Merge branch 'develop' into fix/patch-linea-mainnet-ERC404-fix

Author: sahar-fehri

.circleci/config.yml

@@ -1344,7 +1344,7 @@ jobs:
             - test-artifacts
 
   job-publish-prerelease:
-    executor: node-browsers-small
+    executor: node-browsers-medium
     steps:
       - checkout
       - attach_workspace:
@@ -1384,13 +1384,9 @@ jobs:
           path: test-artifacts
           destination: test-artifacts
       # important: generate lavamoat viz AFTER uploading builds as artifacts
-      # Temporarily disabled until we can update to a version of `sesify` with
-      # this fix included: https://github.com/LavaMoat/LavaMoat/pull/121
-      # Disabled 2024-03-25 due to flakiness.
-      #   - see: https://github.com/MetaMask/metamask-extension/issues/23704
-      #- run:
-      #    name: build:lavamoat-viz
-      #    command: ./.circleci/scripts/create-lavamoat-viz.sh
+      - run:
+          name: build:lavamoat-viz
+          command: ./.circleci/scripts/create-lavamoat-viz.sh
       - store_artifacts:
           path: build-artifacts
           destination: build-artifacts

.circleci/scripts/create-lavamoat-viz.sh

@@ -10,8 +10,33 @@ BUILD_DEST="./build-artifacts/build-viz/"
 # prepare artifacts dir
 mkdir -p "${BUILD_DEST}"
 
-# generate lavamoat debug config
+# generate lavamoat debug configs
 yarn lavamoat:debug:build
+yarn lavamoat:debug:webapp --parallel=false
 
+# generate entries for all present policy dirs under lavamoat/browserify
+# static entry for build-system
+POLICY_DIR_NAMES=$(find lavamoat/browserify -maxdepth 1 -mindepth 1 -type d -printf '%f ')
+
+POLICY_FILE_PATHS_JSON=$(echo -n "${POLICY_DIR_NAMES}" \
+  | jq --raw-input --slurp --indent 0 '
+    rtrimstr(" ")
+    | split(" ")
+    | map({
+        "key": .,
+        "value": {
+          "debug":  ("lavamoat/browserify/"+.+"/policy-debug.json"),
+          "override":"lavamoat/browserify/policy-override.json",
+          "primary":("lavamoat/browserify/"+.+"/policy.json")
+        }
+      })
+    | from_entries
+    |."build-system"= {
+        "debug":   "lavamoat/build-system/policy-debug.json",
+        "override":"lavamoat/build-system/policy-override.json",
+        "primary": "lavamoat/build-system/policy.json"
+      }'
+)
 # generate viz
-npx lavamoat-viz --dest "${BUILD_DEST}"
+# shellcheck disable=SC2086
+yarn lavamoat-viz --dest "${BUILD_DEST}" --policyNames build-system ${POLICY_DIR_NAMES} --policyFilePathsJson "${POLICY_FILE_PATHS_JSON}"

.github/guidelines/LABELING_GUIDELINES.md

@@ -12,7 +12,8 @@ It's essential to ensure that PRs have the appropriate labels before they are co
 - **release-x.y.z**: This label is automatically added to a PR and its linked issues upon the PR's merge. The `x.y.z` in the label represents the version in which the changes from the PR will be included. This label is auto-generated by a [GitHub action](../workflows/add-release-label.yml), which determines the version by incrementing the minor version number from the most recent release. Manual intervention is only required in specific cases. For instance, if a merged PR is cherry-picked into a release branch, typically done to address Release Candidate (RC) bugs, the label would need to be manually updated to reflect the correct version.
 - **regression-prod-x.y.z**: This label is automatically added to a bug report issue at the time of its creation. The `x.y.z` in the label represents the version in which the bug first appeared. This label is auto-generated by a [GitHub action](../workflows/check-template-and-add-labels.yml), which determines the `x.y.z` value based on the version information provided in the bug report issue form. Manual intervention is only necessary under certain circumstances. For example, if a user submits a bug report and specifies the version they are currently using, but the bug was actually introduced in a prior version, the label would need to be manually updated to accurately reflect the version where the bug originated.
 
-### Optional QA labels:
+### Optional labels:
+- **regression-develop**: This label can manually be added to a bug report issue at the time of its creation if the bug is present on development branch (i.e. `develop`), but is not yet released in production.
 - **needs-qa**: If the PR includes a new features, complex testing steps, or large refactors, this label must be added to indicated PR requires a full manual QA prior being merged and added to a release.
 
 ### Labels prohibited when PR needs to be merged:

.github/workflows/add-mmi-reviewer-and-notify.yml

@@ -0,0 +1,48 @@
+name: Notify MMI team via Slack
+
+on:
+  pull_request_target:
+    branches:
+      - develop
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - labeled
+
+jobs:
+  process-label:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - name: Notify MMI team via Slack
+        if: contains(github.event.pull_request.labels.*.name, 'team-mmi')
+        uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844
+        with:
+          status: custom
+          fields: repo,message,commit,author,action
+          payload: |
+            {
+              "text": "A PR with label 'team-mmi' was added and requires review: ${{ github.event.pull_request.html_url }} in ${{ github.repository }}",
+              "attachments": [
+                {
+                  "color": "#2eb886",
+                  "fields": [
+                    {
+                      "title": "Repository",
+                      "value": "${{ github.repository }}",
+                      "short": true
+                    },
+                    {
+                      "title": "PR",
+                      "value": "#${{ github.event.pull_request.number }}",
+                      "short": true
+                    }
+                  ]
+                }
+              ]
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.MMI_LABEL_SLACK_WEBHOOK_URL }}

.github/workflows/add-release-label.yml

@@ -13,7 +13,7 @@ jobs:
     if: github.event.pull_request.merged == true
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
             fetch-depth: 0 # This is needed to checkout all branches
 

.github/workflows/check-pr-labels.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
             fetch-depth: 1 # This retrieves only the latest commit.
 

.github/workflows/check-template-and-add-labels.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 1 # This retrieves only the latest commit.
 

.github/workflows/close-bug-report.yml

@@ -13,7 +13,7 @@ jobs:
     if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'Version-v')
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
             fetch-depth: 1 # This retrieves only the latest commit.
 

.github/workflows/codeql-analysis.yml

@@ -42,7 +42,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +53,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -67,4 +67,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/main.yml

@@ -10,7 +10,7 @@ jobs:
     name: Check workflows
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Download actionlint
         id: download-actionlint
         run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23