Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Temp testing lavamoat migration #29396

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 0 additions & 60 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -136,18 +136,6 @@ workflows:
- test-yarn-dedupe:
requires:
- prep-deps
- validate-lavamoat-allow-scripts:
requires:
- prep-deps
- validate-lavamoat-policy-build:
requires:
- prep-deps
- validate-lavamoat-policy-webapp:
matrix:
parameters:
build-type: [main, beta, flask, mmi]
requires:
- prep-deps
- prep-build-mmi:
requires:
- prep-deps
Expand Down Expand Up @@ -292,9 +280,6 @@ workflows:
- all-tests-pass:
requires:
- test-deps-depcheck
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- test-lint
- test-lint-shellcheck
- test-lint-lockfile
Expand Down Expand Up @@ -509,51 +494,6 @@ jobs:
at: .
- run: yarn tsx .circleci/scripts/validate-locales-only.ts

validate-lavamoat-allow-scripts:
executor: node-browsers-small
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate allow-scripts config
command: yarn allow-scripts auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

validate-lavamoat-policy-build:
executor: node-browsers-medium
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate LavaMoat build policy
command: yarn lavamoat:build:auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

validate-lavamoat-policy-webapp:
executor: node-browsers-medium-plus
parameters:
build-type:
type: string
steps:
- run: *shallow-git-clone-and-enable-vnc
- run: sudo corepack enable
- attach_workspace:
at: .
- run:
name: Validate LavaMoat << parameters.build-type >> policy
command: yarn lavamoat:webapp:auto:ci '--build-types=<< parameters.build-type >>'
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh

prep-build:
executor: node-linux-medium
steps:
Expand Down
15 changes: 15 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,18 @@ jobs:
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash

validate-lavamoat-allow-scripts:
name: Validate lavamoat allow scripts
uses: ./.github/workflows/validate-lavamoat-allow-scripts.yml

validate-lavamoat-policy-build:
name: Validate lavamoat policy build
uses: ./.github/workflows/validate-lavamoat-policy-build.yml

validate-lavamoat-policy-webapp:
name: Validate lavamoat policy webapp
uses: ./.github/workflows/validate-lavamoat-policy-webapp.yml

run-tests:
name: Run tests
uses: ./.github/workflows/run-tests.yml
Expand All @@ -41,6 +53,9 @@ jobs:
runs-on: ubuntu-latest
needs:
- check-workflows
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- run-tests
- wait-for-circleci-workflow-status
outputs:
Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/validate-lavamoat-allow-scripts.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Validate lavamoat allow scripts

on:
workflow_call:

jobs:
validate-lavamoat-allow-scripts:
name: Validate lavamoat allow scripts
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate allow-scripts config
run: yarn allow-scripts auto

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
27 changes: 27 additions & 0 deletions .github/workflows/validate-lavamoat-policy-build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Validate lavamoat policy build

on:
workflow_call:

jobs:
validate-lavamoat-policy-build:
name: Validate lavamoat policy build
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate lavamoat build policy
run: yarn lavamoat:build:auto
env:
INFURA_PROJECT_ID: 00000000000

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
30 changes: 30 additions & 0 deletions .github/workflows/validate-lavamoat-policy-webapp.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Validate lavamoat policy webapp

on:
workflow_call:

jobs:
validate-lavamoat-policy-webapp:
name: Validate lavamoat policy webapp
runs-on: ubuntu-latest
strategy:
matrix:
build-type: [main, beta, flask, mmi]
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Setup environment
uses: metamask/github-tools/.github/actions/setup-environment@main

- name: Validate lavamoat ${{ matrix.build-type }} policy
run: yarn lavamoat:webapp:auto:ci --build-types=${{ matrix.build-type }}
env:
INFURA_PROJECT_ID: 00000000000

- name: Check working tree
run: |
if ! git diff --exit-code; then
echo "::error::Working tree dirty."
exit 1
fi
Loading