Skip to content

fix: re-designs signatures, continue to use old designs when signing with hardware wallets #40927

fix: re-designs signatures, continue to use old designs when signing with hardware wallets

fix: re-designs signatures, continue to use old designs when signing with hardware wallets #40927

Workflow file for this run

name: ci
on:
push:
branches: main
pull_request:
merge_group:
types: [checks_requested]
jobs:
check-diff:
runs-on: macos-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 #v1
with:
ruby-version: '3.1.6'
env:
BUNDLE_GEMFILE: ios/Gemfile
- run: yarn setup
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
dedupe:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup --node
- name: Deduplicate dependencies
run: yarn deduplicate
- name: Print error if duplicates found
shell: bash
run: |
if ! git diff --exit-code; then
echo "Duplicate dependencies detected; run 'yarn deduplicate' to remove them"
exit 1
fi
git-safe-dependencies:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup --node
- name: Run @lavamoat/git-safe-dependencies
run: yarn git-safe-dependencies
scripts:
runs-on: ubuntu-20.04
strategy:
matrix:
scripts:
- lint
- lint:tsc
- audit:ci
- test:depcheck
- test:tgz-check
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup --node
- run: yarn ${{ matrix['scripts'] }}
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
unit-tests:
runs-on: ubuntu-20.04
strategy:
matrix:
shard: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup
# The "10" in this command is the total number of shards. It must be kept
# in sync with the length of matrix.shard
- run: yarn test:unit --shard=${{ matrix.shard }}/10 --forceExit --silent --coverageReporters=json
env:
NODE_OPTIONS: --max_old_space_size=20480
- name: Rename coverage report to include shard number
shell: bash
run: |
mv ./tests/coverage/coverage-final.json ./tests/coverage/coverage-${{ matrix.shard }}.json
- uses: actions/upload-artifact@v4
with:
name: coverage-${{ matrix.shard }}
path: ./tests/coverage/coverage-${{ matrix.shard }}.json
if-no-files-found: error
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
merge-unit-tests:
runs-on: ubuntu-20.04
needs: unit-tests
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- run: yarn setup
- uses: actions/download-artifact@v4
with:
path: tests/coverage/
- name: Gather partial coverage reports into one directory
shell: bash
run: |
mv ./tests/coverage/coverage-*/* ./tests/coverage
- run: yarn test:merge-coverage
- run: yarn test:validate-coverage
- uses: actions/upload-artifact@v4
with:
name: coverage
path: ./tests/merged-coverage/lcov.info
if-no-files-found: error
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
js-bundle-size-check:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: yarn
- name: Install dependencies
run: yarn setup
- name: Generate iOS bundle
run: yarn gen-bundle:ios
- name: Check bundle size
run: ./scripts/js-bundle-stats.sh ios/main.jsbundle 40
- name: Upload iOS bundle
uses: actions/upload-artifact@v4
with:
name: ios-bundle
path: ios/main.jsbundle
ship-js-bundle-size-check:
runs-on: ubuntu-latest
needs: [js-bundle-size-check]
if: ${{ github.ref == 'refs/heads/main' }}
steps:
- uses: actions/checkout@v4
- name: Download iOS bundle
uses: actions/download-artifact@v4
with:
name: ios-bundle
path: ios/main.jsbundle
- name: Push bundle size to mobile_bundlesize_stats repo
run: ./scripts/push-bundle-size.sh
env:
GITHUB_ACTOR: metamaskbot
GITHUB_TOKEN: ${{ secrets.MOBILE_BUNDLESIZE_TOKEN }}
sonar-cloud:
runs-on: ubuntu-20.04
needs: merge-unit-tests
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # SonarCloud needs a full checkout to perform necessary analysis
- uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
- uses: actions/download-artifact@v4
with:
name: coverage
path: coverage/
- name: Upload coverage reports to Codecov
if: ${{ always() }}
uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
- name: SonarCloud Scan
if: ${{ env.HAVE_SONAR_TOKEN == 'true' }}
# This is SonarSource/[email protected]
uses: SonarSource/sonarcloud-github-action@4b4d7634dab97dcee0b75763a54a6dc92a9e6bc1
env:
HAVE_SONAR_TOKEN: ${{ secrets.SONAR_TOKEN != '' }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Require clean working directory
shell: bash
run: |
if ! git diff --exit-code; then
echo "Working tree dirty at end of job"
exit 1
else
echo "No changes detected"
fi
# Revert git update-index --no-assume-unchanged for each entry
echo "Reverting assume unchanged for the following paths:"
for path in "${EXCLUDES[@]}"; do
echo "$path"
git update-index --no-assume-unchanged "$path"
done
sonar-cloud-quality-gate-status:
runs-on: ubuntu-latest
needs: sonar-cloud
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: SonarCloud Quality Gate Status
id: sonar-status
env:
REPO: ${{ github.repository }}
ISSUE_NUMBER: ${{ github.event.issue.number || github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Skip step if event is a PR
if [[ "${{ github.event_name }}" != "pull_request" ]]; then
echo "This job only runs for pull requests."
exit 0
fi
# Bypass step if skip-sonar-cloud label is found
LABEL=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER/labels" | \
jq -r '.[] | select(.name=="skip-sonar-cloud") | .name')
if [[ "$LABEL" == "skip-sonar-cloud" ]]; then
echo "skip-sonar-cloud label found. Skipping SonarCloud Quality Gate check."
else
sleep 30
PROJECT_KEY="metamask-mobile"
PR_NUMBER="${{ github.event.pull_request.number }}"
SONAR_TOKEN="${{ secrets.SONAR_TOKEN }}"
if [ -z "$PR_NUMBER" ]; then
echo "No pull request number found. Failing the check."
exit 1
fi
RESPONSE=$(curl -s -u "$SONAR_TOKEN:" \
"https://sonarcloud.io/api/qualitygates/project_status?projectKey=$PROJECT_KEY&pullRequest=$PR_NUMBER")
echo "SonarCloud API Response: $RESPONSE"
STATUS=$(echo "$RESPONSE" | jq -r '.projectStatus.status')
if [[ "$STATUS" == "ERROR" ]]; then
echo "Quality Gate failed."
exit 1
elif [[ "$STATUS" == "OK" ]]; then
echo "Quality Gate passed."
else
echo "Could not determine Quality Gate status."
exit 1
fi
fi
check-workflows:
name: Check workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Download actionlint
id: download-actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/62dc61a45fc95efe8c800af7a557ab0b9165d63b/scripts/download-actionlint.bash) 1.7.1
shell: bash
- name: Check workflow files
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash
all-jobs-pass:
name: All jobs pass
runs-on: ubuntu-20.04
needs:
[
check-diff,
dedupe,
scripts,
unit-tests,
check-workflows,
js-bundle-size-check,
sonar-cloud-quality-gate-status,
]
outputs:
ALL_JOBS_PASSED: ${{ steps.jobs-passed-status.outputs.ALL_JOBS_PASSED }}
steps:
- name: Set jobs passed status
id: jobs-passed-status
run: echo "ALL_JOBS_PASSED=true" >> "$GITHUB_OUTPUT"
check-all-jobs-pass:
name: Check all jobs pass
runs-on: ubuntu-20.04
needs: all-jobs-pass
if: always()
steps:
- run: |
if [[ "${{ needs.all-jobs-pass.outputs.ALL_JOBS_PASSED }}" == "true" ]]; then
echo "All jobs passed. Unblock PR."
else
echo "All jobs passed step skipped. Block PR."
exit 1
fi