Skip to content

Update workflows to use MetaMask/action-checkout-and-setup #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Mrtenz merged 2 commits into from
Mar 31, 2025
Merged

Update workflows to use MetaMask/action-checkout-and-setup #170

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
da32259
Update workflows to use `MetaMask/action-checkout-and-setup`
Mrtenz Mar 31, 2025
a15226f
Update .github/workflows/publish-release.yml
Mrtenz Mar 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 16 additions & 58 deletions .github/workflows/build-lint-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,12 @@ jobs:
matrix:
node-version: [18.x, 20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install dependencies via Yarn
run: yarn --immutable
cache-node-modules: ${{ matrix.node-version == '22.x' }}

build:
name: Build
Expand All @@ -34,20 +26,11 @@ jobs:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install dependencies via Yarn
run: yarn --immutable --immutable-cache
- run: yarn build
- name: Require clean working directory
shell: bash
Expand All @@ -65,20 +48,11 @@ jobs:
matrix:
node-version: [22.x]
steps:
- uses: actions/checkout@v4
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install dependencies via Yarn
run: yarn --immutable --immutable-cache
- run: yarn lint
- name: Validate RC changelog
if: ${{ startsWith(github.head_ref, 'release/') }}
Expand All @@ -102,20 +76,11 @@ jobs:
matrix:
node-version: [18.x, 20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install dependencies via Yarn
run: yarn --immutable --immutable-cache
- run: yarn test
- name: Require clean working directory
shell: bash
Expand All @@ -133,18 +98,11 @@ jobs:
matrix:
node-version: [18.x, 20.x, 22.x]
steps:
- uses: actions/checkout@v4
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install dependencies via Yarn
run: rm yarn.lock && YARN_ENABLE_IMMUTABLE_INSTALLS=false yarn
- run: yarn test
Expand Down
17 changes: 9 additions & 8 deletions .github/workflows/create-release-pr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,20 @@ jobs:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
# This is to guarantee that the most recent tag is fetched.
# This can be configured to a more reasonable value by consumers.
is-high-risk-environment: true

# This is to guarantee that the most recent tag is fetched. This can
# be configured to a more reasonable value by consumers.
fetch-depth: 0

# We check out the specified branch, which will be used as the base
# branch for all git operations and the release PR.
ref: ${{ github.event.inputs.base-branch }}
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- uses: MetaMask/action-create-release-pr@v3

- uses: MetaMask/action-create-release-pr@v4
with:
release-type: ${{ github.event.inputs.release-type }}
release-version: ${{ github.event.inputs.release-version }}
Expand Down
18 changes: 17 additions & 1 deletion .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@ jobs:
name: Check workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: false
- name: Download actionlint
id: download-actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23
Expand All @@ -19,6 +22,18 @@ jobs:
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash

analyse-code:
name: Code scanner
needs: check-workflows
uses: ./.github/workflows/security-code-scanner.yml
permissions:
actions: read
contents: read
security-events: write
secrets:
SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}

build-lint-test:
name: Build, lint, and test
uses: ./.github/workflows/build-lint-test.yml
Expand All @@ -28,6 +43,7 @@ jobs:
runs-on: ubuntu-latest
needs:
- check-workflows
- analyse-code
- build-lint-test
outputs:
PASSED: ${{ steps.set-output.outputs.PASSED }}
Expand Down
16 changes: 3 additions & 13 deletions .github/workflows/publish-docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,20 +21,10 @@ jobs:
- name: Ensure `destination_dir` is not empty
if: ${{ inputs.destination_dir == '' }}
run: exit 1
- uses: actions/checkout@v4
- name: Install Corepack via Node
uses: actions/setup-node@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
- name: Install dependencies via Yarn
run: yarn --immutable
is-high-risk-environment: true
- name: Run build script
run: yarn build:docs
- name: Deploy to `${{ inputs.destination_dir }}` directory of `gh-pages` branch
Expand Down
76 changes: 23 additions & 53 deletions .github/workflows/publish-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,66 +9,47 @@ on:
required: true
PUBLISH_DOCS_TOKEN:
required: true

jobs:
publish-release:
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: true
ref: ${{ github.sha }}
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
- uses: MetaMask/action-publish-release@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/cache@v3
- run: yarn build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: publish-release-artifacts-${{ github.sha }}
retention-days: 4
include-hidden-files: true
path: |
./dist
./node_modules/.yarn-state.yml
key: ${{ github.sha }}
- run: yarn --immutable
- run: yarn build

publish-npm-dry-run:
needs: publish-release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: true
ref: ${{ github.sha }}
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
- uses: actions/cache@v3
- name: Restore build artifacts
uses: actions/download-artifact@v4
with:
path: |
./dist
./node_modules/.yarn-state.yml
key: ${{ github.sha }}
name: publish-release-artifacts-${{ github.sha }}
- name: Dry Run Publish
# omit npm-token token to perform dry run publish
uses: MetaMask/action-npm-publish@v4
uses: MetaMask/action-npm-publish@v5
with:
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
subteam: S042S7RE4AE # @metamask-npm-publishers
Expand All @@ -80,28 +61,17 @@ jobs:
runs-on: ubuntu-latest
environment: npm-publish
steps:
- uses: actions/checkout@v4
- name: Checkout and setup environment
uses: MetaMask/action-checkout-and-setup@v1
with:
is-high-risk-environment: true
ref: ${{ github.sha }}
- name: Install Corepack via Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install Yarn
run: corepack enable
- name: Restore Yarn cache
uses: actions/setup-node@v4
- name: Restore build artifacts
uses: actions/download-artifact@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
- uses: actions/cache@v3
with:
path: |
./dist
./node_modules/.yarn-state.yml
key: ${{ github.sha }}
name: publish-release-artifacts-${{ github.sha }}
- name: Publish
uses: MetaMask/action-npm-publish@v2
uses: MetaMask/action-npm-publish@v5
with:
# This `NPM_TOKEN` needs to be manually set per-repository.
# Look in the repository settings under "Environments", and set this token in the `npm-publish` environment.
Expand Down
15 changes: 8 additions & 7 deletions .github/workflows/security-code-scanner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,24 @@
name: MetaMask Security Code Scanner

on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_call:
secrets:
SECURITY_SCAN_METRICS_TOKEN:
required: false
APPSEC_BOT_SLACK_WEBHOOK:
required: false
workflow_dispatch:

jobs:
run-security-scan:
name: Run security scan
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: MetaMask Security Code Scanner
- name: Analyse code
uses: MetaMask/action-security-code-scanner@v1
with:
repo: ${{ github.repository }}
Expand Down
Loading