Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into v4-sync
Browse files Browse the repository at this point in the history
* origin/main:
  remove default channel (#73)
  Don't fail overall if Slack announcement fails (#69)
  Improve Dry Run Output (#64)
  5.0.0 (#67)
  Fix Yarn 4 compatibility (#65)
  Disallow publishing packages with version 0.0.0 (#63)
  Run linting and testing GitHub workflows on PRs (#62)
  Enabling MetaMask security code scanner (#60)
  Add Shared Libraries team in codeowners file (#59)
  Update README.md (#56)
  Update README.md (#55)
  Update README.md (#54)
  Bump word-wrap from 1.2.3 to 1.2.4 (#53)
  • Loading branch information
Gudahtt committed May 10, 2024
2 parents 40642af + 2490387 commit 9bbf4b0
Show file tree
Hide file tree
Showing 14 changed files with 121 additions and 17 deletions.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Lines starting with '#' are comments.
# Each line is a file pattern followed by one or more owners.

* @MetaMask/devs
* @MetaMask/shared-libraries-engineers
43 changes: 43 additions & 0 deletions .github/workflows/security-code-scanner.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: 'MetaMask Security Code Scanner'

on:
push:
branches: ['main']
pull_request:
branches: ['main']

jobs:
run-security-scan:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: MetaMask Security Code Scanner
uses: MetaMask/Security-Code-Scanner@main
with:
repo: ${{ github.repository }}
paths_ignored: |
.storybook/
'**/__snapshots__/'
'**/*.snap'
'**/*.stories.js'
'**/*.stories.tsx'
'**/*.test.browser.ts*'
'**/*.test.js*'
'**/*.test.ts*'
'**/fixtures/'
'**/jest.config.js'
'**/jest.environment.js'
'**/mocks/'
'**/test*/'
docs/
e2e/
merged-packages/
node_modules
storybook/
test*/
rules_excluded: example
project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
5 changes: 4 additions & 1 deletion .github/workflows/shellcheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,10 @@ name: shellcheck
permissions:
checks: write

on: [push]
on:
push:
branches: [main]
pull_request:

jobs:
lint:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/test-monorepo.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: test-monorepo
on: [push]
on:
push:
branches: [main]
pull_request:
jobs:
# test npm publish dry-run
checkout_publish_skunkworks_dry_run:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/test-polyrepo.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: test-polyrepo
on: [push]
on:
push:
branches: [main]
pull_request:
jobs:
# test npm publish dry-run
checkout_publish_controllers_dry_run:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: test
on: [push]
on:
push:
branches: [main]
pull_request:
jobs:
test:
runs-on: ubuntu-20.04
Expand Down
10 changes: 9 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [5.0.0]
### Changed
- **BREAKING:** Disallow publishing packages with version 0.0.0 ([#63](https://github.com/MetaMask/action-npm-publish/pull/63))

### Fixed
- Fix Yarn 4 compatibility ([#65](https://github.com/MetaMask/action-npm-publish/pull/65))

## [4.0.3]
### Fixed
- Fix Slack announcement for public default channel ([#73](https://github.com/MetaMask/action-npm-publish/pull/73))
Expand Down Expand Up @@ -84,7 +91,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Changed
- Initial release ([#1](https://github.com/MetaMask/action-npm-publish/pull/1))

[Unreleased]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.3...HEAD
[Unreleased]: https://github.com/MetaMask/action-npm-publish/compare/v5.0.0...HEAD
[5.0.0]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.3...v5.0.0
[4.0.3]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.2...v4.0.3
[4.0.2]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.1...v4.0.2
[4.0.1]: https://github.com/MetaMask/action-npm-publish/compare/v4.0.0...v4.0.1
Expand Down
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ We've added the ability to customize the message posted in Slack and those optio

- `icon-url`
- `username`
- `target-name`
- `subteam`
- `channel`

example:
Expand All @@ -67,7 +67,7 @@ example:
icon-url: https://ricky.codes/me.jpg
username: rickybot
# re subteam, see: https://api.slack.com/reference/surfaces/formatting#mentioning-groups
subteam: subteam: S042S7RE4AE # @metamask-npm-publishers
subteam: S042S7RE4AE # @metamask-npm-publishers
channel: dev-channel
```

Expand All @@ -87,5 +87,5 @@ You can read more about these option in the [API](#API) section below

- **`icon-url`** _(optional)_. Url to the avatar used for the bot in Slack. If not set this defaults to the avatar in this repository.
- **`username`** _(optional)_. The name of the bot as it appears on Slack. If not set this defaults to `MetaMask bot`.
- **`target-name`** _(optional)_. Use this if you want to ping an individual or subset of individuals on Slack using `@`.
- **`subteam`** _(optional)_. Use this if you want to ping a subteam of individuals on Slack using `@`.
- **`channel`** _(optional)_. Use this if you want to post to a channel other than the default: `metamask-dev`.
14 changes: 14 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,20 @@ runs:
env:
YARN_NPM_AUTH_TOKEN: ${{ inputs.npm-token }}
PUBLISH_NPM_TAG: ${{ inputs.npm-tag }}
- id: install-pkdiff
shell: bash
run: npm i -g pkdiff
- id: generate-report
shell: bash
if: inputs.npm-token == ''
run: ${{ github.action_path }}/scripts/report.sh
- id: upload-artifact
if: inputs.npm-token == ''
uses: actions/upload-artifact@v4
with:
path: |
/tmp/*.tgz
/tmp/*.html
- id: name-version
shell: bash
if: inputs.slack-webhook-url != ''
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"url": "https://github.com/MetaMask/action-npm-publish/issues"
},
"homepage": "https://github.com/MetaMask/action-npm-publish#readme",
"version": "4.0.3",
"version": "5.0.0",
"main": "index.js",
"directories": {
"test": "test"
Expand Down
2 changes: 1 addition & 1 deletion scripts/main.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ script_path=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )

if [[ "$(jq 'has("workspaces")' package.json)" = "true" ]]; then
echo "Notice: workspaces detected. Treating as monorepo."
yarn workspaces foreach --no-private --verbose exec "$script_path/publish.sh true"
yarn workspaces foreach --all --no-private --verbose exec "$script_path/publish.sh true"
exit 0
fi

Expand Down
12 changes: 9 additions & 3 deletions scripts/publish.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ set -e
set -o pipefail

if [[ -z $YARN_NPM_AUTH_TOKEN ]]; then
echo "Notice: 'npm-token' not set. Running 'yarn pack --dry-run'."
yarn pack --dry-run
echo "Notice: 'npm-token' not set. Running 'yarn pack'."
yarn pack --out /tmp/%s-%v.tgz
exit 0
fi

Expand All @@ -15,12 +15,18 @@ if [[ -z $PUBLISH_NPM_TAG ]]; then
exit 1
fi

CURRENT_PACKAGE_VERSION=$(jq --raw-output .version package.json)

if [[ "$CURRENT_PACKAGE_VERSION" = "0.0.0" ]]; then
echo "Notice: Invalid version: $CURRENT_PACKAGE_VERSION. aborting publish."
exit 0
fi

# check param, if it's set (monorepo) we check if it's published before proceeding
if [[ -n "$1" ]]; then
# check if module is published
PACKAGE_NAME=$(jq --raw-output .name package.json)
LATEST_PACKAGE_VERSION=$(npm view "$PACKAGE_NAME" dist-tags --workspaces false --json | jq --raw-output --arg tag "$PUBLISH_NPM_TAG" '.[$tag]' || echo "")
CURRENT_PACKAGE_VERSION=$(jq --raw-output .version package.json)

if [ "$LATEST_PACKAGE_VERSION" = "$CURRENT_PACKAGE_VERSION" ]; then
echo "Notice: This module is already published at $CURRENT_PACKAGE_VERSION. aborting publish."
Expand Down
21 changes: 21 additions & 0 deletions scripts/report.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/usr/bin/env bash

set -x
set -e
set -o pipefail

directory="/tmp"

for file in "$directory"/*.tgz; do
if [ -f "$file" ]; then
echo "Processing $file"
basename=$(basename "$file")
name="${basename%-*}"
name_with_slash="${name/-//}"
echo "$name_with_slash"
pkdiff "$name_with_slash@latest" "$file" \
--no-exit-code \
--no-open \
--output "$directory/$basename.html"
fi
done
6 changes: 3 additions & 3 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -1346,9 +1346,9 @@ which@^2.0.1:
isexe "^2.0.0"

word-wrap@^1.2.3:
version "1.2.3"
resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
version "1.2.4"
resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f"
integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==

wrappy@1:
version "1.0.2"
Expand Down

0 comments on commit 9bbf4b0

Please # to comment.