aboutsummaryrefslogtreecommitdiffstats
path: root/.circleci/scripts
diff options
context:
space:
mode:
Diffstat (limited to '.circleci/scripts')
-rwxr-xr-x.circleci/scripts/firefox-install2
-rwxr-xr-x.circleci/scripts/npm-audit12
-rw-r--r--.circleci/scripts/npm-audit-check.js24
-rwxr-xr-x.circleci/scripts/release-bump-changelog-version44
-rwxr-xr-x.circleci/scripts/release-bump-manifest-version38
-rwxr-xr-x.circleci/scripts/release-create-gh-release51
-rwxr-xr-x.circleci/scripts/release-create-release-pr54
-rw-r--r--.circleci/scripts/show-changelog.awk52
-rwxr-xr-x.circleci/scripts/yarn-audit20
9 files changed, 260 insertions, 37 deletions
diff --git a/.circleci/scripts/firefox-install b/.circleci/scripts/firefox-install
index 7c785b987..3f0772f49 100755
--- a/.circleci/scripts/firefox-install
+++ b/.circleci/scripts/firefox-install
@@ -4,7 +4,7 @@ set -e
set -u
set -o pipefail
-FIREFOX_VERSION='62.0'
+FIREFOX_VERSION='68.0'
FIREFOX_BINARY="firefox-${FIREFOX_VERSION}.tar.bz2"
FIREFOX_BINARY_URL="https://ftp.mozilla.org/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/${FIREFOX_BINARY}"
FIREFOX_PATH='/opt/firefox'
diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit
deleted file mode 100755
index 00a6876ff..000000000
--- a/.circleci/scripts/npm-audit
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-set -u
-set -o pipefail
-
-if ! npm audit
-then
- ! npm audit --json > audit.json
- printf '%s\n' ''
- node .circleci/scripts/npm-audit-check.js
-fi
diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js
deleted file mode 100644
index 2fb408add..000000000
--- a/.circleci/scripts/npm-audit-check.js
+++ /dev/null
@@ -1,24 +0,0 @@
-const path = require('path')
-const audit = require(path.join(__dirname, '..', '..', 'audit.json'))
-const error = audit.error
-const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k])
-
-if (error) {
- process.exit(1)
-}
-
-let count = 0
-for (const advisory of advisories) {
- if (advisory.severity === 'low') {
- continue
- }
-
- count += advisory.findings.some((finding) => (!finding.dev && !finding.optional))
-}
-
-if (count > 0) {
- console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`)
- process.exit(1)
-} else {
- console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`)
-}
diff --git a/.circleci/scripts/release-bump-changelog-version b/.circleci/scripts/release-bump-changelog-version
new file mode 100755
index 000000000..9fd4ddbb8
--- /dev/null
+++ b/.circleci/scripts/release-bump-changelog-version
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+if [[ "${CI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CI environment variable must be set to true'
+ exit 1
+fi
+
+if [[ "${CIRCLECI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CIRCLECI environment variable must be set to true'
+ exit 1
+fi
+
+version="${CIRCLE_BRANCH/Version-v/}"
+
+if ! grep --quiet --fixed-strings "$version" CHANGELOG.md
+then
+ printf '%s\n' 'Adding this release to CHANGELOG.md'
+ date_str="$(date '+%a %b %d %Y')"
+ cp CHANGELOG.md{,.bak}
+
+update_headers=$(cat <<END
+/## Current Develop Branch/ {
+ print "## Current Develop Branch\n";
+ print "## ${version} ${date_str}";
+ next;
+}
+{
+ print;
+}
+END
+)
+
+ awk "$update_headers" CHANGELOG.md.bak > CHANGELOG.md
+ rm CHANGELOG.md.bak
+else
+ printf '%s\n' "CHANGELOG.md already includes a header for ${version}"
+ exit 0
+fi
diff --git a/.circleci/scripts/release-bump-manifest-version b/.circleci/scripts/release-bump-manifest-version
new file mode 100755
index 000000000..44b193c97
--- /dev/null
+++ b/.circleci/scripts/release-bump-manifest-version
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+if [[ "${CI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CI environment variable must be set to true'
+ exit 1
+fi
+
+if [[ "${CIRCLECI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CIRCLECI environment variable must be set to true'
+ exit 1
+fi
+
+printf '%s\n' 'Updating the manifest version if needed'
+
+version="${CIRCLE_BRANCH/Version-v/}"
+updated_manifest="$(jq ".version = \"$version\"" app/manifest.json)"
+printf '%s\n' "$updated_manifest" > app/manifest.json
+
+if [[ -z $(git status --porcelain) ]]
+then
+ printf '%s\n' 'App manifest version already set'
+ exit 0
+fi
+
+git \
+ -c user.name='MetaMask Bot' \
+ -c user.email='metamaskbot@users.noreply.github.com' \
+ commit --message "${CIRCLE_BRANCH/-/ }" \
+ CHANGELOG.md app/manifest.json
+
+repo_slug="$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME"
+git push "https://$GITHUB_TOKEN_USER:$GITHUB_TOKEN@github.com/$repo_slug" "$CIRCLE_BRANCH"
diff --git a/.circleci/scripts/release-create-gh-release b/.circleci/scripts/release-create-gh-release
new file mode 100755
index 000000000..f40df4998
--- /dev/null
+++ b/.circleci/scripts/release-create-gh-release
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+set -x
+set -e
+set -u
+set -o pipefail
+
+if [[ "${CI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CI environment variable must be set to true'
+ exit 1
+fi
+
+if [[ "${CIRCLECI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CIRCLECI environment variable must be set to true'
+ exit 1
+fi
+
+function install_github_cli ()
+{
+ printf '%s\n' 'Installing hub CLI'
+ pushd "$(mktemp -d)"
+ curl -sSL 'https://github.com/github/hub/releases/download/v2.11.2/hub-linux-amd64-2.11.2.tgz' | tar xz
+ PATH="$PATH:$PWD/hub-linux-amd64-2.11.2/bin"
+ popd
+}
+
+current_commit_msg=$(git show -s --format='%s' HEAD)
+
+if grep --quiet '^Version v' <<< "$current_commit_msg"
+then
+ install_github_cli
+
+ printf '%s\n' 'Creating GitHub Release'
+ read -ra commit_words <<< "$current_commit_msg"
+ tag="${commit_words[1]}"
+ release_body="$(awk -v version="${tag##v}" -f .circleci/scripts/show-changelog.awk CHANGELOG.md)"
+ pushd builds
+ hub release create \
+ --attach metamask-chrome-*.zip \
+ --attach metamask-firefox-*.zip \
+ --message "${commit_words[0]} ${commit_words[1]#v}" \
+ --message "$release_body" \
+ --commitish "$CIRCLE_SHA1" \
+ "$tag"
+ popd
+else
+ printf '%s\n' 'Skipping GitHub Release'
+ exit 0
+fi
diff --git a/.circleci/scripts/release-create-release-pr b/.circleci/scripts/release-create-release-pr
new file mode 100755
index 000000000..8a2238ec4
--- /dev/null
+++ b/.circleci/scripts/release-create-release-pr
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set -e
+set -u
+set -o pipefail
+
+if [[ "${CI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CI environment variable must be set to true'
+ exit 1
+fi
+
+if [[ "${CIRCLECI:-}" != 'true' ]]
+then
+ printf '%s\n' 'CIRCLECI environment variable must be set to true'
+ exit 1
+fi
+
+if [[ -z "${GITHUB_TOKEN:-}" ]]
+then
+ printf '%s\n' 'GITHUB_TOKEN environment variable must be set'
+ exit 1
+fi
+
+function install_github_cli ()
+{
+ printf '%s\n' 'Installing hub CLI'
+ pushd "$(mktemp -d)"
+ curl -sSL 'https://github.com/github/hub/releases/download/v2.11.2/hub-linux-amd64-2.11.2.tgz' | tar xz
+ PATH="$PATH:$PWD/hub-linux-amd64-2.11.2/bin"
+ popd
+}
+
+version="${CIRCLE_BRANCH/Version-v/}"
+base_branch='develop'
+
+if [[ -n "${CI_PULL_REQUEST:-}" ]]
+then
+ printf '%s\n' 'CI_PULL_REQUEST is set, pull request already exists for this build'
+ exit 0
+fi
+
+install_github_cli
+
+printf '%s\n' "Creating a Pull Request for $version on GitHub"
+
+if ! hub pull-request \
+ --reviewer '@MetaMask/extension-release-team' \
+ --message "${CIRCLE_BRANCH/-/ } RC" --message ':package: :rocket:' \
+ --base "$CIRCLE_PROJECT_USERNAME:$base_branch" \
+ --head "$CIRCLE_PROJECT_USERNAME:$CIRCLE_BRANCH";
+then
+ printf '%s\n' 'Pull Request already exists'
+fi
diff --git a/.circleci/scripts/show-changelog.awk b/.circleci/scripts/show-changelog.awk
new file mode 100644
index 000000000..e490df9db
--- /dev/null
+++ b/.circleci/scripts/show-changelog.awk
@@ -0,0 +1,52 @@
+# DESCRIPTION
+#
+# This script will print out all of the CHANGELOG.md lines for a given version
+# with the assumption that the CHANGELOG.md files looks something along the
+# lines of:
+#
+# ```
+# ## 6.6.2 Fri Jun 07 2019
+#
+# - [#6690](https://github.com/MetaMask/metamask-extension/pull/6690): Some words
+# - [#6700](https://github.com/MetaMask/metamask-extension/pull/6700): some more words
+#
+# ## 6.6.1 Thu Jun 06 2019
+#
+# - [#6691](https://github.com/MetaMask/metamask-extension/pull/6691): Revert other words
+#
+# ## 6.6.0 Mon Jun 03 2019
+#
+# - [#6659](https://github.com/MetaMask/metamask-extension/pull/6659): foo
+# - [#6671](https://github.com/MetaMask/metamask-extension/pull/6671): bar
+# - [#6625](https://github.com/MetaMask/metamask-extension/pull/6625): baz
+# - [#6633](https://github.com/MetaMask/metamask-extension/pull/6633): Many many words
+#
+#
+# ```
+#
+# EXAMPLE
+#
+# Run this script like so, passing in the version:
+#
+# ```
+# awk -v version='6.6.0' -f .circleci/scripts/show-changelog.awk CHANGELOG.md
+# ```
+#
+
+BEGIN {
+ inside_section = 0;
+}
+
+$1 == "##" && $2 == version {
+ inside_section = 1;
+ next;
+}
+
+$1 == "##" && $2 != version {
+ inside_section = 0;
+ next;
+}
+
+inside_section && !/^$/ {
+ print $0;
+}
diff --git a/.circleci/scripts/yarn-audit b/.circleci/scripts/yarn-audit
new file mode 100755
index 000000000..ebe036815
--- /dev/null
+++ b/.circleci/scripts/yarn-audit
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -u
+set -o pipefail
+
+yarn audit --level moderate --groups dependencies
+audit_status="$?"
+
+# Use a bitmask to ignore INFO and LOW severity audit results
+# See here: https://yarnpkg.com/lang/en/docs/cli/audit/
+audit_status="$(( audit_status & 11100 ))"
+
+if [[ "$audit_status" != 0 ]]
+then
+ count="$(yarn audit --level moderate --groups dependencies --json | tail -1 | jq '.data.vulnerabilities.moderate + .data.vulnerabilities.high + .data.vulnerabilities.critical')"
+ printf "Audit shows %s moderate or high severity advisories _in the production dependencies_\n" "$count"
+ exit 1
+else
+ printf "Audit shows _zero_ moderate or high severity advisories _in the production dependencies_\n"
+fi