1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
metamask-extension/.circleci/config.yml
Erik Marks 31cf7c10a4
Permission System 2.0 (#12243)
# Permission System 2.0

## Background

This PR migrates the extension permission system to [the new `PermissionController`](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions).
The original permission system, based on [`rpc-cap`](https://github.com/MetaMask/rpc-cap), introduced [`ZCAP-LD`](https://w3c-ccg.github.io/zcap-ld/)-like permissions to our JSON-RPC stack.
We used it to [implement](https://github.com/MetaMask/metamask-extension/pull/7004) what we called "LoginPerSite" in [version 7.7.0](https://github.com/MetaMask/metamask-extension/releases/tag/v7.7.0) of the extension, which enabled the user to choose which accounts, if any, should be exposed to each dapp.
While that was a worthwhile feature in and of itself, we wanted a permission _system_ in order to enable everything we are going to with Snaps.
Unfortunately, the original permission system was difficult to use, and necessitated the creation of the original `PermissionsController` (note the "s"), which was more or less a wrapper for `rpc-cap`.

With this PR, we shake off the yoke of the original permission system, in favor of the modular, self-contained, ergonomic, and more mature permission system 2.0.

Note that [the `PermissionController` readme](https://github.com/MetaMask/snaps-skunkworks/tree/main/packages/controllers/src/permissions/README.md) explains how the new permission system works.

The `PermissionController` and `SubjectMetadataController` are currently shipped via `@metamask/snap-controllers`. This is a temporary state of affairs, and we'll move them to `@metamask/controllers` once they've landed in prod.

## Changes in Detail

First, the changes in this PR are not as big as they seem. Roughly half of the additions in this PR are fixtures in the test for the new migration (number 68), and a significant portion of the remaining ~2500 lines are due to find-and-replace changes in other test fixtures and UI files.

- The extension `PermissionsController` has been deleted, and completely replaced with the new `PermissionController` from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The original `PermissionsController` "domain metadata" functionality is now managed by the new `SubjectMetadataController`, also from [`@metamask/snap-controllers`](https://www.npmjs.com/package/@metamask/snap-controllers).
- The permission activity and history log controller has been renamed `PermissionLogController` and has its own top-level state key, but is otherwise functionally equivalent to the existing implementation.
- Migration number 68 has been added to account for the new state changes.
- The tests in `app/scripts/controllers/permissions` have been migrated from `mocha` to `jest`.

Reviewers should focus their attention on the following files:

- `app/scripts/`
  - `metamask-controller.js`
    - This is where most of the integration work for the new `PermissionController` occurs.
      Some functions that were internal to the original controller were moved here.
  - `controllers/permissions/`
    - `selectors.js`
      - These selectors are for `ControllerMessenger` selector subscriptions. The actual subscriptions occur in `metamask-controller.js`. See the `ControllerMessenger` implementation for details.
    - `specifications.js`
      - The caveat and permission specifications are required by the new `PermissionController`, and are used to specify the `eth_accounts` permission and its JSON-RPC method implementation.
        See the `PermissionController` readme for details.
  - `migrations/068.js`
    - The new state should be cross-referenced with the controllers that manage it.
      The accompanying tests should also be thoroughly reviewed.

Some files may appear new but have just moved and/or been renamed:

- `app/scripts/lib/rpc-method-middleware/handlers/request-accounts.js`
  - This was previously implemented in `controllers/permissions/permissionsMethodMiddleware.js`.
- `test/mocks/permissions.js`
  - A truncated version of `test/mocks/permission-controller.js`.

Co-authored-by: Mark Stacey <markjstacey@gmail.com>
2021-12-06 19:16:49 -08:00

774 lines
20 KiB
YAML

version: 2.1
executors:
node-browsers:
docker:
- image: circleci/node:14-browsers
node-browsers-medium-plus:
docker:
- image: circleci/node:14-browsers
resource_class: medium+
environment:
NODE_OPTIONS: --max_old_space_size=2048
shellcheck:
docker:
- image: koalaman/shellcheck-alpine@sha256:dfaf08fab58c158549d3be64fb101c626abc5f16f341b569092577ae207db199
workflows:
test_and_release:
jobs:
- create_release_pull_request:
requires:
- prep-deps
filters:
branches:
only:
- /^Version-v(\d+)[.](\d+)[.](\d+)/
- prep-deps
- test-deps-audit:
requires:
- prep-deps
- test-deps-depcheck:
requires:
- prep-deps
- test-yarn-dedupe:
requires:
- prep-deps
- validate-lavamoat-config:
filters:
branches:
only:
- /^Version-v(\d+)[.](\d+)[.](\d+)|master/
requires:
- prep-deps
- prep-build:
requires:
- prep-deps
- prep-build-beta:
requires:
- prep-deps
- prep-build-flask:
requires:
- prep-deps
- prep-build-test:
requires:
- prep-deps
- prep-build-test-metrics:
requires:
- prep-deps
- test-storybook:
requires:
- prep-deps
- prep-build-storybook:
requires:
- test-storybook
- test-lint:
requires:
- prep-deps
- test-lint-shellcheck
- test-lint-lockfile:
requires:
- prep-deps
- test-lint-changelog:
requires:
- prep-deps
- test-e2e-chrome:
requires:
- prep-build-test
- test-e2e-firefox:
requires:
- prep-build-test
- test-e2e-chrome-metrics:
requires:
- prep-build-test-metrics
- test-e2e-firefox-metrics:
requires:
- prep-build-test-metrics
- test-unit:
requires:
- prep-deps
- test-unit-global:
requires:
- prep-deps
- validate-source-maps:
requires:
- prep-build
- validate-source-maps-beta:
requires:
- prep-build-beta
- validate-source-maps-flask:
requires:
- prep-build-flask
- test-mozilla-lint:
requires:
- prep-deps
- prep-build
- test-mozilla-lint-beta:
requires:
- prep-deps
- prep-build-beta
- test-mozilla-lint-flask:
requires:
- prep-deps
- prep-build-flask
- all-tests-pass:
requires:
- validate-lavamoat-config
- test-lint
- test-lint-shellcheck
- test-lint-lockfile
- test-lint-changelog
- test-unit
- test-unit-global
- validate-source-maps
- validate-source-maps-beta
- validate-source-maps-flask
- test-mozilla-lint
- test-mozilla-lint-beta
- test-mozilla-lint-flask
- test-e2e-chrome
- test-e2e-firefox
- test-e2e-chrome-metrics
- test-e2e-firefox-metrics
- benchmark:
requires:
- prep-build-test
- job-publish-prerelease:
requires:
- prep-deps
- prep-build
- prep-build-beta
- prep-build-flask
- prep-build-storybook
- benchmark
- all-tests-pass
- job-publish-release:
filters:
branches:
only: master
requires:
- prep-deps
- prep-build
- all-tests-pass
- job-publish-storybook:
filters:
branches:
only: develop
requires:
- prep-build-storybook
jobs:
create_release_pull_request:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Bump manifest version
command: .circleci/scripts/release-bump-manifest-version.sh
- run:
name: Update changelog
command: yarn update-changelog --rc
- run:
name: Commit changes
command: .circleci/scripts/release-commit-version-bump.sh
- run:
name: Create GitHub Pull Request for version
command: .circleci/scripts/release-create-release-pr.sh
prep-deps:
executor: node-browsers
steps:
- checkout
- restore_cache:
key: dependency-cache-v1-{{ checksum "yarn.lock" }}
- run:
name: Install deps
command: |
.circleci/scripts/deps-install.sh
- save_cache:
key: dependency-cache-v1-{{ checksum "yarn.lock" }}
paths:
- node_modules/
- build-artifacts/yarn-install-har/
- run:
name: Postinstall
command: |
yarn setup:postinstall
- persist_to_workspace:
root: .
paths:
- node_modules
- build-artifacts
validate-lavamoat-config:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Validate allow-scripts config
command: |
.circleci/scripts/validate-allow-scripts.sh
- run:
name: Validate LavaMoat policy
command: |
.circleci/scripts/validate-lavamoat-policy.sh
prep-build:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: build:dist
command: yarn dist
- run:
name: build:debug
command: find dist/ -type f -exec md5sum {} \; | sort -k 2
- persist_to_workspace:
root: .
paths:
- dist
- builds
prep-build-beta:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: build:dist
command: yarn build --build-type beta prod
- run:
name: build:debug
command: find dist/ -type f -exec md5sum {} \; | sort -k 2
- run:
name: Move beta build to 'dist-beta' to avoid conflict with production build
command: mv ./dist ./dist-beta
- run:
name: Move beta zips to 'builds-beta' to avoid conflict with production build
command: mv ./builds ./builds-beta
- persist_to_workspace:
root: .
paths:
- dist-beta
- builds-beta
prep-build-flask:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: build:dist
command: yarn build --build-type flask prod
- run:
name: build:debug
command: find dist/ -type f -exec md5sum {} \; | sort -k 2
- run:
name: Move flask build to 'dist-flask' to avoid conflict with production build
command: mv ./dist ./dist-flask
- run:
name: Move flask zips to 'builds-flask' to avoid conflict with production build
command: mv ./builds ./builds-flask
- persist_to_workspace:
root: .
paths:
- dist-flask
- builds-flask
prep-build-test:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Build extension for testing
command: yarn build:test
- run:
name: Move test build to 'dist-test' to avoid conflict with production build
command: mv ./dist ./dist-test
- run:
name: Move test zips to 'builds-test' to avoid conflict with production build
command: mv ./builds ./builds-test
- persist_to_workspace:
root: .
paths:
- dist-test
- builds-test
prep-build-test-metrics:
executor: node-browsers-medium-plus
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Build extension for testing metrics
command: yarn build:test:metrics
- run:
name: Move test build to 'dist-test-metrics' to avoid conflict with production build
command: mv ./dist ./dist-test-metrics
- run:
name: Move test zips to 'builds-test' to avoid conflict with production build
command: mv ./builds ./builds-test-metrics
- persist_to_workspace:
root: .
paths:
- dist-test-metrics
- builds-test-metrics
prep-build-storybook:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Build Storybook
command: yarn storybook:build
- persist_to_workspace:
root: .
paths:
- storybook-build
test-storybook:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Test Storybook
command: yarn storybook:test
test-yarn-dedupe:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Detect yarn lock deduplications
command: yarn yarn-deduplicate && git diff --exit-code yarn.lock
test-lint:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Lint
command: yarn lint
- run:
name: Verify locales
command: yarn verify-locales --quiet
test-lint-shellcheck:
executor: shellcheck
steps:
- checkout
- run: apk add --no-cache bash jq yarn
- run:
name: ShellCheck Lint
command: ./development/shellcheck.sh
test-lint-lockfile:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: lockfile-lint
command: yarn lint:lockfile
test-lint-changelog:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- when:
condition:
not:
matches:
pattern: /^Version-v(\d+)[.](\d+)[.](\d+)$/
value: << pipeline.git.branch >>
steps:
- run:
name: Validate changelog
command: yarn lint:changelog
- when:
condition:
matches:
pattern: /^Version-v(\d+)[.](\d+)[.](\d+)$/
value: << pipeline.git.branch >>
steps:
- run:
name: Validate release candidate changelog
command: yarn lint:changelog:rc
test-deps-audit:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: yarn audit
command: .circleci/scripts/yarn-audit.sh
test-deps-depcheck:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: depcheck
command: yarn depcheck
test-e2e-chrome:
executor: node-browsers
steps:
- checkout
- run:
name: Re-Install Chrome
command: ./.circleci/scripts/chrome-install.sh
- attach_workspace:
at: .
- run:
name: Move test build to dist
command: mv ./dist-test ./dist
- run:
name: Move test zips to builds
command: mv ./builds-test ./builds
- run:
name: test:e2e:chrome
command: |
if .circleci/scripts/test-run-e2e.sh
then
yarn test:e2e:chrome --retries 2
fi
no_output_timeout: 20m
- store_artifacts:
path: test-artifacts
destination: test-artifacts
test-e2e-chrome-metrics:
executor: node-browsers
steps:
- checkout
- run:
name: Re-Install Chrome
command: ./.circleci/scripts/chrome-install.sh
- attach_workspace:
at: .
- run:
name: Move test build to dist
command: mv ./dist-test-metrics ./dist
- run:
name: Move test zips to builds
command: mv ./builds-test-metrics ./builds
- run:
name: test:e2e:chrome:metrics
command: |
if .circleci/scripts/test-run-e2e.sh
then
yarn test:e2e:chrome:metrics --retries 2
fi
no_output_timeout: 20m
- store_artifacts:
path: test-artifacts
destination: test-artifacts
test-e2e-firefox:
executor: node-browsers-medium-plus
steps:
- checkout
- run:
name: Install Firefox
command: ./.circleci/scripts/firefox-install.sh
- attach_workspace:
at: .
- run:
name: Move test build to dist
command: mv ./dist-test ./dist
- run:
name: Move test zips to builds
command: mv ./builds-test ./builds
- run:
name: test:e2e:firefox
command: |
if .circleci/scripts/test-run-e2e.sh
then
yarn test:e2e:firefox --retries 2
fi
no_output_timeout: 20m
- store_artifacts:
path: test-artifacts
destination: test-artifacts
test-e2e-firefox-metrics:
executor: node-browsers
steps:
- checkout
- run:
name: Install Firefox
command: ./.circleci/scripts/firefox-install.sh
- attach_workspace:
at: .
- run:
name: Move test build to dist
command: mv ./dist-test-metrics ./dist
- run:
name: Move test zips to builds
command: mv ./builds-test-metrics ./builds
- run:
name: test:e2e:firefox:metrics
command: |
if .circleci/scripts/test-run-e2e.sh
then
yarn test:e2e:firefox:metrics --retries 2
fi
no_output_timeout: 20m
- store_artifacts:
path: test-artifacts
destination: test-artifacts
benchmark:
executor: node-browsers-medium-plus
steps:
- checkout
- run:
name: Re-Install Chrome
command: ./.circleci/scripts/chrome-install.sh
- attach_workspace:
at: .
- run:
name: Move test build to dist
command: mv ./dist-test ./dist
- run:
name: Move test zips to builds
command: mv ./builds-test ./builds
- run:
name: Run page load benchmark
command: yarn benchmark:chrome --out test-artifacts/chrome/benchmark/pageload.json --retries 2
- store_artifacts:
path: test-artifacts
destination: test-artifacts
- persist_to_workspace:
root: .
paths:
- test-artifacts
job-publish-prerelease:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: build:source-map-explorer
command: ./development/source-map-explorer.sh
- store_artifacts:
path: dist/sourcemaps
destination: builds/sourcemaps
- store_artifacts:
path: dist-beta/sourcemaps
destination: builds-beta/sourcemaps
- store_artifacts:
path: dist-flask/sourcemaps
destination: builds-flask/sourcemaps
- store_artifacts:
path: builds
destination: builds
- store_artifacts:
path: builds-beta
destination: builds-beta
- store_artifacts:
path: builds-flask
destination: builds-flask
- store_artifacts:
path: coverage
destination: coverage
- store_artifacts:
path: jest-coverage
destination: jest-coverage
- store_artifacts:
path: test-artifacts
destination: test-artifacts
# important: generate lavamoat viz AFTER uploading builds as artifacts
# Temporarily disabled until we can update to a version of `sesify` with
# this fix included: https://github.com/LavaMoat/LavaMoat/pull/121
- run:
name: build:lavamoat-viz
command: ./.circleci/scripts/create-lavamoat-viz.sh
- store_artifacts:
path: build-artifacts
destination: build-artifacts
- store_artifacts:
path: storybook-build
destination: storybook
- run:
name: build:announce
command: ./development/metamaskbot-build-announce.js
job-publish-release:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: sentry sourcemaps upload
command: SENTRY_ORG=metamask SENTRY_PROJECT=metamask yarn sentry:publish
- run:
name: Create GitHub release
command: |
.circleci/scripts/release-create-gh-release.sh
job-publish-storybook:
executor: node-browsers
steps:
- add_ssh_keys:
fingerprints:
- "3d:49:29:f4:b2:e8:ea:af:d1:32:eb:2a:fc:15:85:d8"
- checkout
- attach_workspace:
at: .
- run:
name: storybook:deploy
command: |
git remote add storybook git@github.com:MetaMask/metamask-storybook.git
yarn storybook:deploy
test-unit:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: test:coverage:mocha
command: yarn test:coverage:mocha
- run:
name: test:coverage:jest
command: yarn test:coverage:jest
- persist_to_workspace:
root: .
paths:
- .nyc_output
- coverage
- jest-coverage
test-unit-global:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: test:unit:global
command: yarn test:unit:global
validate-source-maps:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Validate source maps
command: yarn validate-source-maps
validate-source-maps-beta:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Move beta build to dist
command: mv ./dist-beta ./dist
- run:
name: Move beta zips to builds
command: mv ./builds-beta ./builds
- run:
name: Validate source maps
command: yarn validate-source-maps
validate-source-maps-flask:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Move flask build to dist
command: mv ./dist-flask ./dist
- run:
name: Move flask zips to builds
command: mv ./builds-flask ./builds
- run:
name: Validate source maps
command: yarn validate-source-maps
test-mozilla-lint:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: test:mozilla-lint
command: NODE_OPTIONS=--max_old_space_size=3072 yarn mozilla-lint
test-mozilla-lint-beta:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Move beta build to dist
command: mv ./dist-beta ./dist
- run:
name: Move beta zips to builds
command: mv ./builds-beta ./builds
- run:
name: test:mozilla-lint
command: NODE_OPTIONS=--max_old_space_size=3072 yarn mozilla-lint
test-mozilla-lint-flask:
executor: node-browsers
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Move flask build to dist
command: mv ./dist-flask ./dist
- run:
name: Move flask zips to builds
command: mv ./builds-flask ./builds
- run:
name: test:mozilla-lint
command: NODE_OPTIONS=--max_old_space_size=3072 yarn mozilla-lint
all-tests-pass:
executor: node-browsers
steps:
- run:
name: All Tests Passed
command: echo 'weew - everything passed!'