diff --git a/.github/workflows/build-lint.yml b/.github/workflows/build-lint.yml index cafc379f..6e0f75f0 100644 --- a/.github/workflows/build-lint.yml +++ b/.github/workflows/build-lint.yml @@ -1,21 +1,17 @@ name: Build and Lint on: - push: - branches: [main] - pull_request: + workflow_call: jobs: - build-lint: - name: Build and Lint - env: - INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID }} - runs-on: ubuntu-20.04 + prepare: + name: Prepare + runs-on: ubuntu-latest strategy: matrix: - node-version: [18.x, 20.x] + node-version: [18.x, 20.x, 22.x] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Install Corepack via Node uses: actions/setup-node@v4 with: @@ -27,20 +23,74 @@ jobs: with: node-version: ${{ matrix.node-version }} cache: 'yarn' - - run: yarn --immutable - - run: yarn lint + - name: Install dependencies via Yarn + run: yarn --immutable + + build: + name: Build + needs: prepare + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [18.x, 20.x, 22.x] + steps: + - uses: actions/checkout@v4 + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + cache: 'yarn' + - name: Install dependencies via Yarn + run: yarn --immutable --immutable-cache - name: Ensure demo build script works run: yarn demo --all + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi + + lint: + name: Lint + needs: prepare + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [22.x] + steps: + - uses: actions/checkout@v4 + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + cache: 'yarn' + - name: Install dependencies via Yarn + run: yarn --immutable --immutable-cache + - run: yarn lint - name: Validate RC changelog if: ${{ startsWith(github.head_ref, 'release/') }} - run: yarn auto-changelog validate --rc + run: yarn lint:changelog --rc - name: Validate changelog if: ${{ !startsWith(github.head_ref, 'release/') }} - run: yarn auto-changelog validate - all-jobs-pass: - name: All jobs pass - runs-on: ubuntu-20.04 - needs: - - build-lint - steps: - - run: echo "Great success!" + run: yarn lint:changelog + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index e843833d..98234acb 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -8,7 +8,7 @@ on: default: 'main' required: true release-type: - description: 'A SemVer version diff, i.e. major, minor, patch, prerelease etc. Mutually exclusive with "release-version".' + description: 'A SemVer version diff, i.e. major, minor, or patch. Mutually exclusive with "release-version".' required: false release-version: description: 'A specific version to bump to. Mutually exclusive with "release-type".' @@ -21,7 +21,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: # This is to guarantee that the most recent tag is fetched. # This can be configured to a more reasonable value by consumers. @@ -29,22 +29,13 @@ jobs: # We check out the specified branch, which will be used as the base # branch for all git operations and the release PR. ref: ${{ github.event.inputs.base-branch }} - - name: Get Node.js version - id: nvm - run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc) - - uses: actions/setup-node@v2 + - name: Install Node.js + uses: actions/setup-node@v4 with: - node-version: ${{ steps.nvm.outputs.NODE_VERSION }} - - uses: MetaMask/action-create-release-pr@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + node-version-file: '.nvmrc' + - uses: MetaMask/action-create-release-pr@v4 with: release-type: ${{ github.event.inputs.release-type }} release-version: ${{ github.event.inputs.release-version }} - artifacts-path: gh-action__release-authors - # Upload the release author artifact for use in subsequent workflows - - uses: actions/upload-artifact@v2 - with: - name: release-authors - path: gh-action__release-authors - if-no-files-found: error + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..fba80ce1 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,76 @@ +name: Main + +on: + push: + branches: [main] + pull_request: + +jobs: + check-workflows: + name: Check workflows + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Download actionlint + id: download-actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23 + shell: bash + - name: Check workflow files + run: ${{ steps.download-actionlint.outputs.executable }} -color + shell: bash + + build-lint: + name: Build and lint + uses: ./.github/workflows/build-lint.yml + + all-jobs-completed: + name: All jobs completed + runs-on: ubuntu-latest + needs: + - check-workflows + - build-lint + outputs: + PASSED: ${{ steps.set-output.outputs.PASSED }} + steps: + - name: Set PASSED output + id: set-output + run: echo "PASSED=true" >> "$GITHUB_OUTPUT" + + all-jobs-pass: + name: All jobs pass + if: ${{ always() }} + runs-on: ubuntu-latest + needs: all-jobs-completed + steps: + - name: Check that all jobs have passed + run: | + passed="${{ needs.all-jobs-completed.outputs.PASSED }}" + if [[ $passed != "true" ]]; then + exit 1 + fi + + is-release: + # Filtering by `push` events ensures that we only release from the `main` branch, which is a + # requirement for our npm publishing environment. + # The commit author should always be 'github-actions' for releases created by the + # 'create-release-pr' workflow, so we filter by that as well to prevent accidentally + # triggering a release. + if: github.event_name == 'push' && startsWith(github.event.head_commit.author.name, 'github-actions') + needs: all-jobs-pass + outputs: + IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }} + runs-on: ubuntu-latest + steps: + - uses: MetaMask/action-is-release@v1 + id: is-release + + publish-release: + needs: is-release + if: needs.is-release.outputs.IS_RELEASE == 'true' + name: Publish release + permissions: + contents: write + uses: ./.github/workflows/publish-release.yml + secrets: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/publish-gh-pages.yml b/.github/workflows/publish-gh-pages.yml index 854d57fd..b192411c 100644 --- a/.github/workflows/publish-gh-pages.yml +++ b/.github/workflows/publish-gh-pages.yml @@ -10,13 +10,11 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Get Node.js version - id: nvm - run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc) - - uses: actions/setup-node@v2 + - uses: actions/checkout@v4 + - name: Install Corepack via Node + uses: actions/setup-node@v4 with: - node-version: ${{ steps.nvm.outputs.NODE_VERSION }} + node-version-file: '.nvmrc' - name: Install Yarn run: corepack enable - run: yarn --immutable diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 31484ac4..20c91fd2 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -1,29 +1,73 @@ name: Publish Release on: - pull_request: - types: [closed] + workflow_call: + secrets: + NPM_TOKEN: + required: true + SLACK_WEBHOOK_URL: + required: true jobs: publish-release: permissions: contents: write - if: | - github.event.pull_request.merged == true && - startsWith(github.event.pull_request.head.ref, 'release/') runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - with: - # We check out the release pull request's base branch, which will be - # used as the base branch for all git operations. - ref: ${{ github.event.pull_request.base.ref }} - - name: Get Node.js version - id: nvm - run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc) - - uses: actions/setup-node@v2 - with: - node-version: ${{ steps.nvm.outputs.NODE_VERSION }} - - uses: MetaMask/action-publish-release@v1 + - uses: actions/checkout@v4 + with: + ref: ${{ github.sha }} + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - uses: MetaMask/action-publish-release@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + publish-npm-dry-run: + needs: publish-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.sha }} + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Dry Run Publish + # omit npm-token token to perform dry run publish + uses: MetaMask/action-npm-publish@v5 + with: + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + subteam: S042S7RE4AE # @metamask-npm-publishers + env: + SKIP_PREPACK: true + + publish-npm: + needs: publish-npm-dry-run + runs-on: ubuntu-latest + environment: npm-publish + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.sha }} + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Publish + uses: MetaMask/action-npm-publish@v5 + with: + # This `NPM_TOKEN` needs to be manually set per-repository. + # Look in the repository settings under "Environments", and set this token in the `npm-publish` environment. + npm-token: ${{ secrets.NPM_TOKEN }} + env: + SKIP_PREPACK: true diff --git a/.github/workflows/require-additional-reviewer.yml b/.github/workflows/require-additional-reviewer.yml deleted file mode 100644 index 1ea1c062..00000000 --- a/.github/workflows/require-additional-reviewer.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Require Additional Reviewer for Releases - -on: - pull_request: - pull_request_review: - -jobs: - require-additional-reviewer: - permissions: - actions: read - contents: read - pull-requests: read - statuses: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - # If the base branch has been merged into the release branch, we - # need to find the earliest common ancestor commit of the base and - # release branches. - fetch-depth: 0 - # We want the head / feature branch to be checked out, and we will - # compare it to the base branch in the action. - ref: ${{ github.event.pull_request.head.ref }} - - uses: MetaMask/action-require-additional-reviewer@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - read-org-token: ${{ secrets.ORG_READER }} diff --git a/package.json b/package.json index a7139d66..64e144b6 100644 --- a/package.json +++ b/package.json @@ -23,6 +23,7 @@ "demo": "node demo/build.js", "demo:all": "yarn demo --all", "lint": "yarn lint:eslint && yarn lint:misc --check", + "lint:changelog": "auto-changelog validate", "lint:eslint": "eslint . --cache --ext js,ts", "lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write", "lint:misc": "prettier '**/*.json' '**/*.md' '!CHANGELOG.md' '**/*.yml' --ignore-path .gitignore"