Skip to content

Commit

Permalink
chore: Migrate LavaMoat validation to GitHub Actions
Browse files Browse the repository at this point in the history
Migrate LavaMoat policy validation from CircleCI to GitHub actions. No
functional changes.

Relates to #28572
  • Loading branch information
Gudahtt committed Dec 20, 2024
1 parent 6f11eda commit 653d121
Show file tree
Hide file tree
Showing 5 changed files with 93 additions and 58 deletions.
58 changes: 0 additions & 58 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -123,16 +123,6 @@ workflows:
- master
requires:
- prep-deps
- validate-lavamoat-allow-scripts:
requires:
- prep-deps
- validate-lavamoat-policy-build:
requires:
- prep-deps
- validate-lavamoat-policy-webapp:
matrix:
parameters:
build-type: [main, beta, flask, mmi]
requires:
- prep-deps
- prep-build-mmi:
Expand Down Expand Up @@ -268,9 +258,6 @@ workflows:
- prep-build-flask-mv2
- all-tests-pass:
requires:
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- validate-source-maps
- validate-source-maps-beta
- validate-source-maps-flask
Expand Down Expand Up @@ -481,51 +468,6 @@ jobs:
at: .
- run: yarn tsx .circleci/scripts/validate-locales-only.ts

validate-lavamoat-allow-scripts:
executor: node-browsers-small
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate allow-scripts config
command: yarn allow-scripts auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

validate-lavamoat-policy-build:
executor: node-browsers-medium
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate LavaMoat build policy
command: yarn lavamoat:build:auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

validate-lavamoat-policy-webapp:
executor: node-browsers-medium-plus
parameters:
build-type:
type: string
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate LavaMoat << parameters.build-type >> policy
command: yarn lavamoat:webapp:auto:ci '--build-types=<< parameters.build-type >>'
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

prep-build:
executor: node-linux-medium
steps:
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,18 @@ jobs:
name: Test deps depcheck
uses: ./.github/workflows/test-deps-depcheck.yml

validate-lavamoat-allow-scripts:
name: Validate lavamoat allow scripts
uses: ./.github/workflows/validate-lavamoat-allow-scripts.yml

validate-lavamoat-policy-build:
name: Validate lavamoat policy build
uses: ./.github/workflows/validate-lavamoat-policy-build.yml

validate-lavamoat-policy-webapp:
name: Validate lavamoat policy webapp
uses: ./.github/workflows/validate-lavamoat-policy-webapp.yml

run-tests:
name: Run tests
uses: ./.github/workflows/run-tests.yml
Expand All @@ -75,6 +87,9 @@ jobs:
- test-lint-lockfile
- test-yarn-dedupe
- test-deps-depcheck
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- run-tests
- wait-for-circleci-workflow-status
outputs:
Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/validate-lavamoat-allow-scripts.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate lavamoat allow scripts

on:
workflow_call:

jobs:
validate-lavamoat-allow-scripts:
name: Validate lavamoat allow scripts
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate allow-scripts config
run: yarn allow-scripts auto

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
25 changes: 25 additions & 0 deletions .github/workflows/validate-lavamoat-policy-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate lavamoat policy build

on:
workflow_call:

jobs:
validate-lavamoat-policy-build:
name: Validate lavamoat policy build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate lavamoat build policy
run: yarn lavamoat:build:auto

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
28 changes: 28 additions & 0 deletions .github/workflows/validate-lavamoat-policy-webapp.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Validate lavamoat policy webapp

on:
workflow_call:

jobs:
validate-lavamoat-policy-webapp:
name: Validate lavamoat policy webapp
runs-on: ubuntu-latest
strategy:
matrix:
build-type: [main, beta, flask, mmi]
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate lavamoat ${{ matrix.build-type }} policy
run: yarn lavamoat:webapp:auto:ci --build-types=${{ matrix.build-type }}

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi

0 comments on commit 653d121

Please sign in to comment.