feat: erc20 approval set max instead of infinite (#1603) #4093
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# TODO: See if we can automate wallet version bumps | |
name: Talisman CI | |
on: | |
push: | |
branches: ["dev"] | |
pull_request: | |
types: [opened, synchronize] | |
concurrency: | |
# only run 1 job per branch/pr/etc at a time | |
# (afaik this prevents a race condition in changesets version bumps) | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
jobs: | |
# This job will build and test the talisman wallet | |
build: | |
name: "Build and test the wallet" | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
# To use Remote Caching, uncomment the next lines and follow the steps below. | |
# env: | |
# TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} | |
# TURBO_TEAM: ${{ secrets.TURBO_TEAM }} | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 # also get the previous commit | |
- name: Enable corepack | |
run: corepack enable | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Test | |
run: pnpm preconstruct:dev && pnpm test | |
- name: Extract short SHA + package version | |
id: vars | |
run: | | |
sha_short=$(git rev-parse --short HEAD) | |
echo "sha_short=$sha_short" >> $GITHUB_OUTPUT | |
npm_package_version=$(cat apps/extension/package.json | jq -r .version) | |
echo "npm_package_version=$npm_package_version" >> $GITHUB_OUTPUT | |
- name: Extract translatable strings | |
run: pnpm chore:update-translations | |
- name: Upload translatable strings | |
uses: simplelocalize/github-action-cli@v1 | |
with: | |
api-key: ${{ secrets.SIMPLE_LOCALIZE_API_KEY }} | |
command: "upload" | |
cli-version: "2.2.0" | |
args: "--apiKey ${{ secrets.SIMPLE_LOCALIZE_API_KEY }}" | |
- name: Build | |
run: pnpm build:extension:ci | |
env: | |
COMMIT_SHA_SHORT: ${{ steps.vars.outputs.sha_short }} | |
API_KEY_ONFINALITY: ${{ secrets.API_KEY_ONFINALITY }} | |
POSTHOG_AUTH_TOKEN: ${{ secrets.POSTHOG_AUTH_TOKEN }} | |
SIMPLE_LOCALIZE_API_KEY: ${{ secrets.SIMPLE_LOCALIZE_API_KEY }} | |
SIMPLE_LOCALIZE_PROJECT_TOKEN: ${{ secrets.SIMPLE_LOCALIZE_PROJECT_TOKEN }} | |
# SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
# SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build | |
path: ./apps/extension/dist/chrome/talisman_extension_ci_${{ steps.vars.outputs.sha_short }}_chrome.zip | |
retention-days: 5 | |
# This job will build and publish a snapshot version of the packages which have changesets in this PR | |
publish_snapshot: | |
name: "Publish a snapshot version of any packages with changesets in this PR to npm" | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 # also get the previous commit | |
- name: Enable corepack | |
run: corepack enable | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Bump changed package versions to a snapshot version | |
run: pnpm changeset version --snapshot pr${{ github.event.pull_request.number }} | |
- name: Build snapshot packages | |
run: pnpm build:packages | |
- name: Set publish config | |
run: pnpm config set '//registry.npmjs.org/:_authToken' "${PNPM_TOKEN}" | |
env: | |
PNPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Publish snapshot packages | |
run: pnpm --filter './packages/*' publish --no-git-checks --access public --tag pr${{ github.event.pull_request.number }} | |
# This job will check for changed packages in this PR, and will comment on the PR if any changed packages do not yet have changesets | |
ensure_pr_has_changeset: | |
name: "Check that changed packages have changesets in the current PR" | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' && github.event.pull_request.base.ref == 'dev' | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
# fetch all branches on the repo | |
# (we need this in order to compare the changes between this PR and the default branch) | |
fetch-depth: 0 | |
- name: Enable corepack | |
run: corepack enable | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Compile list of changed files | |
id: changed-files | |
# this will find the files which have been changed in this PR | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
HEAD_REF="remotes/origin/${{ github.event.pull_request.head.ref }}" | |
BASE_REF="remotes/origin/${{ github.event.pull_request.base.ref }}" | |
echo "CHANGED_FILES<<$EOF" >> "$GITHUB_OUTPUT" | |
git diff --name-only $HEAD_REF $(git merge-base $HEAD_REF $BASE_REF) >> $GITHUB_OUTPUT | |
echo "$EOF" >> "$GITHUB_OUTPUT" | |
- name: Compile list of changed packages | |
id: changed-packages | |
# this will turn the list of files changed by this PR into a list of packages changed by this PR | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
FILES_IN_PACKAGES="$(echo '${{ steps.changed-files.outputs.CHANGED_FILES }}' | { grep ^packages || true; } | { grep -v -e '^packages/extension-core' -e '^packages/extension-shared' -e '^packages/talisman-ui' || true; })" | |
if [[ $FILES_IN_PACKAGES != '' ]]; then | |
UNIQ_PACKAGE_DIRS="$(echo $FILES_IN_PACKAGES | cut -d/ -f1-2 | sort | uniq)" | |
UNIQ_PACKAGE_JSONS="$(find $UNIQ_PACKAGE_DIRS -name node_modules -prune -o -name package.json -print || true)" | |
UNIQ_PACKAGE_NAMES="$(echo $UNIQ_PACKAGE_JSONS | xargs jq .name | sort | uniq | { grep -v null || true; })" | |
else | |
UNIQ_PACKAGE_NAMES="" | |
fi | |
echo "CHANGED_PACKAGES<<$EOF" >> "$GITHUB_OUTPUT" | |
echo $UNIQ_PACKAGE_NAMES >> $GITHUB_OUTPUT | |
echo "$EOF" >> "$GITHUB_OUTPUT" | |
- name: Compile list of packages with changesets | |
id: changesets | |
# this will find the packages which have changesets in this PR | |
# need to use temporary file `changeset-status.json` until one of these are fixed: | |
# https://github.com/changesets/changesets/issues/1020 | |
# https://github.com/changesets/changesets/issues/1021 | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BASE_REF="remotes/origin/${{ github.event.pull_request.base.ref }}" | |
echo "CHANGESETS<<$EOF" >> "$GITHUB_OUTPUT" | |
pnpm changeset status --since $BASE_REF --output changeset-status.json && cat changeset-status.json | jq '.releases[] | select(.changesets | length > 0) | .name' | sort | uniq >> $GITHUB_OUTPUT | |
echo "$EOF" >> "$GITHUB_OUTPUT" | |
- name: Check if any changed packages don't have changesets | |
id: without-changesets | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "WITHOUT_CHANGESETS<<$EOF" >> "$GITHUB_OUTPUT" | |
comm -23 <(echo '${{ steps.changed-packages.outputs.CHANGED_PACKAGES }}') <(echo '${{ steps.changesets.outputs.CHANGESETS }}') >> $GITHUB_OUTPUT | |
echo "$EOF" >> "$GITHUB_OUTPUT" | |
- name: Set IS_MISSING_CHANGESETS var | |
id: is-missing-changesets | |
run: echo IS_MISSING_CHANGESETS=$([[ '${{ steps.without-changesets.outputs.WITHOUT_CHANGESETS }}' == '' ]] && echo no || echo yes) >> $GITHUB_OUTPUT | |
- name: Debug action variables | |
run: | | |
echo '**Debug output for `ensure_pr_has_changeset` action**' >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
echo "--CHANGED_FILES--" >> $GITHUB_STEP_SUMMARY | |
echo '${{ steps.changed-files.outputs.CHANGED_FILES }}' >> $GITHUB_STEP_SUMMARY | |
echo "--CHANGED_PACKAGES--" >> $GITHUB_STEP_SUMMARY | |
echo '${{ steps.changed-packages.outputs.CHANGED_PACKAGES }}' >> $GITHUB_STEP_SUMMARY | |
echo "--CHANGESETS--" >> $GITHUB_STEP_SUMMARY | |
echo '${{ steps.changesets.outputs.CHANGESETS }}' >> $GITHUB_STEP_SUMMARY | |
echo "--WITHOUT_CHANGESETS--" >> $GITHUB_STEP_SUMMARY | |
echo '${{ steps.without-changesets.outputs.WITHOUT_CHANGESETS }}' >> $GITHUB_STEP_SUMMARY | |
echo "--IS_MISSING_CHANGESETS--" >> $GITHUB_STEP_SUMMARY | |
echo '${{ steps.is-missing-changesets.outputs.IS_MISSING_CHANGESETS }}' >> $GITHUB_STEP_SUMMARY | |
echo '```' >> $GITHUB_STEP_SUMMARY | |
- name: Comment on the PR to indicate which packages they should add a changeset to | |
uses: thollander/actions-comment-pull-request@v2 | |
if: steps.is-missing-changesets.outputs.IS_MISSING_CHANGESETS == 'yes' | |
with: | |
comment_tag: "missing-changesets" | |
message: | | |
### :boom: No changeset(s) detected | |
This PR is missing changesets for the following packages: | |
``` | |
${{ steps.without-changesets.outputs.WITHOUT_CHANGESETS }} | |
``` | |
Please add a changeset for these packages. | |
You can do so by running `pnpm changeset` in your local development environment. | |
Not sure what this means? [Click here to learn what changesets are](https://github.com/changesets/changesets/blob/main/docs/adding-a-changeset.md). | |
- name: Update PR comment to indicate that all packages have changesets | |
uses: thollander/actions-comment-pull-request@v2 | |
if: steps.is-missing-changesets.outputs.IS_MISSING_CHANGESETS == 'no' && steps.changed-packages.outputs.CHANGED_PACKAGES != '' | |
with: | |
comment_tag: "missing-changesets" | |
create_if_not_exists: false | |
message: | | |
### :butterfly: Changeset(s) detected | |
This PR includes changeset(s) for the following changed packages: | |
``` | |
${{ steps.changesets.outputs.CHANGESETS }} | |
``` | |
Not sure what this means? [Click here to learn what changesets are](https://github.com/changesets/changesets/blob/main/docs/adding-a-changeset.md). | |
- name: Update PR comment to indicate that no changesets are needed | |
uses: thollander/actions-comment-pull-request@v2 | |
if: steps.is-missing-changesets.outputs.IS_MISSING_CHANGESETS == 'no' && steps.changed-packages.outputs.CHANGED_PACKAGES == '' | |
with: | |
comment_tag: "missing-changesets" | |
create_if_not_exists: false | |
message: | | |
### :sparkles: No changeset(s) required | |
This PR does not include any package changes, and so it does not require any changesets to be added. | |
Not sure what this means? [Click here to learn what changesets are](https://github.com/changesets/changesets/blob/main/docs/adding-a-changeset.md). | |
- name: Fail job if some packages don't have a changeset | |
if: steps.is-missing-changesets.outputs.IS_MISSING_CHANGESETS == 'yes' | |
run: exit 1 | |
# When a PR is merged into dev, this job will create a PR to version bump the packages which have changesets | |
# When the PR is merged, this job will publish the new package versions to npm | |
release_changesets: | |
name: "Create a PR to bump package versions on dev, and publish the new versions to npm when the PR is merged" | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && github.event.ref == 'refs/heads/dev' | |
steps: | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 # also get the previous commit | |
- name: Enable corepack | |
run: corepack enable | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
cache: pnpm | |
- name: Install dependencies | |
run: pnpm install --frozen-lockfile | |
- name: Create pull request | |
id: changesets | |
uses: changesets/action@v1 | |
with: | |
commit: "chore: bump package versions" | |
title: "chore: bump package versions" | |
createGithubReleases: false | |
env: | |
# GITHUB_TOKEN is automatically added into the ENV by GitHub CI | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build packages | |
if: steps.changesets.outputs.hasChangesets == 'false' | |
run: pnpm build:packages | |
- name: Set publish config | |
if: steps.changesets.outputs.hasChangesets == 'false' | |
run: pnpm config set '//registry.npmjs.org/:_authToken' "${PNPM_TOKEN}" | |
env: | |
PNPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
- name: Publish packages | |
if: steps.changesets.outputs.hasChangesets == 'false' | |
run: pnpm --filter './packages/*' publish --no-git-checks --access public |