diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml index 697d9064a..ea8355988 100644 --- a/.github/workflows/build-lint-test.yml +++ b/.github/workflows/build-lint-test.yml @@ -29,12 +29,10 @@ jobs: name: Prepare runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' + is-high-risk-environment: false - name: Install Yarn dependencies run: yarn --immutable @@ -56,28 +54,14 @@ jobs: STATIC_API_BASE_URL: ${{ secrets.STATIC_API_BASE_URL }} SECURITY_ALERTS_API_BASE_URL: ${{ secrets.SECURITY_ALERTS_API_BASE_URL }} steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' + is-high-risk-environment: false - run: yarn --immutable --immutable-cache || yarn install - run: | npm rebuild --verbose sharp yarn build - - name: Cache snap build - uses: actions/cache@v3 - with: - path: ./packages/snap/dist - key: snap-${{ runner.os }}-${{ github.sha }} - - name: Require clean working directory - shell: bash - run: | - if ! git diff --exit-code; then - echo "Working tree dirty at end of job" - exit 1 - fi lint: name: Lint @@ -85,12 +69,10 @@ jobs: needs: - prepare steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' + is-high-risk-environment: false - run: yarn --immutable --immutable-cache || yarn install - run: yarn lint - name: Require clean working directory @@ -119,12 +101,10 @@ jobs: STATIC_API_BASE_URL: ${{ secrets.STATIC_API_BASE_URL }} SECURITY_ALERTS_API_BASE_URL: ${{ secrets.SECURITY_ALERTS_API_BASE_URL }} steps: - - uses: actions/checkout@v3 - - name: Use Node.js - uses: actions/setup-node@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' + is-high-risk-environment: false - run: yarn install --immutable - name: Build for tests run: yarn workspace @metamask/solana-wallet-snap build diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 0d9a52cc6..3c0afd533 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -21,18 +21,12 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - # This is to guarantee that the most recent tag is fetched. - # This can be configured to a more reasonable value by consumers. + is-high-risk-environment: false fetch-depth: 0 - # We check out the specified branch, which will be used as the base - # branch for all git operations and the release PR. ref: ${{ github.event.inputs.base-branch }} - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - uses: MetaMask/action-create-release-pr@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -45,11 +39,10 @@ jobs: contents: write needs: create-release-pr steps: - - uses: actions/checkout@v4 - - name: Setup Node.js - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' + is-high-risk-environment: false - name: Update Snap Version id: update-release-pr shell: bash diff --git a/.github/workflows/crowdin.yml b/.github/workflows/crowdin.yml index 9a33b1237..cac19166b 100644 --- a/.github/workflows/crowdin.yml +++ b/.github/workflows/crowdin.yml @@ -15,7 +15,9 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false - name: crowdin action uses: crowdin/github-action@a3160b9e5a9e00739392c23da5e580c6cabe526d diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index b15834b52..f95423b0e 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -8,7 +8,10 @@ jobs: name: Check workflows runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false - name: Download actionlint id: download-actionlint run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23 diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 0cc41a842..50ec48da8 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -33,17 +33,15 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version-file: '.nvmrc' - uses: MetaMask/action-publish-release@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Install + - name: Build run: | yarn install yarn workspace @metamask/solana-wallet-snap build @@ -59,36 +57,31 @@ jobs: TOKEN_API_BASE_URL: ${{ secrets.TOKEN_API_BASE_URL }} STATIC_API_BASE_URL: ${{ secrets.STATIC_API_BASE_URL }} SECURITY_ALERTS_API_BASE_URL: ${{ secrets.SECURITY_ALERTS_API_BASE_URL }} - - uses: actions/cache@v4 - id: restore-build + - name: Upload build artifacts + uses: actions/upload-artifact@v4 with: - # We must cache the `snap.manifest.json` file because it might change - # during the release build due to secrets being injected by the CI. + name: publish-release-artifacts-${{ github.sha }} + include-hidden-files: true + retention-days: 4 path: | - ./packages/*/dist + ./packages/**/dist ./packages/snap/snap.manifest.json ./node_modules/.yarn-state.yml - key: ${{ github.sha }} publish-npm-dry-run: runs-on: ubuntu-latest needs: publish-release steps: - - uses: actions/checkout@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - uses: actions/cache@v4 - id: restore-build + - name: Restore build artifacts + uses: actions/download-artifact@v4 with: - # We must cache the `snap.manifest.json` file because it might change - # during the release build due to secrets being injected by the CI. - path: | - ./packages/*/dist - ./packages/snap/snap.manifest.json - ./node_modules/.yarn-state.yml - key: ${{ github.sha }} + name: publish-release-artifacts-${{ github.sha }} - name: Dry Run Publish - # Omit npm-token token to perform dry-run publish uses: MetaMask/action-npm-publish@v4 with: slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -101,24 +94,18 @@ jobs: runs-on: ubuntu-latest needs: publish-npm-dry-run steps: - - uses: actions/checkout@v3 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - uses: actions/cache@v4 - id: restore-build + - name: Restore build artifacts + uses: actions/download-artifact@v4 with: - # We must cache the `snap.manifest.json` file because it might change - # during the release build due to secrets being injected by the CI. - path: | - ./packages/*/dist - ./packages/snap/snap.manifest.json - ./node_modules/.yarn-state.yml - key: ${{ github.sha }} + name: publish-release-artifacts-${{ github.sha }} - name: Publish uses: MetaMask/action-npm-publish@v2 with: - # This `NPM_TOKEN` needs to be manually set per-repository. - # Look in the repository settings under "Environments", and set this token in the `npm-publish` environment. npm-token: ${{ secrets.NPM_TOKEN }} env: SKIP_PREPACK: true diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 40f18674b..91474b0fe 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -21,8 +21,10 @@ jobs: sonarcloud-scan: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false fetch-depth: 0 - uses: actions/download-artifact@v4 with: