feat: Implement New Attributions Update Workflow via GitHub Actions

[cryptodev-2s]

Description

This pull request introduces a GitHub Action workflow dedicated to managing attributions effectively within our project. The key components of this new workflow include:

• Local Scripts for Attributions Management:
  • yarn attributions:generate: Updates attributions to reflect current dependencies.
  • yarn attributions:check: Checks if attributions are up-to-date with the latest changes.
• GitHub Actions:
  • A check to ensure attributions are up-to-date on all pull requests.
  • An action that allows team members to update attributions directly by commenting @metamskbot update-attributions on any PR.

Related issues

Fixes: #1947

Manual testing steps

Locally

• Run yarn attributions:generate to update the attributions file.
• Run yarn attributions:check to ensure all attributions are current.

On GitHub (CI/PR)

• Open and push changes to a PR.
• Intentionally remove an entry from attribution.txt to simulate an error.
• Observe that CI fails due to missing attributions.
• Comment @metmaskbot update-attributions on the PR.
• A bot will respond with a thumbs up, followed by a comment indicating whether the attributions were successfully updated.

For a practical demonstration, refer to the pull request in my fork: PR Demonstration

Note

This functionality is currently operational only on a fork as it depends on the integration of the bot action into the develop branch.

Screenshots/Recordings

Pre-merge author checklist

Pre-merge author checklist

• I’ve followed MetaMask Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@metamask/[email protected]	filesystem	0	106 kB	lgbot
npm/@metamask/[email protected]	filesystem Transitive: environment	+1	258 kB	lgbot
npm/@metamask/[email protected]	None	0	4 kB	lgbot
npm/@metamask/[email protected]	None	0	8.57 kB	lgbot
npm/[email protected]	filesystem	0	132 kB	szwacz
npm/[email protected]	None	0	0 B
npm/[email protected]	environment	+1	28.7 kB	gar
npm/[email protected]	None	0	595 kB	davidchambers
npm/[email protected]	None	0	5.85 kB	kemitchell
npm/[email protected]	Transitive: environment	+3	28.3 kB	rane
npm/[email protected]	None	0	22.2 kB	notatestuser

View full report↗︎

[cryptodev-2s]

@metamaskbot update-attributions

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/[email protected]

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

[cryptodev-2s]

@metamaskbot update-attributions

[cryptodev-2s]

@metamaskbot update-attributions

[cryptodev-2s]

@metamaskbot update-policies

[metamaskbot]

Policies updated

[cryptodev-2s]

@metamaskbot update-policies

[metamaskbot]

Policies updated

[cryptodev-2s]

@metamaskbot update-attributions

[cryptodev-2s]

Currently Lint rule runs on every PR(create, update) once this PR is approved. I will switch the github action to run only on release branches.

[metamaskbot]

Builds ready [03146ea]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (205 ± 213 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	76	126	93	12	6
		domContentLoaded	9	22	12	3	2
		load	43	1685	205	443	213
		domInteractive	9	22	12	3	2

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 38 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[mcmire]

I had two minor suggestions, but this otherwise looks good to me.

[metamaskbot]

Builds ready [9808d4b]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (46 ± 3 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	68	98	79	7	3
		domContentLoaded	8	11	9	1	0
		load	41	67	46	5	3
		domInteractive	8	11	9	1	0

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 48 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[metamaskbot]

Builds ready [ed9b467]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (51 ± 3 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	66	105	81	10	5
		domContentLoaded	9	26	12	4	2
		load	42	66	51	7	3
		domInteractive	9	26	12	4	2

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 48 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[metamaskbot]

Builds ready [66a7d54]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (48 ± 5 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	65	103	80	10	5
		domContentLoaded	8	29	11	4	2
		load	41	84	48	10	5
		domInteractive	8	29	11	4	2

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 48 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[metamaskbot]

Builds ready [c4b6d02]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (177 ± 182 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	71	106	87	9	4
		domContentLoaded	8	20	11	3	1
		load	40	1325	177	379	182
		domInteractive	8	20	11	3	1

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 48 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[metamaskbot]

Builds ready [23ddf2c]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (129 ± 159 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	70	130	88	13	6
		domContentLoaded	9	22	11	3	1
		load	44	1572	129	331	159
		domInteractive	9	22	11	3	1

Bundle size diffs

• background: 0 Bytes (0.00%)
• ui: 48 Bytes (0.00%)
• common: 0 Bytes (0.00%)

[cryptodev-2s]

@SocketSecurity ignore npm/[email protected]