Merge branch 'main' into phase5d/workflow-dispatch-tracing

Author: bsgrigorov

.github/actions/setup-ci-js-deps/action.yml

@@ -0,0 +1,60 @@
+name: 'Setup CI JS dependencies'
+description: >
+  Sets up node_modules and project build outputs for CI jobs.
+  On Namespace runners, mounts the shared cache volume then runs
+  yarn install --immutable to sync with the current yarn.lock.
+  On non-Namespace runners, skips install when node_modules is
+  already present from a same-run artifact; otherwise installs from scratch.
+
+inputs:
+  runner_provider:
+    description: 'Runner provider (`namespace` or any GitHub-hosted value).'
+    required: false
+    default: 'current'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Configure Namespace cache
+      if: ${{ inputs.runner_provider == 'namespace' }}
+      uses: namespacelabs/nscloud-cache-action@15799a6b54e5765f85b2aac25b3f0df43ed571c0 # v1
+      with:
+        path: |
+          ~/.cache/yarn
+          .metamask
+          node_modules
+          .yarn/cache
+
+    - uses: actions/setup-node@v6
+      with:
+        node-version-file: '.nvmrc'
+        cache: ${{ inputs.runner_provider != 'namespace' && 'yarn' || '' }}
+
+    # Namespace: always run install so the shared volume stays in sync with yarn.lock.
+    # Non-Namespace: skip install when node_modules was extracted from a same-run
+    # artifact; run install when starting from a clean workspace.
+    - name: Determine if install is needed
+      id: check-deps
+      shell: bash
+      run: |
+        if [ "${{ inputs.runner_provider }}" != "namespace" ] && \
+           [ -d node_modules ] && \
+           [ -f app/util/termsOfUse/termsOfUseContent.ts ]; then
+          echo "needs-install=false" >> "$GITHUB_OUTPUT"
+        else
+          echo "needs-install=true" >> "$GITHUB_OUTPUT"
+        fi
+
+    - name: Install Yarn dependencies with retry
+      if: ${{ steps.check-deps.outputs.needs-install == 'true' }}
+      uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
+      with:
+        timeout_minutes: 10
+        max_attempts: 3
+        retry_wait_seconds: 30
+        command: yarn install --immutable
+
+    - name: Run project setup
+      if: ${{ steps.check-deps.outputs.needs-install == 'true' }}
+      shell: bash
+      run: yarn setup:github-ci --node

.github/workflows/auto-rc-ota-build-core.yml

@@ -142,5 +142,4 @@ jobs:
       build_commit_sha: ${{ needs.trigger-build.outputs.built_commit_sha }}
       build_version: ${{ needs.trigger-build.outputs.semantic_version }}
       build_number: ${{ needs.trigger-build.outputs.ios_version_code }}
-      distribute_external: false
     secrets: inherit

.github/workflows/build-and-upload-to-testflight.yml

@@ -20,7 +20,7 @@ on:
         type: string
         default: 'MetaMask BETA & Release Candidates'
       distribute_external:
-        description: 'Whether to distribute to external testers. Defaults to false; nightly-build.yml relies on the script default (true) so it always distributes externally.'
+        description: 'Whether to distribute to external testers. (default: false)'
         required: false
         type: boolean
         default: false
@@ -55,7 +55,7 @@ on:
           - 'MM Card Team'
           - 'Ramp Provider Testing'
       distribute_external:
-        description: 'Whether to distribute to external testers'
+        description: 'Whether to distribute to external testers (default: false)'
         required: false
         type: boolean
         default: false

.github/workflows/build-android.yml

@@ -0,0 +1,128 @@
+name: Build Android
+
+# Creates a temp branch, bumps version (build.yml), builds the Android APK/AAB.
+# Mirrors build-and-upload-to-testflight.yml but Android-only and without the upload step.
+# APK/AAB artifacts stay attached to the build.yml run via its existing Upload Android * steps.
+#
+on:
+  workflow_call:
+    inputs:
+      source_branch:
+        description: 'Branch, tag, or SHA to build'
+        required: true
+        type: string
+      environment:
+        description: 'Build environment / track. Must be one of: exp, beta, rc (enforced by validate-inputs).'
+        required: true
+        type: string
+      upload_to_sentry:
+        description: 'If true, enable Sentry CLI upload of JS source maps and native debug symbols during the build'
+        required: false
+        type: boolean
+        default: false
+      runner_provider:
+        description: Runner provider forwarded from the caller
+        required: false
+        type: string
+        default: current
+    outputs:
+      build_branch:
+        description: 'Ephemeral build branch created from source_branch'
+        value: ${{ jobs.prepare-build-branch.outputs.build_branch }}
+      built_commit_sha:
+        description: 'Resolved commit SHA at the version-bump commit after build succeeded'
+        value: ${{ jobs.build.outputs.built_commit_sha }}
+      semantic_version:
+        description: 'package.json version at the built commit'
+        value: ${{ jobs.build.outputs.semantic_version }}
+      android_version_code:
+        description: 'android/app/build.gradle versionCode at the built commit'
+        value: ${{ jobs.build.outputs.android_version_code }}
+  workflow_dispatch:
+    inputs:
+      source_branch:
+        description: 'Branch, tag, or SHA to build'
+        required: true
+        type: string
+        default: 'main'
+      environment:
+        description: 'Build environment / track'
+        required: true
+        type: choice
+        options:
+          - exp
+          - beta
+          - rc
+        default: rc
+      upload_to_sentry:
+        description: 'Upload JS source maps and native debug symbols to Sentry during the build (requires Sentry auth in the build environment)'
+        required: false
+        type: boolean
+        default: false
+      runner_provider:
+        description: Runner provider for this manual trial run
+        required: false
+        type: choice
+        options:
+          - current
+          - namespace
+        default: current
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  # workflow_call inputs cannot use `type: choice` in GitHub Actions, so we enforce
+  # the allowed `environment` values at runtime to prevent other workflows from
+  # invoking this wrapper with arbitrary build tracks.
+  validate-inputs:
+    name: Validate inputs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate environment input
+        env:
+          ENVIRONMENT: ${{ inputs.environment }}
+        run: |
+          case "$ENVIRONMENT" in
+            exp|beta|rc) echo "✅ environment=$ENVIRONMENT is allowed" ;;
+            *) echo "::error::Invalid environment '$ENVIRONMENT'. Must be one of: exp, beta, rc"; exit 1 ;;
+          esac
+
+  prepare-build-branch:
+    needs: [validate-inputs]
+    uses: ./.github/workflows/create-build-branch.yml
+    with:
+      source_branch: ${{ inputs.source_branch }}
+    secrets: inherit
+
+  build:
+    name: Build Android (${{ inputs.environment }})
+    needs: [prepare-build-branch]
+    uses: ./.github/workflows/build.yml
+    with:
+      build_name: main-${{ inputs.environment }}
+      platform: android
+      skip_version_bump: false
+      source_branch: ${{ needs.prepare-build-branch.outputs.build_branch }}
+      upload_to_sentry: ${{ inputs.upload_to_sentry }}
+      runner_provider: ${{ inputs.runner_provider }}
+    secrets: inherit
+
+  cleanup-build-branch:
+    name: Cleanup build branch
+    needs: [prepare-build-branch, build]
+    if: always()
+    runs-on: ${{ inputs.runner_provider == 'namespace' && 'namespace-profile-metamask-ci-linux' || 'ubuntu-latest' }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PR_TOKEN || github.token }}
+      - name: Delete temporary build branch
+        env:
+          BRANCH: ${{ needs.prepare-build-branch.outputs.build_branch }}
+        run: |
+          if [ -n "$BRANCH" ]; then
+            git push origin --delete "$BRANCH" || true
+            echo "🧹 Deleted build branch: $BRANCH"
+          fi