diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml index dee9bdb81f..0e8f3ddde2 100644 --- a/.github/workflows/build-lint-test.yml +++ b/.github/workflows/build-lint-test.yml @@ -17,25 +17,25 @@ jobs: strategy: fail-fast: false matrix: - node-version: [18.x, 20.x] + node-version: [18.x, 20.x, 22.x] steps: - - uses: actions/checkout@v4 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: yarn - - run: yarn --immutable - - name: Cache "@metamask/snaps-execution-environments" build + cache-node-modules: ${{ matrix.node-version == '20.x' }} + - name: Prepare "@metamask/snaps-execution-environments" build + run: yarn workspace @metamask/snaps-execution-environments run build:lavamoat + - name: Save "@metamask/snaps-execution-environments" build id: cache-snaps-execution-environments-build - uses: actions/cache@v4 + uses: actions/upload-artifact@v4 with: + name: snaps-execution-environments-build-${{ runner.os }}-${{ matrix.node-version }}-${{ github.sha }} + retention-days: 1 path: | + .nvmrc packages/snaps-execution-environments/dist/browserify - key: snaps-execution-environments-build-${{ runner.os }}-${{ matrix.node-version }}-${{ github.sha }} - - name: Prepare "@metamask/snaps-execution-environments" build - if: steps.cache-snaps-execution-environments-build.outputs.cache-hit != 'true' - run: yarn workspace @metamask/snaps-execution-environments run build:lavamoat - name: Fetch workspace package names id: workspace-package-names run: | @@ -51,21 +51,20 @@ jobs: runs-on: ubuntu-latest needs: prepare steps: - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable --immutable-cache + is-high-risk-environment: false - name: Build run: yarn build:ci - - name: Cache build files - uses: actions/cache@v4 + - name: Save build files + uses: actions/upload-artifact@v4 with: + name: build-source-${{ runner.os }}-${{ github.sha }} + retention-days: 1 path: | + .nvmrc packages/*/dist - key: build-source-${{ runner.os }}-${{ github.sha }} - name: Require clean working directory shell: bash run: | @@ -79,20 +78,14 @@ jobs: runs-on: ubuntu-latest needs: prepare steps: - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable --immutable-cache + is-high-risk-environment: false - name: Restore "@metamask/snaps-execution-environments" build - uses: actions/cache@v4 + uses: actions/download-artifact@v4 with: - path: | - packages/snaps-execution-environments/dist/browserify - key: snaps-execution-environments-build-${{ runner.os }}-18.x-${{ github.sha }} - fail-on-cache-miss: true + name: snaps-execution-environments-build-${{ runner.os }}-22.x-${{ github.sha }} - name: Cache Webpack vendor id: cache-webpack-vendor uses: actions/cache@v4 @@ -105,13 +98,6 @@ jobs: run: yarn workspace @metamask/snaps-simulator run build:vendor - name: Build run: yarn workspace @metamask/snaps-simulator run build:webpack - - name: Cache "@metamask/snaps-simulator" build - id: cache-e2e-simulator-build - uses: actions/cache@v4 - with: - path: | - packages/snaps-simulator/dist/webpack - key: e2e-simulator-build-${{ runner.os }}-${{ github.sha }} - name: Require clean working directory shell: bash run: | @@ -125,13 +111,10 @@ jobs: runs-on: ubuntu-latest needs: prepare steps: - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable --immutable-cache + is-high-risk-environment: false - name: Build run: yarn workspace @metamask/test-snaps run build - name: Require clean working directory @@ -147,13 +130,10 @@ jobs: runs-on: ubuntu-latest needs: prepare steps: - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable --immutable-cache + is-high-risk-environment: false - name: Generate LavaMoat policy run: yarn workspace @metamask/snaps-execution-environments build:lavamoat:policy - name: Require clean working directory @@ -169,13 +149,10 @@ jobs: runs-on: ubuntu-latest needs: prepare steps: - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable --immutable-cache + is-high-risk-environment: false - name: Lint run: yarn lint - name: Require clean working directory @@ -195,47 +172,39 @@ jobs: strategy: fail-fast: false matrix: - node-version: [18.x, 20.x] + node-version: [18.x, 20.x, 22.x] package-name: ${{ fromJson(needs.prepare.outputs.test-workspace-package-names) }} steps: - - uses: actions/checkout@v4 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: yarn - name: Restore "@metamask/snaps-execution-environments" build - uses: actions/cache@v4 + uses: actions/download-artifact@v4 with: - path: | - packages/snaps-execution-environments/dist/browserify - key: snaps-execution-environments-build-${{ runner.os }}-${{ matrix.node-version }}-${{ github.sha }} - fail-on-cache-miss: true + name: snaps-execution-environments-build-${{ runner.os }}-${{ matrix.node-version }}-${{ github.sha }} - name: Restore build files - uses: actions/cache@v4 + uses: actions/download-artifact@v4 with: - path: | - packages/*/dist - key: build-source-${{ runner.os }}-${{ github.sha }} - fail-on-cache-miss: true - - run: yarn --immutable --immutable-cache + name: build-source-${{ runner.os }}-${{ github.sha }} - name: Install Google Chrome + if: ${{ matrix.package-name == '@metamask/snaps-controllers' || matrix.package-name == '@metamask/snaps-execution-environments' || matrix.package-name == '@metamask/snaps-utils' }} run: yarn install-chrome - run: yarn workspace ${{ matrix.package-name }} run test - name: Get coverage folder id: get-coverage-folder run: | - echo "stub" >> stub echo "coverage-folder=$(yarn workspaces list --json | grep ${{ matrix.package-name }} | jq -r '.location')/coverage" >> "$GITHUB_OUTPUT" echo "artifact-name=$(echo ${{ matrix.package-name }} | sed 's:.*/::')" >> "$GITHUB_OUTPUT" shell: bash - name: Upload coverage artifact - if: ${{ matrix.node-version == '18.x' }} + if: ${{ matrix.node-version == '22.x' }} uses: actions/upload-artifact@v4 with: name: coverage-${{ steps.get-coverage-folder.outputs.artifact-name }} path: | - stub + .nvmrc ${{ steps.get-coverage-folder.outputs.coverage-folder }}/**/coverage-final.json if-no-files-found: warn retention-days: 1 @@ -273,30 +242,22 @@ jobs: strategy: fail-fast: false matrix: - node-version: [18.x, 20.x] + node-version: [18.x, 20.x, 22.x] package-name: ${{ fromJson(needs.prepare.outputs.e2e-workspace-package-names) }} steps: - - uses: actions/checkout@v4 - - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: false node-version: ${{ matrix.node-version }} - cache: yarn - name: Restore "@metamask/snaps-execution-environments" build - uses: actions/cache@v4 + uses: actions/download-artifact@v4 with: - path: | - packages/snaps-execution-environments/dist/browserify - key: snaps-execution-environments-build-${{ runner.os }}-${{ matrix.node-version }}-${{ github.sha }} - fail-on-cache-miss: true + name: snaps-execution-environments-build-${{ runner.os }}-${{ matrix.node-version }}-${{ github.sha }} - name: Restore build files - uses: actions/cache@v4 + uses: actions/download-artifact@v4 with: - path: | - packages/*/dist - key: build-source-${{ runner.os }}-${{ github.sha }} - fail-on-cache-miss: true - - run: yarn --immutable --immutable-cache + name: build-source-${{ runner.os }}-${{ github.sha }} - name: Build snap run: yarn workspace ${{ matrix.package-name }} run build - name: Run E2E test @@ -317,12 +278,9 @@ jobs: matrix: os: [macOS-latest, windows-latest] steps: - - uses: actions/checkout@v4 - - name: Use Node.js - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable + is-high-risk-environment: false - run: yarn build:ci - run: yarn workspace @metamask/snaps-cli run test diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ba7898d5f9..d87f10575f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@v4 - name: Download actionlint id: download-actionlint - run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.25 + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.7.7 shell: bash - name: Check workflow files run: ${{ steps.download-actionlint.outputs.executable }} -color diff --git a/.github/workflows/publish-environment.yml b/.github/workflows/publish-environment.yml index 76797d0c68..068a53acb8 100644 --- a/.github/workflows/publish-environment.yml +++ b/.github/workflows/publish-environment.yml @@ -19,12 +19,10 @@ jobs: - name: Ensure `destination_dir` is not empty if: ${{ inputs.destination_dir == '' }} run: exit 1 - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - - run: yarn --immutable + is-high-risk-environment: true - run: yarn build:lavamoat - name: configure AWS credentials uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef diff --git a/.github/workflows/publish-github-pages.yml b/.github/workflows/publish-github-pages.yml index 55839a62ea..ebc047e44d 100644 --- a/.github/workflows/publish-github-pages.yml +++ b/.github/workflows/publish-github-pages.yml @@ -33,12 +33,10 @@ jobs: - name: Ensure `publish_dir` is not empty if: ${{ inputs.publish_dir == '' }} run: exit 1 - - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - - run: yarn --immutable + is-high-risk-environment: true - name: Run build script run: ${{ inputs.build_script }} - name: Deploy to `${{ inputs.destination_dir }}` directory of `gh-pages` branch diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index 162ab2599e..3316533d2c 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -35,12 +35,10 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_NUMBER: ${{ github.event.issue.number }} - - name: Setup Node - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: yarn - - run: yarn --immutable + is-high-risk-environment: true - name: Get commit SHA id: commit-sha run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 47966fb1e8..59c779970d 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -33,14 +33,11 @@ jobs: outputs: tag: ${{ steps.get-release-tag.outputs.tag }} steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - run: yarn install --immutable - name: Get release tag id: get-release-tag run: echo "tag=$(yarn get-release-tag)" >> "$GITHUB_OUTPUT" @@ -53,14 +50,13 @@ jobs: contents: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version-file: '.nvmrc' - - uses: MetaMask/action-publish-release@v3 + - name: Publish release to GitHub + uses: MetaMask/action-publish-release@v3 id: publish-release with: npm-tag: ${{ needs.get-release-tag.outputs.tag }} @@ -70,32 +66,31 @@ jobs: run: | yarn install --immutable yarn build - - uses: actions/cache@v4 - id: restore-build + - name: Upload build artifacts + uses: actions/upload-artifact@v4 with: + name: publish-release-artifacts-${{ github.sha }} + include-hidden-files: true + retention-days: 4 path: | ./packages/**/dist - ./node_modules - key: ${{ github.sha }} + ./node_modules/.yarn-state.yml npm-publish-dry-run: name: Publish to NPM (dry run) runs-on: ubuntu-latest needs: publish-release steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - uses: actions/cache@v4 - id: restore-build + - name: Restore build artifacts + uses: actions/download-artifact@v4 with: - path: | - ./packages/**/dist - ./node_modules - key: ${{ github.sha }} - fail-on-cache-miss: true - - run: npm config set ignore-scripts true - - name: Dry Run Publish + name: publish-release-artifacts-${{ github.sha }} + - name: Dry run publish to NPM uses: MetaMask/action-npm-publish@v5 with: slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} @@ -110,17 +105,15 @@ jobs: - npm-publish-dry-run - get-release-tag steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - - uses: actions/cache@v4 - id: restore-build + - name: Restore build artifacts + uses: actions/download-artifact@v4 with: - path: | - ./packages/**/dist - ./node_modules - key: ${{ github.sha }} - fail-on-cache-miss: true + name: publish-release-artifacts-${{ github.sha }} - name: Publish ${{ needs.get-release-tag.outputs.tag }} to NPM uses: MetaMask/action-npm-publish@v5 with: @@ -134,8 +127,10 @@ jobs: outputs: IS_ENVIRONMENT_RELEASE: ${{ steps.is-environment-release.outputs.IS_ENVIRONMENT_RELEASE }} steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} fetch-depth: 2 - name: Check if this is an environment release @@ -154,8 +149,10 @@ jobs: outputs: version: ${{ steps.version.outputs.VERSION }} steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} - id: version name: Get release version @@ -219,8 +216,10 @@ jobs: IS_TEST_SNAPS_RELEASE: ${{ steps.set-output.outputs.IS_TEST_SNAPS_RELEASE }} TEST_SNAPS_VERSION: ${{ steps.set-output.outputs.TEST_SNAPS_VERSION }} steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} fetch-depth: 2 - name: Check if this is a test snaps release @@ -270,8 +269,10 @@ jobs: IS_SIMULATOR_RELEASE: ${{ steps.set-output.outputs.IS_SIMULATOR_RELEASE }} SIMULATOR_VERSION: ${{ steps.set-output.outputs.SIMULATOR_VERSION }} steps: - - uses: actions/checkout@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: + is-high-risk-environment: true ref: ${{ github.sha }} fetch-depth: 2 - name: Check if this is a simulator release diff --git a/.github/workflows/security-code-scanner.yml b/.github/workflows/security-code-scanner.yml index 79fc9d1d93..9f0aa9fed7 100644 --- a/.github/workflows/security-code-scanner.yml +++ b/.github/workflows/security-code-scanner.yml @@ -19,7 +19,7 @@ jobs: security-events: write steps: - name: Analyse code - uses: MetaMask/Security-Code-Scanner@main + uses: MetaMask/action-security-code-scanner@v1 with: repo: ${{ github.repository }} paths_ignored: | diff --git a/.github/workflows/update-pull-request.yml b/.github/workflows/update-pull-request.yml index 30bf4af82e..820529c4fb 100644 --- a/.github/workflows/update-pull-request.yml +++ b/.github/workflows/update-pull-request.yml @@ -30,7 +30,8 @@ jobs: outputs: IS_FORK: ${{ steps.is-fork.outputs.IS_FORK }} steps: - - uses: actions/checkout@v4 + - name: Checkout repository + uses: actions/checkout@v4 - name: Determine whether this PR is from a fork id: is-fork run: echo "IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "${PR_NUMBER}" )" >> "$GITHUB_OUTPUT" @@ -78,13 +79,11 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_UPDATE_TOKEN }} PR_NUMBER: ${{ inputs.pull-request != 0 && inputs.pull-request || github.event.issue.number }} - - name: Use Node.js - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' - - name: Install Yarn dependencies - run: yarn --immutable + is-high-risk-environment: false + cache-node-modules: true - name: Get commit SHA id: commit-sha run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" @@ -101,20 +100,17 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_UPDATE_TOKEN }} PR_NUMBER: ${{ inputs.pull-request != 0 && inputs.pull-request || github.event.issue.number }} - - name: Setup Node.js - uses: actions/setup-node@v4 + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' - - name: Install dependencies from cache - run: yarn --immutable --immutable-cache + is-high-risk-environment: false - name: Deduplicate yarn.lock run: yarn dedupe - - name: Cache yarn.lock - uses: actions/cache/save@v4 + - name: Save yarn.lock + uses: actions/upload-artifact@v4 with: + name: yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} path: yarn.lock - key: cache-yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} regenerate-lavamoat-policies: name: Regenerate LavaMoat policies @@ -131,25 +127,22 @@ jobs: GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_UPDATE_TOKEN }} PR_NUMBER: ${{ inputs.pull-request != 0 && inputs.pull-request || github.event.issue.number }} - name: Restore yarn.lock - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: yarn.lock - key: cache-yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true - - name: Setup Node.js - uses: actions/setup-node@v4 + name: yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' - - name: Install dependencies from cache - run: yarn --immutable + is-high-risk-environment: false - name: Regenerate LavaMoat policies run: yarn build:lavamoat:policy - - name: Cache LavaMoat policies - uses: actions/cache/save@v4 + - name: Save LavaMoat policies + uses: actions/upload-artifact@v4 with: - path: packages/snaps-execution-environments/lavamoat - key: cache-lavamoat-${{ needs.prepare.outputs.COMMIT_SHA }} + name: lavamoat-policies-${{ needs.prepare.outputs.COMMIT_SHA }} + path: | + .nvmrc + packages/snaps-execution-environments/lavamoat update-examples: name: Update examples @@ -166,28 +159,25 @@ jobs: GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_UPDATE_TOKEN }} PR_NUMBER: ${{ inputs.pull-request != 0 && inputs.pull-request || github.event.issue.number }} - name: Restore yarn.lock - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: yarn.lock - key: cache-yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true - - name: Setup Node.js - uses: actions/setup-node@v4 + name: yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' - - name: Install dependencies from cache - run: yarn --immutable + is-high-risk-environment: false - name: Build dependencies run: | yarn build:ci - name: Update examples run: yarn build:examples - - name: Cache examples - uses: actions/cache/save@v4 + - name: Save examples + uses: actions/upload-artifact@v4 with: - path: packages/examples/packages - key: cache-examples-${{ needs.prepare.outputs.COMMIT_SHA }} + name: examples-${{ needs.prepare.outputs.COMMIT_SHA }} + path: | + .nvmrc + packages/examples/packages update-chrome: name: Update Chrome @@ -199,26 +189,28 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Checkout pull request + run: gh pr checkout "${PR_NUMBER}" + env: + GITHUB_TOKEN: ${{ secrets.PULL_REQUEST_UPDATE_TOKEN }} + PR_NUMBER: ${{ inputs.pull-request != 0 && inputs.pull-request || github.event.issue.number }} - name: Restore yarn.lock - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: yarn.lock - key: cache-yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true - - name: Setup Node.js - uses: actions/setup-node@v4 + name: yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} + - name: Checkout and setup environment + uses: MetaMask/action-checkout-and-setup@v1 with: - node-version-file: '.nvmrc' - cache: 'yarn' - - name: Install dependencies from cache - run: yarn --immutable + is-high-risk-environment: false - name: Update Chrome run: yarn update-chrome - - name: Cache install script - uses: actions/cache/save@v4 + - name: Save install script + uses: actions/upload-artifact@v4 with: - path: scripts/install-chrome.sh - key: cache-chrome-${{ needs.prepare.outputs.COMMIT_SHA }} + name: chrome-install-script-${{ needs.prepare.outputs.COMMIT_SHA }} + path: | + .nvmrc + scripts/install-chrome.sh commit-result: name: Commit result @@ -251,11 +243,9 @@ jobs: id: commit-sha run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - name: Restore yarn.lock - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: yarn.lock - key: cache-yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true + name: yarn-lock-${{ needs.prepare.outputs.COMMIT_SHA }} - name: Set commit prefix if: ${{ inputs.dependabot == true }} run: echo "COMMIT_PREFIX=[dependabot skip] " >> "$GITHUB_ENV" @@ -264,32 +254,26 @@ jobs: git add yarn.lock git commit -m "${COMMIT_PREFIX}Deduplicate yarn.lock" || true - name: Restore LavaMoat policies - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: packages/snaps-execution-environments/lavamoat - key: cache-lavamoat-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true + name: lavamoat-policies-${{ needs.prepare.outputs.COMMIT_SHA }} - name: Commit LavaMoat policies run: | git add packages/snaps-execution-environments/lavamoat git commit -m "${COMMIT_PREFIX}Update LavaMoat policies" || true - name: Restore examples - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: packages/examples/packages - key: cache-examples-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true + name: examples-${{ needs.prepare.outputs.COMMIT_SHA }} - name: Commit examples run: | git add packages/examples/packages git commit -m "${COMMIT_PREFIX}Update example snaps" || true - name: Restore install script if: ${{ inputs.dependabot == true && contains(inputs.pull-request-title, 'chromedriver') }} - uses: actions/cache/restore@v4 + uses: actions/download-artifact@v4 with: - path: scripts/install-chrome.sh - key: cache-chrome-${{ needs.prepare.outputs.COMMIT_SHA }} - fail-on-cache-miss: true + name: chrome-install-script-${{ needs.prepare.outputs.COMMIT_SHA }} - name: Commit install script if: ${{ inputs.dependabot == true && contains(inputs.pull-request-title, 'chromedriver') }} run: |