Update module configuration

.depcheckrc.json

@@ -1,6 +1,7 @@
 {
   "ignores": [
     "@lavamoat/allow-scripts",
+    "@lavamoat/preinstall-always-fail",
     "@metamask/auto-changelog",
     "@types/*",
     "prettier-plugin-packagejson",

.gitattributes

@@ -2,7 +2,6 @@
 
 yarn.lock linguist-generated=false
 
-
 # yarn v3
 # See: https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
 /.yarn/releases/** binary

.github/pull_request_template.md

@@ -0,0 +1,45 @@
+## Description
+
+<!--
+Thanks for your contribution! Take a moment to answer these questions so that reviewers have the information they need to properly understand your changes:
+
+* What is the current state of things and why does it need to change?
+* What is the solution your changes offer and how does it work?
+* Are you introducing a breaking change  (renaming, removing, or changing a part of a public-facing interface)?
+-->
+
+## Changes
+
+<!--
+Pretend that you're updating a changelog. How would you categorize your changes?
+
+CATEGORY is one of:
+
+- BREAKING
+- ADDED
+- CHANGED
+- DEPRECATED
+- REMOVED
+- FIXED
+
+(Security-related changes should go through the Security Advisory process.)
+-->
+
+- **<CATEGORY>**: Your change here
+- **<CATEGORY>**: Your change here
+- **<CATEGORY>**: Your change here
+
+## References
+
+<!--
+Are there any issues or other links that reviewers should consult to understand this pull request better? For instance:
+
+* Fixes #12345
+* See: #67890
+-->
+
+## Checklist
+
+- [ ] I've updated the test suite for new or updated code as appropriate
+- [ ] I've updated documentation for new or updated code as appropriate (note: this will usually be JSDoc)
+- [ ] I've highlighted breaking changes using the "BREAKING" category above as appropriate

.github/workflows/build-lint-test.yml

@@ -24,7 +24,7 @@ jobs:
       - prepare
     strategy:
       matrix:
-        node-version: [14.x, 16.x, 18.x, 19.x]
+        node-version: [14.x, 16.x, 18.x, 20.x]
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}
@@ -49,7 +49,7 @@ jobs:
       - prepare
     strategy:
       matrix:
-        node-version: [14.x, 16.x, 18.x, 19.x]
+        node-version: [14.x, 16.x, 18.x, 20.x]
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}
@@ -80,7 +80,7 @@ jobs:
       - prepare
     strategy:
       matrix:
-        node-version: [14.x, 16.x, 18.x, 19.x]
+        node-version: [14.x, 16.x, 18.x, 20.x]
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}

.github/workflows/create-release-pr.yml

@@ -8,7 +8,7 @@ on:
         default: 'main'
         required: true
       release-type:
-        description: 'A SemVer version diff, i.e. major, minor, patch, prerelease etc. Mutually exclusive with "release-version".'
+        description: 'A SemVer version diff, i.e. major, minor, or patch. Mutually exclusive with "release-version".'
         required: false
       release-version:
         description: 'A specific version to bump to. Mutually exclusive with "release-type".'

.github/workflows/main.yml

@@ -27,6 +27,7 @@ jobs:
     name: All jobs completed
     runs-on: ubuntu-latest
     needs:
+      - check-workflows
       - build-lint-test
     outputs:
       PASSED: ${{ steps.set-output.outputs.PASSED }}
@@ -47,3 +48,30 @@ jobs:
           if [[ $passed != "true" ]]; then
             exit 1
           fi
+
+  is-release:
+    # Filtering by `push` events ensures that we only release from the `main` branch, which is a
+    # requirement for our npm publishing environment.
+    # The commit author should always be 'github-actions' for releases created by the
+    # 'create-release-pr' workflow, so we filter by that as well to prevent accidentally
+    # triggering a release.
+    if: github.event_name == 'push' && startsWith(github.event.head_commit.author.name, 'github-actions')
+    needs: all-jobs-pass
+    outputs:
+      IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: MetaMask/action-is-release@v1
+        id: is-release
+
+  publish-release:
+    needs: is-release
+    if: needs.is-release.outputs.IS_RELEASE == 'true'
+    name: Publish release
+    permissions:
+      contents: write
+    uses: ./.github/workflows/publish-release.yml
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+      PUBLISH_DOCS_TOKEN: ${{ secrets.PUBLISH_DOCS_TOKEN }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/publish-docs.yml

@@ -0,0 +1,42 @@
+name: Publish docs to GitHub Pages
+
+on:
+  workflow_call:
+    inputs:
+      destination_dir:
+        required: true
+        type: string
+    secrets:
+      PUBLISH_DOCS_TOKEN:
+        required: true
+
+jobs:
+  publish-docs-to-gh-pages:
+    name: Publish docs to GitHub Pages
+    runs-on: ubuntu-latest
+    environment: github-pages
+    permissions:
+      contents: write
+    steps:
+      - name: Ensure `destination_dir` is not empty
+        if: ${{ inputs.destination_dir == '' }}
+        run: exit 1
+      - name: Checkout the repository
+        uses: actions/checkout@v3
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'yarn'
+      - name: Install npm dependencies
+        run: yarn --immutable
+      - name: Run build script
+        run: yarn build:docs
+      - name: Deploy to `${{ inputs.destination_dir }}` directory of `gh-pages` branch
+        uses: peaceiris/actions-gh-pages@de7ea6f8efb354206b205ef54722213d99067935
+        with:
+          # This `PUBLISH_DOCS_TOKEN` needs to be manually set per-repository.
+          # Look in the repository settings under "Environments", and set this token in the `github-pages` environment.
+          personal_token: ${{ secrets.PUBLISH_DOCS_TOKEN }}
+          publish_dir: ./docs
+          destination_dir: ${{ inputs.destination_dir }}

.github/workflows/publish-main-docs.yml

@@ -0,0 +1,16 @@
+name: Publish main branch docs to GitHub Pages
+
+on:
+  push:
+    branches: main
+
+jobs:
+  publish-to-gh-pages:
+    name: Publish docs to `staging` directory of `gh-pages` branch
+    permissions:
+      contents: write
+    uses: ./.github/workflows/publish-docs.yml
+    with:
+      destination_dir: staging
+    secrets:
+      PUBLISH_DOCS_TOKEN: ${{ secrets.PUBLISH_DOCS_TOKEN }}

.github/workflows/publish-rc-docs.yml

@@ -0,0 +1,28 @@
+name: Publish release candidate docs to GitHub Pages
+
+on:
+  push:
+    branches: 'release/**'
+
+jobs:
+  get-release-version:
+    name: Get release version
+    runs-on: ubuntu-latest
+    outputs:
+      release-version: ${{ steps.release-name.outputs.RELEASE_VERSION }}
+    steps:
+      - name: Extract release version from branch name
+        id: release-name
+        run: |
+          BRANCH_NAME='${{ github.ref_name }}'
+          echo "RELEASE_VERSION=v${BRANCH_NAME#release/}" >> "$GITHUB_OUTPUT"
+  publish-to-gh-pages:
+    name: Publish docs to `rc-${{ needs.get-release-version.outputs.release-version }}` directory of `gh-pages` branch
+    permissions:
+      contents: write
+    uses: ./.github/workflows/publish-docs.yml
+    needs: get-release-version
+    with:
+      destination_dir: rc-${{ needs.get-release-version.outputs.release-version }}
+    secrets:
+      PUBLISH_DOCS_TOKEN: ${{ secrets.PUBLISH_DOCS_TOKEN }}

.github/workflows/publish-release.yml

@@ -1,26 +1,20 @@
 name: Publish Release
 
 on:
-  push:
-    branches: [main]
+  workflow_call:
+    secrets:
+      NPM_TOKEN:
+        required: true
+      SLACK_WEBHOOK_URL:
+        required: true
+      PUBLISH_DOCS_TOKEN:
+        required: true
 
 jobs:
-  is-release:
-    # release merge commits come from github-actions
-    if: startsWith(github.event.commits[0].author.name, 'github-actions')
-    outputs:
-      IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: MetaMask/action-is-release@v1
-        id: is-release
-
   publish-release:
     permissions:
       contents: write
-    if: needs.is-release.outputs.IS_RELEASE == 'true'
     runs-on: ubuntu-latest
-    needs: is-release
     steps:
       - uses: actions/checkout@v3
         with:
@@ -32,6 +26,17 @@ jobs:
       - uses: MetaMask/action-publish-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Install
+        run: |
+          yarn install
+          yarn build
+      - uses: actions/cache@v3
+        id: restore-build
+        with:
+          path: |
+            ./dist
+            ./node_modules/.yarn-state.yml
+          key: ${{ github.sha }}
 
   publish-npm-dry-run:
     runs-on: ubuntu-latest
@@ -40,9 +45,19 @@ jobs:
       - uses: actions/checkout@v3
         with:
           ref: ${{ github.sha }}
+      - uses: actions/cache@v3
+        id: restore-build
+        with:
+          path: |
+            ./dist
+            ./node_modules/.yarn-state.yml
+          key: ${{ github.sha }}
       - name: Dry Run Publish
         # omit npm-token token to perform dry run publish
-        uses: MetaMask/action-npm-publish@v1
+        uses: MetaMask/action-npm-publish@v3
+        with:
+          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          target-name: metamask-npm-publishers
         env:
           SKIP_PREPACK: true
 
@@ -54,11 +69,53 @@ jobs:
       - uses: actions/checkout@v3
         with:
           ref: ${{ github.sha }}
+      - uses: actions/cache@v3
+        id: restore-build
+        with:
+          path: |
+            ./dist
+            ./node_modules/.yarn-state.yml
+          key: ${{ github.sha }}
       - name: Publish
-        uses: MetaMask/action-npm-publish@v1
+        uses: MetaMask/action-npm-publish@v2
         with:
           # This `NPM_TOKEN` needs to be manually set per-repository.
           # Look in the repository settings under "Environments", and set this token in the `npm-publish` environment.
           npm-token: ${{ secrets.NPM_TOKEN }}
         env:
           SKIP_PREPACK: true
+
+  get-release-version:
+    runs-on: ubuntu-latest
+    needs: publish-npm
+    outputs:
+      RELEASE_VERSION: ${{ steps.get-release-version.outputs.RELEASE_VERSION }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.sha }}
+      - id: get-release-version
+        shell: bash
+        run: ./scripts/get.sh ".version" "RELEASE_VERSION"
+
+  publish-release-to-gh-pages:
+    needs: get-release-version
+    name: Publish docs to `${{ needs.get-release-version.outputs.RELEASE_VERSION }}` directory of `gh-pages` branch
+    permissions:
+      contents: write
+    uses: ./.github/workflows/publish-docs.yml
+    with:
+      destination_dir: ${{ needs.get-release-version.outputs.RELEASE_VERSION }}
+    secrets:
+      PUBLISH_DOCS_TOKEN: ${{ secrets.PUBLISH_DOCS_TOKEN }}
+
+  publish-release-to-latest-gh-pages:
+    needs: publish-npm
+    name: Publish docs to `latest` directory of `gh-pages` branch
+    permissions:
+      contents: write
+    uses: ./.github/workflows/publish-docs.yml
+    with:
+      destination_dir: latest
+    secrets:
+      PUBLISH_DOCS_TOKEN: ${{ secrets.PUBLISH_DOCS_TOKEN }}