1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-22 17:33:23 +01:00

Validate LavaMoat config in parallel (#19589)

The LavaMoat policies and allow-scripts configuration are now validated
in parallel. They are still only validated for release candidate
branches and the `master` branch.
This commit is contained in:
Mark Stacey 2023-06-22 18:40:32 -02:30 committed by GitHub
parent 89cec5335f
commit 492038a312
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 66 additions and 43 deletions

View File

@ -30,6 +30,12 @@ rc_branch_only: &rc_branch_only
only:
- /^Version-v(\d+)[.](\d+)[.](\d+)/
rc_or_master_branch_only: &rc_or_master_branch_only
filters:
branches:
only:
- /^Version-v(\d+)[.](\d+)[.](\d+)|master/
workflows:
test_and_release:
jobs:
@ -50,11 +56,19 @@ workflows:
- test-yarn-dedupe:
requires:
- prep-deps
- validate-lavamoat-config:
filters:
branches:
only:
- /^Version-v(\d+)[.](\d+)[.](\d+)|master/
- validate-lavamoat-allow-scripts:
<<: *rc_or_master_branch_only
requires:
- prep-deps
- validate-lavamoat-policy-build:
<<: *rc_or_master_branch_only
requires:
- prep-deps
- validate-lavamoat-policy-webapp:
<<: *rc_or_master_branch_only
matrix:
parameters:
build-type: [main, beta, flask, mmi, desktop]
requires:
- prep-deps
- prep-build:
@ -162,7 +176,9 @@ workflows:
- prep-build-flask
- all-tests-pass:
requires:
- validate-lavamoat-config
- validate-lavamoat-allow-scripts
- validate-lavamoat-policy-build
- validate-lavamoat-policy-webapp
- test-lint
- test-lint-shellcheck
- test-lint-lockfile
@ -329,7 +345,7 @@ jobs:
- node_modules
- build-artifacts
validate-lavamoat-config:
validate-lavamoat-allow-scripts:
executor: node-browsers-medium-plus
steps:
- checkout
@ -337,12 +353,39 @@ jobs:
at: .
- run:
name: Validate allow-scripts config
command: |
.circleci/scripts/validate-allow-scripts.sh
command: yarn allow-scripts auto
- run:
name: Validate LavaMoat policy
command: |
.circleci/scripts/validate-lavamoat-policy.sh
name: Check working tree
command: .circleci/scripts/check-working-tree.sh
validate-lavamoat-policy-build:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Validate LavaMoat build policy
command: yarn lavamoat:build:auto
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh
validate-lavamoat-policy-webapp:
executor: node-browsers-medium-plus
parameters:
build-type:
type: string
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Validate LavaMoat << parameters.build-type >> policy
command: yarn lavamoat:webapp:auto:ci '--build-types=<< parameters.build-type >>'
- run:
name: Check working tree
command: .circleci/scripts/check-working-tree.sh
prep-build:
executor: node-browsers-medium-plus

View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
if ! git diff --exit-code
then
echo "Working tree dirty"
exit 1
fi

View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
yarn allow-scripts auto
if git diff --exit-code
then
echo "allow-scripts configuration is up-to-date"
else
echo "allow-scripts configuration requires updates"
exit 1
fi

View File

@ -1,15 +0,0 @@
#!/usr/bin/env bash
set -e
set -u
set -o pipefail
yarn lavamoat:auto:ci
if git diff --exit-code
then
echo "LavaMoat policy is up-to-date"
else
echo "LavaMoat policy requires updates"
exit 1
fi

View File

@ -85,7 +85,6 @@
"lavamoat:webapp:auto": "node ./development/generate-lavamoat-policies.js --devMode=true",
"lavamoat:webapp:auto:ci": "node ./development/generate-lavamoat-policies.js --parallel=false",
"lavamoat:auto": "yarn lavamoat:build:auto && yarn lavamoat:webapp:auto",
"lavamoat:auto:ci": "yarn lavamoat:build:auto && yarn lavamoat:webapp:auto:ci",
"ts-migration:dashboard:build": "ts-node development/ts-migration-dashboard/scripts/build-app.ts",
"ts-migration:dashboard:deploy": "gh-pages --dist development/ts-migration-dashboard/build/final --remote ts-migration-dashboard",
"ts-migration:dashboard:watch": "yarn ts-migration:dashboard:build --watch",