diff options
Diffstat (limited to '.circleci/scripts')
-rwxr-xr-x | .circleci/scripts/firefox-install | 2 | ||||
-rwxr-xr-x | .circleci/scripts/npm-audit | 12 | ||||
-rw-r--r-- | .circleci/scripts/npm-audit-check.js | 24 | ||||
-rwxr-xr-x | .circleci/scripts/release-bump-changelog-version | 44 | ||||
-rwxr-xr-x | .circleci/scripts/release-bump-manifest-version | 38 | ||||
-rwxr-xr-x | .circleci/scripts/release-create-gh-release | 51 | ||||
-rwxr-xr-x | .circleci/scripts/release-create-release-pr | 54 | ||||
-rw-r--r-- | .circleci/scripts/show-changelog.awk | 52 | ||||
-rwxr-xr-x | .circleci/scripts/yarn-audit | 20 |
9 files changed, 260 insertions, 37 deletions
diff --git a/.circleci/scripts/firefox-install b/.circleci/scripts/firefox-install index 7c785b987..3f0772f49 100755 --- a/.circleci/scripts/firefox-install +++ b/.circleci/scripts/firefox-install @@ -4,7 +4,7 @@ set -e set -u set -o pipefail -FIREFOX_VERSION='62.0' +FIREFOX_VERSION='68.0' FIREFOX_BINARY="firefox-${FIREFOX_VERSION}.tar.bz2" FIREFOX_BINARY_URL="https://ftp.mozilla.org/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/${FIREFOX_BINARY}" FIREFOX_PATH='/opt/firefox' diff --git a/.circleci/scripts/npm-audit b/.circleci/scripts/npm-audit deleted file mode 100755 index 00a6876ff..000000000 --- a/.circleci/scripts/npm-audit +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -u -set -o pipefail - -if ! npm audit -then - ! npm audit --json > audit.json - printf '%s\n' '' - node .circleci/scripts/npm-audit-check.js -fi diff --git a/.circleci/scripts/npm-audit-check.js b/.circleci/scripts/npm-audit-check.js deleted file mode 100644 index 2fb408add..000000000 --- a/.circleci/scripts/npm-audit-check.js +++ /dev/null @@ -1,24 +0,0 @@ -const path = require('path') -const audit = require(path.join(__dirname, '..', '..', 'audit.json')) -const error = audit.error -const advisories = Object.keys(audit.advisories || []).map((k) => audit.advisories[k]) - -if (error) { - process.exit(1) -} - -let count = 0 -for (const advisory of advisories) { - if (advisory.severity === 'low') { - continue - } - - count += advisory.findings.some((finding) => (!finding.dev && !finding.optional)) -} - -if (count > 0) { - console.log(`Audit shows ${count} moderate or high severity advisories _in the production dependencies_`) - process.exit(1) -} else { - console.log(`Audit shows _zero_ moderate or high severity advisories _in the production dependencies_`) -} diff --git a/.circleci/scripts/release-bump-changelog-version b/.circleci/scripts/release-bump-changelog-version new file mode 100755 index 000000000..9fd4ddbb8 --- /dev/null +++ b/.circleci/scripts/release-bump-changelog-version @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +set -e +set -u +set -o pipefail + +if [[ "${CI:-}" != 'true' ]] +then + printf '%s\n' 'CI environment variable must be set to true' + exit 1 +fi + +if [[ "${CIRCLECI:-}" != 'true' ]] +then + printf '%s\n' 'CIRCLECI environment variable must be set to true' + exit 1 +fi + +version="${CIRCLE_BRANCH/Version-v/}" + +if ! grep --quiet --fixed-strings "$version" CHANGELOG.md +then + printf '%s\n' 'Adding this release to CHANGELOG.md' + date_str="$(date '+%a %b %d %Y')" + cp CHANGELOG.md{,.bak} + +update_headers=$(cat <<END +/## Current Develop Branch/ { + print "## Current Develop Branch\n"; + print "## ${version} ${date_str}"; + next; +} +{ + print; +} +END +) + + awk "$update_headers" CHANGELOG.md.bak > CHANGELOG.md + rm CHANGELOG.md.bak +else + printf '%s\n' "CHANGELOG.md already includes a header for ${version}" + exit 0 +fi diff --git a/.circleci/scripts/release-bump-manifest-version b/.circleci/scripts/release-bump-manifest-version new file mode 100755 index 000000000..44b193c97 --- /dev/null +++ b/.circleci/scripts/release-bump-manifest-version @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +set -e +set -u +set -o pipefail + +if [[ "${CI:-}" != 'true' ]] +then + printf '%s\n' 'CI environment variable must be set to true' + exit 1 +fi + +if [[ "${CIRCLECI:-}" != 'true' ]] +then + printf '%s\n' 'CIRCLECI environment variable must be set to true' + exit 1 +fi + +printf '%s\n' 'Updating the manifest version if needed' + +version="${CIRCLE_BRANCH/Version-v/}" +updated_manifest="$(jq ".version = \"$version\"" app/manifest.json)" +printf '%s\n' "$updated_manifest" > app/manifest.json + +if [[ -z $(git status --porcelain) ]] +then + printf '%s\n' 'App manifest version already set' + exit 0 +fi + +git \ + -c user.name='MetaMask Bot' \ + -c user.email='metamaskbot@users.noreply.github.com' \ + commit --message "${CIRCLE_BRANCH/-/ }" \ + CHANGELOG.md app/manifest.json + +repo_slug="$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME" +git push "https://$GITHUB_TOKEN_USER:$GITHUB_TOKEN@github.com/$repo_slug" "$CIRCLE_BRANCH" diff --git a/.circleci/scripts/release-create-gh-release b/.circleci/scripts/release-create-gh-release new file mode 100755 index 000000000..f40df4998 --- /dev/null +++ b/.circleci/scripts/release-create-gh-release @@ -0,0 +1,51 @@ +#!/usr/bin/env bash + +set -x +set -e +set -u +set -o pipefail + +if [[ "${CI:-}" != 'true' ]] +then + printf '%s\n' 'CI environment variable must be set to true' + exit 1 +fi + +if [[ "${CIRCLECI:-}" != 'true' ]] +then + printf '%s\n' 'CIRCLECI environment variable must be set to true' + exit 1 +fi + +function install_github_cli () +{ + printf '%s\n' 'Installing hub CLI' + pushd "$(mktemp -d)" + curl -sSL 'https://github.com/github/hub/releases/download/v2.11.2/hub-linux-amd64-2.11.2.tgz' | tar xz + PATH="$PATH:$PWD/hub-linux-amd64-2.11.2/bin" + popd +} + +current_commit_msg=$(git show -s --format='%s' HEAD) + +if grep --quiet '^Version v' <<< "$current_commit_msg" +then + install_github_cli + + printf '%s\n' 'Creating GitHub Release' + read -ra commit_words <<< "$current_commit_msg" + tag="${commit_words[1]}" + release_body="$(awk -v version="${tag##v}" -f .circleci/scripts/show-changelog.awk CHANGELOG.md)" + pushd builds + hub release create \ + --attach metamask-chrome-*.zip \ + --attach metamask-firefox-*.zip \ + --message "${commit_words[0]} ${commit_words[1]#v}" \ + --message "$release_body" \ + --commitish "$CIRCLE_SHA1" \ + "$tag" + popd +else + printf '%s\n' 'Skipping GitHub Release' + exit 0 +fi diff --git a/.circleci/scripts/release-create-release-pr b/.circleci/scripts/release-create-release-pr new file mode 100755 index 000000000..8a2238ec4 --- /dev/null +++ b/.circleci/scripts/release-create-release-pr @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -e +set -u +set -o pipefail + +if [[ "${CI:-}" != 'true' ]] +then + printf '%s\n' 'CI environment variable must be set to true' + exit 1 +fi + +if [[ "${CIRCLECI:-}" != 'true' ]] +then + printf '%s\n' 'CIRCLECI environment variable must be set to true' + exit 1 +fi + +if [[ -z "${GITHUB_TOKEN:-}" ]] +then + printf '%s\n' 'GITHUB_TOKEN environment variable must be set' + exit 1 +fi + +function install_github_cli () +{ + printf '%s\n' 'Installing hub CLI' + pushd "$(mktemp -d)" + curl -sSL 'https://github.com/github/hub/releases/download/v2.11.2/hub-linux-amd64-2.11.2.tgz' | tar xz + PATH="$PATH:$PWD/hub-linux-amd64-2.11.2/bin" + popd +} + +version="${CIRCLE_BRANCH/Version-v/}" +base_branch='develop' + +if [[ -n "${CI_PULL_REQUEST:-}" ]] +then + printf '%s\n' 'CI_PULL_REQUEST is set, pull request already exists for this build' + exit 0 +fi + +install_github_cli + +printf '%s\n' "Creating a Pull Request for $version on GitHub" + +if ! hub pull-request \ + --reviewer '@MetaMask/extension-release-team' \ + --message "${CIRCLE_BRANCH/-/ } RC" --message ':package: :rocket:' \ + --base "$CIRCLE_PROJECT_USERNAME:$base_branch" \ + --head "$CIRCLE_PROJECT_USERNAME:$CIRCLE_BRANCH"; +then + printf '%s\n' 'Pull Request already exists' +fi diff --git a/.circleci/scripts/show-changelog.awk b/.circleci/scripts/show-changelog.awk new file mode 100644 index 000000000..e490df9db --- /dev/null +++ b/.circleci/scripts/show-changelog.awk @@ -0,0 +1,52 @@ +# DESCRIPTION +# +# This script will print out all of the CHANGELOG.md lines for a given version +# with the assumption that the CHANGELOG.md files looks something along the +# lines of: +# +# ``` +# ## 6.6.2 Fri Jun 07 2019 +# +# - [#6690](https://github.com/MetaMask/metamask-extension/pull/6690): Some words +# - [#6700](https://github.com/MetaMask/metamask-extension/pull/6700): some more words +# +# ## 6.6.1 Thu Jun 06 2019 +# +# - [#6691](https://github.com/MetaMask/metamask-extension/pull/6691): Revert other words +# +# ## 6.6.0 Mon Jun 03 2019 +# +# - [#6659](https://github.com/MetaMask/metamask-extension/pull/6659): foo +# - [#6671](https://github.com/MetaMask/metamask-extension/pull/6671): bar +# - [#6625](https://github.com/MetaMask/metamask-extension/pull/6625): baz +# - [#6633](https://github.com/MetaMask/metamask-extension/pull/6633): Many many words +# +# +# ``` +# +# EXAMPLE +# +# Run this script like so, passing in the version: +# +# ``` +# awk -v version='6.6.0' -f .circleci/scripts/show-changelog.awk CHANGELOG.md +# ``` +# + +BEGIN { + inside_section = 0; +} + +$1 == "##" && $2 == version { + inside_section = 1; + next; +} + +$1 == "##" && $2 != version { + inside_section = 0; + next; +} + +inside_section && !/^$/ { + print $0; +} diff --git a/.circleci/scripts/yarn-audit b/.circleci/scripts/yarn-audit new file mode 100755 index 000000000..ebe036815 --- /dev/null +++ b/.circleci/scripts/yarn-audit @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -u +set -o pipefail + +yarn audit --level moderate --groups dependencies +audit_status="$?" + +# Use a bitmask to ignore INFO and LOW severity audit results +# See here: https://yarnpkg.com/lang/en/docs/cli/audit/ +audit_status="$(( audit_status & 11100 ))" + +if [[ "$audit_status" != 0 ]] +then + count="$(yarn audit --level moderate --groups dependencies --json | tail -1 | jq '.data.vulnerabilities.moderate + .data.vulnerabilities.high + .data.vulnerabilities.critical')" + printf "Audit shows %s moderate or high severity advisories _in the production dependencies_\n" "$count" + exit 1 +else + printf "Audit shows _zero_ moderate or high severity advisories _in the production dependencies_\n" +fi |