From d4c73e7305506c0eaaa71265530d13141b765353 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Mon, 19 Jan 2026 15:36:05 -0800 Subject: [PATCH 01/12] add setup-node-modules --- .github/workflows/push-eas-update.yml | 56 +++++++++--- .github/workflows/setup-node-modules.yml | 112 +++++++++++++++++++++++ 2 files changed, 155 insertions(+), 13 deletions(-) create mode 100644 .github/workflows/setup-node-modules.yml diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index 347701d55276..e6929babf188 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -41,8 +41,22 @@ env: TARGET_CHANNEL: ${{ inputs.channel }} jobs: + setup-dependencies: + name: Setup Dependencies + needs: + - validate-pr + uses: ./.github/workflows/setup-node-modules.yml + with: + ref: ${{ inputs.commit_hash }} + fetch-depth: 0 + upload-artifact: true + artifact-name: node-modules-eas-update + artifact-retention-days: 1 + fingerprint-comparison: name: Compare Expo Fingerprints + needs: + - setup-dependencies runs-on: ubuntu-latest outputs: branch_fingerprint: ${{ steps.branch_fingerprint.outputs.fingerprint }} @@ -67,12 +81,17 @@ jobs: with: node-version: '20' + - name: Download node_modules artifact (PR commit) + uses: actions/download-artifact@v4 + with: + name: node-modules-eas-update + - name: Install dependencies (workflow branch) run: | echo "📦 Installing dependencies for current branch..." - yarn install --immutable + yarn install --immutable --mode=skip-build - - name: Generate fingerprint (workflow branch) + - name: Generate fingerprint (target commit) id: branch_fingerprint run: | echo "🧬 Generating fingerprint for current branch..." @@ -80,11 +99,16 @@ jobs: echo "fingerprint=$FINGERPRINT" >> "$GITHUB_OUTPUT" echo "Target PR fingerprint: $FINGERPRINT" + - name: Download node_modules artifact (base branch) + uses: actions/download-artifact@v4 + with: + name: node-modules-eas-update + - name: Install dependencies (base branch) working-directory: main run: | echo "📦 Installing dependencies for base branch snapshot (${BASE_BRANCH_REF})..." - yarn install --immutable + yarn install --immutable --mode=skip-build - name: Generate fingerprint (base branch) id: main_fingerprint @@ -178,6 +202,7 @@ jobs: - fingerprint-comparison - approval - validate-pr + - setup-dependencies if: > needs.fingerprint-comparison.outputs.fingerprints_equal == 'true' && needs.approval.result == 'success' @@ -240,6 +265,21 @@ jobs: with: node-version: '20' + - name: Download node_modules artifact + uses: actions/download-artifact@v4 + with: + name: node-modules-eas-update + + - name: Verify downloaded artifacts + run: | + echo "✅ Verifying downloaded artifacts..." + if [ ! -d "node_modules" ]; then + echo "❌ node_modules directory not found" + exit 1 + fi + echo "📦 node_modules size: $(du -sh node_modules | cut -f1)" + echo "✅ Artifacts verified" + - name: Determine signing secret name shell: bash env: @@ -286,16 +326,6 @@ jobs: echo "✅ Set secret for key: $key" done - - name: Install dependencies - run: | - echo "📦 Installing dependencies..." - yarn install --immutable - - - name: Setup project - run: | - echo "🔧 Running setup for GitHub CI..." - yarn setup:github-ci - - name: Display configuration run: | TARGET_RUNTIME_VERSION=$(node -p "require('./package.json').version") diff --git a/.github/workflows/setup-node-modules.yml b/.github/workflows/setup-node-modules.yml new file mode 100644 index 000000000000..827e6a0d6557 --- /dev/null +++ b/.github/workflows/setup-node-modules.yml @@ -0,0 +1,112 @@ +# Reusable workflow for setting up node_modules +# This workflow installs dependencies and runs the project setup, then uploads +# the prepared node_modules as an artifact for consumption by other workflows. + +name: Setup Node Modules + +on: + workflow_call: + inputs: + ref: + description: 'Git ref to checkout (e.g., refs/pull/123/head or branch name)' + required: false + type: string + default: '' + fetch-depth: + description: 'Number of commits to fetch (0 for all history)' + required: false + type: number + default: 1 + upload-artifact: + description: 'Whether to upload node_modules as an artifact' + required: false + type: boolean + default: true + artifact-name: + description: 'Name of the artifact to upload' + required: false + type: string + default: 'node-modules' + artifact-retention-days: + description: 'Number of days to retain the artifact' + required: false + type: number + default: 1 + outputs: + cache-hit: + description: 'Whether the node_modules cache was hit' + value: ${{ jobs.setup.outputs.cache-hit }} + cache-key: + description: 'The cache key used for node_modules' + value: ${{ jobs.setup.outputs.cache-key }} + +permissions: + contents: read + +jobs: + setup: + name: Setup Node Modules + runs-on: ubuntu-latest + outputs: + cache-hit: ${{ steps.cache-node-modules.outputs.cache-hit }} + cache-key: ${{ steps.cache-key.outputs.key }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} + fetch-depth: ${{ inputs.fetch-depth }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install dependencies + run: | + echo "📦 Installing dependencies..." + yarn install --immutable + + - name: Setup project + run: | + echo "🔧 Running setup for GitHub CI..." + yarn setup:github-ci + + - name: Verify setup completed + run: | + echo "✅ Verifying setup artifacts..." + # Check that critical setup artifacts exist + if [ ! -d "node_modules" ]; then + echo "❌ node_modules directory not found" + exit 1 + fi + if [ ! -f "app/util/termsOfUse/termsOfUseContent.ts" ]; then + echo "❌ Terms of Use content not generated" + exit 1 + fi + echo "🔍 Checking yarn setup..." + echo " Node version: $(node --version)" + echo " Yarn version: $(yarn --version)" + echo " Corepack version: $(corepack --version)" + echo "✅ Setup verification passed" + + - name: Debug - List .yarn contents + run: | + echo "📂 Contents of .yarn directory:" + ls -la .yarn/ || echo "No .yarn directory" + echo "📊 .yarn size: $(du -sh .yarn 2>/dev/null || echo 'N/A')" + echo "📄 install-state.gz exists: $(test -f .yarn/install-state.gz && echo 'yes' || echo 'no')" + echo "📁 cache dir exists: $(test -d .yarn/cache && echo 'yes' || echo 'no')" + + - name: Upload node_modules artifact + if: inputs.upload-artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact-name }} + path: | + node_modules + app/util/termsOfUse/termsOfUseContent.ts + scripts/inpage-bridge/dist + retention-days: ${{ inputs.artifact-retention-days }} + compression-level: 1 + if-no-files-found: warn From ca9c4e81aa5742b007b1ef82c492bf6e644c8dba Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 11:19:53 -0800 Subject: [PATCH 02/12] ci(workflows): include node version and OS in artifact names to prevent native module issues --- .github/workflows/push-eas-update.yml | 60 ++++++++++++++++++------ .github/workflows/setup-node-modules.yml | 16 ++++++- 2 files changed, 61 insertions(+), 15 deletions(-) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index e6929babf188..3fc20b71ffd1 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -62,6 +62,8 @@ jobs: branch_fingerprint: ${{ steps.branch_fingerprint.outputs.fingerprint }} main_fingerprint: ${{ steps.main_fingerprint.outputs.fingerprint }} fingerprints_equal: ${{ steps.compare.outputs.equal }} + env: + ARTIFACT_NAME: ${{ needs.setup-dependencies.outputs.artifact-name }} steps: - name: Checkout target commit uses: actions/checkout@v4 @@ -81,15 +83,30 @@ jobs: with: node-version: '20' + - name: Validate artifact compatibility + run: | + NODE_VERSION=$(node --version | sed 's/v//') + OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') + EXPECTED_ARTIFACT="node-modules-eas-update-node${NODE_VERSION}-${OS_NAME}" + + echo "🔍 Validating artifact compatibility..." + echo " Expected artifact: $EXPECTED_ARTIFACT" + echo " Actual artifact: ${{ env.ARTIFACT_NAME }}" + + if [ "$EXPECTED_ARTIFACT" != "${{ env.ARTIFACT_NAME }}" ]; then + echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" + echo "❌ The node_modules artifact was built with different Node version or OS" + echo " This could cause issues with native node modules" + echo " Expected: $EXPECTED_ARTIFACT" + echo " Actual: ${{ env.ARTIFACT_NAME }}" + exit 1 + fi + echo "✅ Artifact compatibility validated" + - name: Download node_modules artifact (PR commit) uses: actions/download-artifact@v4 with: - name: node-modules-eas-update - - - name: Install dependencies (workflow branch) - run: | - echo "📦 Installing dependencies for current branch..." - yarn install --immutable --mode=skip-build + name: ${{ env.ARTIFACT_NAME }} - name: Generate fingerprint (target commit) id: branch_fingerprint @@ -102,13 +119,7 @@ jobs: - name: Download node_modules artifact (base branch) uses: actions/download-artifact@v4 with: - name: node-modules-eas-update - - - name: Install dependencies (base branch) - working-directory: main - run: | - echo "📦 Installing dependencies for base branch snapshot (${BASE_BRANCH_REF})..." - yarn install --immutable --mode=skip-build + name: ${{ env.ARTIFACT_NAME }} - name: Generate fingerprint (base branch) id: main_fingerprint @@ -207,6 +218,7 @@ jobs: needs.fingerprint-comparison.outputs.fingerprints_equal == 'true' && needs.approval.result == 'success' env: + ARTIFACT_NAME: ${{ needs.setup-dependencies.outputs.artifact-name }} EXPO_TOKEN: ${{ secrets.EXPO_TOKEN }} EXPO_PROJECT_ID: ${{ secrets.EXPO_PROJECT_ID }} EXPO_CHANNEL: ${{ vars.EXPO_CHANNEL }} @@ -265,10 +277,30 @@ jobs: with: node-version: '20' + - name: Validate artifact compatibility + run: | + NODE_VERSION=$(node --version | sed 's/v//') + OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') + EXPECTED_ARTIFACT="node-modules-eas-update-node${NODE_VERSION}-${OS_NAME}" + + echo "🔍 Validating artifact compatibility..." + echo " Expected artifact: $EXPECTED_ARTIFACT" + echo " Actual artifact: ${{ env.ARTIFACT_NAME }}" + + if [ "$EXPECTED_ARTIFACT" != "${{ env.ARTIFACT_NAME }}" ]; then + echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" + echo "❌ The node_modules artifact was built with different Node version or OS" + echo " This could cause issues with native node modules" + echo " Expected: $EXPECTED_ARTIFACT" + echo " Actual: ${{ env.ARTIFACT_NAME }}" + exit 1 + fi + echo "✅ Artifact compatibility validated" + - name: Download node_modules artifact uses: actions/download-artifact@v4 with: - name: node-modules-eas-update + name: ${{ env.ARTIFACT_NAME }} - name: Verify downloaded artifacts run: | diff --git a/.github/workflows/setup-node-modules.yml b/.github/workflows/setup-node-modules.yml index 827e6a0d6557..35b92b87aa1d 100644 --- a/.github/workflows/setup-node-modules.yml +++ b/.github/workflows/setup-node-modules.yml @@ -39,6 +39,9 @@ on: cache-key: description: 'The cache key used for node_modules' value: ${{ jobs.setup.outputs.cache-key }} + artifact-name: + description: 'The actual artifact name used (includes node version and OS)' + value: ${{ jobs.setup.outputs.artifact-name }} permissions: contents: read @@ -50,6 +53,7 @@ jobs: outputs: cache-hit: ${{ steps.cache-node-modules.outputs.cache-hit }} cache-key: ${{ steps.cache-key.outputs.key }} + artifact-name: ${{ steps.set-artifact-name.outputs.artifact-name }} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -62,6 +66,15 @@ jobs: with: node-version: '20' + - name: Set artifact name with node version and OS + id: set-artifact-name + run: | + NODE_VERSION=$(node --version | sed 's/v//') + OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') + ARTIFACT_NAME="${{ inputs.artifact-name }}-node${NODE_VERSION}-${OS_NAME}" + echo "artifact-name=$ARTIFACT_NAME" >> "$GITHUB_OUTPUT" + echo "📦 Artifact name: $ARTIFACT_NAME" + - name: Install dependencies run: | echo "📦 Installing dependencies..." @@ -102,7 +115,7 @@ jobs: if: inputs.upload-artifact uses: actions/upload-artifact@v4 with: - name: ${{ inputs.artifact-name }} + name: ${{ steps.set-artifact-name.outputs.artifact-name }} path: | node_modules app/util/termsOfUse/termsOfUseContent.ts @@ -110,3 +123,4 @@ jobs: retention-days: ${{ inputs.artifact-retention-days }} compression-level: 1 if-no-files-found: warn + include-hidden-files: true From 00e4d092bf2994c8b807226eaf6eeeba189f2d96 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 11:30:26 -0800 Subject: [PATCH 03/12] include InpageBridgeWeb3.js in setup-node-modules artifact --- .github/workflows/push-eas-update.yml | 17 +++++++++++++++++ .github/workflows/setup-node-modules.yml | 13 +++++-------- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index 3fc20b71ffd1..3fb6fee29bd4 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -108,6 +108,19 @@ jobs: with: name: ${{ env.ARTIFACT_NAME }} + - name: Verify downloaded artifacts + run: | + echo "✅ Verifying downloaded artifacts..." + if [ ! -d "node_modules" ]; then + echo "❌ node_modules directory not found" + exit 1 + fi + if [ ! -f "app/core/InpageBridgeWeb3.js" ]; then + echo "❌ InpageBridgeWeb3.js not found in artifact" + exit 1 + fi + echo "✅ Artifacts verified" + - name: Generate fingerprint (target commit) id: branch_fingerprint run: | @@ -309,6 +322,10 @@ jobs: echo "❌ node_modules directory not found" exit 1 fi + if [ ! -f "app/core/InpageBridgeWeb3.js" ]; then + echo "❌ InpageBridgeWeb3.js not found in artifact" + exit 1 + fi echo "📦 node_modules size: $(du -sh node_modules | cut -f1)" echo "✅ Artifacts verified" diff --git a/.github/workflows/setup-node-modules.yml b/.github/workflows/setup-node-modules.yml index 35b92b87aa1d..4fc69ea1ad01 100644 --- a/.github/workflows/setup-node-modules.yml +++ b/.github/workflows/setup-node-modules.yml @@ -33,12 +33,6 @@ on: type: number default: 1 outputs: - cache-hit: - description: 'Whether the node_modules cache was hit' - value: ${{ jobs.setup.outputs.cache-hit }} - cache-key: - description: 'The cache key used for node_modules' - value: ${{ jobs.setup.outputs.cache-key }} artifact-name: description: 'The actual artifact name used (includes node version and OS)' value: ${{ jobs.setup.outputs.artifact-name }} @@ -51,8 +45,6 @@ jobs: name: Setup Node Modules runs-on: ubuntu-latest outputs: - cache-hit: ${{ steps.cache-node-modules.outputs.cache-hit }} - cache-key: ${{ steps.cache-key.outputs.key }} artifact-name: ${{ steps.set-artifact-name.outputs.artifact-name }} steps: - name: Checkout repository @@ -97,6 +89,10 @@ jobs: echo "❌ Terms of Use content not generated" exit 1 fi + if [ ! -f "app/core/InpageBridgeWeb3.js" ]; then + echo "❌ InpageBridgeWeb3.js not generated" + exit 1 + fi echo "🔍 Checking yarn setup..." echo " Node version: $(node --version)" echo " Yarn version: $(yarn --version)" @@ -119,6 +115,7 @@ jobs: path: | node_modules app/util/termsOfUse/termsOfUseContent.ts + app/core/InpageBridgeWeb3.js scripts/inpage-bridge/dist retention-days: ${{ inputs.artifact-retention-days }} compression-level: 1 From 024b543feb585df67c67c683f0199627b29e9637 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 11:32:32 -0800 Subject: [PATCH 04/12] adding the missing path parameter --- .github/workflows/push-eas-update.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index 3fb6fee29bd4..c5961336f2b3 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -133,6 +133,7 @@ jobs: uses: actions/download-artifact@v4 with: name: ${{ env.ARTIFACT_NAME }} + path: main - name: Generate fingerprint (base branch) id: main_fingerprint From 0cff80c48d9dd4738c39988c925649546bee8d2a Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 12:16:48 -0800 Subject: [PATCH 05/12] Fix artifact download path and restore executable permissions --- .github/workflows/push-eas-update.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index c5961336f2b3..627b950adeee 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -108,6 +108,13 @@ jobs: with: name: ${{ env.ARTIFACT_NAME }} + - name: Restore executable permissions + run: | + echo "🔧 Restoring executable permissions..." + find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + echo "✅ Permissions restored" + - name: Verify downloaded artifacts run: | echo "✅ Verifying downloaded artifacts..." @@ -135,6 +142,14 @@ jobs: name: ${{ env.ARTIFACT_NAME }} path: main + - name: Restore executable permissions (base branch) + working-directory: main + run: | + echo "🔧 Restoring executable permissions..." + find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + echo "✅ Permissions restored" + - name: Generate fingerprint (base branch) id: main_fingerprint working-directory: main @@ -316,6 +331,13 @@ jobs: with: name: ${{ env.ARTIFACT_NAME }} + - name: Restore executable permissions + run: | + echo "🔧 Restoring executable permissions..." + find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + echo "✅ Permissions restored" + - name: Verify downloaded artifacts run: | echo "✅ Verifying downloaded artifacts..." From 018568bb8ff732b8a61ffc06629cb0fb1c420843 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 12:23:54 -0800 Subject: [PATCH 06/12] use separate dependencies for PR and base branch fingerprint comparison --- .github/workflows/push-eas-update.yml | 60 +++++++++++++++++++++------ 1 file changed, 47 insertions(+), 13 deletions(-) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index 627b950adeee..f97ba0c74072 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -42,7 +42,7 @@ env: jobs: setup-dependencies: - name: Setup Dependencies + name: Setup Dependencies (PR) needs: - validate-pr uses: ./.github/workflows/setup-node-modules.yml @@ -50,20 +50,34 @@ jobs: ref: ${{ inputs.commit_hash }} fetch-depth: 0 upload-artifact: true - artifact-name: node-modules-eas-update + artifact-name: node-modules-eas-update-pr + artifact-retention-days: 1 + + setup-dependencies-base: + name: Setup Dependencies (Base) + needs: + - validate-pr + uses: ./.github/workflows/setup-node-modules.yml + with: + ref: ${{ inputs.base_branch }} + fetch-depth: 0 + upload-artifact: true + artifact-name: node-modules-eas-update-base artifact-retention-days: 1 fingerprint-comparison: name: Compare Expo Fingerprints needs: - setup-dependencies + - setup-dependencies-base runs-on: ubuntu-latest outputs: branch_fingerprint: ${{ steps.branch_fingerprint.outputs.fingerprint }} main_fingerprint: ${{ steps.main_fingerprint.outputs.fingerprint }} fingerprints_equal: ${{ steps.compare.outputs.equal }} env: - ARTIFACT_NAME: ${{ needs.setup-dependencies.outputs.artifact-name }} + PR_ARTIFACT_NAME: ${{ needs.setup-dependencies.outputs.artifact-name }} + BASE_ARTIFACT_NAME: ${{ needs.setup-dependencies-base.outputs.artifact-name }} steps: - name: Checkout target commit uses: actions/checkout@v4 @@ -83,30 +97,30 @@ jobs: with: node-version: '20' - - name: Validate artifact compatibility + - name: Validate artifact compatibility (PR commit) run: | NODE_VERSION=$(node --version | sed 's/v//') OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') - EXPECTED_ARTIFACT="node-modules-eas-update-node${NODE_VERSION}-${OS_NAME}" + EXPECTED_ARTIFACT="node-modules-eas-update-pr-node${NODE_VERSION}-${OS_NAME}" - echo "🔍 Validating artifact compatibility..." + echo "🔍 Validating PR artifact compatibility..." echo " Expected artifact: $EXPECTED_ARTIFACT" - echo " Actual artifact: ${{ env.ARTIFACT_NAME }}" + echo " Actual artifact: ${{ env.PR_ARTIFACT_NAME }}" - if [ "$EXPECTED_ARTIFACT" != "${{ env.ARTIFACT_NAME }}" ]; then + if [ "$EXPECTED_ARTIFACT" != "${{ env.PR_ARTIFACT_NAME }}" ]; then echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" echo "❌ The node_modules artifact was built with different Node version or OS" echo " This could cause issues with native node modules" echo " Expected: $EXPECTED_ARTIFACT" - echo " Actual: ${{ env.ARTIFACT_NAME }}" + echo " Actual: ${{ env.PR_ARTIFACT_NAME }}" exit 1 fi - echo "✅ Artifact compatibility validated" + echo "✅ PR artifact compatibility validated" - name: Download node_modules artifact (PR commit) uses: actions/download-artifact@v4 with: - name: ${{ env.ARTIFACT_NAME }} + name: ${{ env.PR_ARTIFACT_NAME }} - name: Restore executable permissions run: | @@ -136,10 +150,30 @@ jobs: echo "fingerprint=$FINGERPRINT" >> "$GITHUB_OUTPUT" echo "Target PR fingerprint: $FINGERPRINT" + - name: Validate artifact compatibility (base branch) + run: | + NODE_VERSION=$(node --version | sed 's/v//') + OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') + EXPECTED_ARTIFACT="node-modules-eas-update-base-node${NODE_VERSION}-${OS_NAME}" + + echo "🔍 Validating base branch artifact compatibility..." + echo " Expected artifact: $EXPECTED_ARTIFACT" + echo " Actual artifact: ${{ env.BASE_ARTIFACT_NAME }}" + + if [ "$EXPECTED_ARTIFACT" != "${{ env.BASE_ARTIFACT_NAME }}" ]; then + echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" + echo "❌ The node_modules artifact was built with different Node version or OS" + echo " This could cause issues with native node modules" + echo " Expected: $EXPECTED_ARTIFACT" + echo " Actual: ${{ env.BASE_ARTIFACT_NAME }}" + exit 1 + fi + echo "✅ Base branch artifact compatibility validated" + - name: Download node_modules artifact (base branch) uses: actions/download-artifact@v4 with: - name: ${{ env.ARTIFACT_NAME }} + name: ${{ env.BASE_ARTIFACT_NAME }} path: main - name: Restore executable permissions (base branch) @@ -310,7 +344,7 @@ jobs: run: | NODE_VERSION=$(node --version | sed 's/v//') OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') - EXPECTED_ARTIFACT="node-modules-eas-update-node${NODE_VERSION}-${OS_NAME}" + EXPECTED_ARTIFACT="node-modules-eas-update-pr-node${NODE_VERSION}-${OS_NAME}" echo "🔍 Validating artifact compatibility..." echo " Expected artifact: $EXPECTED_ARTIFACT" From 4079bbe4fb244d77770fbc4aff6c353fceecd286 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 13:00:52 -0800 Subject: [PATCH 07/12] restore binary permissions in EAS workflow --- .github/workflows/push-eas-update.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index f97ba0c74072..e616b4fb8289 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -127,6 +127,7 @@ jobs: echo "🔧 Restoring executable permissions..." find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true echo "✅ Permissions restored" - name: Verify downloaded artifacts @@ -182,6 +183,7 @@ jobs: echo "🔧 Restoring executable permissions..." find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true echo "✅ Permissions restored" - name: Generate fingerprint (base branch) @@ -370,6 +372,7 @@ jobs: echo "🔧 Restoring executable permissions..." find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true echo "✅ Permissions restored" - name: Verify downloaded artifacts From b367a600154cfb992736e9ef89d54e76566dbc62 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 13:40:50 -0800 Subject: [PATCH 08/12] restore sdk binary permissions in EAS workflow --- .github/workflows/push-eas-update.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index e616b4fb8289..5618090d5ef8 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -128,6 +128,7 @@ jobs: find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true echo "✅ Permissions restored" - name: Verify downloaded artifacts @@ -184,6 +185,7 @@ jobs: find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true echo "✅ Permissions restored" - name: Generate fingerprint (base branch) @@ -373,6 +375,7 @@ jobs: find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true echo "✅ Permissions restored" - name: Verify downloaded artifacts From 121ed17be4ede1383868767f6fb0569399a9d6f9 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 15:01:53 -0800 Subject: [PATCH 09/12] modify base_branch description --- .github/workflows/push-eas-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index 5618090d5ef8..fccffb64d544 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -12,7 +12,7 @@ on: required: true type: string base_branch: - description: 'Base branch ref to compare fingerprints against (e.g., main)' + description: 'Base ref to compare fingerprints against (branch name like "main" or tag name like "release/7.61.6"). If both a branch and tag exist with the same name, use full ref path: "refs/tags/release/7.61.6" or "refs/heads/main"' required: true type: string message: From e06762d0e74442cf36be86bc8e1834bf11d2c53b Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 15:06:35 -0800 Subject: [PATCH 10/12] change base_branch description --- .github/workflows/push-eas-update.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index fccffb64d544..5336301f6165 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -12,7 +12,7 @@ on: required: true type: string base_branch: - description: 'Base ref to compare fingerprints against (branch name like "main" or tag name like "release/7.61.6"). If both a branch and tag exist with the same name, use full ref path: "refs/tags/release/7.61.6" or "refs/heads/main"' + description: 'Base ref to compare fingerprints against (branch name like "main" or tag name like "v7.61.6")' required: true type: string message: From eb4cf3996704259c5fbe15471d0d080318ff2572 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Tue, 20 Jan 2026 15:13:06 -0800 Subject: [PATCH 11/12] fix CI error that include-hidden-files is not is not defined --- .github/workflows/setup-node-modules.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/setup-node-modules.yml b/.github/workflows/setup-node-modules.yml index 4fc69ea1ad01..32dc7f704673 100644 --- a/.github/workflows/setup-node-modules.yml +++ b/.github/workflows/setup-node-modules.yml @@ -109,7 +109,7 @@ jobs: - name: Upload node_modules artifact if: inputs.upload-artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v4.5.0 with: name: ${{ steps.set-artifact-name.outputs.artifact-name }} path: | From ae5bd7cc58a0d47767cc64d0524606bbeb3dfda8 Mon Sep 17 00:00:00 2001 From: Wei Sun Date: Wed, 21 Jan 2026 12:03:41 -0800 Subject: [PATCH 12/12] move repeated actions to usable actions --- .github/CODEOWNERS | 1 + .../action.yml | 22 ++++ .../action.yml | 38 +++++++ .github/workflows/push-eas-update.yml | 100 ++++-------------- 4 files changed, 83 insertions(+), 78 deletions(-) create mode 100644 .github/actions/restore-node-modules-permissions/action.yml create mode 100644 .github/actions/validate-artifact-compatibility/action.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index fa4a6a19e86c..0cafedcfad6a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -44,6 +44,7 @@ app/core/Engine/controllers/remote-feature-flag-controller/ @MetaMask/mobile-pla app/core/DeeplinkManager @MetaMask/mobile-platform scripts/build.sh @MetaMask/mobile-platform fingerprint.config.js @MetaMask/mobile-platform +.github/workflows/push-eas-update.yml @MetaMask/mobile-admins scripts/update-expo-channel.js @MetaMask/mobile-admins certs/certificate.pem @MetaMask/mobile-admins ios/fastlane/ @MetaMask/mobile-admins diff --git a/.github/actions/restore-node-modules-permissions/action.yml b/.github/actions/restore-node-modules-permissions/action.yml new file mode 100644 index 000000000000..beb685da2c7c --- /dev/null +++ b/.github/actions/restore-node-modules-permissions/action.yml @@ -0,0 +1,22 @@ +name: 'Restore Node Modules Executable Permissions' +description: 'Restores executable permissions for node_modules binaries after artifact download' + +inputs: + working-directory: + description: 'Working directory where node_modules is located' + required: false + default: '.' + +runs: + using: 'composite' + steps: + - name: Restore executable permissions + shell: bash + working-directory: ${{ inputs.working-directory }} + run: | + echo "🔧 Restoring executable permissions..." + find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true + find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true + echo "✅ Permissions restored" diff --git a/.github/actions/validate-artifact-compatibility/action.yml b/.github/actions/validate-artifact-compatibility/action.yml new file mode 100644 index 000000000000..5bb8a1d459e8 --- /dev/null +++ b/.github/actions/validate-artifact-compatibility/action.yml @@ -0,0 +1,38 @@ +name: 'Validate Artifact Compatibility' +description: 'Validates that the artifact was built with compatible Node version and OS' + +inputs: + artifact-name: + description: 'The actual artifact name to validate' + required: true + artifact-prefix: + description: 'The expected artifact prefix (e.g., node-modules-eas-update-pr or node-modules-eas-update-base)' + required: true + validation-context: + description: 'Description of what is being validated (e.g., "PR commit", "base branch")' + required: false + default: 'artifact' + +runs: + using: 'composite' + steps: + - name: Validate artifact compatibility + shell: bash + run: | + NODE_VERSION=$(node --version | sed 's/v//') + OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') + EXPECTED_ARTIFACT="${{ inputs.artifact-prefix }}-node${NODE_VERSION}-${OS_NAME}" + + echo "🔍 Validating ${{ inputs.validation-context }} artifact compatibility..." + echo " Expected artifact: $EXPECTED_ARTIFACT" + echo " Actual artifact: ${{ inputs.artifact-name }}" + + if [ "$EXPECTED_ARTIFACT" != "${{ inputs.artifact-name }}" ]; then + echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" + echo "❌ The node_modules artifact was built with different Node version or OS" + echo " This could cause issues with native node modules" + echo " Expected: $EXPECTED_ARTIFACT" + echo " Actual: ${{ inputs.artifact-name }}" + exit 1 + fi + echo "✅ ${{ inputs.validation-context }} artifact compatibility validated" diff --git a/.github/workflows/push-eas-update.yml b/.github/workflows/push-eas-update.yml index 5336301f6165..6d5aa7156730 100644 --- a/.github/workflows/push-eas-update.yml +++ b/.github/workflows/push-eas-update.yml @@ -98,24 +98,11 @@ jobs: node-version: '20' - name: Validate artifact compatibility (PR commit) - run: | - NODE_VERSION=$(node --version | sed 's/v//') - OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') - EXPECTED_ARTIFACT="node-modules-eas-update-pr-node${NODE_VERSION}-${OS_NAME}" - - echo "🔍 Validating PR artifact compatibility..." - echo " Expected artifact: $EXPECTED_ARTIFACT" - echo " Actual artifact: ${{ env.PR_ARTIFACT_NAME }}" - - if [ "$EXPECTED_ARTIFACT" != "${{ env.PR_ARTIFACT_NAME }}" ]; then - echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" - echo "❌ The node_modules artifact was built with different Node version or OS" - echo " This could cause issues with native node modules" - echo " Expected: $EXPECTED_ARTIFACT" - echo " Actual: ${{ env.PR_ARTIFACT_NAME }}" - exit 1 - fi - echo "✅ PR artifact compatibility validated" + uses: ./.github/actions/validate-artifact-compatibility + with: + artifact-name: ${{ env.PR_ARTIFACT_NAME }} + artifact-prefix: node-modules-eas-update-pr + validation-context: PR commit - name: Download node_modules artifact (PR commit) uses: actions/download-artifact@v4 @@ -123,13 +110,7 @@ jobs: name: ${{ env.PR_ARTIFACT_NAME }} - name: Restore executable permissions - run: | - echo "🔧 Restoring executable permissions..." - find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true - find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true - find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true - find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true - echo "✅ Permissions restored" + uses: ./.github/actions/restore-node-modules-permissions - name: Verify downloaded artifacts run: | @@ -153,24 +134,11 @@ jobs: echo "Target PR fingerprint: $FINGERPRINT" - name: Validate artifact compatibility (base branch) - run: | - NODE_VERSION=$(node --version | sed 's/v//') - OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') - EXPECTED_ARTIFACT="node-modules-eas-update-base-node${NODE_VERSION}-${OS_NAME}" - - echo "🔍 Validating base branch artifact compatibility..." - echo " Expected artifact: $EXPECTED_ARTIFACT" - echo " Actual artifact: ${{ env.BASE_ARTIFACT_NAME }}" - - if [ "$EXPECTED_ARTIFACT" != "${{ env.BASE_ARTIFACT_NAME }}" ]; then - echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" - echo "❌ The node_modules artifact was built with different Node version or OS" - echo " This could cause issues with native node modules" - echo " Expected: $EXPECTED_ARTIFACT" - echo " Actual: ${{ env.BASE_ARTIFACT_NAME }}" - exit 1 - fi - echo "✅ Base branch artifact compatibility validated" + uses: ./.github/actions/validate-artifact-compatibility + with: + artifact-name: ${{ env.BASE_ARTIFACT_NAME }} + artifact-prefix: node-modules-eas-update-base + validation-context: base branch - name: Download node_modules artifact (base branch) uses: actions/download-artifact@v4 @@ -179,14 +147,9 @@ jobs: path: main - name: Restore executable permissions (base branch) - working-directory: main - run: | - echo "🔧 Restoring executable permissions..." - find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true - find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true - find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true - find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true - echo "✅ Permissions restored" + uses: ./.github/actions/restore-node-modules-permissions + with: + working-directory: main - name: Generate fingerprint (base branch) id: main_fingerprint @@ -265,10 +228,10 @@ jobs: if: ${{ needs.fingerprint-comparison.outputs.fingerprints_equal == 'true' }} runs-on: ubuntu-latest steps: - - name: Await approval from mobile platform team + - name: Await approval from mobile release team uses: op5dev/require-team-approval@dfd7b8b9a88bf82a955c103f7e19642b0411aecd with: - team: mobile-platform + team: release-team pr-number: ${{ needs.validate-pr.outputs.pr_number }} token: ${{ secrets.METAMASK_MOBILE_ORG_READ_TOKEN }} @@ -345,24 +308,11 @@ jobs: node-version: '20' - name: Validate artifact compatibility - run: | - NODE_VERSION=$(node --version | sed 's/v//') - OS_NAME=$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]') - EXPECTED_ARTIFACT="node-modules-eas-update-pr-node${NODE_VERSION}-${OS_NAME}" - - echo "🔍 Validating artifact compatibility..." - echo " Expected artifact: $EXPECTED_ARTIFACT" - echo " Actual artifact: ${{ env.ARTIFACT_NAME }}" - - if [ "$EXPECTED_ARTIFACT" != "${{ env.ARTIFACT_NAME }}" ]; then - echo "::error title=Artifact Incompatibility::Node version or OS mismatch detected!" - echo "❌ The node_modules artifact was built with different Node version or OS" - echo " This could cause issues with native node modules" - echo " Expected: $EXPECTED_ARTIFACT" - echo " Actual: ${{ env.ARTIFACT_NAME }}" - exit 1 - fi - echo "✅ Artifact compatibility validated" + uses: ./.github/actions/validate-artifact-compatibility + with: + artifact-name: ${{ env.ARTIFACT_NAME }} + artifact-prefix: node-modules-eas-update-pr + validation-context: artifact - name: Download node_modules artifact uses: actions/download-artifact@v4 @@ -370,13 +320,7 @@ jobs: name: ${{ env.ARTIFACT_NAME }} - name: Restore executable permissions - run: | - echo "🔧 Restoring executable permissions..." - find node_modules/.bin -type f -exec chmod +x {} \; 2>/dev/null || true - find node_modules -type f -name "*.node" -exec chmod +x {} \; 2>/dev/null || true - find node_modules -path "*/bin/*" -type f -exec chmod +x {} \; 2>/dev/null || true - find node_modules -path "*/sdks/*" -type f -exec chmod +x {} \; 2>/dev/null || true - echo "✅ Permissions restored" + uses: ./.github/actions/restore-node-modules-permissions - name: Verify downloaded artifacts run: |