v1
uses: MetaMask/action-is-release@dc4672b05e3b1d464cdaf783579b04a4e43f8b02
with:
commit-starts-with: 'Release [version],Release v[version],Release/[version],Release/v[version],Release `[version]`'

publish-release:
name: Publish release
Expand All @@ -54,7 +67,9 @@ jobs:
all-jobs-complete:
name: All jobs complete
runs-on: ubuntu-latest
needs: lint-build-test
needs:
- analyse-code
- lint-build-test
outputs:
passed: ${{ steps.set-output.outputs.passed }}
steps:
Expand Down
14 changes: 3 additions & 11 deletions .github/workflows/publish-preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,18 +35,10 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ github.event.issue.number }}
- name: Install Node
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn --immutable
is-high-risk-environment: true
- name: Get commit SHA
id: commit-sha
run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
Expand Down
Loading
Loading