The CI job `prep-deps` was broken in #20096 for forks and non-PR builds
(e.g. the `develop` branch builds). Non-PR builds were broken because
of the `set -u` flag, which complained about a PR-specific environment
variable being unset. Fork builds were broken because the draft check
relied upon secrets (which aren't included in CI runs on forks).
The script is now tolerant of missing environment variables, and skips
the draft check for forks.
Certain draft PRs that add new dependencies have been failing because
CI will try to use the GitHub npm registry, which we use for preview
builds. This registry does not have non-preview package versions, so
the installation will fail if new non-preview dependencies are needed.
CI has been updated to only use the GitHub npm registry when preview
builds are detected in the manifest.
The `--frozen-lockfile` flag is not supported by Yarn v3. It has been
replaced by the Yarn v3 equivalent, which is `--immutable`.
Additionally, the `deps-install` script was deleted and this command
was inlined in the CircleCI configuration. I don't think we need to
maintain a separate script just for one command.
The LavaMoat policies and allow-scripts configuration are now validated
in parallel. They are still only validated for release candidate
branches and the `master` branch.
* Bump Circle CI docker image
* Stop removing FF since it doesn't exist
* Use Circle CI browser tools
* Fix config name
* Fix browser tools args
* Fix Chrome version
* Use script for chrome
* Try update
* Try FF without browser-tools2
* Fix FF binary path
* Force enable e2e debug
* Add some logs
* More logs
* Disable XSET check for now
* Delete x-server logic
* remove another usage of the x-server logic
* Build beta with mv3 enabled
* Ensure firefox manifest is an mv2 version
* Revert "Ensure firefox manifest is an mv2 version"
This reverts commit fed74792b0fec33c3a85f2229eb560559d37afe5.
* Only create beta builds for the chrome platform
* Stop linting firefox for beta
* feat(17494): test separate commit triggered build
* feat(17493): keep consistent commit message
* feat(17493): use trim to get rid of white space in branch name
* feat(17493): bring back some pipelines
* Version v10.25.0-beta.0
* ERC1155 Import & Dapp interaction E2E tests (#17885)
* feat(17494): test separate commit triggered build
* feat(17493): remove testing beta commit in package.json
---------
Co-authored-by: Thomas Huang <tmashuang@users.noreply.github.com>
This PR converts `generate-lavamoat-policies.sh` to `.js` using Yargs. This makes it easier to only generate policy files for a specific build type (using the `-t` flag), which is often useful during Flask development. In addition, the `lavamoat:background:auto` scripts are renamed, and the main readme is updated with some useful tips.
Note that `lavamoat:background:auto:dev` is removed and `lavamoat:background:auto` should be used during local development.
* Automate the Flask release
A Flask release will now be published alongside each main extension
release. The version of each Flask release will be the same as the
extension version except it will have the suffix `-flask.0`.
* Programmatically remove build prefix
The create GH release Bash script derives the Flask version from the
Flask build filename by removing the build prefix, leaving just the
version. Rather than hard-coding the prefix size to remove, it is now
calculated programmatically so that it is easier to read and update.
* Fix tag publishing
The tab publishing step used the wrong credentials, and didn't properly
identify the commit author. This has now been fixed.
`improved-yarn-audit` has been updated so that it supports GitHub
advisories. Two new GitHub advisories have been ignored, as they are
both moderate RegExp DoS vulnerabilities that don't affect us, and they
are embedded deep within our dependency graph and are difficult to
update.
