Enabling MetaMask security code scanner #441
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint and Test | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
jobs: | |
prepare: | |
name: Prepare | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version-file: '.nvmrc' | |
cache: 'yarn' | |
- name: Install Yarn dependencies | |
run: yarn --immutable | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
strategy: | |
matrix: | |
node-version: [16.x, 18.x, 20.x] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'yarn' | |
- run: yarn --immutable --immutable-cache | |
- run: yarn lint | |
- name: Validate RC changelog | |
if: ${{ startsWith(github.head_ref, 'release/') }} | |
run: yarn lint:changelogs --rc | |
- name: Validate changelog | |
if: ${{ !startsWith(github.head_ref, 'release/') }} | |
run: yarn lint:changelogs | |
- name: Require clean working directory | |
shell: bash | |
run: | | |
if ! git diff --exit-code; then | |
echo "Working tree dirty at end of job" | |
exit 1 | |
fi | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
needs: | |
- prepare | |
strategy: | |
matrix: | |
node-version: [16.x, 18.x, 20.x] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'yarn' | |
- run: yarn --immutable --immutable-cache | |
- run: yarn test | |
- name: Require clean working directory | |
shell: bash | |
run: | | |
if ! git diff --exit-code; then | |
echo "Working tree dirty at end of job" | |
exit 1 | |
fi | |
check-workflows: | |
name: Check workflows | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download actionlint | |
id: download-actionlint | |
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.22 | |
shell: bash | |
- name: Check workflow files | |
run: ${{ steps.download-actionlint.outputs.executable }} -color | |
shell: bash | |
all-jobs-pass: | |
name: All jobs pass | |
runs-on: ubuntu-latest | |
needs: | |
- lint | |
- test | |
- check-workflows | |
steps: | |
- run: echo "Great success!" | |
is-release: | |
# release merge commits come from github-actions | |
if: startsWith(github.event.commits[0].author.name, 'github-actions') | |
needs: | |
- all-jobs-pass | |
outputs: | |
IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: MetaMask/action-is-release@v1 | |
id: is-release | |
publish-release: | |
needs: is-release | |
if: needs.is-release.outputs.IS_RELEASE == 'true' | |
name: Publish release | |
permissions: | |
contents: write | |
uses: ./.github/workflows/publish-release.yml | |
secrets: | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |