From 23bccc965b57696444d3ed2ec206c08e22a57ba9 Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Wed, 12 Feb 2025 13:13:14 -0330 Subject: [PATCH 1/3] chore: Update workflows and automate releases The GitHub Action workflows have been updated based on the module template. The changes made from the template are: * There are no tests, so the test step from "build-lint-test" was removed. * The "build" step is now run on three Node.js versions rathern than just one. In the template we rely more on tests for compatibility, but that won't work with no tests of course. * The "build" step builds the demo, not the package. There is no build step for the package, it's not in TypeScript (yet). * The API doc publishing was removed (this repo uses the `gh-pages` branch for the demo). * The changelog doesn't use Prettier formatting yet (this requires more lint tooling/config updates). The changes made from the previous workflows in this repository are: * Automated npm publishing * Removed "require additional reviewer" workflow (we've stopped using this) * Additional workflow linting * Updated vertions of various actions * Update base image to `ubuntu-latest` * Add Node.js v22.x to the test matrix * Add checks for a dirty working tree Additionally, the "publish-gh-pages" workflow was updated to use the same "checkout, install Node.js, and install dependencies" steps as elsewhere. This workflow has no analog in the module template. --- .github/workflows/build-lint.yml | 92 ++++++++++++++---- .github/workflows/create-release-pr.yml | 25 ++--- .github/workflows/main.yml | 76 +++++++++++++++ .github/workflows/publish-gh-pages.yml | 10 +- .github/workflows/publish-release.yml | 97 +++++++++++++++---- .../workflows/require-additional-reviewer.yml | 29 ------ package.json | 1 + 7 files changed, 240 insertions(+), 90 deletions(-) create mode 100644 .github/workflows/main.yml delete mode 100644 .github/workflows/require-additional-reviewer.yml diff --git a/.github/workflows/build-lint.yml b/.github/workflows/build-lint.yml index cafc379f..6e0f75f0 100644 --- a/.github/workflows/build-lint.yml +++ b/.github/workflows/build-lint.yml @@ -1,21 +1,17 @@ name: Build and Lint on: - push: - branches: [main] - pull_request: + workflow_call: jobs: - build-lint: - name: Build and Lint - env: - INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID }} - runs-on: ubuntu-20.04 + prepare: + name: Prepare + runs-on: ubuntu-latest strategy: matrix: - node-version: [18.x, 20.x] + node-version: [18.x, 20.x, 22.x] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Install Corepack via Node uses: actions/setup-node@v4 with: @@ -27,20 +23,74 @@ jobs: with: node-version: ${{ matrix.node-version }} cache: 'yarn' - - run: yarn --immutable - - run: yarn lint + - name: Install dependencies via Yarn + run: yarn --immutable + + build: + name: Build + needs: prepare + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [18.x, 20.x, 22.x] + steps: + - uses: actions/checkout@v4 + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + cache: 'yarn' + - name: Install dependencies via Yarn + run: yarn --immutable --immutable-cache - name: Ensure demo build script works run: yarn demo --all + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi + + lint: + name: Lint + needs: prepare + runs-on: ubuntu-latest + strategy: + matrix: + node-version: [22.x] + steps: + - uses: actions/checkout@v4 + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache + uses: actions/setup-node@v4 + with: + node-version: ${{ matrix.node-version }} + cache: 'yarn' + - name: Install dependencies via Yarn + run: yarn --immutable --immutable-cache + - run: yarn lint - name: Validate RC changelog if: ${{ startsWith(github.head_ref, 'release/') }} - run: yarn auto-changelog validate --rc + run: yarn lint:changelog --rc - name: Validate changelog if: ${{ !startsWith(github.head_ref, 'release/') }} - run: yarn auto-changelog validate - all-jobs-pass: - name: All jobs pass - runs-on: ubuntu-20.04 - needs: - - build-lint - steps: - - run: echo "Great success!" + run: yarn lint:changelog + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index e843833d..98234acb 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -8,7 +8,7 @@ on: default: 'main' required: true release-type: - description: 'A SemVer version diff, i.e. major, minor, patch, prerelease etc. Mutually exclusive with "release-version".' + description: 'A SemVer version diff, i.e. major, minor, or patch. Mutually exclusive with "release-version".' required: false release-version: description: 'A specific version to bump to. Mutually exclusive with "release-type".' @@ -21,7 +21,7 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: # This is to guarantee that the most recent tag is fetched. # This can be configured to a more reasonable value by consumers. @@ -29,22 +29,13 @@ jobs: # We check out the specified branch, which will be used as the base # branch for all git operations and the release PR. ref: ${{ github.event.inputs.base-branch }} - - name: Get Node.js version - id: nvm - run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc) - - uses: actions/setup-node@v2 + - name: Install Node.js + uses: actions/setup-node@v4 with: - node-version: ${{ steps.nvm.outputs.NODE_VERSION }} - - uses: MetaMask/action-create-release-pr@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + node-version-file: '.nvmrc' + - uses: MetaMask/action-create-release-pr@v4 with: release-type: ${{ github.event.inputs.release-type }} release-version: ${{ github.event.inputs.release-version }} - artifacts-path: gh-action__release-authors - # Upload the release author artifact for use in subsequent workflows - - uses: actions/upload-artifact@v2 - with: - name: release-authors - path: gh-action__release-authors - if-no-files-found: error + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..fba80ce1 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,76 @@ +name: Main + +on: + push: + branches: [main] + pull_request: + +jobs: + check-workflows: + name: Check workflows + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Download actionlint + id: download-actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23 + shell: bash + - name: Check workflow files + run: ${{ steps.download-actionlint.outputs.executable }} -color + shell: bash + + build-lint: + name: Build and lint + uses: ./.github/workflows/build-lint.yml + + all-jobs-completed: + name: All jobs completed + runs-on: ubuntu-latest + needs: + - check-workflows + - build-lint + outputs: + PASSED: ${{ steps.set-output.outputs.PASSED }} + steps: + - name: Set PASSED output + id: set-output + run: echo "PASSED=true" >> "$GITHUB_OUTPUT" + + all-jobs-pass: + name: All jobs pass + if: ${{ always() }} + runs-on: ubuntu-latest + needs: all-jobs-completed + steps: + - name: Check that all jobs have passed + run: | + passed="${{ needs.all-jobs-completed.outputs.PASSED }}" + if [[ $passed != "true" ]]; then + exit 1 + fi + + is-release: + # Filtering by `push` events ensures that we only release from the `main` branch, which is a + # requirement for our npm publishing environment. + # The commit author should always be 'github-actions' for releases created by the + # 'create-release-pr' workflow, so we filter by that as well to prevent accidentally + # triggering a release. + if: github.event_name == 'push' && startsWith(github.event.head_commit.author.name, 'github-actions') + needs: all-jobs-pass + outputs: + IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }} + runs-on: ubuntu-latest + steps: + - uses: MetaMask/action-is-release@v1 + id: is-release + + publish-release: + needs: is-release + if: needs.is-release.outputs.IS_RELEASE == 'true' + name: Publish release + permissions: + contents: write + uses: ./.github/workflows/publish-release.yml + secrets: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/publish-gh-pages.yml b/.github/workflows/publish-gh-pages.yml index 854d57fd..b192411c 100644 --- a/.github/workflows/publish-gh-pages.yml +++ b/.github/workflows/publish-gh-pages.yml @@ -10,13 +10,11 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Get Node.js version - id: nvm - run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc) - - uses: actions/setup-node@v2 + - uses: actions/checkout@v4 + - name: Install Corepack via Node + uses: actions/setup-node@v4 with: - node-version: ${{ steps.nvm.outputs.NODE_VERSION }} + node-version-file: '.nvmrc' - name: Install Yarn run: corepack enable - run: yarn --immutable diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 31484ac4..b3b41657 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -1,29 +1,92 @@ name: Publish Release on: - pull_request: - types: [closed] + workflow_call: + secrets: + NPM_TOKEN: + required: true + SLACK_WEBHOOK_URL: + required: true jobs: publish-release: permissions: contents: write - if: | - github.event.pull_request.merged == true && - startsWith(github.event.pull_request.head.ref, 'release/') runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - with: - # We check out the release pull request's base branch, which will be - # used as the base branch for all git operations. - ref: ${{ github.event.pull_request.base.ref }} - - name: Get Node.js version - id: nvm - run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc) - - uses: actions/setup-node@v2 - with: - node-version: ${{ steps.nvm.outputs.NODE_VERSION }} - - uses: MetaMask/action-publish-release@v1 + - uses: actions/checkout@v4 + with: + ref: ${{ github.sha }} + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - uses: MetaMask/action-publish-release@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - run: yarn --immutable + - run: yarn build + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: publish-release-artifacts-${{ github.sha }} + retention-days: 4 + include-hidden-files: true + path: | + ./dist + ./node_modules/.yarn-state.yml + + publish-npm-dry-run: + needs: publish-release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.sha }} + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Restore build artifacts + uses: actions/download-artifact@v4 + with: + name: publish-release-artifacts-${{ github.sha }} + - name: Dry Run Publish + # omit npm-token token to perform dry run publish + uses: MetaMask/action-npm-publish@v4 + with: + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + subteam: S042S7RE4AE # @metamask-npm-publishers + env: + SKIP_PREPACK: true + + publish-npm: + needs: publish-npm-dry-run + runs-on: ubuntu-latest + environment: npm-publish + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.sha }} + - name: Install Corepack via Node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + - name: Install Yarn + run: corepack enable + - name: Restore build artifacts + uses: actions/download-artifact@v4 + with: + name: publish-release-artifacts-${{ github.sha }} + - name: Publish + uses: MetaMask/action-npm-publish@v2 + with: + # This `NPM_TOKEN` needs to be manually set per-repository. + # Look in the repository settings under "Environments", and set this token in the `npm-publish` environment. + npm-token: ${{ secrets.NPM_TOKEN }} + env: + SKIP_PREPACK: true diff --git a/.github/workflows/require-additional-reviewer.yml b/.github/workflows/require-additional-reviewer.yml deleted file mode 100644 index 1ea1c062..00000000 --- a/.github/workflows/require-additional-reviewer.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: Require Additional Reviewer for Releases - -on: - pull_request: - pull_request_review: - -jobs: - require-additional-reviewer: - permissions: - actions: read - contents: read - pull-requests: read - statuses: write - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - # If the base branch has been merged into the release branch, we - # need to find the earliest common ancestor commit of the base and - # release branches. - fetch-depth: 0 - # We want the head / feature branch to be checked out, and we will - # compare it to the base branch in the action. - ref: ${{ github.event.pull_request.head.ref }} - - uses: MetaMask/action-require-additional-reviewer@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - read-org-token: ${{ secrets.ORG_READER }} diff --git a/package.json b/package.json index a7139d66..64e144b6 100644 --- a/package.json +++ b/package.json @@ -23,6 +23,7 @@ "demo": "node demo/build.js", "demo:all": "yarn demo --all", "lint": "yarn lint:eslint && yarn lint:misc --check", + "lint:changelog": "auto-changelog validate", "lint:eslint": "eslint . --cache --ext js,ts", "lint:fix": "yarn lint:eslint --fix && yarn lint:misc --write", "lint:misc": "prettier '**/*.json' '**/*.md' '!CHANGELOG.md' '**/*.yml' --ignore-path .gitignore" From d615e1cc67edb654482a3e77293704abf9d7c51b Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Wed, 12 Feb 2025 16:49:34 -0330 Subject: [PATCH 2/3] Remove non-existent build step and build artifacts from publishing workflow --- .github/workflows/publish-release.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index b3b41657..c477d6cf 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -26,17 +26,6 @@ jobs: - uses: MetaMask/action-publish-release@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - run: yarn --immutable - - run: yarn build - - name: Upload build artifacts - uses: actions/upload-artifact@v4 - with: - name: publish-release-artifacts-${{ github.sha }} - retention-days: 4 - include-hidden-files: true - path: | - ./dist - ./node_modules/.yarn-state.yml publish-npm-dry-run: needs: publish-release @@ -51,10 +40,6 @@ jobs: node-version-file: '.nvmrc' - name: Install Yarn run: corepack enable - - name: Restore build artifacts - uses: actions/download-artifact@v4 - with: - name: publish-release-artifacts-${{ github.sha }} - name: Dry Run Publish # omit npm-token token to perform dry run publish uses: MetaMask/action-npm-publish@v4 @@ -78,10 +63,6 @@ jobs: node-version-file: '.nvmrc' - name: Install Yarn run: corepack enable - - name: Restore build artifacts - uses: actions/download-artifact@v4 - with: - name: publish-release-artifacts-${{ github.sha }} - name: Publish uses: MetaMask/action-npm-publish@v2 with: From be8ba9c173c4f5f907644a64c216c4cac2569aa0 Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Wed, 12 Feb 2025 18:15:55 -0330 Subject: [PATCH 3/3] Update to latest version of npm publish action Co-authored-by: Elliot Winkler --- .github/workflows/publish-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index c477d6cf..20c91fd2 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -42,7 +42,7 @@ jobs: run: corepack enable - name: Dry Run Publish # omit npm-token token to perform dry run publish - uses: MetaMask/action-npm-publish@v4 + uses: MetaMask/action-npm-publish@v5 with: slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} subteam: S042S7RE4AE # @metamask-npm-publishers @@ -64,7 +64,7 @@ jobs: - name: Install Yarn run: corepack enable - name: Publish - uses: MetaMask/action-npm-publish@v2 + uses: MetaMask/action-npm-publish@v5 with: # This `NPM_TOKEN` needs to be manually set per-repository. # Look in the repository settings under "Environments", and set this token in the `npm-publish` environment.