Certain draft PRs that add new dependencies have been failing because
CI will try to use the GitHub npm registry, which we use for preview
builds. This registry does not have non-preview package versions, so
the installation will fail if new non-preview dependencies are needed.
CI has been updated to only use the GitHub npm registry when preview
builds are detected in the manifest.
The `--frozen-lockfile` flag is not supported by Yarn v3. It has been
replaced by the Yarn v3 equivalent, which is `--immutable`.
Additionally, the `deps-install` script was deleted and this command
was inlined in the CircleCI configuration. I don't think we need to
maintain a separate script just for one command.
The LavaMoat policies and allow-scripts configuration are now validated
in parallel. They are still only validated for release candidate
branches and the `master` branch.
* Bump Circle CI docker image
* Stop removing FF since it doesn't exist
* Use Circle CI browser tools
* Fix config name
* Fix browser tools args
* Fix Chrome version
* Use script for chrome
* Try update
* Try FF without browser-tools2
* Fix FF binary path
* Force enable e2e debug
* Add some logs
* More logs
* Disable XSET check for now
* Delete x-server logic
* remove another usage of the x-server logic
* Build beta with mv3 enabled
* Ensure firefox manifest is an mv2 version
* Revert "Ensure firefox manifest is an mv2 version"
This reverts commit fed74792b0fec33c3a85f2229eb560559d37afe5.
* Only create beta builds for the chrome platform
* Stop linting firefox for beta
* feat(17494): test separate commit triggered build
* feat(17493): keep consistent commit message
* feat(17493): use trim to get rid of white space in branch name
* feat(17493): bring back some pipelines
* Version v10.25.0-beta.0
* ERC1155 Import & Dapp interaction E2E tests (#17885)
* feat(17494): test separate commit triggered build
* feat(17493): remove testing beta commit in package.json
---------
Co-authored-by: Thomas Huang <tmashuang@users.noreply.github.com>
This PR converts `generate-lavamoat-policies.sh` to `.js` using Yargs. This makes it easier to only generate policy files for a specific build type (using the `-t` flag), which is often useful during Flask development. In addition, the `lavamoat:background:auto` scripts are renamed, and the main readme is updated with some useful tips.
Note that `lavamoat:background:auto:dev` is removed and `lavamoat:background:auto` should be used during local development.
* Automate the Flask release
A Flask release will now be published alongside each main extension
release. The version of each Flask release will be the same as the
extension version except it will have the suffix `-flask.0`.
* Programmatically remove build prefix
The create GH release Bash script derives the Flask version from the
Flask build filename by removing the build prefix, leaving just the
version. Rather than hard-coding the prefix size to remove, it is now
calculated programmatically so that it is easier to read and update.
* Fix tag publishing
The tab publishing step used the wrong credentials, and didn't properly
identify the commit author. This has now been fixed.
`improved-yarn-audit` has been updated so that it supports GitHub
advisories. Two new GitHub advisories have been ignored, as they are
both moderate RegExp DoS vulnerabilities that don't affect us, and they
are embedded deep within our dependency graph and are difficult to
update.
There are a few issues encountered when running `yarn setup` on new
Apple Silicon (aka M1, aka arm64) Macs:
* The script halts when attempting to run the install step for
the `chromedriver` package with the message "Only Mac 64 bits
supported". This is somewhat misleading as it seems to indicate that
chromedriver can only be installed on a 64-bit Mac. However, what I
think is happening is that the installation script for `chromedriver`
is not able to detect that an arm64 CPU *is* a 64-bit CPU. After
looking through the `chromedriver` repo, it appears that 87.0.1 is the
first version that adds a proper check ([1]).
Note that upgrading chromedriver caused the Chrome-specific tests to
fail intermittently on CI. I was not able to 100% work out the reason
for this, but ensuring that X (which provides a way for Chrome to run
in a GUI setting from the command line) is available seems to fix
these issues.
* The script also halts when attempting to run the install step for
the `electron` package. This happens because for the version of
`electron` we are using (9.4.2), there is no available binary for
arm64. It appears that Electron 11.x was the first version to support
arm64 Macs ([2]). This is a bit trickier to resolve because we don't
explicitly rely on `electron` — that's brought in by `react-devtools`.
The first version of `react-devtools` that relies on `electron` 11.x
is 4.11.0 ([3]).
[1]: 469dd0a6ee
[2]: https://www.electronjs.org/blog/apple-silicon
[3]: https://github.com/facebook/react/blob/main/packages/react-devtools/CHANGELOG.md#4110-april-9-2021