Skip to content
Closed

update #1348

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"image": "mcr.microsoft.com/devcontainers/universal:2",
"features": {}
}
15 changes: 15 additions & 0 deletions .github/FUNDING.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# These are supported funding model platforms

github: semsemq Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: Replace with a single Open Collective email soso_0089@hotmail.com

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: FUNDING.yml Template Conflict Exposes Personal Data

The FUNDING.yml file contains template placeholder text mixed with actual values, such as a GitHub username and Open Collective email. This creates invalid YAML syntax and malformed configuration, inadvertently committing personal information alongside template instructions.

Fix in Cursor Fix in Web

ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
polar: # Replace with a single Polar username
buy_me_a_coffee: # Replace with a single Buy Me a Coffee username
thanks_dev: # Replace with a single thanks.dev username
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
54 changes: 54 additions & 0 deletions .github/workflows/base.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
on:
push:
branches:
- main
- release/*

on:
pull_request:
branches:
- main
on:
schedule:
- cron: "0 2 * * 1-5"
on:
workflow_dispatch:

jobs:
my_job:
name: deploy to staging
runs-on: ubuntu-22.04

- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: '20.x'

- name: Install Dependencies
run: npm install

jobs:
test:
name: Test on node ${{ matrix.node_version }} and ${{ matrix.os }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
node_version: ['18.x', '20.x']
os: [ubuntu-latest, windows-latest, macOS-latest]

steps:
- uses: actions/checkout@v4
- name: Use Node.js ${{ matrix.node_version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node_version }}

- name: npm install, build and test
run: |
npm install
npm run build --if-present
npm test

steps:
- run: npm publish
if: github.event_name == 'push'
3 changes: 2 additions & 1 deletion .github/workflows/gh-pages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ jobs:
- name: Deploy dapps
uses: peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305
with:
personal_token: ${{ secrets.DEPLOY_TOKEN }}
personal_token: ${{ 183314ea2ae482e13a6fbe583f523fdd9768759f }}

# force_orphan: true # removing for now as it is incompatible with keep_files
keep_files: true # Important to keep the rest of the files deployed previously
publish_dir: ./deployments
5 changes: 3 additions & 2 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ jobs:
needs: check-workflows
uses: ./.github/workflows/lint-build-test.yml
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
CODECOV_TOKEN: ${{ 183314ea2ae482e13a6fbe583f523fdd9768759f
}}
Comment thread
Semsemq marked this conversation as resolved.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Hardcoded Tokens and YAML Syntax Error

The CODECOV_TOKEN in main.yml and GITHUB_TOKEN in publish-preview.yml are hardcoded to a literal value 183314ea2ae482e13a6fbe583f523fdd9768759f instead of using secure secret references. This exposes sensitive credentials, creating a security vulnerability and breaking related integrations. There's also a YAML syntax error in main.yml due to a stray }}.

Additional Locations (1)

Fix in Cursor Fix in Web


sonarcloud-scan:
name: Run SonarCloud Scan
Expand Down Expand Up @@ -79,4 +80,4 @@ jobs:
passed="${{ needs.all-jobs-complete.outputs.passed }}"
if [[ $passed != "true" ]]; then
exit 1
fi
fi
4 changes: 3 additions & 1 deletion .github/workflows/publish-preview.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ jobs:
id: is-fork
run: echo "IS_FORK=$(gh pr view --json isCrossRepository --jq '.isCrossRepository' "${PR_NUMBER}" )" >> "$GITHUB_OUTPUT"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ 183314ea2ae482e13a6fbe583f523fdd9768759f }}
Comment thread
Semsemq marked this conversation as resolved.


PR_NUMBER: ${{ github.event.issue.number }}
publish-preview:
name: Publish build preview
Expand Down
32 changes: 32 additions & 0 deletions .github/workflows/webpack.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: NodeJS with Webpack

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]

jobs:
build:
runs-on: ubuntu-latest

strategy:
matrix:
node-version: [18.x, 20.x, 22.x]

steps:
- uses: actions/checkout@v4

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
Comment thread
Semsemq marked this conversation as resolved.

- name: Build
run: |
npm install
npx webpack

permissions:
contents: read and write # access to check out code and install dependencies

12 changes: 6 additions & 6 deletions packages/devnext/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@
"@fortawesome/react-fontawesome": "^0.2.0",
"@metamask/design-tokens": "^1.12.0",
"@metamask/providers": "16.1.0",
"@metamask/sdk": "workspace:^",
"@metamask/sdk-communication-layer": "workspace:^",
"@metamask/sdk-react": "workspace:^",
"@metamask/sdk-react-ui": "workspace:^",
"@metamask/sdk-ui": "workspace:^",
"@metamask/sdk": "0.1.0",
"@metamask/sdk-communication-layer": "0.1.0",
"@metamask/sdk-react": "0.3.1",
"@metamask/sdk-react-ui": "0.5.6",
"@metamask/sdk-ui": "0.1.3",
"@tanstack/query-core": "^5.52.2",
"@tanstack/react-query": "^5.52.2",
"@types/node": "18.15.3",
Expand All @@ -42,7 +42,7 @@
"raf": "^3.4.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-native": "^0.72.4",
"react-native": "^0.72.11",
"react-native-gesture-handler": "^2.12.1",
"react-native-jazzicon": "^0.1.2",
"react-native-paper": "^5.11.2",
Expand Down
10 changes: 5 additions & 5 deletions packages/devreact/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
"version": "0.1.0",
"private": true,
"dependencies": {
"@metamask/sdk": "workspace:^",
"@metamask/sdk-communication-layer": "workspace:^",
"@metamask/sdk-react": "workspace:^",
"@metamask/sdk-ui": "workspace:^",
"@metamask/sdk": "0.1.0",
"@metamask/sdk-communication-layer": "0.1.0",
"@metamask/sdk-react": "0.3.1",
"@metamask/sdk-ui": "0.1.3",
"@react-native/assets-registry": "^0.74.0",
"@testing-library/jest-dom": "^5.17.0",
"@testing-library/user-event": "^13.5.0",
Expand All @@ -16,7 +16,7 @@
"expo-asset": "^8.10.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-native": "^0.72.4",
"react-native": "^0.72.11",
"react-native-device-info": "^10.11.0",
"react-native-gesture-handler": "^2.13.4",
"react-native-jazzicon": "^0.1.2",
Expand Down