Validate LavaMoat policies on each PR (#19703)

* Validate LavaMoat policies on each PR The LavaMoat policies are now validated on every PR. This makes it easier to validate policy changes, as they should always correspond with the changes made in the PR (unlike today, when they could be due to a change in platform or a previous PR). Closes #19680 * Update LavaMoat policies --------- Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
2024-11-21 17:37:01 +01:00 · 2023-06-23 09:50:36 -02:30 · 2023-06-23 09:50:36 -02:30 · 3b9fd435fb
commit 3b9fd435fb
parent dfb830e862
2 changed files with 8 additions and 72 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -30,12 +30,6 @@ rc_branch_only: &rc_branch_only
      only:
        - /^Version-v(\d+)[.](\d+)[.](\d+)/

-rc_or_master_branch_only: &rc_or_master_branch_only
-  filters:
-    branches:
-      only:
-        - /^Version-v(\d+)[.](\d+)[.](\d+)|master/
-
 workflows:
  test_and_release:
    jobs:
@ -57,15 +51,12 @@ workflows:
          requires:
            - prep-deps
      - validate-lavamoat-allow-scripts:
-          <<: *rc_or_master_branch_only
          requires:
            - prep-deps
      - validate-lavamoat-policy-build:
-          <<: *rc_or_master_branch_only
          requires:
            - prep-deps
      - validate-lavamoat-policy-webapp:
-          <<: *rc_or_master_branch_only
          matrix:
            parameters:
              build-type: [main, beta, flask, mmi, desktop]
--- a/lavamoat/build-system/policy.json
+++ b/lavamoat/build-system/policy.json
@ -980,7 +980,6 @@
      "packages": {
        "@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>are-we-there-yet": true,
        "@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge": true,
-        "@storybook/addon-mdx-gfm>@storybook/node-logger>npmlog>console-control-strings": true,
        "@storybook/react>@storybook/node-logger>npmlog>console-control-strings": true,
        "nyc>yargs>set-blocking": true
      }
@ -1009,9 +1008,6 @@
        "@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>aproba": true,
        "@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>string-width": true,
        "@lavamoat/allow-scripts>@npmcli/run-script>node-gyp>npmlog>gauge>strip-ansi": true,
-        "@storybook/addon-mdx-gfm>@storybook/node-logger>npmlog>console-control-strings": true,
-        "@storybook/addon-mdx-gfm>@storybook/node-logger>npmlog>gauge>has-unicode": true,
-        "@storybook/addon-mdx-gfm>@storybook/node-logger>npmlog>gauge>wide-align": true,
        "@storybook/react>@storybook/node-logger>npmlog>console-control-strings": true,
        "@storybook/react>@storybook/node-logger>npmlog>gauge>has-unicode": true,
        "@storybook/react>@storybook/node-logger>npmlog>gauge>wide-align": true,
@ -1137,33 +1133,11 @@
        "@metamask/jazzicon>color>color-convert>color-name": true
      }
    },
-    "@sentry/cli>mkdirp": {
-      "builtin": {
-        "fs": true,
-        "path.dirname": true,
-        "path.resolve": true
-      }
-    },
    "@storybook/addon-knobs>qs": {
      "packages": {
        "string.prototype.matchall>side-channel": true
      }
    },
-    "@storybook/addon-mdx-gfm>@storybook/node-logger>npmlog>gauge>has-unicode": {
-      "builtin": {
-        "os.type": true
-      },
-      "globals": {
-        "process.env.LANG": true,
-        "process.env.LC_ALL": true,
-        "process.env.LC_CTYPE": true
-      }
-    },
-    "@storybook/addon-mdx-gfm>@storybook/node-logger>npmlog>gauge>wide-align": {
-      "packages": {
-        "yargs>string-width": true
-      }
-    },
    "@storybook/core>@storybook/core-server>x-default-browser>default-browser-id>untildify>os-homedir": {
      "builtin": {
        "os.homedir": true
@ -4895,20 +4869,9 @@
      },
      "packages": {
        "@storybook/core>@storybook/core-server>x-default-browser>default-browser-id>untildify>os-homedir": true,
-        "gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-homedir": true,
        "gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-tmpdir": true
      }
    },
-    "gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-homedir": {
-      "builtin": {
-        "os.homedir": true
-      },
-      "globals": {
-        "process.env": true,
-        "process.getuid": true,
-        "process.platform": true
-      }
-    },
    "gulp-watch>chokidar>fsevents>node-pre-gyp>nopt>osenv>os-tmpdir": {
      "globals": {
        "process.env.SystemRoot": true,
@ -4930,34 +4893,9 @@
        "setTimeout": true
      },
      "packages": {
-        "gulp-watch>chokidar>fsevents>node-pre-gyp>rimraf>glob": true,
        "nyc>glob": true
      }
    },
-    "gulp-watch>chokidar>fsevents>node-pre-gyp>rimraf>glob": {
-      "builtin": {
-        "assert": true,
-        "events.EventEmitter": true,
-        "fs": true,
-        "path.join": true,
-        "path.resolve": true,
-        "util": true
-      },
-      "globals": {
-        "console.error": true,
-        "process.cwd": true,
-        "process.nextTick": true,
-        "process.platform": true
-      },
-      "packages": {
-        "eslint>minimatch": true,
-        "gulp-watch>path-is-absolute": true,
-        "nyc>glob>fs.realpath": true,
-        "nyc>glob>inflight": true,
-        "pump>once": true,
-        "pumpify>inherits": true
-      }
-    },
    "gulp-watch>chokidar>fsevents>node-pre-gyp>semver": {
      "globals": {
        "console": true,
@ -8246,7 +8184,14 @@
        "path.dirname": true
      },
      "packages": {
-        "@sentry/cli>mkdirp": true
+        "stylelint>file-entry-cache>flat-cache>write>mkdirp": true
+      }
+    },
+    "stylelint>file-entry-cache>flat-cache>write>mkdirp": {
+      "builtin": {
+        "fs": true,
+        "path.dirname": true,
+        "path.resolve": true
      }
    },
    "stylelint>global-modules": {