Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: update GHA workflows to support assisted publishing #46

Merged
merged 4 commits into from
Dec 14, 2023
Merged

ci: update GHA workflows to support assisted publishing #46

merged 4 commits into from
Dec 14, 2023

Conversation

legobeat
Copy link
Contributor

@legobeat legobeat commented Nov 15, 2023
edited
Loading

Borrowed and amended from https://github.com/MetaMask/detect-provider/ which is also a yarn v1 repo.

  • Add create-release-pr workflow
  • Add npm-publish workflow
    • Needs corresponding secrets configured in npm-publish GH repo environment
  • Change image from ubuntu-20.04 to ubuntu-latest
  • Add Nodejs versions 16, 18, 20 to test matrix
  • Lint changelog for release using @metamask/auto-changelog
    • Note that due to this package still supporting node v12, the action is held back to the older (IMO much nicer and more readable) changelog format, so applying those changes. The formatting will be reversed to being newline-everywhere after support for node v12 and v14 have been dropped.

Blocked by

@legobeat legobeat mentioned this pull request Nov 20, 2023
Merged
@legobeat legobeat force-pushed the ci-update-workflows branch from 238579d to 6d8d7f7 Compare December 8, 2023 21:40
@socket-security Socket Security
Copy link

socket-security bot commented Dec 8, 2023
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
@metamask/auto-changelog 2.6.1 filesystem, environment +11 695 kB gudahtt

@socket-security Socket Security
Copy link

socket-security bot commented Dec 8, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: merge-stream@2.0.0

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@legobeat
Copy link
Contributor Author

legobeat commented Dec 8, 2023 

@SocketSecurity ignore merge-stream@2.0.0

new author ok

@legobeat legobeat force-pushed the ci-update-workflows branch from 4e4b2dc to 23f07bb Compare December 8, 2023 21:52
@legobeat legobeat marked this pull request as ready for review December 8, 2023 21:52
@legobeat legobeat requested a review from a team as a code owner December 8, 2023 21:52
@legobeat legobeat force-pushed the ci-update-workflows branch from 8d93de7 to 6442c0f Compare December 8, 2023 22:00
@legobeat legobeat mentioned this pull request Dec 8, 2023
Merged
@legobeat legobeat force-pushed the ci-update-workflows branch from 6442c0f to 3756f1c Compare December 8, 2023 22:48
@mcmire
Copy link
Contributor

mcmire commented Dec 11, 2023
edited
Loading

How urgent is this PR? I think it would be better if we could upgrade to Yarn v3 and bump the minimum Node version to 12. That would save us time in maintaining this package long-term, since we wouldn't have to manage it as differently as other libraries. But please let me know how this fits into the bigger picture on your end.

@legobeat
Copy link
Contributor Author

How urgent is this PR? I think it would be better if we could upgrade to Yarn v3 and bump the minimum Node version to 12. That would save us time in maintaining this package long-term, since we wouldn't have to manage it as differently as other libraries. But please let me know how this fits into the bigger picture on your end.

I think release of merged #50 should happen before those two things and is more time-sensitive. This PR was intended to facilitate release and publish of it.

@legobeat legobeat force-pushed the ci-update-workflows branch from 3756f1c to 0094896 Compare December 14, 2023 19:51
mcmire
mcmire approved these changes Dec 14, 2023
View reviewed changes
Copy link
Contributor

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@legobeat legobeat merged commit 222187f into MetaMask:main Dec 14, 2023
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcmire mcmire mcmire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@legobeat @mcmire