1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
Commit Graph

54 Commits

Author SHA1 Message Date
Mark Stacey
fb6375472e
Update improved-yarn-audit and ignore 2 advisories (#12765)
`improved-yarn-audit` has been updated so that it supports GitHub
advisories. Two new GitHub advisories have been ignored, as they are
both moderate RegExp DoS vulnerabilities that don't affect us, and they
are embedded deep within our dependency graph and are difficult to
update.
2021-11-19 11:53:19 -03:30
kumavis
f5f2f38ea5
ci - fix yarn-audit (#12738)
* ci/yarn-audit - ensure error propagation

* ci/yarn-audit - ensure dependencies are installed first
2021-11-18 10:57:47 -10:00
PeterYinusa
c0f0e1cfc4
update chromedriver to v95 (#12603) 2021-11-05 15:52:24 +00:00
Alex Donesky
3b5e33bc4c
use improved-yarn-audit and exclude 1002401 and 1002581 (#12310)
* use improved-yarn-audit and exclude 1002401
2021-10-08 12:18:38 -05:00
kumavis
a174d50ba5
ci - improve lavamoat validation debug info (#12259)
* ci - improve lavamoat validation debug info

* Update validate-allow-scripts.sh

* Update validate-lavamoat-policy.sh
2021-10-01 09:39:28 -10:00
kumavis
d9d20160d6
LavaMoat Node update and various small enhancements (#12239)
* lavamoat - update lavamoat-node and relevant policy + two handy patches

* test/e2e - add timeout known to be flaky

* lavamoat-viz - rename npm script
2021-09-28 20:56:08 -10:00
Elliot Winkler
bbe972ca46
Upgrade chromedriver to 93 (#11990)
This allows developers to run the Chrome e2e tests locally without
having to have a custom version of Chrome installed.
2021-09-08 14:54:31 -06:00
Elliot Winkler
8ffebb294b
Fix 'yarn setup' on M1 Macs (#11887)
There are a few issues encountered when running `yarn setup` on new
Apple Silicon (aka M1, aka arm64) Macs:

* The script halts when attempting to run the install step for
  the `chromedriver` package with the message "Only Mac 64 bits
  supported". This is somewhat misleading as it seems to indicate that
  chromedriver can only be installed on a 64-bit Mac. However, what I
  think is happening is that the installation script for `chromedriver`
  is not able to detect that an arm64 CPU *is* a 64-bit CPU. After
  looking through the `chromedriver` repo, it appears that 87.0.1 is the
  first version that adds a proper check ([1]).

  Note that upgrading chromedriver caused the Chrome-specific tests to
  fail intermittently on CI. I was not able to 100% work out the reason
  for this, but ensuring that X (which provides a way for Chrome to run
  in a GUI setting from the command line) is available seems to fix
  these issues.

* The script also halts when attempting to run the install step for
  the `electron` package. This happens because for the version of
  `electron` we are using (9.4.2), there is no available binary for
  arm64. It appears that Electron 11.x was the first version to support
  arm64 Macs ([2]). This is a bit trickier to resolve because we don't
  explicitly rely on `electron` — that's brought in by `react-devtools`.
  The first version of `react-devtools` that relies on `electron` 11.x
  is 4.11.0 ([3]).

[1]: 469dd0a6ee
[2]: https://www.electronjs.org/blog/apple-silicon
[3]: https://github.com/facebook/react/blob/main/packages/react-devtools/CHANGELOG.md#4110-april-9-2021
2021-09-01 10:40:40 -06:00
Mark Stacey
6416a1ef98
Add logs for Google Chrome binary checksum verification (#11366)
The Chrome installation script now has logs explaining whether the
checksum verification succeeded or failed.
2021-06-23 17:17:16 -02:30
Brad Decker
7cc747c792
change download location of chrome file (#11346)
* change download location of chrome file

* Update .circleci/scripts/chrome-install.sh

Co-authored-by: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-06-18 11:45:58 -05:00
Mark Stacey
36869a4350
Migrate version from _base manifest to package.json (#11029)
The version field is now stored in the main `package.json` file rather
than in the base manifest. It is built into the final manifest during
the build script.

This makes it easier to communicate what the current version should be
to our `auto-changelog` script. It's also generally a more conventional
place to keep track of the version, even considering that we're not
publishing to npm.
2021-05-10 14:16:03 -07:00
Mark Stacey
3d952536d8
Migrate check for GITHUB_TOKEN (#10958)
The check for the GITHUB_TOKEN environment variable was being done in
the wrong release script. It has been migrated to the relevant script.

A second check for the username has also been added, as it is also
required.
2021-05-03 11:54:39 -02:30
Mark Stacey
b18161c066
Remove unused CI script (#10840)
This script has not been used since #10795. It is now gone.
2021-04-07 15:46:01 -02:30
Mark Stacey
687803539f
Update the changelog when creating an RC (#10795)
The changelog will now be automatically updated when a release branch
is created. A new release header along with changelog entries for any
new commits will be added.

Note that this changelog will still need to be manually cleaned up, but
it's one less manual step at least.

The old Bash script for adding a new release header to the changelog
has been removed, as that functionality is now built into the changelog
update script.

A new script has been added to commit any changes made to the manifest
and changelog. This step used to happen at the end of the bump manifest
version script, but now the changelog update relies upon the manifest
version bump happening first, so it needed to be re-ordered. The
changes should only be committed on the first run of the branch, as
it's contingent upon the manifest changing (due to the version bump).
Further changelog updates won't trigger new automatic commits.
2021-04-02 18:41:51 -02:30
Mark Stacey
358fec049b
Remove script for creating master sync PR (#10791)
The script responsible for creating the "Sync `master` with `develop`"
PR has been removed. We will soon be eliminating the need for a
`master` branch altogether, so we don't need this anymore. Also, this
script hasn't been running correctly in a long time. We've been
creating this PR manually.
2021-03-31 19:54:52 -02:30
Mark Stacey
6aee658ca2
Remove date from changelog release header (#10790)
New changelog release headers now omit the date. These headers are
added automatically when a new release branch is created, and that
rarely ends up being the actual date of the release, so these dates
have all been inaccurate anyway.

The date will be re-added to the changelog later as part of a new
script, after a release has been published.
2021-03-31 19:54:29 -02:30
kumavis
b668a90303
ci - cache deps before patch-package (#10735)
* ci - cache deps before patch-package

* ci - bump dep cache number (cache break)
2021-03-26 11:55:03 +08:00
Mark Stacey
20b2c5f004
Fix LavaMoat config check (#10514)
The CI script to ensure no LavaMoat policy changes are required has
been failing despite there being no changes. It turns out that the
command used to check for changes (`git diff-index`) was failing
despite the lack of changes because the file was written again by
`yarn lavamoat:auto` but git hadn't gotten around to updating its index
since the write occurred, so it was considering it as changed until it
verified it wasn't [1].

The command has been replaced by `git diff --exit-code --quiet`, which
should do exactly the same thing except that it forces git to update
its internal cache to verify whether changes are present.

[1]: https://stackoverflow.com/questions/34807971/why-does-git-diff-index-head-result-change-for-touched-files-after-git-diff-or-g
2021-02-25 11:13:47 -03:30
Mark Stacey
681db78ff8
Add CI check to ensure LavaMoat policy is updated (#10493)
A CI job has been added to ensure the `allow-scripts` config and the
LavaMoat auto-generated policy is up-to-date. This will only run on
release branches and the `master` branch, because it's too difficult a
requirement to meet for each PR for contributors on macOS, due to
differences in the dependency graph caused by optional dependencies.

The `allow-scripts` and LavaMoat policy have both been updated using
`yarn allow-scripts auto` and `yarn lavamoat:auto`.
2021-02-24 12:22:28 -03:30
Mark Stacey
73e0fdddd0
Use .sh file extension for all Bash scripts (#10499)
The `.sh` file extension is now used for all Bash scripts. This ensures
the files are recognized as Bash scripts by the ShellCheck CI job, and
by editors/IDEs for improved syntax highlighting.
2021-02-23 12:56:41 -03:30
Etienne Dusseault
f196c9feb8
Add Lavamoat to build system (#9939)
* lavamoat - run build system in lavamoat

* lavamoat/allow-scripts - add missing policy entry

* update viz and lavvamoat

* trim policy file

* bump viz

* prue policy override

* regen policy file

* Update package.json

* Update package.json

* Apply suggestions from code review

Co-authored-by: kumavis <kumavis@users.noreply.github.com>

* update policy, remove redundant patches

* use yarn setup in CI

Co-authored-by: kumavis <aaron@kumavis.me>
Co-authored-by: kumavis <kumavis@users.noreply.github.com>
2021-02-22 22:43:29 +08:00
Etienne Dusseault
fc409a103b
Add .yarnrc to disable scripts (#10354)
* add yarn rc file to disable scripts

* remove ignore scripts in CI

* re-add entry

* add lavamoat preinstall always fail

* allow-scripts - add missing package to denylist

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
2021-02-03 21:53:12 -03:30
kumavis
b98cef16af
Update to Node v14 (#9514)
* manual rebase against develop

* Update .nvmrc
2021-02-03 13:45:38 +08:00
Etienne Dusseault
6b34fb4184
Use @lavamoat/allow-scripts (#10009)
* use @lavamoat/allow-scripts for package postinstall allow list
* dnode: set "weak" to false

Co-authored-by: kumavis <kumavis@users.noreply.github.com>
Co-authored-by: Erik Marks <25517051+rekmarks@users.noreply.github.com>
2021-02-01 20:08:42 -08:00
Mark Stacey
5e01602a01
Cache dependencies (#10065)
Dependencies are now cached between builds, using a checksum of the
`yarn.lock` file as the cache key. The `node_modules` directory and the
`.har` file from the install are cached and restored, so that we ensure
the record of the install is always preserved alongside the
dependencies.

The consolidation of the `collect-har-artifact` script was to make it
easier to cache the `.har` file along with the dependencies.
2020-12-14 11:46:42 -03:30
Mark Stacey
0b7579b5d8
Update Firefox version used on CI for e2e tests (#10058)
The Firefox version has been updated to the latest stable version: v83.
This was required to replicate production Firefox errors we saw
recently.
2020-12-11 12:03:00 -03:30
Whymarrh Whitby
7e5e697f89
Create release PRs as a draft, initially (#9660)
This change updates the command used to create RC pull requests to create [draft PRs][1].

  [1]:https://docs.github.com/en/free-pro-team@latest/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests
2020-10-20 09:15:53 -07:00
Whymarrh Whitby
baa2350604
Skip running e2e tests when commit is tagged with '[skip e2e]' (#9486)
[skip e2e]
2020-10-07 15:12:52 -02:30
Whymarrh Whitby
92314cc3ed
Format manifest file after applying new version (#9480) 2020-10-06 15:27:59 -02:30
Whymarrh Whitby
b378e57b27
Drop unused reviewers from CI scripts (#9068) 2020-07-23 21:15:09 -02:30
Mark Stacey
991ef366d7
Fix manifest version bump script (#8715)
The version bump script referenced the old file path for the manifest.
It was stored as a single file called `manifest.json`, but it was split
into `_base.json` and platform-specific manifests in #8140.

The manifest version bump script has been updated to reference
`_base.json`, which is the piece that has the version property.
2020-06-01 18:07:27 -03:00
kumavis
bc99728e84
ci/scripts/deps-install - exit if any command fails (#8368) 2020-04-20 10:18:16 -03:00
kumavis
7686edadb0
Build system refactor (#8140)
* build - start static asset task cleanup

* build - simplify manifest tasks

* build - refactor + rename some tasks

* build - various cleanups

* manifest - fix ref from controller

* build - drop gulp for simple async tasks

* build - breakout gulpfile into multiple files

* build - rename some tasks

* build - use task fn refs instead of string names

* build - bundle all scripts first, except for contentscript

* build - improve task timeline

* deps - update lock

* build - improve task time printout

* build/scripts - remove intermediate named task

* build - use 'yarn build' for task entry points

* build - properly run tasks via runTask for timeline display

* development/announcer - fix manifest path + clean

* build - lint fix

* build - make all defined tasks possible entry points

* build/task - properly report errors during task

* ci - fix sesify/lavamoat-viz build command

* build/scripts - run each bundle in separate processes

* lint fix

* build - forward childProcess logs to console

* build/task - fix parallel/series stream end event

* build/scripts refactor contentscript+inpage into a single task

* build/static - use the fs for 150x speedup zomg

* lint fix

* build/static - fix css copy

* Update development/build/scripts.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/scripts.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/index.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* deps - remove redundant mkdirp

* deps - remove unused pumpify

* deps - remove redundant merge-deep

* deps - prefer is-stream of isstream

* deps - remove clone for lodash.cloneDeep

* clean - remove commented code

* build/static - use fs.copy + fast-glob instead of linux cp for better platform support

* build/manifest - standardize task naming

* build/display - clean - remove unused code

* bugfix - fix fs.promises import

* build - create "clean" as named task for use as entrypoint

* build/static - fix for copying dirs

* Update development/build/task.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/display.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/display.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/display.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* build - use task refs, tasks only return promises not streams, etc

* lint fi bad merge + lint

* build - one last cleanup + refactor

* build - add comments introducing file

* build/manifest - fix bug + subtasks dont beed to be named

* Update package.json

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* build/task - remove unused fn

* Update package.json

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/styles.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* Update development/build/styles.js

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2020-03-09 08:55:02 +08:00
Mark Stacey
1c6e09b1ce Fix sourcemaps
The `install` script of `@sentry/cli` is required for the Sentry CLI to
work correctly. Without this step, the sourcemap upload fails silently.
2019-11-13 16:54:04 -04:00
Mark Stacey
fe28e0d134
Cleanup beforeunload handler after transaction is resolved (#7333)
* Cleanup beforeunload handler after transaction is resolved

The notification window was updated to reject transactions upon close
in #6340. A handler that rejects the transaction was added to
`window.onbeforeunload`, and it was cleared in `actions.js` if it was
confirmed or rejected.

However, the `onbeforeunload` handler remained uncleared if the
transaction was resolved in another window. This results in the
transaction being rejected when the notification window closes, even
long after the transaction is submitted and confirmed. This has been
the cause of many problems with the Firefox e2e tests.

Instead the `onbeforeunload` handler is cleared in the
`componentWillUnmount` lifecycle function, alongside where it's set in
the first place. This ensures that it's correctly unset regardless
of how the transaction was resolved, and it better matches user
expectations.

* Fix indentation and remove redundant export

The `run-all.sh` Bash script now uses consistent indentation, and is
consistent about only re-exporting the Ganache arguments when they
change.

* Ensure transactions are completed before checking balance

Various intermittent e2e test failures appear to be caused by React
re-rendering the transaction list during the test, as the transaction
goes from pending to confirmed. To avoid this race condition, the
transaction is now explicitly looked for in the confirmed transaction
list in each of the tests using this pattern.

* Enable all e2e tests on Firefox

The remaining tests that were disabled on Firefox now work correctly.
Only a few timing adjustments were needed.

* Update Firefox used in CI

Firefox v70 is now used on CI instead of v68. This necessitated
rewriting the function where the extension ID was obtained because the
Firefox extensions page was redesigned.
2019-10-31 13:27:22 -03:00
kumavis
e1efb4d7ac
ci - install deps - limit install scripts to whitelist (#7208)
* ci - install deps - limit install scripts to those needed for build

* Update .circleci/scripts/deps-install.sh

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>

* ci - install deps - expand install scripts needed for tests

* ci - install deps - expand install scripts needed for integration tests

* ci - install deps - fix node-sass script ref

* github - set codeowners for scripts/deps-install

* development - add utility to show deps with install scripts

* lint fix

* deps - move read-installed to devDeps
2019-09-25 20:01:10 +08:00
kumavis
dbbf6986d2
ci - install deps with "--har" flag to capture network activity (#7143)
* ci - install deps with "--har" flag to capture network activity

* ci - add yarn install HAR logs to build-artifacts

* ci - yarn har - fix typo

* Update .circleci/scripts/collect-har-artifact.sh

Co-Authored-By: Mark Stacey <markjstacey@gmail.com>
2019-09-12 00:03:47 +08:00
kumavis
0985e8f012
ci - build-artifacts - generate sesify-viz for inspecting deps (#7151)
* ci - build-artifacts - generate sesify-viz for inspecting deps

* lint fix
2019-09-11 22:47:21 +08:00
Mark Stacey
c9fffafd9a
Publish GitHub release from master branch (#7136)
* Publish GitHub release from master branch

This ensures that changes made on `develop` since branching for the
release are not included. It also ensures that the final release
sourcemaps line-up correctly (they were always build on master)`.

* Consolidate publish jobs

The jobs `job-publish-release` and `create_github_release` both handle
different parts of publishing a release. They have been consolidated
into a single `job-publish-release` job.

* Update release script to expect a merge commit

The release script was originally written to be run on `develop`, so it
expected the current commit to be a result of `Squash & Merge`. Now
that it's run on `master`, it will generally be run against a merge
commit.

The version is now extracted from the commit message using a regular
expression that should work on all version of Bash v3+, and should be
tolerant of both merge commits and `Squash & Merge` commits.

* Target `master` with release PR

`master` is now targeted by the release PR instead of `develop`, as
the release has to be created from the master branch.

The update to `develop` is handled after the release by a PR from
`master` to `develop`, which is created automatically after the
release.
2019-09-11 11:44:36 -03:00
Mark Stacey
1fd3dc9ecf
Switch from npm to yarn (#6843)
As a solution to the constant lockfile churn issues we've had with
`npm`, the project now uses `yarn` to manage dependencies.

The `package-lock.json` file has been replaced with `yarn.lock`, which
was created using `yarn import`. It should approximate the contents of
`package-lock.json` fairly well, though there may be some changes due to
deduplication. The codeowners file has been updated to reference this
new lockfile.

All documentation and npm scripts have been updated to reference `yarn`
rather than `npm`. Note that running scripts using `npm run` still works
fine, but it seemed better to switch those to `yarn` as well to avoid
confusion.

The `npm-audit` Bash script has been replaced with `yarn-audit`. The
output of `yarn audit` is a bit different than `npm audit` in that it
returns a bitmask to describe which severity issues were found. This
made it simpler to check the results directly from the Bash script, so
the associated `npm-audit-check.js` script was no longer required. The
output should be exactly the same, and the information is still sourced
from the same place (the npm registry).

The new `yarn-audit` script does have an external dependency: `jq`.
However, `jq` is already assumed to be present by another CI script, and
is present on all CI images we use. `jq` was not added to `package.json`
as a dependency because there is no official package on the npm
registry, just wrapper scripts. We don't need it anywhere exept on CI
anyway.

The section in `CONTRIBUTING` about how to develop inside the
`node_modules` folder was removed, as the advice was a bit dated, and
wasn't specific to this project anyway.
2019-07-30 15:36:23 -03:00
Mark Stacey
754f98aea2
Fix npm-audit script (#6908)
The npm audit script was auditing all dependencies, then filtering the
results to just the advisories concerning production dependencies. This
was done by checking the boolean `dev` and `optional` properties of each
`findings` entry in each advisory.

The `dev` and `optional` properties are now missing, which is resulting
in dev advisories being mistakenly identified as affecting production.

This check has been removed, and instead the `--production` flag is used
when calling `npm audit`. This accomplishes the same goal without
relying as much upon the audit output format.

The `--production` flag was added in `npm` `v6.10.0`, so `npm` has been
updated to the current latest stable (`v6.10.2`) for the `test-deps`
job. It was also updated on the `prep-deps-npm` job to ensure
consistency in behaviour. The other jobs only use `npm run` which hasn't
changed substantially in some time, so compatibility isn't really a
concern for those.

`audit.json` has also been added to `.gitignore`. It was accidentally
checked in once while working on this branch.
2019-07-24 19:54:16 -03:00
Whymarrh Whitby
83c2440509 Add scripts to automate GitHub releases (#6653)
* ci: Rename full_test to test_and_release

* ci: Add scripts to automate GH releases

* Add .bak files to .gitignore

* ci: Add reviewer to the auto version PR
2019-07-17 22:51:47 -07:00
Mark Stacey
0366459edd
Update version of Firefox used on CI (#6841) 2019-07-15 10:15:15 -03:00
Whymarrh Whitby
ea142a4dd6 ci: Enable npm audit check 2019-06-06 15:40:14 -02:30
Whymarrh Whitby
765cac839c Update Firefox version for e2e tests 2018-09-11 09:38:59 -07:00
Whymarrh Whitby
2185197ef6 ci: Use Firefox 61.0.2 2018-08-17 18:41:12 -02:30
Whymarrh Whitby
7b89d3d473 ci: Disable Firefox updates 2018-08-17 18:41:12 -02:30
Whymarrh Whitby
e493efb123 ci: Don't cache Firefox install
Two important notes:

1. The time it takes to download is negligble compared to e2e test runs
2. Since we cannot use environment variables in CircleCI cache keys we
   can't cache the download correctly and have it update when we switch
   firefox versions—this isn't the end of the world because of point 1
2018-08-17 18:41:12 -02:30
Bruno Barbieri
104c4674da
Update firefox version 2018-07-06 16:53:53 -04:00
Bruno Barbieri
759b5b20ec
Forgot this is linux bash 2018-07-06 16:48:17 -04:00