MetaMask · LimitedVERSE · Sep 1, 2025 · Sep 1, 2025 · Sep 1, 2025 · Sep 1, 2025
diff --git a/.github/workflows/add-team-label.yml b/.github/workflows/add-team-label.yml
@@ -1,5 +1,4 @@
 name: Add team label
-
 on:
   pull_request:
     types:

diff --git a/.github/workflows/auto-update-pr-targeting-release.yml b/.github/workflows/auto-update-pr-targeting-release.yml
@@ -9,7 +9,7 @@ on:
 jobs:
   auto-update:
     name: Auto-update
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       YARN_ENABLE_IMMUTABLE_INSTALLS: false
       YARN_ENABLE_HARDENED_MODE: false

diff --git a/.github/workflows/automated-rca.yml b/.github/workflows/automated-rca.yml
@@ -1,5 +1,4 @@
 name: Automated RCA
-
 on:
   issues:
     types: [closed]

diff --git a/.github/workflows/benchmark-pr.yml b/.github/workflows/benchmark-pr.yml
@@ -22,7 +22,7 @@ on:
 jobs:
   benchmark-pr:
     name: Run Page Load Benchmarks
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       PR_COMMENT_TOKEN: ${{ secrets.PR_COMMENT_TOKEN }}
       OWNER: ${{ github.repository_owner }}

diff --git a/.github/workflows/build-storybook.yml b/.github/workflows/build-storybook.yml
@@ -9,7 +9,7 @@ on:
 jobs:
   build-storybook:
     name: Build storybook
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       # For a `pull_request` event, the branch is `github.head_ref``.
       # For a `push` event, the branch is `github.ref_name`.

diff --git a/.github/workflows/build-ts-migration-dashboard.yml b/.github/workflows/build-ts-migration-dashboard.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   build-ts-migration-dashboard:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       # For a `pull_request` event, the branch is `github.head_ref``.
       # For a `push` event, the branch is `github.ref_name`.

diff --git a/.github/workflows/changelog-check.yml b/.github/workflows/changelog-check.yml
@@ -1,7 +1,7 @@
 name: Check Changelog
 
 on:
-  pull_request:
+  pull_request: 
     types: [opened, synchronize, labeled, unlabeled]
 
 jobs:

diff --git a/.github/workflows/check-attributions.yml b/.github/workflows/check-attributions.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   check-attributions:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1

diff --git a/.github/workflows/check-pr-labels.yml b/.github/workflows/check-pr-labels.yml
@@ -16,7 +16,7 @@ concurrency:
 
 jobs:
   check-pr-labels:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     permissions:
       pull-requests: read
 

diff --git a/.github/workflows/check-pr-max-lines.yml b/.github/workflows/check-pr-max-lines.yml
@@ -1,5 +1,4 @@
 name: 'Check PR Max Lines'
-
 on:
   pull_request:
     types:

diff --git a/.github/workflows/check-template-and-add-labels.yml b/.github/workflows/check-template-and-add-labels.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   check-template-and-add-labels:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1

diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
@@ -24,7 +24,6 @@ jobs:
         with:
           path-to-signatures: 'cla.json'
           url-to-cladocument: 'https://metamask.io/cla'
-          # This branch can't have protections, commits are made directly to the specified branch.
           branch: 'cla-signatures'
           allowlist: 'dependabot[bot],metamaskbot,crowdin-bot,runway-github[bot]'
           allow-organization-members: true

diff --git a/.github/workflows/close-bug-report.yml b/.github/workflows/close-bug-report.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   close-bug-report:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     if: github.event.pull_request.merged == true && ( startsWith(github.event.pull_request.head.ref, 'Version-v') || startsWith(github.event.pull_request.head.ref, 'release/') )
     steps:
       - name: Checkout and setup environment

diff --git a/.github/workflows/create-bug-report.yml b/.github/workflows/create-bug-report.yml
@@ -1,10 +1,9 @@
 name: Create release bug report issue when release branch gets created
 
 on: create
-
 jobs:
   create-bug-report:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Extract version from branch name if release branch
         id: extract_version

diff --git a/.github/workflows/create-cherry-pick-pr.yml b/.github/workflows/create-cherry-pick-pr.yml
@@ -15,7 +15,7 @@ on:
 
 jobs:
   cherry-pick:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
 
     steps:
       - name: Checkout code

diff --git a/.github/workflows/crowdin-action.yml b/.github/workflows/crowdin-action.yml
@@ -1,4 +1,4 @@
-name: Crowdin Action
+name: Crowdin Action 
 
 on:
   push:
@@ -9,7 +9,7 @@ on:
 
 jobs:
   synchronize-with-crowdin:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/e2e-chrome.yml b/.github/workflows/e2e-chrome.yml
@@ -1,7 +1,7 @@
 # This workflow is meant to better structure the main.yaml one for redability reasons.
 # It is not meant to be a reusable workflow.
 
-name: E2E Chrome
+name: E2E Chrome 
 
 on:
   workflow_call:
@@ -92,7 +92,7 @@ jobs:
   test-e2e-chrome-api-specs-alert-on-failure:
     needs:
       - test-e2e-chrome-api-specs
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     if: ${{ github.event_name == 'pull_request' && vars.AWS_CLOUDFRONT_URL && vars.AWS_REGION && vars.AWS_IAM_ROLE && vars.AWS_S3_BUCKET && failure() }}
     env:
       GITHUB_TOKEN: ${{ secrets.PR_COMMENT_TOKEN }}
@@ -133,7 +133,7 @@ jobs:
   test-e2e-chrome-api-specs-multichain-alert-on-failure:
     needs:
       - test-e2e-chrome-api-specs-multichain
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     if: ${{ github.event_name == 'pull_request' && vars.AWS_CLOUDFRONT_URL && vars.AWS_REGION && vars.AWS_IAM_ROLE && vars.AWS_S3_BUCKET && failure() }}
     env:
       GITHUB_TOKEN: ${{ secrets.PR_COMMENT_TOKEN }}
@@ -172,7 +172,7 @@ jobs:
       - test-e2e-chrome-vault-decryption
       - test-e2e-chrome-api-specs
       - test-e2e-chrome-api-specs-multichain
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     if: ${{ !cancelled() }}
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/e2e-firefox.yml b/.github/workflows/e2e-firefox.yml
@@ -40,7 +40,7 @@ jobs:
     needs:
       - test-e2e-firefox-browserify
       - test-e2e-firefox-flask
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     if: ${{ !cancelled() }}
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/fitness-functions.yml b/.github/workflows/fitness-functions.yml
@@ -9,7 +9,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1

diff --git a/.github/workflows/flaky-test-report.yml b/.github/workflows/flaky-test-report.yml
@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   flaky-test-report:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       OWNER: ${{ github.repository_owner }}
       REPOSITORY: ${{ github.event.repository.name }}

diff --git a/.github/workflows/identify-codeowners.yml b/.github/workflows/identify-codeowners.yml
@@ -14,7 +14,7 @@ concurrency:
 
 jobs:
   identify-codeowners:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1

diff --git a/.github/workflows/jekyll-gh-pages.yml b/.github/workflows/jekyll-gh-pages.yml
@@ -0,0 +1,51 @@
+# Sample workflow for building and deploying a Jekyll site to GitHub Pages
+name: Deploy Jekyll with GitHub Pages dependencies preinstalled
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["QYX20"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+      - name: Build with Jekyll
+        uses: actions/jekyll-build-pages@v1
+        with:
+          source: ./
+          destination: ./_site
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
diff --git a/.github/workflows/locales-only.yml b/.github/workflows/locales-only.yml
@@ -11,7 +11,7 @@ jobs:
   locales-only:
     # For the `pull_request` event, the branch is `github.head_ref``.
     if: ${{ github.head_ref == 'l10n_crowdin_action' }}
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -41,7 +41,7 @@ permissions:
 
 jobs:
   prep-deps:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1
@@ -71,7 +71,7 @@ jobs:
     name: Test circular deps
     needs:
       - prep-deps
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1
@@ -208,7 +208,7 @@ jobs:
   bundle-size:
     needs:
       - build-dist-browserify
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       EXTENSION_BUNDLESIZE_STATS_TOKEN: ${{ secrets.EXTENSION_BUNDLESIZE_STATS_TOKEN }}
       SELENIUM_BROWSER: chrome
@@ -294,7 +294,7 @@ jobs:
     needs:
       - prep-deps
       - build-dist-browserify
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1
@@ -323,7 +323,7 @@ jobs:
     needs:
       - prep-deps
       - build-dist-browserify
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID }}
       GOOGLE_PROD_CLIENT_ID: 00000000000
@@ -398,7 +398,7 @@ jobs:
   # https://github.com/MetaMask/metamask-module-template/pull/151
   all-jobs-completed:
     name: All jobs completed
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs:
       - lint-workflows
       - test-lint
@@ -435,7 +435,7 @@ jobs:
   all-jobs-pass:
     name: All jobs pass
     if: ${{ !cancelled() }}
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     needs:
       - all-jobs-completed
     steps:

diff --git a/.github/workflows/needs-e2e.yml b/.github/workflows/needs-e2e.yml
@@ -9,7 +9,7 @@ on:
 
 jobs:
   needs-e2e:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     outputs:
       needs-e2e: ${{ steps.needs-e2e.outputs.NEEDS_E2E }}
     env:
@@ -43,7 +43,7 @@ jobs:
     if: ${{ needs.needs-e2e.outputs.needs-e2e == 'true' && (github.head_ref || github.ref_name) != 'master' && (github.head_ref || github.ref_name) != 'stable' }}
     needs:
       - needs-e2e
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       OWNER: ${{ github.repository_owner }}