fix: Yarn 1.22.22

[leotm]

Description

Prevent engineers using different Yarn versions with different features
causing our CI dedupe step to break

• Bump package.json Yarn engine from ^1.22.0 to 1.22.22
• Bump BitRise Yarn version from 1.22.19 to 1.22.22
• Lock project Yarn version to 1.22.22
• Add Yarn config file comment RE @lavamoat/allow-scripts setup
• Run yarn deduplicate and commit
• Revert Bump BitRise Yarn version from 1.22.19 to 1.22.22 (thread)
• Bump BitRise Yarn version from 1.22.19 to 1.22.22
  • Fix missing ASC file for 1.20.22, 1.20.20, 1.20.21 yarnpkg/yarn#9050
  • Switch to NPM or Corepack

Nb: our metamask-extension setup

• https://github.com/MetaMask/metamask-extension/blob/develop/package.json#L616
• https://github.com/MetaMask/metamask-extension/blob/develop/package.json#L681
• https://github.com/MetaMask/metamask-extension/blob/develop/.yarn/releases/yarn-4.0.2.cjs
• https://github.com/MetaMask/metamask-extension/blob/develop/.yarnrc.yml#L142

https://classic.yarnpkg.com/lang/en/docs/package-json/#toc-engines

The engines specify versions of clients that must be used with your package. This checks against process.versions as well as the current version of yarn.

https://classic.yarnpkg.com/lang/en/docs/yarnrc/#toc-yarn-path

Instructs yarn to defer to another Yarn binary for execution. Useful if you want to bundle Yarn into your repository and have everyone use the same version for consistency. This was introduced in Yarn 1.0, so all developers must have Yarn >= 1.0 installed.

https://yarnpkg.com/getting-started/qa

.yarn/plugins and .yarn/releases contain the Yarn releases used in the current repository (as defined by yarn set version). You will want to keep them versioned (this prevents potential issues if, say, two engineers use different Yarn versions with different features).

https://yarnpkg.com/cli/set/version

Lock the Yarn version used by the project.

https://nodejs.org/dist/latest-v15.x/docs/api/all.html (introduced in Node v16 only)
https://nodejs.org/dist/latest-v16.x/docs/api/all.html#all_packages_packagemanager
from testing our repo (on Node v18), this appears to have no effect enforcing the version

from testing our repo, we could revert c7d67e6 to keep our structure simpler
since the package.json engine field is enough to enforce the version
but these 2 files are generated by running yarn set version 1.22.22

Yarn v1.22 update

• PR: Fixes the lockfile hydration of the npm: protocol yarnpkg/yarn#9023
• Commit: yarnpkg/yarn@88d5e44
• Picked into branch: https://github.com/yarnpkg/yarn/tree/1.22-stable

Related issues

Fixes: CI dedupe step consistently failing

Manual testing steps

• ensure yarn --version is below 1.22.22
• or e.g. yarn set version 1.22.21
• run yarn
• Yarn errors correctly ^1.22.22+ is expected

Nb: after doing this too many times, you can use a VPN as a workaround

Screenshots/Recordings

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[NicolasMassart]

Thanks for this! Will improve contribution onboarding too!

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 45.79%. Comparing base (f7466da) to head (3f3a1f5).
Report is 63 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9143      +/-   ##
==========================================
+ Coverage   45.58%   45.79%   +0.21%     
==========================================
  Files        1289     1317      +28     
  Lines       31973    32325     +352     
  Branches     3314     3368      +54     
==========================================
+ Hits        14574    14804     +230     
- Misses      16528    16632     +104     
- Partials      871      889      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[leotm]

Ref

• Bump minimum yarn version suggested in package.json engines #9144

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: fb17b39
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/255bc30d-934a-4a44-879a-e65e8855e9e1

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[github-actions]

Bitrise

❌❌❌ pr_smoke_e2e_pipeline failed on Bitrise! ❌❌❌

Commit hash: 75828e7
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/756b8071-69cb-48bb-b0a8-272eea4dc95c

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[github-actions]

Bitrise

🔄🔄🔄 pr_smoke_e2e_pipeline started on Bitrise...🔄🔄🔄

Commit hash: 3f3a1f5
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/a75ec664-86e1-4cbe-aaa1-083ab390dadd

Note

• This comment will auto-update when build completes
• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[github-actions]

Bitrise

✅✅✅ pr_smoke_e2e_pipeline passed on Bitrise! ✅✅✅

Commit hash: 182526d
Build link: https://app.bitrise.io/app/be69d4368ee7e86d/pipelines/cf882365-6ecb-4ccd-8b48-169946fd4106

Note

• You can kick off another pr_smoke_e2e_pipeline on Bitrise by removing and re-applying the Run Smoke E2E label on the pull request

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[sethkfman]

LGTM