Skip to content

Commit 65a2b28

Browse files
authored
ci: update workflows to use artifacts (#425)
This updates all workflows to use `MetaMask/action-checkout-and-setup` and remove the use of `actions/cache`.
1 parent 45499ff commit 65a2b28

6 files changed

Lines changed: 50 additions & 83 deletions

File tree

.github/workflows/build-lint-test.yml

Lines changed: 12 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -29,12 +29,10 @@ jobs:
2929
name: Prepare
3030
runs-on: ubuntu-latest
3131
steps:
32-
- uses: actions/checkout@v3
33-
- name: Use Node.js
34-
uses: actions/setup-node@v3
32+
- name: Checkout and setup environment
33+
uses: MetaMask/action-checkout-and-setup@v1
3534
with:
36-
node-version-file: '.nvmrc'
37-
cache: 'yarn'
35+
is-high-risk-environment: false
3836
- name: Install Yarn dependencies
3937
run: yarn --immutable
4038

@@ -56,41 +54,25 @@ jobs:
5654
STATIC_API_BASE_URL: ${{ secrets.STATIC_API_BASE_URL }}
5755
SECURITY_ALERTS_API_BASE_URL: ${{ secrets.SECURITY_ALERTS_API_BASE_URL }}
5856
steps:
59-
- uses: actions/checkout@v3
60-
- name: Use Node.js
61-
uses: actions/setup-node@v3
57+
- name: Checkout and setup environment
58+
uses: MetaMask/action-checkout-and-setup@v1
6259
with:
63-
node-version-file: '.nvmrc'
64-
cache: 'yarn'
60+
is-high-risk-environment: false
6561
- run: yarn --immutable --immutable-cache || yarn install
6662
- run: |
6763
npm rebuild --verbose sharp
6864
yarn build
69-
- name: Cache snap build
70-
uses: actions/cache@v3
71-
with:
72-
path: ./packages/snap/dist
73-
key: snap-${{ runner.os }}-${{ github.sha }}
74-
- name: Require clean working directory
75-
shell: bash
76-
run: |
77-
if ! git diff --exit-code; then
78-
echo "Working tree dirty at end of job"
79-
exit 1
80-
fi
8165
8266
lint:
8367
name: Lint
8468
runs-on: ubuntu-latest
8569
needs:
8670
- prepare
8771
steps:
88-
- uses: actions/checkout@v3
89-
- name: Use Node.js
90-
uses: actions/setup-node@v3
72+
- name: Checkout and setup environment
73+
uses: MetaMask/action-checkout-and-setup@v1
9174
with:
92-
node-version-file: '.nvmrc'
93-
cache: 'yarn'
75+
is-high-risk-environment: false
9476
- run: yarn --immutable --immutable-cache || yarn install
9577
- run: yarn lint
9678
- name: Require clean working directory
@@ -119,12 +101,10 @@ jobs:
119101
STATIC_API_BASE_URL: ${{ secrets.STATIC_API_BASE_URL }}
120102
SECURITY_ALERTS_API_BASE_URL: ${{ secrets.SECURITY_ALERTS_API_BASE_URL }}
121103
steps:
122-
- uses: actions/checkout@v3
123-
- name: Use Node.js
124-
uses: actions/setup-node@v3
104+
- name: Checkout and setup environment
105+
uses: MetaMask/action-checkout-and-setup@v1
125106
with:
126-
node-version-file: '.nvmrc'
127-
cache: 'yarn'
107+
is-high-risk-environment: false
128108
- run: yarn install --immutable
129109
- name: Build for tests
130110
run: yarn workspace @metamask/solana-wallet-snap build

.github/workflows/create-release-pr.yml

Lines changed: 6 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -21,18 +21,12 @@ jobs:
2121
contents: write
2222
pull-requests: write
2323
steps:
24-
- uses: actions/checkout@v4
24+
- name: Checkout and setup environment
25+
uses: MetaMask/action-checkout-and-setup@v1
2526
with:
26-
# This is to guarantee that the most recent tag is fetched.
27-
# This can be configured to a more reasonable value by consumers.
27+
is-high-risk-environment: false
2828
fetch-depth: 0
29-
# We check out the specified branch, which will be used as the base
30-
# branch for all git operations and the release PR.
3129
ref: ${{ github.event.inputs.base-branch }}
32-
- name: Setup Node.js
33-
uses: actions/setup-node@v4
34-
with:
35-
node-version-file: '.nvmrc'
3630
- uses: MetaMask/action-create-release-pr@v3
3731
env:
3832
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -45,11 +39,10 @@ jobs:
4539
contents: write
4640
needs: create-release-pr
4741
steps:
48-
- uses: actions/checkout@v4
49-
- name: Setup Node.js
50-
uses: actions/setup-node@v4
42+
- name: Checkout and setup environment
43+
uses: MetaMask/action-checkout-and-setup@v1
5144
with:
52-
node-version-file: '.nvmrc'
45+
is-high-risk-environment: false
5346
- name: Update Snap Version
5447
id: update-release-pr
5548
shell: bash

.github/workflows/crowdin.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@ jobs:
1515

1616
steps:
1717
- name: Checkout
18-
uses: actions/checkout@v4
18+
uses: MetaMask/action-checkout-and-setup@v1
19+
with:
20+
is-high-risk-environment: false
1921

2022
- name: crowdin action
2123
uses: crowdin/github-action@a3160b9e5a9e00739392c23da5e580c6cabe526d

.github/workflows/pr.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,10 @@ jobs:
88
name: Check workflows
99
runs-on: ubuntu-latest
1010
steps:
11-
- uses: actions/checkout@v3
11+
- name: Checkout and setup environment
12+
uses: MetaMask/action-checkout-and-setup@v1
13+
with:
14+
is-high-risk-environment: false
1215
- name: Download actionlint
1316
id: download-actionlint
1417
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23

.github/workflows/publish-release.yml

Lines changed: 22 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -33,17 +33,15 @@ jobs:
3333
contents: write
3434
runs-on: ubuntu-latest
3535
steps:
36-
- uses: actions/checkout@v3
36+
- name: Checkout and setup environment
37+
uses: MetaMask/action-checkout-and-setup@v1
3738
with:
39+
is-high-risk-environment: true
3840
ref: ${{ github.sha }}
39-
- name: Setup Node.js
40-
uses: actions/setup-node@v3
41-
with:
42-
node-version-file: '.nvmrc'
4341
- uses: MetaMask/action-publish-release@v3
4442
env:
4543
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
46-
- name: Install
44+
- name: Build
4745
run: |
4846
yarn install
4947
yarn workspace @metamask/solana-wallet-snap build
@@ -59,36 +57,31 @@ jobs:
5957
TOKEN_API_BASE_URL: ${{ secrets.TOKEN_API_BASE_URL }}
6058
STATIC_API_BASE_URL: ${{ secrets.STATIC_API_BASE_URL }}
6159
SECURITY_ALERTS_API_BASE_URL: ${{ secrets.SECURITY_ALERTS_API_BASE_URL }}
62-
- uses: actions/cache@v4
63-
id: restore-build
60+
- name: Upload build artifacts
61+
uses: actions/upload-artifact@v4
6462
with:
65-
# We must cache the `snap.manifest.json` file because it might change
66-
# during the release build due to secrets being injected by the CI.
63+
name: publish-release-artifacts-${{ github.sha }}
64+
include-hidden-files: true
65+
retention-days: 4
6766
path: |
68-
./packages/*/dist
67+
./packages/**/dist
6968
./packages/snap/snap.manifest.json
7069
./node_modules/.yarn-state.yml
71-
key: ${{ github.sha }}
7270
7371
publish-npm-dry-run:
7472
runs-on: ubuntu-latest
7573
needs: publish-release
7674
steps:
77-
- uses: actions/checkout@v3
75+
- name: Checkout and setup environment
76+
uses: MetaMask/action-checkout-and-setup@v1
7877
with:
78+
is-high-risk-environment: true
7979
ref: ${{ github.sha }}
80-
- uses: actions/cache@v4
81-
id: restore-build
80+
- name: Restore build artifacts
81+
uses: actions/download-artifact@v4
8282
with:
83-
# We must cache the `snap.manifest.json` file because it might change
84-
# during the release build due to secrets being injected by the CI.
85-
path: |
86-
./packages/*/dist
87-
./packages/snap/snap.manifest.json
88-
./node_modules/.yarn-state.yml
89-
key: ${{ github.sha }}
83+
name: publish-release-artifacts-${{ github.sha }}
9084
- name: Dry Run Publish
91-
# Omit npm-token token to perform dry-run publish
9285
uses: MetaMask/action-npm-publish@v4
9386
with:
9487
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -101,24 +94,18 @@ jobs:
10194
runs-on: ubuntu-latest
10295
needs: publish-npm-dry-run
10396
steps:
104-
- uses: actions/checkout@v3
97+
- name: Checkout and setup environment
98+
uses: MetaMask/action-checkout-and-setup@v1
10599
with:
100+
is-high-risk-environment: true
106101
ref: ${{ github.sha }}
107-
- uses: actions/cache@v4
108-
id: restore-build
102+
- name: Restore build artifacts
103+
uses: actions/download-artifact@v4
109104
with:
110-
# We must cache the `snap.manifest.json` file because it might change
111-
# during the release build due to secrets being injected by the CI.
112-
path: |
113-
./packages/*/dist
114-
./packages/snap/snap.manifest.json
115-
./node_modules/.yarn-state.yml
116-
key: ${{ github.sha }}
105+
name: publish-release-artifacts-${{ github.sha }}
117106
- name: Publish
118107
uses: MetaMask/action-npm-publish@v2
119108
with:
120-
# This `NPM_TOKEN` needs to be manually set per-repository.
121-
# Look in the repository settings under "Environments", and set this token in the `npm-publish` environment.
122109
npm-token: ${{ secrets.NPM_TOKEN }}
123110
env:
124111
SKIP_PREPACK: true

.github/workflows/sonarcloud.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,10 @@ jobs:
2121
sonarcloud-scan:
2222
runs-on: ubuntu-latest
2323
steps:
24-
- uses: actions/checkout@v4
24+
- name: Checkout and setup environment
25+
uses: MetaMask/action-checkout-and-setup@v1
2526
with:
27+
is-high-risk-environment: false
2628
fetch-depth: 0
2729
- uses: actions/download-artifact@v4
2830
with:

0 commit comments

Comments
 (0)