Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

standardised workflows #1400

Merged
merged 3 commits into from
Jul 15, 2024
Merged

standardised workflows #1400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
669fdc4
standardised workflows
joshuafernandes Jul 10, 2024
54c400d
Merge branch 'main' into trivy
joshuafernandes Jul 11, 2024
660df38
package-lock.json updates for build errors
joshuafernandes Jul 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 6 additions & 19 deletions .github/workflows/build-lint.yml → .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: Build and lint
---
name: Build

on:
workflow_call:
Expand All @@ -12,31 +13,17 @@ env:
SEGMENT_ANALYTICS_KEY: ${{ secrets.SEGMENT_ANALYTICS_KEY }}
LD_CLIENT_ID: ${{ secrets.LD_CLIENT_ID }}


jobs:
build:
name: Build
runs-on: ubuntu-latest
needs:
- prepare
permissions:
contents: read
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4

- name: Build
uses: ConsenSys/docs-gha/build@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}


lint:
name: Lint
runs-on: ubuntu-latest
needs:
- prepare
steps:
- uses: actions/checkout@v3

- name: Lint
uses: ConsenSys/docs-gha/lint@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

34 changes: 34 additions & 0 deletions .github/workflows/case.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
name: Check file name case

on:
workflow_call:
secrets:
SEGMENT_ANALYTICS_KEY:
required: true
LD_CLIENT_ID:
required: true

env:
SEGMENT_ANALYTICS_KEY: ${{ secrets.SEGMENT_ANALYTICS_KEY }}
LD_CLIENT_ID: ${{ secrets.LD_CLIENT_ID }}


jobs:
case:
name: Check for case being inconsistent
runs-on: ubuntu-latest
strategy:
matrix:
folder: ["docs"]
permissions:
contents: read
steps:
- uses: actions/checkout@v4

- name: Case check action
uses: ConsenSys/docs-gha/case@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOC_DIR: ${{ matrix.folder }}
SKIP_TEST: true
11 changes: 11 additions & 0 deletions .github/workflows/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
name: 'Dependency Review'

version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "sunday"
assignees:
- "protocol-galileo"
24 changes: 24 additions & 0 deletions .github/workflows/dependency_review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
name: Check file name case

on:
pull_request:
branches:
- main

jobs:
case:
name: Check for licences not being allowed
runs-on: ubuntu-latest
strategy:
matrix:
folder: ["docs"]
permissions:
contents: read
steps:
- uses: actions/checkout@v3

- name: Dependency review
uses: ConsenSys/docs-gha/dependency-review@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
42 changes: 42 additions & 0 deletions .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
---
name: Check for lint, spelling and link errors

on:
workflow_call:
secrets:
SEGMENT_ANALYTICS_KEY:
required: true
LD_CLIENT_ID:
required: true

env:
SEGMENT_ANALYTICS_KEY: ${{ secrets.SEGMENT_ANALYTICS_KEY }}
LD_CLIENT_ID: ${{ secrets.LD_CLIENT_ID }}


jobs:
lint:
name: Lint Code Base, Spelling, Link Check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4

- name: Lint
uses: ConsenSys/docs-gha/lint@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

linkCheck:
name: Link Checking
runs-on: ubuntu-latest
strategy:
matrix:
file-extensions: [".md", ".mdx"]
steps:
- uses: actions/checkout@v4
- name: LinkCheck
uses: ConsenSys/docs-gha/linkcheck@main
with:
FILE_EXTENSION: ${{ matrix.file-extensions }}
27 changes: 22 additions & 5 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
name: Check workflows
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Download actionlint
id: download-actionlint
run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.22
Expand All @@ -19,19 +19,36 @@ jobs:
run: ${{ steps.download-actionlint.outputs.executable }} -color
shell: bash

build-lint:
name: Build and lint
uses: ./.github/workflows/build-lint.yml
build:
name: Build
uses: ./.github/workflows/build.yml
secrets:
SEGMENT_ANALYTICS_KEY: ${{ secrets.SEGMENT_ANALYTICS_DEV_KEY }}
LD_CLIENT_ID: ${{ secrets.LD_CLIENT_ID }}

lint:
name: Lint
uses: ./.github/workflows/lint.yml
secrets:
SEGMENT_ANALYTICS_KEY: ${{ secrets.SEGMENT_ANALYTICS_DEV_KEY }}
LD_CLIENT_ID: ${{ secrets.LD_CLIENT_ID }}

case:
name: Case
uses: ./.github/workflows/case.yml
secrets:
SEGMENT_ANALYTICS_KEY: ${{ secrets.SEGMENT_ANALYTICS_DEV_KEY }}
LD_CLIENT_ID: ${{ secrets.LD_CLIENT_ID }}


all-jobs-completed:
name: All jobs completed
runs-on: ubuntu-latest
needs:
- check-workflows
- build-lint
- build
- lint
- case
outputs:
PASSED: ${{ steps.set-output.outputs.PASSED }}
steps:
Expand Down
35 changes: 9 additions & 26 deletions .github/workflows/security-code-scanner.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ name: 'MetaMask Security Code Scanner'

on:
push:
branches: ['main']
branches:
- 'main'
pull_request:
branches: ['main']
branches:
- 'main'

jobs:
run-security-scan:
Expand All @@ -14,30 +16,11 @@ jobs:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: MetaMask Security Code Scanner
uses: MetaMask/Security-Code-Scanner@main
uses: ConsenSys/docs-gha/mm-security-scanner@main
with:
repo: ${{ github.repository }}
paths_ignored: |
.storybook/
'**/__snapshots__/'
'**/*.snap'
'**/*.stories.js'
'**/*.stories.tsx'
'**/*.test.browser.ts*'
'**/*.test.js*'
'**/*.test.ts*'
'**/fixtures/'
'**/jest.config.js'
'**/jest.environment.js'
'**/mocks/'
'**/test*/'
docs/
e2e/
merged-packages/
node_modules
storybook/
test*/
rules_excluded: example
project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
18 changes: 18 additions & 0 deletions .github/workflows/trivy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
name: Trivy

on:
pull_request:
branches:
- main

jobs:
trivy:
name: Run trivy scanner
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Trivy
uses: ConsenSys/docs-gha/trivy@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Loading