diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..7fd0cc6 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,4 @@ +# Lines starting with '#' are comments. +# Each line is a file pattern followed by one or more owners. + +* @MetaMask/engineering diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..ff6d4d9 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + time: "06:00" + allow: + - dependency-name: "@metamask/*" + target-branch: "main" + versioning-strategy: "increase-if-necessary" + open-pull-requests-limit: 10 diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..5fc5fea --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,11 @@ + diff --git a/.github/workflows/build-lint-test.yml b/.github/workflows/build-lint-test.yml new file mode 100644 index 0000000..c795c17 --- /dev/null +++ b/.github/workflows/build-lint-test.yml @@ -0,0 +1,49 @@ +name: Build, Lint, and Test + +on: + workflow_call: + +jobs: + prepare: + name: Prepare + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Use Node.js + uses: actions/setup-node@v3 + with: + node-version-file: ".nvmrc" + cache: "yarn" + - name: Install Yarn dependencies + run: yarn --immutable + + lint: + name: Lint + runs-on: ubuntu-latest + needs: + - prepare + strategy: + matrix: + node-version: [16.x, 18.x, 20.x] + steps: + - uses: actions/checkout@v3 + - name: Use Node.js ${{ matrix.node-version }} + uses: actions/setup-node@v3 + with: + node-version: ${{ matrix.node-version }} + cache: "yarn" + - run: yarn --immutable --immutable-cache + - run: yarn lint + - name: Validate RC changelog + if: ${{ startsWith(github.head_ref, 'release/') }} + run: yarn auto-changelog validate --rc + - name: Validate changelog + if: ${{ !startsWith(github.head_ref, 'release/') }} + run: yarn auto-changelog validate + - name: Require clean working directory + shell: bash + run: | + if ! git diff --exit-code; then + echo "Working tree dirty at end of job" + exit 1 + fi diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml new file mode 100644 index 0000000..7e8dfc5 --- /dev/null +++ b/.github/workflows/create-release-pr.yml @@ -0,0 +1,41 @@ +name: Create Release Pull Request + +on: + workflow_dispatch: + inputs: + base-branch: + description: "The base branch for git operations and the pull request." + default: "main" + required: true + release-type: + description: 'A SemVer version diff, i.e. major, minor, or patch. Mutually exclusive with "release-version".' + required: false + release-version: + description: 'A specific version to bump to. Mutually exclusive with "release-type".' + required: false + +jobs: + create-release-pr: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - uses: actions/checkout@v3 + with: + # This is to guarantee that the most recent tag is fetched. + # This can be configured to a more reasonable value by consumers. + fetch-depth: 0 + # We check out the specified branch, which will be used as the base + # branch for all git operations and the release PR. + ref: ${{ github.event.inputs.base-branch }} + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version-file: ".nvmrc" + - uses: MetaMask/action-create-release-pr@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + release-type: ${{ github.event.inputs.release-type }} + release-version: ${{ github.event.inputs.release-version }} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..b17972d --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,76 @@ +name: Main + +on: + push: + branches: [main] + pull_request: + +jobs: + check-workflows: + name: Check workflows + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Download actionlint + id: download-actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23 + shell: bash + - name: Check workflow files + run: ${{ steps.download-actionlint.outputs.executable }} -color + shell: bash + + build-lint-test: + name: Build, lint, and test + uses: ./.github/workflows/build-lint-test.yml + + all-jobs-completed: + name: All jobs completed + runs-on: ubuntu-latest + needs: + - check-workflows + - build-lint-test + outputs: + PASSED: ${{ steps.set-output.outputs.PASSED }} + steps: + - name: Set PASSED output + id: set-output + run: echo "PASSED=true" >> "$GITHUB_OUTPUT" + + all-jobs-pass: + name: All jobs pass + if: ${{ always() }} + runs-on: ubuntu-latest + needs: all-jobs-completed + steps: + - name: Check that all jobs have passed + run: | + passed="${{ needs.all-jobs-completed.outputs.PASSED }}" + if [[ $passed != "true" ]]; then + exit 1 + fi + + is-release: + # Filtering by `push` events ensures that we only release from the `main` branch, which is a + # requirement for our npm publishing environment. + # The commit author should always be 'github-actions' for releases created by the + # 'create-release-pr' workflow, so we filter by that as well to prevent accidentally + # triggering a release. + if: github.event_name == 'push' && startsWith(github.event.head_commit.author.name, 'github-actions') + needs: all-jobs-pass + outputs: + IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }} + runs-on: ubuntu-latest + steps: + - uses: MetaMask/action-is-release@v1 + id: is-release + + publish-release: + needs: is-release + if: needs.is-release.outputs.IS_RELEASE == 'true' + name: Publish release + permissions: + contents: write + uses: ./.github/workflows/publish-release.yml + secrets: + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml new file mode 100644 index 0000000..6492d8f --- /dev/null +++ b/.github/workflows/publish-release.yml @@ -0,0 +1,84 @@ +name: Publish Release + +on: + workflow_call: + secrets: + NPM_TOKEN: + required: true + SLACK_WEBHOOK_URL: + required: true + +jobs: + publish-release: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.sha }} + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version-file: ".nvmrc" + - uses: MetaMask/action-publish-release@v3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Install + run: | + yarn install + yarn build + - uses: actions/cache@v3 + id: restore-build + with: + path: | + ./dist + ./node_modules/.yarn-state.yml + key: ${{ github.sha }} + + publish-npm-dry-run: + runs-on: ubuntu-latest + needs: publish-release + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.sha }} + - uses: actions/cache@v3 + id: restore-build + with: + path: | + ./dist + ./node_modules/.yarn-state.yml + key: ${{ github.sha }} + - name: Dry Run Publish + # omit npm-token token to perform dry run publish + uses: MetaMask/action-npm-publish@v4 + with: + slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }} + subteam: S042S7RE4AE # @metamask-npm-publishers + env: + SKIP_PREPACK: true + + publish-npm: + environment: npm-publish + runs-on: ubuntu-latest + needs: publish-npm-dry-run + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.sha }} + - uses: actions/cache@v3 + id: restore-build + with: + path: | + ./dist + ./node_modules/.yarn-state.yml + key: ${{ github.sha }} + - name: Publish + uses: MetaMask/action-npm-publish@v2 + with: + # This `NPM_TOKEN` needs to be manually set per-repository. + # Look in the repository settings under "Environments", and set this token in the `npm-publish` environment. + npm-token: ${{ secrets.NPM_TOKEN }} + env: + SKIP_PREPACK: true