From 4af6751c41ecff315ab6768d569b13a6d6e31f98 Mon Sep 17 00:00:00 2001 From: mikesposito Date: Wed, 20 May 2026 17:21:29 +0100 Subject: [PATCH 1/9] feat: add `is-snap` argument to `publish-preview.yml` workflow --- .github/workflows/publish-preview.yml | 20 +++++++++++++++++--- CHANGELOG.md | 6 ++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index f5570a80..010d7389 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -23,6 +23,11 @@ on: type: boolean required: false default: true + is-snap: + description: 'Whether the consumer is a Snap. When true, the build runs before manifests are renamed so that snap artifacts (e.g. dist/bundle.js, snap.manifest.json) capture the original package name.' + type: boolean + required: false + default: false environment: description: 'GitHub environment for the publish job (e.g., default-branch). Empty = no gate.' type: string @@ -100,7 +105,15 @@ jobs: id: commit-sha run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - name: Prepare preview builds + - name: Install dependencies (snap, pre-build) + if: ${{ inputs.is-snap }} + run: yarn install --no-immutable + + - name: Build (snap, pre-rename) + if: ${{ inputs.is-snap }} + run: ${{ inputs.build-command }} + + - name: Prepare preview manifests env: NPM_SCOPE: ${{ inputs.npm-scope }} COMMIT_SHA: ${{ steps.commit-sha.outputs.COMMIT_SHA }} @@ -139,10 +152,11 @@ jobs: prepare_manifest package.json fi - echo "Installing dependencies..." - yarn install --no-immutable + - name: Install dependencies + run: yarn install --no-immutable - name: Build + if: ${{ !inputs.is-snap }} run: ${{ inputs.build-command }} - name: Upload build artifacts (monorepo) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5507b133..d65a097e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Add `is-snap` input to the `publish-preview` reusable workflow + - When set to `true`, the workflow installs dependencies and runs the build _before_ renaming workspace manifests to the preview NPM scope. This ensures snap artifacts (e.g. `dist/bundle.js`, `snap.manifest.json` and its `source.shasum`) are produced with the original `@metamask/...` package name. + - Defaults to `false` to preserve existing behavior for non-snap consumers. + ## [1.9.4] ### Fixed From 989eead933cc4e6e9713755c0638824bd50ff0eb Mon Sep 17 00:00:00 2001 From: mikesposito Date: Wed, 20 May 2026 18:29:09 +0100 Subject: [PATCH 2/9] feat: add BUILD_ENV secret to publish-preview workflow Allow callers to pass arbitrary build-time environment variables to the build step via a JSON object passed as a secret. This is needed by snap consumers whose build commands require additional configuration (e.g. API URLs, RPC endpoints) to produce valid preview builds. --- .github/workflows/publish-preview.yml | 5 +++++ CHANGELOG.md | 2 ++ 2 files changed, 7 insertions(+) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index 010d7389..0d448e03 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -51,6 +51,9 @@ on: secrets: PUBLISH_PREVIEW_NPM_TOKEN: required: true + BUILD_ENV: + description: 'JSON object of environment variables to pass to the build step (e.g. ''{"FOO":"bar","API_URL":"https://..."}''). Use this for build-time configuration and secrets needed by the build command.' + required: false jobs: is-fork-pull-request: @@ -111,6 +114,7 @@ jobs: - name: Build (snap, pre-rename) if: ${{ inputs.is-snap }} + env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} run: ${{ inputs.build-command }} - name: Prepare preview manifests @@ -157,6 +161,7 @@ jobs: - name: Build if: ${{ !inputs.is-snap }} + env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} run: ${{ inputs.build-command }} - name: Upload build artifacts (monorepo) diff --git a/CHANGELOG.md b/CHANGELOG.md index d65a097e..26e55194 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add `is-snap` input to the `publish-preview` reusable workflow - When set to `true`, the workflow installs dependencies and runs the build _before_ renaming workspace manifests to the preview NPM scope. This ensures snap artifacts (e.g. `dist/bundle.js`, `snap.manifest.json` and its `source.shasum`) are produced with the original `@metamask/...` package name. - Defaults to `false` to preserve existing behavior for non-snap consumers. +- Add `BUILD_ENV` secret input to the `publish-preview` reusable workflow + - Accepts a JSON object of environment variables that will be passed to the build step (e.g. `'{"API_URL":"https://...","LOG_LEVEL":"all"}'`). Useful when the build command needs additional configuration or secret values to produce a valid preview build. ## [1.9.4] From 8192f4bff3569b30f26a6d62e20c08e6b9631263 Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Tue, 9 Jun 2026 11:50:30 +0200 Subject: [PATCH 3/9] Rename parameter to `rename-after-install-and-build` Co-authored-by: Elliot Winkler --- .github/workflows/publish-preview.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index 0d448e03..e2610a36 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -23,8 +23,8 @@ on: type: boolean required: false default: true - is-snap: - description: 'Whether the consumer is a Snap. When true, the build runs before manifests are renamed so that snap artifacts (e.g. dist/bundle.js, snap.manifest.json) capture the original package name.' + rename-after-install-and-build: + description: 'Governs where in the workflow that packages in the repo are renamed to use the preview build scope. If true, this step runs after the install and build steps; if false (default), it runs before. This option is mostly for Snaps so that artifacts (e.g. dist/bundle.js, snap.manifest.json) capture the original package name, not the preview build name.' type: boolean required: false default: false From b97ae023a5062bdf871f5fb447c4dd34b191ccfc Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Tue, 9 Jun 2026 11:50:49 +0200 Subject: [PATCH 4/9] Update CHANGELOG.md Co-authored-by: Elliot Winkler --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26e55194..53486ae8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- Add `is-snap` input to the `publish-preview` reusable workflow +- Add `is-snap` input to the `publish-preview` reusable workflow ([#254](https://github.com/MetaMask/github-tools/pull/254)) - When set to `true`, the workflow installs dependencies and runs the build _before_ renaming workspace manifests to the preview NPM scope. This ensures snap artifacts (e.g. `dist/bundle.js`, `snap.manifest.json` and its `source.shasum`) are produced with the original `@metamask/...` package name. - Defaults to `false` to preserve existing behavior for non-snap consumers. - Add `BUILD_ENV` secret input to the `publish-preview` reusable workflow From 6f9ca8c684234ec8f3c10472ee3c270469accee1 Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Tue, 9 Jun 2026 11:54:59 +0200 Subject: [PATCH 5/9] update conditions with new input name Co-authored-by: Michele Esposito <34438276+mikesposito@users.noreply.github.com> --- .github/workflows/publish-preview.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index e2610a36..1a027f8e 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -109,11 +109,11 @@ jobs: run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - name: Install dependencies (snap, pre-build) - if: ${{ inputs.is-snap }} + if: ${{ inputs.rename-after-install-and-build }} run: yarn install --no-immutable - name: Build (snap, pre-rename) - if: ${{ inputs.is-snap }} + if: ${{ inputs.rename-after-install-and-build }} env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} run: ${{ inputs.build-command }} @@ -160,7 +160,7 @@ jobs: run: yarn install --no-immutable - name: Build - if: ${{ !inputs.is-snap }} + if: ${{ !inputs.rename-after-install-and-build }} env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} run: ${{ inputs.build-command }} From 64bfaec8bb792d2dd487edca6338a2239af33db5 Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Tue, 9 Jun 2026 11:55:38 +0200 Subject: [PATCH 6/9] update CHNGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53486ae8..653e279f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added -- Add `is-snap` input to the `publish-preview` reusable workflow ([#254](https://github.com/MetaMask/github-tools/pull/254)) +- Add `rename-after-install-and-build` input to the `publish-preview` reusable workflow ([#254](https://github.com/MetaMask/github-tools/pull/254)) - When set to `true`, the workflow installs dependencies and runs the build _before_ renaming workspace manifests to the preview NPM scope. This ensures snap artifacts (e.g. `dist/bundle.js`, `snap.manifest.json` and its `source.shasum`) are produced with the original `@metamask/...` package name. - Defaults to `false` to preserve existing behavior for non-snap consumers. - Add `BUILD_ENV` secret input to the `publish-preview` reusable workflow From b94807d6cec4cd7ef9c0eb5cb8af1c5b6c58ecec Mon Sep 17 00:00:00 2001 From: mikesposito Date: Thu, 11 Jun 2026 10:03:30 +0200 Subject: [PATCH 7/9] add job to mask build env values --- .github/workflows/publish-preview.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index 1a027f8e..798d9168 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -112,6 +112,18 @@ jobs: if: ${{ inputs.rename-after-install-and-build }} run: yarn install --no-immutable + - name: Mask build environment values + env: + BUILD_ENV: ${{ secrets.BUILD_ENV }} + run: | + if [[ -n "$BUILD_ENV" ]]; then + while IFS= read -r line; do + if [[ -n "$line" ]]; then + echo "::add-mask::$line" + fi + done < <(jq --raw-output '.[] | tostring' <<< "$BUILD_ENV") + fi + - name: Build (snap, pre-rename) if: ${{ inputs.rename-after-install-and-build }} env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} From 737777680bbd863d3fcf7e0110fe05951862a997 Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Thu, 11 Jun 2026 10:04:47 +0200 Subject: [PATCH 8/9] update job titles Co-authored-by: Maarten Zuidhoorn --- .github/workflows/publish-preview.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index 798d9168..fcb6a4e1 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -124,7 +124,7 @@ jobs: done < <(jq --raw-output '.[] | tostring' <<< "$BUILD_ENV") fi - - name: Build (snap, pre-rename) + - name: Build (pre-rename) if: ${{ inputs.rename-after-install-and-build }} env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} run: ${{ inputs.build-command }} @@ -171,7 +171,7 @@ jobs: - name: Install dependencies run: yarn install --no-immutable - - name: Build + - name: Build (post-rename) if: ${{ !inputs.rename-after-install-and-build }} env: ${{ fromJSON(secrets.BUILD_ENV || '{}') }} run: ${{ inputs.build-command }} From 9994d8ba62e5a2a3ba881e23f8e773f3b38b7472 Mon Sep 17 00:00:00 2001 From: Michele Esposito <34438276+mikesposito@users.noreply.github.com> Date: Thu, 11 Jun 2026 10:05:07 +0200 Subject: [PATCH 9/9] Apply suggestion from @Mrtenz Co-authored-by: Maarten Zuidhoorn --- .github/workflows/publish-preview.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-preview.yml b/.github/workflows/publish-preview.yml index fcb6a4e1..b39e94f4 100644 --- a/.github/workflows/publish-preview.yml +++ b/.github/workflows/publish-preview.yml @@ -108,7 +108,7 @@ jobs: id: commit-sha run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - name: Install dependencies (snap, pre-build) + - name: Install dependencies (pre-build) if: ${{ inputs.rename-after-install-and-build }} run: yarn install --no-immutable