-
Notifications
You must be signed in to change notification settings - Fork 573
132 lines (121 loc) · 4 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Main
on:
push:
branches:
- main
pull_request:
jobs:
check-workflows:
name: Check workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download actionlint
id: download-actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.25
shell: bash
- name: Check workflow files
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash
analyse-code:
name: Code scanner
needs: check-workflows
uses: ./.github/workflows/security-code-scanner.yml
permissions:
actions: read
contents: read
security-events: write
secrets:
SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
update-pull-request:
name: Update pull request
needs: check-workflows
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.user.login == 'dependabot[bot]' && github.actor != 'metamaskbot' }}
uses: ./.github/workflows/update-pull-request.yml
with:
dependabot: true
pull-request: ${{ github.event.pull_request.number }}
pull-request-title: ${{ github.event.pull_request.title }}
secrets:
PULL_REQUEST_UPDATE_TOKEN: ${{ secrets.PULL_REQUEST_UPDATE_TOKEN }}
lint-build-test:
name: Build, lint, and test
needs: check-workflows
uses: ./.github/workflows/build-lint-test.yml
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
publish-staging-simulator:
name: Publish Snaps Simulator to `staging` folder
needs: lint-build-test
if: ${{ github.ref_name == 'main' }}
permissions:
contents: write
uses: ./.github/workflows/publish-github-pages.yml
with:
build_script: yarn workspace @metamask/snaps-simulator build
publish_dir: ./packages/snaps-simulator/dist/webpack/main
destination_dir: snaps-simulator/staging
secrets:
PUBLISH_PAGES_TOKEN: ${{ secrets.PUBLISH_PAGES_TOKEN }}
is-release:
name: Determine whether this is a release merge commit
needs: lint-build-test
if: github.event_name == 'push'
runs-on: ubuntu-latest
outputs:
IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
steps:
- id: is-release
uses: MetaMask/action-is-release@v1
with:
commit-starts-with: 'Release [version]'
publish-release:
name: Publish release
needs: is-release
if: needs.is-release.outputs.IS_RELEASE == 'true'
permissions:
id-token: write
contents: write
uses: ./.github/workflows/publish-release.yml
with:
slack-subteam: S05RL9W7H54 # @metamask-snaps-publishers
secrets:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
PUBLISH_PAGES_TOKEN: ${{ secrets.PUBLISH_PAGES_TOKEN }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
all-jobs-complete:
name: All jobs complete
runs-on: ubuntu-latest
needs: lint-build-test
outputs:
passed: ${{ steps.set-output.outputs.passed }}
steps:
- name: Set passed output
id: set-output
run: echo "passed=true" >> "$GITHUB_OUTPUT"
all-jobs-pass:
name: All jobs pass
if: ${{ always() }}
runs-on: ubuntu-latest
needs: all-jobs-complete
steps:
- name: Check that all jobs have passed
run: |
passed="${{ needs.all-jobs-complete.outputs.passed }}"
if [[ $passed != "true" ]]; then
exit 1
fi
re-run:
name: Re-run failed jobs
needs: lint-build-test
if: failure() && fromJSON(github.run_attempt) < 3 && github.event.pull_request.user.login != 'dependabot[bot]'
runs-on: ubuntu-latest
permissions:
actions: write
steps:
- env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
run: gh workflow run re-run.yml -F run-id=${{ github.run_id }}