Skip to content

ci: Upgrade Yarn to 4.16.0 and align workflows with module template#204

Merged
Mrtenz merged 7 commits into
mainfrom
mrtenz/action-npm-publish@v6
Jun 5, 2026
Merged

ci: Upgrade Yarn to 4.16.0 and align workflows with module template#204
Mrtenz merged 7 commits into
mainfrom
mrtenz/action-npm-publish@v6

Conversation

@Mrtenz

@Mrtenz Mrtenz commented Jun 5, 2026

Copy link
Copy Markdown
Member

Summary

  • Upgrades Yarn from 3.2.1 to 4.16.0 and aligns .yarnrc.yml with the module template (Corepack, approvedGitRepositories: [], npmMinimalAgeGate: 4320, npmPreapprovedPackages)
  • Updates action-npm-publish from v1 to v6
  • Fully aligns CI workflows with the metamask-module-template:
    • Added main.yml — top-level orchestration workflow (actionlint, security scan, build/lint/test, release gating)
    • Added build-lint-test.yml — reusable workflow with prepare/build/lint/test/compatibility-test jobs on Node 20/22/24 using action-checkout-and-setup@v3
    • Rewrote publish-release.yml as a reusable workflow_call — restructured as build → publish-npm-dry-run → publish-npm → publish-release; GitHub release now happens after npm publish; uses action-publish-release@v3
    • Updated create-release-pr.yml — uses action-checkout-and-setup@v3, action-create-release-pr@v5, release-type is now a choice input
    • Updated publish-preview.ymlaction-checkout-and-setup@v1v3
    • Deleted build-test.yml and security-code-scanner.yml — consolidated into main.yml
    • Added actionlint-matcher.json and actionlint.yml
  • Adds lint:changelog script (auto-changelog validate --formatter prettier) and wires it into lint and lint:fix

Note

Medium Risk
Changes npm publish ordering, release gating, and Node matrix coverage, which can block merges or alter how/when packages ship if misconfigured.

Overview
Replaces the monolithic build-test.yml CI with a main.yml entrypoint that runs actionlint (with a GitHub problem matcher), invokes the reusable MetaMask security scan workflow, and calls a new reusable build-lint-test.yml for prepare/build/lint/test plus a lockfile-free compatibility test on Node 20/22/24 via MetaMask/action-checkout-and-setup@v3.

Release and publish behavior shifts: publish-release.yml is now workflow_call-only and runs build → npm dry-run → npm publish → GitHub release (GitHub release after npm), using artifact upload/download instead of commit-keyed cache and action-npm-publish@v6 / action-publish-release@v3. main.yml gates publishing on all-jobs-pass, action-is-release@v2, and push events whose head commit author is github-actions.

create-release-pr.yml moves to action-create-release-pr@v5, makes release-type a choice input (including empty), and drops the release-authors artifact upload. publish-preview.yml bumps checkout/setup to v3. Adds actionlint.yml to ignore the intentional empty release-type option.

Reviewed by Cursor Bugbot for commit 9e17710. Bugbot is set up for automated code reviews on this repo. Configure here.

@Mrtenz Mrtenz changed the title ci: Upgrade Yarn to 4.16.0 and update action-npm-publish to v6 ci: Upgrade Yarn to 4.16.0 and align workflows with module template Jun 5, 2026
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@Mrtenz Mrtenz marked this pull request as ready for review June 5, 2026 11:10
@Mrtenz Mrtenz requested a review from a team as a code owner June 5, 2026 11:10
@Mrtenz Mrtenz merged commit c80c69b into main Jun 5, 2026
26 checks passed
@Mrtenz Mrtenz deleted the mrtenz/action-npm-publish@v6 branch June 5, 2026 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants