1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-23 02:10:12 +01:00
Commit Graph

67 Commits

Author SHA1 Message Date
kumavis
0985e8f012
ci - build-artifacts - generate sesify-viz for inspecting deps (#7151)
* ci - build-artifacts - generate sesify-viz for inspecting deps

* lint fix
2019-09-11 22:47:21 +08:00
Mark Stacey
c9fffafd9a
Publish GitHub release from master branch (#7136)
* Publish GitHub release from master branch

This ensures that changes made on `develop` since branching for the
release are not included. It also ensures that the final release
sourcemaps line-up correctly (they were always build on master)`.

* Consolidate publish jobs

The jobs `job-publish-release` and `create_github_release` both handle
different parts of publishing a release. They have been consolidated
into a single `job-publish-release` job.

* Update release script to expect a merge commit

The release script was originally written to be run on `develop`, so it
expected the current commit to be a result of `Squash & Merge`. Now
that it's run on `master`, it will generally be run against a merge
commit.

The version is now extracted from the commit message using a regular
expression that should work on all version of Bash v3+, and should be
tolerant of both merge commits and `Squash & Merge` commits.

* Target `master` with release PR

`master` is now targeted by the release PR instead of `develop`, as
the release has to be created from the master branch.

The update to `develop` is handled after the release by a PR from
`master` to `develop`, which is created automatically after the
release.
2019-09-11 11:44:36 -03:00
Mark Stacey
1fd3dc9ecf
Switch from npm to yarn (#6843)
As a solution to the constant lockfile churn issues we've had with
`npm`, the project now uses `yarn` to manage dependencies.

The `package-lock.json` file has been replaced with `yarn.lock`, which
was created using `yarn import`. It should approximate the contents of
`package-lock.json` fairly well, though there may be some changes due to
deduplication. The codeowners file has been updated to reference this
new lockfile.

All documentation and npm scripts have been updated to reference `yarn`
rather than `npm`. Note that running scripts using `npm run` still works
fine, but it seemed better to switch those to `yarn` as well to avoid
confusion.

The `npm-audit` Bash script has been replaced with `yarn-audit`. The
output of `yarn audit` is a bit different than `npm audit` in that it
returns a bitmask to describe which severity issues were found. This
made it simpler to check the results directly from the Bash script, so
the associated `npm-audit-check.js` script was no longer required. The
output should be exactly the same, and the information is still sourced
from the same place (the npm registry).

The new `yarn-audit` script does have an external dependency: `jq`.
However, `jq` is already assumed to be present by another CI script, and
is present on all CI images we use. `jq` was not added to `package.json`
as a dependency because there is no official package on the npm
registry, just wrapper scripts. We don't need it anywhere exept on CI
anyway.

The section in `CONTRIBUTING` about how to develop inside the
`node_modules` folder was removed, as the advice was a bit dated, and
wasn't specific to this project anyway.
2019-07-30 15:36:23 -03:00
Mark Stacey
754f98aea2
Fix npm-audit script (#6908)
The npm audit script was auditing all dependencies, then filtering the
results to just the advisories concerning production dependencies. This
was done by checking the boolean `dev` and `optional` properties of each
`findings` entry in each advisory.

The `dev` and `optional` properties are now missing, which is resulting
in dev advisories being mistakenly identified as affecting production.

This check has been removed, and instead the `--production` flag is used
when calling `npm audit`. This accomplishes the same goal without
relying as much upon the audit output format.

The `--production` flag was added in `npm` `v6.10.0`, so `npm` has been
updated to the current latest stable (`v6.10.2`) for the `test-deps`
job. It was also updated on the `prep-deps-npm` job to ensure
consistency in behaviour. The other jobs only use `npm run` which hasn't
changed substantially in some time, so compatibility isn't really a
concern for those.

`audit.json` has also been added to `.gitignore`. It was accidentally
checked in once while working on this branch.
2019-07-24 19:54:16 -03:00
Whymarrh Whitby
83c2440509 Add scripts to automate GitHub releases (#6653)
* ci: Rename full_test to test_and_release

* ci: Add scripts to automate GH releases

* Add .bak files to .gitignore

* ci: Add reviewer to the auto version PR
2019-07-17 22:51:47 -07:00
Mark Stacey
0366459edd
Update version of Firefox used on CI (#6841) 2019-07-15 10:15:15 -03:00
Whymarrh Whitby
ea142a4dd6 ci: Enable npm audit check 2019-06-06 15:40:14 -02:30
Whymarrh Whitby
765cac839c Update Firefox version for e2e tests 2018-09-11 09:38:59 -07:00
Whymarrh Whitby
2185197ef6 ci: Use Firefox 61.0.2 2018-08-17 18:41:12 -02:30
Whymarrh Whitby
7b89d3d473 ci: Disable Firefox updates 2018-08-17 18:41:12 -02:30
Whymarrh Whitby
e493efb123 ci: Don't cache Firefox install
Two important notes:

1. The time it takes to download is negligble compared to e2e test runs
2. Since we cannot use environment variables in CircleCI cache keys we
   can't cache the download correctly and have it update when we switch
   firefox versions—this isn't the end of the world because of point 1
2018-08-17 18:41:12 -02:30
Bruno Barbieri
104c4674da
Update firefox version 2018-07-06 16:53:53 -04:00
Bruno Barbieri
759b5b20ec
Forgot this is linux bash 2018-07-06 16:48:17 -04:00
Bruno Barbieri
32813b23a2
Update firefox-download.sh 2018-07-06 16:44:06 -04:00
Bruno Barbieri
e0719a0358
Update firefox-download.sh 2018-07-06 16:16:18 -04:00
Bruno Barbieri
0af1702a3f
Allow firefox binary to be cached 2018-07-06 15:51:35 -04:00
kumavis
1e6ff597e2 ci - breakout firefox helpers into scripts 2018-06-01 12:16:14 -07:00