Skip to content

Commit

Permalink
chore: Migrate LavaMoat validation to GitHub Actions
Browse files Browse the repository at this point in the history
Migrate LavaMoat policy validation from CircleCI to GitHub actions. No
functional changes.

Relates to #28572
  • Loading branch information
Gudahtt committed Dec 20, 2024
1 parent 021a265 commit a27aa50
Show file tree
Hide file tree
Showing 5 changed files with 93 additions and 60 deletions.
60 changes: 0 additions & 60 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -136,18 +136,6 @@ workflows:
- test-yarn-dedupe:
requires:
- prep-deps
- validate-lavamoat-allow-scripts:
requires:
- prep-deps
- validate-lavamoat-policy-build:
requires:
- prep-deps
- validate-lavamoat-policy-webapp:
matrix:
parameters:
build-type: [main, beta, flask, mmi]
requires:
- prep-deps
- prep-build-mmi:
requires:
- prep-deps
Expand Down Expand Up @@ -292,9 +280,6 @@ workflows:
- all-tests-pass:
requires:
- test-deps-depcheck
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- test-lint
- test-lint-shellcheck
- test-lint-lockfile
Expand Down Expand Up @@ -509,51 +494,6 @@ jobs:
at: .
- run: yarn tsx .circleci/scripts/validate-locales-only.ts

validate-lavamoat-allow-scripts:
executor: node-browsers-small
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate allow-scripts config
command: yarn allow-scripts auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

validate-lavamoat-policy-build:
executor: node-browsers-medium
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate LavaMoat build policy
command: yarn lavamoat:build:auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

validate-lavamoat-policy-webapp:
executor: node-browsers-medium-plus
parameters:
build-type:
type: string
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate LavaMoat << parameters.build-type >> policy
command: yarn lavamoat:webapp:auto:ci '--build-types=<< parameters.build-type >>'
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

prep-build:
executor: node-linux-medium
steps:
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,18 @@ jobs:
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash

validate-lavamoat-allow-scripts:
name: Validate lavamoat allow scripts
uses: ./.github/workflows/validate-lavamoat-allow-scripts.yml

validate-lavamoat-policy-build:
name: Validate lavamoat policy build
uses: ./.github/workflows/validate-lavamoat-policy-build.yml

validate-lavamoat-policy-webapp:
name: Validate lavamoat policy webapp
uses: ./.github/workflows/validate-lavamoat-policy-webapp.yml

run-tests:
name: Run tests
uses: ./.github/workflows/run-tests.yml
Expand All @@ -41,6 +53,9 @@ jobs:
runs-on: ubuntu-latest
needs:
- check-workflows
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- run-tests
- wait-for-circleci-workflow-status
outputs:
Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/validate-lavamoat-allow-scripts.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate lavamoat allow scripts

on:
workflow_call:

jobs:
validate-lavamoat-allow-scripts:
name: Validate lavamoat allow scripts
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate allow-scripts config
run: yarn allow-scripts auto

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
25 changes: 25 additions & 0 deletions .github/workflows/validate-lavamoat-policy-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate lavamoat policy build

on:
workflow_call:

jobs:
validate-lavamoat-policy-build:
name: Validate lavamoat policy build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate lavamoat build policy
run: yarn lavamoat:build:auto

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
28 changes: 28 additions & 0 deletions .github/workflows/validate-lavamoat-policy-webapp.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
name: Validate lavamoat policy webapp

on:
workflow_call:

jobs:
validate-lavamoat-policy-webapp:
name: Validate lavamoat policy webapp
runs-on: ubuntu-latest
strategy:
matrix:
build-type: [main, beta, flask, mmi]
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate lavamoat ${{ matrix.build-type }} policy
run: yarn lavamoat:webapp:auto:ci --build-types=${{ matrix.build-type }}

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi

0 comments on commit a27aa50

Please sign in to comment.