* Validate LavaMoat policies on each PR
The LavaMoat policies are now validated on every PR. This makes it
easier to validate policy changes, as they should always correspond
with the changes made in the PR (unlike today, when they could be due
to a change in platform or a previous PR).
Closes#19680
* Update LavaMoat policies
---------
Co-authored-by: MetaMask Bot <metamaskbot@users.noreply.github.com>
The LavaMoat policies and allow-scripts configuration are now validated
in parallel. They are still only validated for release candidate
branches and the `master` branch.
This commit fulfills a long-standing desire to get the extension using
the same network controller as mobile by removing NetworkController from
this repo and replacing it with NetworkController from the
`@metamask/network-controller` package.
The new version of NetworkController is different the old one in a few
ways:
- The new controller inherits from BaseControllerV2, so the `state`
property is used to access the state instead of `store.getState()`.
All references of the latter have been replaced with the former.
- As the new controller no longer has a `store` property, it cannot be
subscribed to; the controller takes a messenger which can be
subscribed to instead. There were various places within
MetamaskController where the old way of subscribing has been replaced
with the new way. In addition, DetectTokensController has been updated
to take a messenger object so that it can listen for NetworkController
state changes.
- The state of the new controller is not updatable from the outside.
This affected BackupController, which dumps state from
NetworkController (among other controllers), but also loads the same
state into NetworkController on import. A method `loadBackup` has been
added to NetworkController to facilitate this use case, and
BackupController is now using this method instead of attempting to
call `update` on NetworkController.
- The new controller does not have a `getCurrentChainId` method;
instead, the chain ID can be read from the provider config in state.
This affected MmiController. (MmiController was also updated to read
custom networks from the new network controller instead of the
preferences controller).
- The default network that the new controller is set to is always
Mainnet (previously it could be either localhost or Goerli in test
mode, depending on environment variables). This has been addressed
by feeding the NetworkController initial state using the old logic, so
this should not apply.
The autolock field on the Settings screen — the field that allows users
to set the duration that MetaMask will wait for until automatically
locking — does not always accept decimal numbers. This breaks the e2e
test for this feature as it attempts to set this field to "0.1".
More specifically, the React component responsible for this field passes
whatever the user inputs through the `Number` function immediately and
then uses this to repopulate the input. Therefore, if the user enters
"3" followed by a ".", `Number("3.")` will be called. This evaluates to
the number 3, and "3" becomes the new value of the field. As a result,
the "." can never be typed.
Curiously, this behavior only happens in Firefox; Chrome seems to
keep the "." in the input field when it's typed. This happens because
`onChange` event doesn't seem to get fired until a number is typed
*after* the ".". This may be due to underlying differences in the DOM
between Chrome and Firefox.
Regardless, always passing the input through `Number` creates other odd
behavior, such as the fact that the input can never be cleared (because
`Number("")` evaluates to 0).
This commit solves these problems by saving the "raw" version of the
user's input as well as the normalized version. The raw version is
always used to populate the input, whereas the normalized version is
saved in state.
These tests were present in the core version of the NetworkController
tests, but not here. Add them makes it easier to visually compare
differences in the tests between core and this repo.
Update NetworkController tests to replace `NETWORK_TYPES.<NETWORK NAME>`
with `NetworkType.<network name>`. This makes it easier to visually
compare differences in the tests between core and this repo.
A bot command has been added that can update LavaMoat policies
automatically. This helps contributors without a Linux machine to
produce policy files that match exactly what CI expects.
The README has been updated with instructions for this new workflow.
* Lint GitHub Action workflows
We now lint GitHub Action workflows. This lint step is performed in the
`main` workflow, which has an "All jobs passed" check that we can add
further checks to in the future. This can grow to encompass all PR
status checks that depend upon the PR contents.
This workflow is based upon the one used in the MetaMask module
template.
* Fix branch names
* Fix lint error
The fitness function workflow now uses an immutable install, ensuring
that the dependencies installed are known and tracked in the lockfile.
This makes it easier to audit exactly which dependencies were used for
each run.
The `chmod` step has been removed from the GitHub Actions workflow for
adding release labels. The script has been made executable in the
repository instead (the file mode is tracked by git).
The `nvmrc` file is now referenced in our GitHub Actions workflows,
rather than hard-coding the expected Node.js version. This will make
future Node.js version changes easier to manage.
* creating story for multilayer fee message
* add story for nftoptions
* lint fixed
* suggestion
* Updating function props to actions in storybook
---------
Co-authored-by: georgewrmarshall <george.marshall@consensys.net>
* feat(srp): add a quiz to the SRP reveal
* fixed the popover header centering
* lint fixes
* converted from `ui/components/ui/popover` to `ui/components/component-library/modal`
* responded to @darkwing review
* added unit tests
* renamed the folder to 'srp-quiz-modal'
* responded to Monte's review
* using i18n-helper in the test suite
* small improvement to JSXDict comments
* wrote a new webdriver.holdMouseDownOnElement() to assist with testing the "Hold to reveal SRP" button
* Updating layout and some storybook naming and migrating to tsx
* Apply suggestions from @georgewrmarshall
Co-authored-by: George Marshall <george.marshall@consensys.net>
* Unit test searches by data-testid instead of by text
* new layout and copy for the Settings->Security page
* now with 100% test coverage for /ui/pages/settings/security-tab
fixes#16871fixes#18140
* e2e tests to reveal SRP after quiz
* e2e- Fix lint, remove unneeded extras
* @coreyjanssen and @georgewrmarshall compromise
Co-authored-by: George Marshall <george.marshall@consensys.net>
Co-authored-by: Corey Janssen <corey.janssen@consensys.net>
* trying isRequired again
* transparent background on PNG
* [e2e] moving functions to helpers and adding testid for SRP reveal quiz (#19481)
* moving functions to helpers and adding testid
* fix lint error
* took out the IPFS gateway fixes
* lint fix
* translations of SRP Reveal Quiz
* new Spanish translation from Guto
* Update describe for e2e tests
* Apply suggestion from @georgewrmarshall
Co-authored-by: George Marshall <george.marshall@consensys.net>
* fixed the Tab key problem
---------
Co-authored-by: georgewrmarshall <george.marshall@consensys.net>
Co-authored-by: Plasma Corral <32695229+plasmacorral@users.noreply.github.com>
Co-authored-by: Corey Janssen <corey.janssen@consensys.net>
The two GitHub action dependencies were mistakenly listed as production
dependencies. They've been moved to `devDependencies` instead.
The `husky` development dependency was mistakenly listed as a
production dependency as well. It has been removed from that set, now
listed as just a `devDependency`.
* feat(action): github action to add release label when PR gets merged
* feat(action): make sure the action only runs for PRs merged in main branch
* fix(action): update labels default color
* fix(action): add check on release label format
* fix(action): type function explicitely
* feat(action): add possibility to extract next release version number from artifact
* fix(action): rename next rc cut number into next semver version
* feat(action): add a github action to create release branch
* fix(action): default branch is develop
* fix(action): specify name of workflow used to create release branch
* fix(action): handle case where artifact doesn't exist
* fix(action): create branch but not the PR
* feat(action): fetch next semver version from release branches name or from package.json
* fix(action): remove unused Create Release Branch action
* fix(action): release branch format was not correct
* feat(action): take tags into account when calculating next version number
* feat(action): add the possibility to force next semver version
* fix(action): update comments
* fix(action): adopt kebak-case instead of snake_case
* fix(action): rename PERSONAL_ACCESS_TOKEN into RELEASE_LABEL_TOKEN
* fix(action): yarn installation not required
* fix(action): yarn install shall be immutable
* fix(action): make the script compatible with ShellCheck
* fix(script): exit script earlier if condition is met
* fix(action): use closingIssuesReferences instead of timeline events
* fix(action): add execute permissions to script
* fix(action): remove duplicate comment
* Fix `devTest` build that have LavaMoat enabled
The build script compiles the LavaMoat runtime during each root task,
but it was not recognizing `testDev` as a root task. As a result, all
`testDev` builds were broken unless LavaMoat was disabled.
The list of root tasks has been updated to include `testDev`. It should
now be complete.
* Use BUILD_TARGETS constant, and enable scuttling in start:test
