release: 13.2.0

.depcheckrc.yml

@@ -57,7 +57,6 @@ ignores:
   - '@storybook/manager-webpack5'
   - '@storybook/react-webpack5'
   - 'storybook-dark-mode'
-  - '@whitespace/storybook-addon-html'
   - 'react-syntax-highlighter'
   - 'style-loader'
   - 'css-loader'

.eslintrc.base.js

@@ -9,6 +9,10 @@ module.exports = {
   globals: {
     document: 'readonly',
     window: 'readonly',
+    // Our ESLint config is stuck at ES2017 because Browserify doesn't support the spread operator.
+    // We can remove this global after we've migrated away from Browserify and updated our ESLint
+    // config to at least ES2021.
+    AggregateError: 'readonly',
   },
 
   rules: {

.github/scripts/bundle.sh

@@ -1,5 +1,11 @@
 #!/usr/bin/env bash
 
+# Keep this list synchronized with:
+# * The environment variables used by the `run-build` step in `.github/workflows/run-build.yml`.
+# * The environment variables used by the `publish-release` step in `.github/workflows/publish-release.yml`.
+export APPLE_BETA_CLIENT_ID=""
+export APPLE_FLASK_CLIENT_ID=""
+export APPLE_PROD_CLIENT_ID=""
 export CONTENTFUL_ACCESS_SPACE_ID=""
 export CONTENTFUL_ACCESS_TOKEN=""
 export ETHERSCAN_API_KEY=""
@@ -10,22 +16,27 @@ export FIREBASE_MEASUREMENT_ID=""
 export FIREBASE_MESSAGING_SENDER_ID=""
 export FIREBASE_PROJECT_ID=""
 export FIREBASE_STORAGE_BUCKET=""
+export GOOGLE_BETA_CLIENT_ID=""
+export GOOGLE_FLASK_CLIENT_ID=""
+export GOOGLE_PROD_CLIENT_ID=""
 export INFURA_BETA_PROJECT_ID=""
 export INFURA_FLASK_PROJECT_ID=""
 export INFURA_PROD_PROJECT_ID=""
-export INFURA_PROJECT_ID=""
-export PUBNUB_PUB_KEY=""
+export QUICKNODE_ARBITRUM_URL=""
+export QUICKNODE_AVALANCHE_URL=""
+export QUICKNODE_BASE_URL=""
+export QUICKNODE_LINEA_MAINNET_URL=""
+export QUICKNODE_MAINNET_URL=""
+export QUICKNODE_OPTIMISM_URL=""
+export QUICKNODE_POLYGON_URL=""
 export SEGMENT_BETA_WRITE_KEY=""
 export SEGMENT_FLASK_WRITE_KEY=""
 export SEGMENT_PROD_WRITE_KEY=""
-export SEGMENT_WRITE_KEY=""
 export ANALYTICS_DATA_DELETION_SOURCE_ID=""
 export ANALYTICS_DATA_DELETION_ENDPOINT=""
-export SENTRY_AUTH_TOKEN=""
 export SENTRY_DSN=""
-export SENTRY_DSN_DEV=""
-export VAPID_KEY=""
 export TZ="UTC"
+export VAPID_KEY=""
 export ENABLE_MV3="false"
 
 # 1. Download and install nvm:

.github/scripts/check-template-and-add-labels.ts

@@ -17,6 +17,7 @@ import {
   craftRegressionLabel,
   externalContributorLabel,
   needsTriageLabel,
+  areaSentryLabel,
   flakyTestsLabel,
   invalidIssueTemplateLabel,
   invalidPullRequestTemplateLabel,
@@ -98,8 +99,9 @@ async function main(): Promise<void> {
     labelable.body,
   );
 
-  // If labelable's author is a bot we skip the template checks as bots don't use templates
-  if (knownBots.includes(labelable.author)) {
+  // If labelable's author is a bot we skip the rest of the script, including the template checks as bots don't use templates.
+  // Exception: For issues created the 'sentry-io' bot, we don't skip the rest of the script because there's a specific handling for those issues.
+  if (knownBots.includes(labelable.author) && labelable.author !== 'sentry-io') {
     console.log(
       `${
         labelable.type === LabelableType.PullRequest ? 'PR' : 'Issue'
@@ -123,6 +125,24 @@ async function main(): Promise<void> {
       process.exit(0); // Stop the process and exit with a success status code
     }
 
+    if (labelable.author === 'sentry-io') {
+      console.log(
+        `Issue ${labelable?.number} was created through Sentry. Issue's description doesn't need to match issue template in that case. Skip template checks.`,
+      );
+      await removeLabelFromLabelableIfPresent(
+        octokit,
+        labelable,
+        invalidIssueTemplateLabel,
+      );
+      // Add needs triage label ONLY if issue is created (not updated)
+      if (context.payload.action === 'opened') {
+        await addNeedsTriageLabelToIssue(octokit, labelable);
+      }
+      // Add area-Sentry label to the bug report issue
+      await addAreaSentryLabelToIssue(octokit, labelable);
+      process.exit(0); // Stop the process and exit with a success status code
+    }
+
     if (templateType === TemplateType.GeneralIssue) {
       console.log("Issue matches 'general-issue.yml' template.");
       await removeLabelFromLabelableIfPresent(
@@ -139,10 +159,12 @@ async function main(): Promise<void> {
       );
 
       // Add regression label to the bug report issue
-      addRegressionLabelToIssue(octokit, labelable);
+      await addRegressionLabelToIssue(octokit, labelable);
 
-      // Add needs triage label to the bug report issue
-      addNeedsTriageLabelToIssue(octokit, labelable);
+      // Add needs triage label ONLY if issue is created (not updated)
+      if (context.payload.action === 'opened') {
+        await addNeedsTriageLabelToIssue(octokit, labelable);
+      }
     } else {
       const errorMessage =
         "Issue body does not match any of expected templates ('general-issue.yml' or 'bug-report.yml').\n\nMake sure issue's body includes all section titles.\n\nSections titles are listed here: https://github.com/MetaMask/metamask-extension/blob/main/.github/scripts/shared/template.ts#L14-L37";
@@ -271,6 +293,13 @@ async function addNeedsTriageLabelToIssue(
 ): Promise<void> {
   await addLabelToLabelable(octokit, issue, needsTriageLabel);
 }
+// This function adds the "area-Sentry" label to the issue if it doesn't have it
+async function addAreaSentryLabelToIssue(
+  octokit: InstanceType<typeof GitHub>,
+  issue: Labelable,
+): Promise<void> {
+  await addLabelToLabelable(octokit, issue, areaSentryLabel);
+}
 // This function adds the correct regression label to the issue, and removes other ones
 async function addRegressionLabelToIssue(
   octokit: InstanceType<typeof GitHub>,

.github/scripts/get-next-semver-version.sh

@@ -9,23 +9,7 @@ then
   exit 0
 fi
 
-# Pattern for Version-vX.Y.Z branches
-VERSION_BRANCHES_VERSION_V=$(git branch -r | grep -o 'Version-v[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*' | sort --version-sort | tail -n 1)
-# Default pattern for release/x.y.z branches
-VERSION_BRANCHES_RELEASE=$(git branch -r | grep -o 'release/[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*' | sort --version-sort | tail -n 1)
-
-
-# Get the highest version from tags
-VERSION_TAGS=$(git tag | grep -o 'v[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*' | sort --version-sort | tail -n 1)
-
 # Get the version from package.json
-VERSION_PACKAGE=$(node -p "require('../../package.json').version")
-
-# Compare versions and keep the highest one
-HIGHEST_VERSION=$(printf "%s\n%s\n%s\n%s" "$VERSION_BRANCHES_VERSION_V" "$VERSION_BRANCHES_RELEASE" "$VERSION_TAGS" "$VERSION_PACKAGE" | sort --version-sort | tail -n 1)
-echo "HIGHEST_VERSION=${HIGHEST_VERSION}, VERSION_BRANCHES_VERSION_V=${VERSION_BRANCHES_VERSION_V}, VERSION_BRANCHES_RELEASE=${VERSION_BRANCHES_RELEASE}, VERSION_TAGS=${VERSION_TAGS}, VERSION_PACKAGE=${VERSION_PACKAGE}"
-
-# Increment the minor version of the highest version found and reset the patch version to 0
-NEXT_VERSION=$(echo "$HIGHEST_VERSION" | awk -F. -v OFS=. '{$2++; $3=0; print}')
+VERSION_PACKAGE=$(node -p "require(process.env.GITHUB_WORKSPACE + '/package.json').version")
 
-echo "NEXT_SEMVER_VERSION=${NEXT_VERSION}" >> "$GITHUB_ENV"
+echo "NEXT_SEMVER_VERSION=${VERSION_PACKAGE}" >> "$GITHUB_ENV"

.github/scripts/identify-codeowners.ts

@@ -28,7 +28,7 @@ const teamEmojis: TeamEmojis = {
   '@MetaMask/extension-devs': '🧩',
   '@MetaMask/policy-reviewers': '📜',
   '@MetaMask/supply-chain': '🔗',
-  '@MetaMask/snaps-devs': '🫰',
+  '@MetaMask/core-platform': '🫰',
   '@MetaMask/extension-security-team': '🔒',
   '@MetaMask/extension-privacy-reviewers': '🕵️',
   '@MetaMask/confirmations': '✅',
@@ -40,6 +40,9 @@ const teamEmojis: TeamEmojis = {
   '@MetaMask/ramp': '📈',
   '@MetaMask/wallet-ux': '🖥️',
   '@MetaMask/metamask-assets': '💎',
+  '@MetaMask/web3auth': '🔐',
+  '@MetaMask/transactions': '💸',
+  '@MetaMask/qa': '🧪',
 };
 
 main().catch((error: Error): void => {

.github/scripts/shared/label.ts

@@ -29,10 +29,16 @@ export const externalContributorLabel: Label = {
 
 export const needsTriageLabel: Label = {
   name: 'needs-triage',
-  color: '#68AEE6',
+  color: '68AEE6',
   description: 'Issue needs to be triaged',
 };
 
+export const areaSentryLabel: Label = {
+  name: 'area-sentry',
+  color: '5319E7',
+  description: 'Issue from Sentry',
+};
+
 export const flakyTestsLabel: Label = {
   name: 'flaky tests',
   color: 'BE564E',
@@ -113,14 +119,14 @@ export function craftTeamLabel(teamName: string): Label {
     case 'extension-platform':
       return {
         name: `team-${teamName}`,
-        color: '#BFD4F2', // light blue
+        color: 'BFD4F2', // light blue
         description: `Extension Platform team`,
       };
 
     case 'mobile-platform':
       return {
         name: `team-${teamName}`,
-        color: '#76E9D0', // light green
+        color: '76E9D0', // light green
         description: `Mobile Platform team`,
       };
 

.github/workflows/add-team-label.yml

@@ -4,8 +4,6 @@ on:
   pull_request:
     types:
       - opened
-      - reopened
-      - synchronize
 
 jobs:
   add-team-label:

.github/workflows/automated-rca.yml

@@ -10,7 +10,7 @@ permissions:
 
 jobs:
   automated-rca:
-    uses: MetaMask/github-tools/.github/workflows/post-gh-rca.yml@af33de88e00adce0e41583beb7954d691ad3e304
+    uses: MetaMask/github-tools/.github/workflows/post-gh-rca.yml@727c028d5fdb2b86f6b1cf205b97fa8e79f7de61
     with:
       google-form-base-url: 'https://docs.google.com/forms/d/e/1FAIpQLSfnfEWH7JCFFtvjCHixgyqJdTU3LW3BmTwdF1dDezTNf7m4ig/viewform'
       repo-owner: ${{ github.repository_owner }}

.github/workflows/check-pr-max-lines.yml

@@ -13,6 +13,10 @@ on:
       - Version-v*
       - release/*
 
+permissions:
+  contents: read
+  pull-requests: write # Required for the called workflow to manage labels
+
 jobs:
   check-pr-max-lines:
     uses: metamask/github-tools/.github/workflows/pr-line-check.yml@main

.github/workflows/create-release-pr-v2.yml → .github/workflows/create-release-pr-legacy.yml

@@ -1,10 +1,10 @@
-name: Create Release Pull Request V2
+name: Create Release Pull Request (Legacy)
 
 on:
   workflow_dispatch:
     inputs:
       base-branch:
-        description: 'The base branch, tag, or SHA for git operations and the pull request (usually `main`)'
+        description: 'The base branch, tag, or SHA for git operations and the pull request. Usually `main`'
         required: true
       semver-version:
         description: 'A semantic version, eg: x.x.x'
@@ -14,13 +14,14 @@ on:
         required: true
 jobs:
   create-release-pr:
-    uses: MetaMask/github-tools/.github/workflows/create-release-pr.yml@dde6d530bebae07d1e50180894ab2cac64170a2c
+    name: Create Release Pull Request using Github Tools
+    uses: MetaMask/github-tools/.github/workflows/create-release-pr.yml@fc6fe1a3fb591f6afa61f0dbbe7698bd50fab9c7
     with:
       platform: extension
       base-branch: ${{ inputs.base-branch }}
       semver-version: ${{ inputs.semver-version }}
       previous-version-tag: Version-v${{ inputs.previous-semver-version }}
-      github-tools-version: dde6d530bebae07d1e50180894ab2cac64170a2c
+      github-tools-version: fc6fe1a3fb591f6afa61f0dbbe7698bd50fab9c7
     secrets:
       # This token needs write permissions to metamask-extension & read permissions to metamask-planning
       github-token: ${{ secrets.PR_TOKEN }}

.github/workflows/create-release-pr.yml

@@ -9,20 +9,20 @@ on:
       semver-version:
         description: 'A semantic version, eg: x.x.x'
         required: true
-      previous-semver-version:
-        description: 'Previous semantic version, eg: x.x.x'
+      previous-version-ref:
+        description: 'Previous release version reference (tag or commit hash). eg: v7.7.0'
         required: true
 
 jobs:
   create-release-pr:
     name: Create Release Pull Request using Github Tools
-    uses: MetaMask/github-tools/.github/workflows/create-release-pr.yml@fc6fe1a3fb591f6afa61f0dbbe7698bd50fab9c7
+    uses: MetaMask/github-tools/.github/workflows/create-release-pr.yml@dde6d530bebae07d1e50180894ab2cac64170a2c
     with:
       platform: extension
       base-branch: ${{ inputs.base-branch }}
       semver-version: ${{ inputs.semver-version }}
-      previous-version-tag: Version-v${{ inputs.previous-semver-version }}
-      github-tools-version: fc6fe1a3fb591f6afa61f0dbbe7698bd50fab9c7
+      previous-version-tag: ${{ inputs.previous-version-ref }}
+      github-tools-version: dde6d530bebae07d1e50180894ab2cac64170a2c
     secrets:
       # This token needs write permissions to metamask-extension & read permissions to metamask-planning
       github-token: ${{ secrets.PR_TOKEN }}

.github/workflows/post-merge-validation.yml

@@ -0,0 +1,15 @@
+name: Post Merge Validation
+
+on:
+  schedule:
+    - cron: '0 7 * * *'
+
+jobs:
+  post-merge-validation-tracker:
+    uses: MetaMask/github-tools/.github/workflows/post-merge-validation.yml@main
+    with:
+      repo: ${{ github.repository }}
+      start_hour_utc: 7
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}
+      google-application-creds-base64: ${{ secrets.GCP_RLS_SHEET_ACCOUNT_BASE64 }}

.github/workflows/publish-release.yml

@@ -8,6 +8,17 @@ jobs:
     name: Publish release
     runs-on: ubuntu-latest
     env:
+      # Publishing tokens
+      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      FIREFOX_BUNDLE_SCRIPT_TOKEN: ${{ secrets.FIREFOX_BUNDLE_SCRIPT_TOKEN }}
+      # Environment variables used in Firefox bundle script
+      # Keep this list synchronized with:
+      # * The environment variables exported by `.github/scripts/bundle.sh`
+      # * The environment variables used by the `run-build` step in `.github/workflows/run-build.yml`.
+      APPLE_BETA_CLIENT_ID: ${{ secrets.APPLE_BETA_CLIENT_ID }}
+      APPLE_FLASK_CLIENT_ID: ${{ secrets.APPLE_FLASK_CLIENT_ID }}
+      APPLE_PROD_CLIENT_ID: ${{ secrets.APPLE_PROD_CLIENT_ID }}
       CONTENTFUL_ACCESS_SPACE_ID: ${{ secrets.CONTENTFUL_ACCESS_SPACE_ID }}
       CONTENTFUL_ACCESS_TOKEN: ${{ secrets.CONTENTFUL_ACCESS_TOKEN }}
       ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
@@ -18,23 +29,27 @@ jobs:
       FIREBASE_MESSAGING_SENDER_ID: ${{ secrets.FIREBASE_MESSAGING_SENDER_ID }}
       FIREBASE_PROJECT_ID: ${{ secrets.FIREBASE_PROJECT_ID }}
       FIREBASE_STORAGE_BUCKET: ${{ secrets.FIREBASE_STORAGE_BUCKET }}
+      GOOGLE_BETA_CLIENT_ID: ${{ secrets.GOOGLE_BETA_CLIENT_ID }}
+      GOOGLE_FLASK_CLIENT_ID: ${{ secrets.GOOGLE_FLASK_CLIENT_ID }}
+      GOOGLE_PROD_CLIENT_ID: ${{ secrets.GOOGLE_PROD_CLIENT_ID }}
       INFURA_BETA_PROJECT_ID: ${{ secrets.INFURA_BETA_PROJECT_ID }}
       INFURA_FLASK_PROJECT_ID: ${{ secrets.INFURA_FLASK_PROJECT_ID }}
       INFURA_PROD_PROJECT_ID: ${{ secrets.INFURA_PROD_PROJECT_ID }}
-      INFURA_PROJECT_ID: ${{ secrets.INFURA_PROJECT_ID }}
-      PUBNUB_PUB_KEY: ${{ secrets.PUBNUB_PUB_KEY }}
+      QUICKNODE_ARBITRUM_URL: ${{ secrets.QUICKNODE_ARBITRUM_URL }}
+      QUICKNODE_AVALANCHE_URL: ${{ secrets.QUICKNODE_AVALANCHE_URL }}
+      QUICKNODE_BASE_URL: ${{ secrets.QUICKNODE_BASE_URL }}
+      QUICKNODE_LINEA_MAINNET_URL: ${{ secrets.QUICKNODE_LINEA_MAINNET_URL }}
+      QUICKNODE_MAINNET_URL: ${{ secrets.QUICKNODE_MAINNET_URL }}
+      QUICKNODE_OPTIMISM_URL: ${{ secrets.QUICKNODE_OPTIMISM_URL }}
+      QUICKNODE_POLYGON_URL: ${{ secrets.QUICKNODE_POLYGON_URL }}
       SEGMENT_BETA_WRITE_KEY: ${{ secrets.SEGMENT_BETA_WRITE_KEY }}
       SEGMENT_FLASK_WRITE_KEY: ${{ secrets.SEGMENT_FLASK_WRITE_KEY }}
       SEGMENT_PROD_WRITE_KEY: ${{ secrets.SEGMENT_PROD_WRITE_KEY }}
-      SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }}
       ANALYTICS_DATA_DELETION_SOURCE_ID: ${{ secrets.ANALYTICS_DATA_DELETION_SOURCE_ID }}
       ANALYTICS_DATA_DELETION_ENDPOINT: ${{ secrets.ANALYTICS_DATA_DELETION_ENDPOINT }}
-      SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
       SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
-      SENTRY_DSN_DEV: ${{ secrets.SENTRY_DSN_DEV }}
+      TZ: 'UTC' # Ensures the bundles are consistent across machine time zones
       VAPID_KEY: ${{ secrets.VAPID_KEY }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      FIREFOX_BUNDLE_SCRIPT_TOKEN: ${{ secrets.FIREFOX_BUNDLE_SCRIPT_TOKEN }}
     steps:
       - name: Checkout and setup environment
         uses: MetaMask/action-checkout-and-setup@v1