diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml index 3949941..2334065 100644 --- a/.github/workflows/build-lint-test.yml +++ b/.github/workflows/build-lint-test.yml @@ -11,20 +11,12 @@ jobs: matrix: node-version: [18.x, 20.x, 22.x] steps: - - uses: actions/checkout@v4 - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: 'yarn' - - name: Install dependencies via Yarn - run: yarn --immutable + cache-node-modules: ${{ matrix.node-version == '22.x' }} build: name: Build @@ -34,20 +26,11 @@ jobs: matrix: node-version: [22.x] steps: - - uses: actions/checkout@v4 - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: 'yarn' - - name: Install dependencies via Yarn - run: yarn --immutable --immutable-cache - run: yarn build - name: Require clean working directory shell: bash @@ -65,20 +48,11 @@ jobs: matrix: node-version: [22.x] steps: - - uses: actions/checkout@v4 - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: 'yarn' - - name: Install dependencies via Yarn - run: yarn --immutable --immutable-cache - run: yarn lint - name: Validate RC changelog if: ${{ startsWith(github.head_ref, 'release/') }} @@ -102,20 +76,11 @@ jobs: matrix: node-version: [18.x, 20.x, 22.x] steps: - - uses: actions/checkout@v4 - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: 'yarn' - - name: Install dependencies via Yarn - run: yarn --immutable --immutable-cache - run: yarn test - name: Require clean working directory shell: bash @@ -133,18 +98,11 @@ jobs: matrix: node-version: [18.x, 20.x, 22.x] steps: - - uses: actions/checkout@v4 - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - - name: Install Node.js ${{ matrix.node-version }} and restore Yarn cache - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: 'yarn' - name: Install dependencies via Yarn run: rm yarn.lock && YARN_ENABLE_IMMUTABLE_INSTALLS=false yarn - run: yarn test diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 98234ac..5197d08 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -21,18 +21,19 @@ jobs: contents: write pull-requests: write steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - # This is to guarantee that the most recent tag is fetched. - # This can be configured to a more reasonable value by consumers. + is-high-risk-environment: true + + # This is to guarantee that the most recent tag is fetched. This can + # be configured to a more reasonable value by consumers. fetch-depth: 0 + # We check out the specified branch, which will be used as the base # branch for all git operations and the release PR. ref: ${{ github.event.inputs.base-branch }} - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' + - uses: MetaMask/action-create-release-pr@v4 with: release-type: ${{ github.event.inputs.release-type }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8382408..c5698bc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -10,7 +10,10 @@ jobs: name: Check workflows runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 + with: + is-high-risk-environment: false - name: Download actionlint id: download-actionlint run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23 diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index e4249de..5e66e52 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -21,15 +21,10 @@ jobs: - name: Ensure `destination_dir` is not empty if: ${{ inputs.destination_dir == '' }} run: exit 1 - - uses: actions/checkout@v4 - - name: Install Corepack via Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - - name: Install dependencies via Yarn - run: yarn --immutable + is-high-risk-environment: true - name: Run build script run: yarn build:docs - name: Deploy to `${{ inputs.destination_dir }}` directory of `gh-pages` branch diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index c14a472..ce04df5 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -15,15 +15,11 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - uses: MetaMask/action-publish-release@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -43,15 +39,11 @@ jobs: needs: publish-release runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - name: Restore build artifacts uses: actions/download-artifact@v4 with: @@ -70,15 +62,11 @@ jobs: runs-on: ubuntu-latest environment: npm-publish steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - name: Install Corepack via Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - name: Install Yarn - run: corepack enable - name: Restore build artifacts uses: actions/download-artifact@v4 with: