Merge branch 'main' into test-patch-lf

Refs https://chromium-review.googlesource.com/c/chromium/src/+/5569748
Refs https://issues.chromium.org/issues/344606399

.circleci/.gitignore

@@ -0,0 +1 @@
+config-staging

.circleci/config.yml

@@ -0,0 +1,79 @@
+version: 2.1
+
+# Required for dynamic configuration
+setup: true
+
+# Orbs
+orbs:
+  path-filtering: circleci/path-filtering@0.1.0
+  continuation: circleci/continuation@0.2.0
+
+# All input parameters to pass to build config
+parameters:
+  run-docs-only:
+    type: boolean
+    default: false
+
+  upload-to-storage:
+    type: string
+    default: '1'
+
+  run-build-linux:
+    type: boolean
+    default: false
+
+  run-build-mac:
+    type: boolean
+    default: false
+
+  run-linux-publish:
+    type: boolean
+    default: false
+
+  linux-publish-arch-limit:
+    type: enum
+    default: all
+    enum: ["all", "arm", "arm64", "x64", "ia32"]
+
+  run-macos-publish:
+    type: boolean
+    default: false
+
+  macos-publish-arch-limit:
+    type: enum
+    default: all
+    enum: ["all", "osx-x64", "osx-arm64", "mas-x64", "mas-arm64"]
+
+jobs:
+  generate-config:
+    docker:
+      - image: cimg/node:16.14
+    steps:
+      - checkout
+      - path-filtering/set-parameters:
+          base-revision: main
+          mapping: |
+            ^((?!docs/).)*$ run-build-mac true
+            ^((?!docs/).)*$ run-build-linux true
+            docs/.* run-docs-only true
+            ^((?!docs/).)*$ run-docs-only false
+      - run:
+          command: |
+            cd .circleci/config
+            yarn
+            export CIRCLECI_BINARY="$HOME/circleci"
+            curl -fLSs https://raw.githubusercontent.com/CircleCI-Public/circleci-cli/main/install.sh | DESTDIR=$CIRCLECI_BINARY bash
+            node build.js
+          name: Pack config.yml
+      - run:
+          name: Set params
+          command: node .circleci/config/params.js
+      - continuation/continue:
+          configuration_path: .circleci/config-staging/built.yml
+          parameters: /tmp/pipeline-parameters.json
+
+# Initial setup workflow
+workflows:
+  setup:
+    jobs:
+      - generate-config

.circleci/config/build.js

@@ -0,0 +1,34 @@
+const cp = require('child_process');
+const fs = require('fs-extra');
+const path = require('path');
+const yaml = require('js-yaml');
+
+const STAGING_DIR = path.resolve(__dirname, '..', 'config-staging');
+
+function copyAndExpand(dir = './') {
+    const absDir = path.resolve(__dirname, dir);
+    const targetDir = path.resolve(STAGING_DIR, dir);
+
+    if (!fs.existsSync(targetDir)) {
+        fs.mkdirSync(targetDir);
+    }
+
+    for (const file of fs.readdirSync(absDir)) {
+        if (!file.endsWith('.yml')) {
+            if (fs.statSync(path.resolve(absDir, file)).isDirectory()) {
+                copyAndExpand(path.join(dir, file));
+            }
+            continue;
+        }
+
+        fs.writeFileSync(path.resolve(targetDir, file), yaml.dump(yaml.load(fs.readFileSync(path.resolve(absDir, file), 'utf8')), {
+            noRefs: true,
+        }));
+    }
+}
+
+if (fs.pathExists(STAGING_DIR)) fs.removeSync(STAGING_DIR);
+copyAndExpand();
+
+const output = cp.spawnSync(process.env.CIRCLECI_BINARY || 'circleci', ['config', 'pack', STAGING_DIR]);
+fs.writeFileSync(path.resolve(STAGING_DIR, 'built.yml'), output.stdout.toString());

.circleci/config/jobs/lint.yml

@@ -0,0 +1,51 @@
+executor:
+  name: linux-docker
+  size: medium
+steps:
+  - checkout:
+      path: src/electron
+  - run:
+      name: Setup third_party Depot Tools
+      command: |
+        # "depot_tools" has to be checkout into "//third_party/depot_tools" so pylint.py can a "pylintrc" file.
+        git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
+        echo 'export PATH="$PATH:'"$PWD"'/src/third_party/depot_tools"' >> $BASH_ENV
+  - run:
+      name: Download GN Binary
+      command: |
+        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
+
+        cipd ensure -ensure-file - -root . \<<-CIPD
+        \$ServiceURL https://chrome-infra-packages.appspot.com/
+        @Subdir src/buildtools/linux64
+        gn/gn/linux-amd64 $gn_version
+        CIPD
+
+        echo 'export CHROMIUM_BUILDTOOLS_PATH="'"$PWD"'/src/buildtools"' >> $BASH_ENV
+  - run:
+      name: Download clang-format Binary
+      command: |
+        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+
+        mkdir -p src/buildtools
+        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+
+        gclient runhooks --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
+  - run:
+      name: Run Lint
+      command: |
+        # gn.py tries to find a gclient root folder starting from the current dir.
+        # When it fails and returns "None" path, the whole script fails. Let's "fix" it.
+        touch .gclient
+        # Another option would be to checkout "buildtools" inside the Electron checkout,
+        # but then we would lint its contents (at least gn format), and it doesn't pass it.
+
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
+  - run:
+      name: Run Script Typechecker
+      command: |
+        cd src/electron
+        node script/yarn tsc -p tsconfig.script.json

.circleci/config/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "@electron/circleci-config",
+  "version": "0.0.0",
+  "private": true,
+  "license": "MIT",
+  "dependencies": {
+    "fs-extra": "^10.1.0",
+    "js-yaml": "^4.1.0"
+  }
+}

.circleci/config/params.js

@@ -0,0 +1,12 @@
+const fs = require('fs');
+
+const PARAMS_PATH = '/tmp/pipeline-parameters.json';
+
+const content = JSON.parse(fs.readFileSync(PARAMS_PATH, 'utf-8'));
+
+// Choose resource class for linux hosts
+const currentBranch = process.env.CIRCLE_BRANCH || '';
+content['large-linux-executor'] = /^pull\/[0-9-]+$/.test(currentBranch) ? '2xlarge' : 'electronjs/aks-linux-large';
+content['medium-linux-executor'] = /^pull\/[0-9-]+$/.test(currentBranch) ? 'medium' : 'electronjs/aks-linux-medium';
+
+fs.writeFileSync(PARAMS_PATH, JSON.stringify(content));

.circleci/config/yarn.lock

@@ -0,0 +1,43 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+argparse@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
+  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
+
+fs-extra@^10.1.0:
+  version "10.1.0"
+  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-10.1.0.tgz#02873cfbc4084dde127eaa5f9905eef2325d1abf"
+  integrity sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==
+  dependencies:
+    graceful-fs "^4.2.0"
+    jsonfile "^6.0.1"
+    universalify "^2.0.0"
+
+graceful-fs@^4.1.6, graceful-fs@^4.2.0:
+  version "4.2.10"
+  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
+  integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
+
+js-yaml@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
+  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
+  dependencies:
+    argparse "^2.0.1"
+
+jsonfile@^6.0.1:
+  version "6.1.0"
+  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae"
+  integrity sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==
+  dependencies:
+    universalify "^2.0.0"
+  optionalDependencies:
+    graceful-fs "^4.1.6"
+
+universalify@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.0.tgz#75a4984efedc4b08975c5aeb73f530d02df25717"
+  integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==

.circleci/fix-known-hosts.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+
+mkdir -p ~/.ssh
+echo "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=" >> ~/.ssh/known_hosts

.claude/.gitignore

@@ -1 +0,0 @@
-settings.local.json

.claude/settings.json

@@ -1,24 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(e sync)",
-      "Bash(e patches --list-targets:*)",
-      "Bash(git add:*)",
-      "Bash(git am:*)",
-      "Bash(git commit:*)",
-      "Bash(git log:*)",
-      "Bash(git show:*)",
-      "Bash(e patches:*)",
-      "Bash(e sync:*)",
-      "Skill(electron-chromium-upgrade)",
-      "Read(*)",
-      "Bash(echo:*)",
-      "Bash(e build:*)",
-      "Bash(tee:*)",
-      "Bash(git diff:*)",
-      "Bash(git rev-parse:*)"
-    ],
-    "deny": [],
-    "ask": []
-  }
-}

.claude/skills/electron-chromium-upgrade/SKILL.md

@@ -1,181 +0,0 @@
----
-name: electron-chromium-upgrade
-description: Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.
----
-
-# Electron Chromium Upgrade: Phase One
-
-## Summary
-
-Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
-
-## Success Criteria
-
-Phase One is complete when:
-- `e sync --3` exits with code 0 (no patch failures)
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met.
-
-**CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
-
-## Context
-
-The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `..` (parent): Chromium repo (where most patches apply)
-- `patches/`: Patch files organized by target
-- `docs/development/patches.md`: Patch system documentation
-
-## Pre-flight Checks
-
-Run these once at the start of each upgrade session:
-
-1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `..` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
-2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
-
-## Workflow
-
-1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
-2. If succeeds → skip to step 5
-3. If patch fails:
-   - Identify target repo and patch from error output
-   - Analyze failure (see references/patch-analysis.md)
-   - Fix conflict in target repo's working directory
-   - Run `git am --continue` in affected repo
-   - Repeat until all patches for that repo apply
-   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches {target}` to export fixes
-   - Return to step 1
-4. When `e sync --3` succeeds, run `e patches all`
-5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e sync --3` | Clone deps and apply patches with 3-way merge |
-| `git am --continue` | Continue after resolving conflict (run in target repo) |
-| `e patches {target}` | Export commits from target repo to patch files |
-| `e patches all` | Export all patches from all targets |
-| `e patches {target} --commit-updates` | Export patches and auto-commit trivial changes |
-| `e patches --list-targets` | List targets and config paths |
-
-## Patch System Mental Model
-
-```
-patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
-                          ←  [e patches]   ←
-```
-
-## When to Edit Patches
-
-| Situation | Action |
-|-----------|--------|
-| During active `git am` conflict | Fix in target repo, then `git am --continue` |
-| Modifying patch outside conflict | Edit `.patch` file directly |
-| Creating new patch (rare, avoid) | Commit in target repo, then `e patches {target}` |
-
-Fix existing patches 99% of the time rather than creating new ones.
-
-## Patch Fixing Rules
-
-1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
-2. **Never change TODO assignees**: `TODO(name)` must retain original name
-3. **Update descriptions**: If upstream changed (e.g., `DCHECK` → `CHECK_IS_TEST`), update patch commit message to reflect current state
-
-# Electron Chromium Upgrade: Phase Two
-
-## Summary
-
-Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
-
-Run Phase Two immediately after Phase One is complete.
-
-## Success Criteria
-
-Phase Two is complete when:
-- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
-- `e start --version` has been run to check Electron launches
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
-
-## Context
-
-The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions. Chromium APIs frequently are renamed or refactored. In every case the code in Electron must be updated to account for the change in Chromium, strongly avoid making changes to the code in chromium to fix Electrons build.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `..` (parent): Chromium repo (do not touch this code to fix build issues, just read it to obtain context)
-
-## Workflow
-
-1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
-2. If succeeds → skip to step 6
-3. If build fails:
-    - Identify underlying file in "electron" from the compilation error message
-    - Analyze failure
-    - Fix build issue by adapting Electron's code for the change in Chromium
-    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
-        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/chromium_src/chrome/process_singleton_posix.o" CXX obj/electron/chromium_src/chrome/process_singleton_posix.o` the target name is `obj/electron/chromium_src/chrome/process_singleton_posix.o`
-    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-    - Return to step 1
-4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
-    - Look for other modified `.patch` files that only have index/hunk header changes
-    - These are dependent patches affected by your fix
-    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
-5. Return to step 1
-6. When `e build` succeeds, run `e start --version`
-7. Check if you have any pending changes in the Chromium repo by running `git status`
-    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
-| `e build -t {target}.o` | Build just one specific target to verify a fix |
-| `e start --version` | Validate Electron launches after successful build |
-
-## Two Types of Build Fixes
-
-### A. Patch Fixes (for files in chromium_src or patched Chromium files)
-
-When the error is in a file that Electron patches (check with `grep -l "filename" patches/chromium/*.patch`):
-
-1. Edit the file in the Chromium source tree (e.g., `/src/chrome/browser/...`)
-2. Create a fixup commit targeting the original patch commit:
-    ```bash
-    cd ..  # to chromium repo
-    git add <modified-file>
-    git commit --fixup=<original-patch-commit-hash>
-    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
-3. Export the updated patch: `e patches chromium`
-4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
-
-To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
-
-The base commit for rebase is the Chromium commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
-
-### B. Electron Code Fixes (for files in shell/, electron/, etc.)
-
-When the error is in Electron's own source code:
-
-1. Edit files directly in the electron repo
-2. Commit directly (no patch export needed)
-
-# Critical: Read Before Committing
-
-- Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
-- Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
-
-# Skill Directory Structure
-This skill has additional reference files in `references/`:
-- patch-analysis.md - How to analyze patch failures
-- phase-one-commit-guidelines.md - Commit format for Phase One
-- phase-two-commit-guidelines.md - Commit format for Phase Two
-
-Read these when referenced in the workflow steps.

.claude/skills/electron-chromium-upgrade/references/patch-analysis.md

@@ -1,119 +0,0 @@
-# Analyzing Patch Failures
-
-## Investigation Steps
-
-1. **Read the patch file** at `patches/{target}/{patch_name}.patch`
-
-2. **Examine current state** of the file in Chromium at mentioned line numbers
-
-3. **Check recent upstream changes:**
-   ```bash
-   cd ..  # or relevant target repo
-   git log --oneline -10 -- {file}
-   ```
-
-4. **Find Chromium CL** in commit messages:
-   ```
-   Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/{CL_NUMBER}
-   ```
-
-## Critical: Resolve by Intent, Not by Mechanical Merge
-
-When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
-
-1. **Understand the upstream CL's full scope** — not just the conflicting hunk.
-   Run `git show <commit> --stat` and read diffs for all affected files.
-   Upstream may have removed structs, members, or methods that the patch
-   references in other hunks or files.
-
-2. **Re-read the patch commit message** to understand its *intent* — what
-   behavior does it need to preserve or add?
-
-3. **Implement the intent against the new upstream code.** If the patch's
-   purpose is "add a feature flag guard", add only the guard — don't also
-   restore old code inside the guard that upstream separately removed.
-
-### Lesson: Upstream Removals Break Patch References
-
-- **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
-- **Strategy:** After identifying the upstream CL, check its full diff for
-  removed types, members, and methods. If the patch's old code references
-  something removed, the resolution must use the new upstream mechanism.
-- **Evidence:** An upstream CL removed a `HeadlessModeWindow` struct from a
-  header, but the conflict was only in a `.mm` file. Mechanically keeping the
-  patch's old line (`headless_mode_window_ = ...`) produced code referencing
-  a nonexistent type — caught only on review, not at patch-apply time.
-
-### Lesson: Separate Patch Purpose from Patch Implementation
-
-- **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
-- **Strategy:** Identify the *minimal* change the patch needs. If the patch
-  wraps code in a conditional, only add the conditional — don't restore old
-  code that was inside the conditional but was separately cleaned up upstream.
-- **Evidence:** An occlusion patch needed only a feature flag check, but the
-  old patch also contained a version check that upstream intentionally removed.
-  Mechanically preserving the old patch code re-added the removed check.
-
-### Lesson: Finish the Adaptation at Conflict Time
-
-- **Trigger:** A patch conflict involves an upstream API removal or replacement
-- **Strategy:** When resolving the conflict, fully adapt the patch to use the
-  new API in the same commit. Don't remove the old code and leave behind stale
-  references that will "be fixed in Phase Two." Each patch fix commit should be
-  a complete resolution.
-- **Evidence:** A safestorage patch conflicted because Chromium removed Keychain V1.
-  The conflict was resolved by removing V1 hunks, but the remaining code still
-  called V1 methods (`FindGenericPassword` with 3 args, `ItemDelete` with
-  `SecKeychainItemRef`). These should have been adapted to V2 APIs in the same
-  commit, not deferred.
-
-## Common Failure Patterns
-
-| Pattern | Cause | Solution |
-|---------|-------|----------|
-| Context lines don't match | Surrounding code changed | Update context in patch |
-| File not found | File renamed/moved | Update patch target path |
-| Function not found | Refactored upstream | Find new function name |
-| `DCHECK` → `CHECK_IS_TEST` | Macro change | Update to new macro |
-| Deleted code | Feature removed | Verify patch still needed |
-
-## Using Git Blame
-
-To find the CL that changed specific lines:
-
-```bash
-cd ..
-git blame -L {start},{end} -- {file}
-git log -1 {commit_sha}  # Look for Reviewed-on: line
-```
-
-## Verifying Patch Necessity
-
-Before deleting a patch, verify:
-1. The patched functionality was intentionally removed upstream
-2. Electron doesn't need the patch for other reasons
-3. No other code depends on the patched behavior
-
-When in doubt, keep the patch and adapt it.
-
-## Phase Two: Build-Time Patch Issues
-
-Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
-
-1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
-2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
-
-### Finding Which Patch Affects a File
-
-```bash
-grep -l "filename.cc" patches/chromium/*.patch
-```
-
-Matching Existing Patch Patterns
-
-When fixing build errors in patched files, examine the existing patch to understand its style:
-- Does it use #if 0 / #endif guards?
-- Does it use #if BUILDFLAG(...) conditionals?
-- What's the pattern for disabled functionality?
-
-Apply fixes consistent with the existing patch style.

.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md

@@ -1,102 +0,0 @@
-# Phase One Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Each Commit Must Be Complete
-
-When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-### Patch conflict fixes
-
-Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
-
-```
-fix(patch): {topic headline}
-
-Ref: {Chromium CL link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
-
-Examples:
-- `fix(patch): constant moved to header`
-- `fix(patch): headless mode refactor upstream`
-- `fix(patch): V1 Keychain removal`
-
-### Upstreamed patch removal
-
-When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
-
-```
-chore: remove upstreamed patch
-```
-
-or (if multiple):
-
-```
-chore: remove upstreamed patches
-```
-
-If the patch file did NOT contain a `Reviewed-on: https://chromium-review.googlesource.com/c/chromium/...` link, add a `Ref:` in the commit. If it did (i.e. cherry-picks), no `Ref:` is needed.
-
-### Trivial patch updates
-
-After all fix commits, stage remaining trivial changes (index, line numbers, context only):
-
-```bash
-git add patches
-git commit -m "chore: update patches (trivial only)"
-```
-
-**Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
-
-## Atomic Commits
-
-Each patch conflict fix gets its own commit with its own Ref.
-
-IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
-
-## Finding CL References
-
-Use `git log` or `git blame` on Chromium source files. Look for:
-
-```
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-```
-
-If no CL found after searching: `Ref: Unable to locate CL`
-
-## Example Commits
-
-### Patch conflict fix (simple — title is sufficient)
-
-```
-fix(patch): constant moved to header
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7536483
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Patch conflict fix (complex — description adds value)
-
-```
-fix(patch): V1 Keychain removal
-
-Upstream deleted the V1 Keychain API. Removed V1 hunks and adapted
-keychain_password_mac.mm to use KeychainV2 APIs.
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7540447
-
-Co-Authored-By: <AI model attribution>
-```

.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md

@@ -1,84 +0,0 @@
-# Phase Two Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Chromium CL titles are used verbatim even if longer.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-## Two Commit Types
-
-### For Electron Source Changes (shell/, electron/, etc.)
-
-```
-{CL-Number}: {upstream CL's original title}
-
-Ref: {Chromium CL link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Use the **upstream CL's original commit title** — do not paraphrase or rewrite it. To find it: `git log -1 --format=%s <chromium-commit-hash>`.
-
-Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
-
-Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
-
-For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`.
-
-IMPORTANT: Try really hard to find the CL reference. Each change you made should in theory have been in response to a change in Chromium. Do not give up easily.
-
-### For Patch Updates (patches/chromium/*.patch)
-
-Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
-
-## Dependent Patch Header Updates
-
-After any patch modification, check for other affected patches:
-
-```bash
-git status
-# If other .patch files show as modified with only index, line number, and context changes:
-git add patches/
-git commit -m "chore: update patches (trivial only)"
-```
-
-## Finding CL References
-
-Use git log or git blame on Chromium source files. Look for:
-
-```
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-```
-
-If no CL found after searching: `Ref: Unable to locate CL`
-
-## Example Commits
-
-### Electron Source Fix (simple — title is self-explanatory)
-
-```
-7535923: Rename ozone buildflags
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7535923
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Electron Source Fix (complex — description adds value)
-
-```
-7534194: Convert some functions in ui::Clipboard to async
-
-Adapted ExtractCustomPlatformNames calls to use RunLoop pattern
-consistent with existing ReadImage implementation, since upstream
-converted the API from synchronous return to callback-based.
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7534194
-
-Co-Authored-By: <AI model attribution>
-```

.devcontainer/README.md

@@ -25,19 +25,9 @@ Codespaces doesn't lean very well into gclient based checkouts, the directory st
 /workspaces/electron
 ```
 
-## Reclient
+## Goma
 
-If you are a maintainer [with Reclient access](../docs/development/reclient.md) you'll need to ensure you're authenticated when you spin up a new codespaces instance.  You can validate this by checking `e d rbe info` - your build-tools configuration should have `Access` type `Cache & Execute`:
-
-```console
-Authentication Status: Authenticated
-Since:     2024-05-28 10:29:33 +0200 CEST
-Expires:   2024-08-26 10:29:33 +0200 CEST
-...
-Access:    Cache & Execute
-```
-
-To authenticate if you're not logged in, run `e d rbe login` and follow the link to authenticate.
+If you are a maintainer [with Goma access](../docs/development/goma.md) it should be automatically configured and authenticated when you spin up a new codespaces instance.  You can validate this by checking `e d goma_auth info` or by checking that your build-tools configuration has a goma mode of `cluster`.
 
 ## Running Electron
 

.devcontainer/devcontainer.json

@@ -1,5 +1,4 @@
 {
-	"name": "Electron Core Development Environment",
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "buildtools",
 	"onCreateCommand": ".devcontainer/on-create-command.sh",
@@ -34,15 +33,28 @@
 				"surajbarkale.ninja",
 				"ms-vscode.cpptools",
 				"mutantdino.resourcemonitor",
-				"dsanders11.vscode-electron-build-tools",
 				"dbaeumer.vscode-eslint",
 				"shakram02.bash-beautify",
-				"marshallofsound.gnls-electron"
+				"marshallofsound.gnls-electron",
+				"CircleCI.circleci"
 			],
 			"settings": {
 				"editor.tabSize": 2,
 				"bashBeautify.tabSize": 2,
 				"typescript.tsdk": "node_modules/typescript/lib",
+				"[gn]": {
+					"editor.formatOnSave": true
+				},
+				"[javascript]": {
+					"editor.codeActionsOnSave": {
+						"source.fixAll.eslint": true
+					}
+				},
+				"[typescript]": {
+					"editor.codeActionsOnSave": {
+						"source.fixAll.eslint": true
+					}
+				},
 				"javascript.preferences.quoteStyle": "single",
 				"typescript.preferences.quoteStyle": "single"
 			}

.devcontainer/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   buildtools:
-    image: ghcr.io/electron/devcontainer:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+    image: ghcr.io/electron/devcontainer:9a43c14f5c19be0359843299f79e736521373adc
 
     volumes:
       - ..:/workspaces/gclient/src/electron:cached

.devcontainer/on-create-command.sh

@@ -48,8 +48,7 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
             \"gen\": {
                 \"args\": [
                     \"import(\\\"//electron/build/args/testing.gn\\\")\",
-                    \"use_remoteexec = true\",
-                    \"use_siso=true\"
+                    \"use_remoteexec = true\"
                 ],
                 \"out\": \"Testing\"
             },
@@ -59,13 +58,14 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
             },
             \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
             \"configValidationLevel\": \"strict\",
-            \"remoteBuild\": \"siso\",
-            \"preserveSDK\": 5
+            \"reclient\": \"$1\",
+            \"goma\": \"none\",
+            \"preserveXcode\": 5
         }
     " >$buildtools/configs/evm.testing.json
   }
 
-  write_config
+  write_config remote_exec
 
   e use testing 
 else

.env.example

@@ -1,4 +1,6 @@
 # These env vars are only necessary for creating Electron releases.
 # See docs/development/releasing.md
 
+APPVEYOR_CLOUD_TOKEN=
+CIRCLE_TOKEN=
 ELECTRON_GITHUB_TOKEN=

.eslintrc.json

@@ -19,40 +19,7 @@
     "prefer-const": ["error", {
       "destructuring": "all"
     }],
-    "n/no-callback-literal": "off",
-    "import/newline-after-import": "error",
-    "import/order": ["error", {
-      "alphabetize": {
-        "order": "asc"
-      },
-      "newlines-between": "always",
-      "pathGroups": [
-        {
-          "pattern": "@electron/internal/**",
-          "group": "external",
-          "position": "before"
-        },
-        {
-          "pattern": "@electron/**",
-          "group": "external",
-          "position": "before"
-        },
-        {
-          "pattern": "{electron,electron/**}",
-          "group": "external",
-          "position": "before"
-        }
-      ],
-      "pathGroupsExcludedImportTypes": [],
-      "distinctGroup": true,
-      "groups": [
-        "external",
-        "builtin",
-        ["sibling", "parent"],
-        "index",
-        "type"
-      ]
-    }]
+    "standard/no-callback-literal": "off"
   },
   "parserOptions": {
     "ecmaVersion": 6,

.gitattributes

@@ -1,10 +1,9 @@
 # `git apply` and friends don't understand CRLF, even on windows. Force those
 # files to be checked out with LF endings even if core.autocrlf is true.
 *.patch text eol=lf
-DEPS text eol=lf
-yarn.lock text eol=lf
-script/zip_manifests/*.manifest text eol=lf
 patches/**/.patches merge=union
+# Target file for patch has CRLF line endings
+patches/nan/apply_allcan_read_write_test.patch eol=crlf
 
 # Source code and markdown files should always use LF as line ending.
 *.c text eol=lf
@@ -25,7 +24,6 @@ patches/**/.patches merge=union
 *.md text eol=lf
 *.mm text eol=lf
 *.mojom text eol=lf
-*.patches text eol=lf
 *.proto text eol=lf
 *.py text eol=lf
 *.ps1 text eol=lf

.github/CODEOWNERS

@@ -11,15 +11,12 @@ DEPS                                    @electron/wg-upgrades
 /docs/breaking-changes.md               @electron/wg-releases
 /npm/                                   @electron/wg-releases
 /script/release                         @electron/wg-releases
+appveyor.yml                            @electron/wg-releases
+appveyor-bake.yml                       @electron/wg-releases
+appveyor-woa.yml                        @electron/wg-releases
 
 # Security WG
 /lib/browser/devtools.ts                @electron/wg-security
 /lib/browser/guest-view-manager.ts      @electron/wg-security
 /lib/browser/rpc-server.ts              @electron/wg-security
 /lib/renderer/security-warnings.ts      @electron/wg-security
-
-# Infra WG
-/.github/actions/                       @electron/wg-infra
-/.github/workflows/*-publish.yml        @electron/wg-infra
-/.github/workflows/build.yml            @electron/wg-infra
-/.github/workflows/pipeline-*.yml       @electron/wg-infra

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,6 @@
 name: Bug Report
-description: Report a bug in Electron
-type: 'bug'
+description: Report an Electron bug
+title: "[Bug]: "
 labels: "bug :beetle:"
 body:
 - type: checkboxes
@@ -20,14 +20,13 @@ body:
     description: |
       What version of Electron are you using?
 
-      Note: Please only report issues for [currently supported versions of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline).
-    placeholder: 32.0.0
+      Note: Please only report issues for [currently supported versions of Electron](https://www.electronjs.org/docs/latest/tutorial/support#currently-supported-versions).
+    placeholder: 17.0.0
   validations:
     required: true
 - type: dropdown
   attributes:
-    label: What operating system(s) are you using?
-    multiple: true
+    label: What operating system are you using?
     options:
       - Windows
       - macOS
@@ -58,16 +57,6 @@ body:
     label: Last Known Working Electron version
     description: What is the last version of Electron this worked in, if applicable?
     placeholder: 16.0.0
-- type: dropdown
-  attributes:
-    label: Does the issue also appear in Chromium / Google Chrome?
-    description: If it does, please report the issue in the [Chromium issue tracker](https://issues.chromium.org/issues), not against Electron. Electron will inherit the fix once Chromium resolves the issue.
-    options:
-      - I don't know how to test
-      - "Yes"
-      - "No"
-  validations:
-    required: true
 - type: textarea
   attributes:
     label: Expected Behavior
@@ -83,7 +72,7 @@ body:
 - type: input
   attributes:
     label: Testcase Gist URL
-    description: Electron maintainers need a standalone test case to reproduce and fix your issue. Please use [Electron Fiddle](https://github.com/electron/fiddle) to create one and to publish it as a [GitHub gist](https://gist.github.com). Then put the gist URL here. Issues without testcase gists receive less attention and might be closed without a maintainer taking a closer look. To maximize how much attention your issue receives, please include a testcase gist right from the start.
+    description: If you can reproduce the issue in a standalone test case, please use [Electron Fiddle](https://github.com/electron/fiddle) to create one and to publish it as a [GitHub gist](https://gist.github.com) and put the gist URL here. This is **the best way** to ensure this issue is triaged quickly.
     placeholder: https://gist.github.com/...
 - type: textarea
   attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,4 +1,3 @@
-blank_issues_enabled: false
 contact_links:
   - name: Discord Chat
     url: https://discord.gg/APGC3k5yaH

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,6 +1,6 @@
 name: Feature Request
 description: Suggest an idea for Electron
-type: 'enhancement'
+title: "[Feature Request]: "
 labels: "enhancement :sparkles:"
 body:
 - type: checkboxes

.github/ISSUE_TEMPLATE/maintainer_issue.yml

@@ -1,14 +0,0 @@
-name: Maintainer Issue (not for public use)
-description: Only to be created by Electron maintainers
-body:
-- type: checkboxes
-  attributes:
-    label: Confirmation
-    options:
-      - label: I am a [maintainer](https://github.com/orgs/electron/people) of the Electron project. (If not, please create a [different issue type](https://github.com/electron/electron/issues/new/).)
-        required: true
-- type: textarea
-  attributes:
-    label: Description
-  validations:
-    required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,11 +10,10 @@ Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.
 #### Checklist
 <!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
 
-- [ ] PR description included
-- [ ] I have built and tested this PR
+- [ ] PR description included and stakeholders cc'd
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
-- [ ] relevant API documentation, tutorials, and examples are updated and follow the [documentation style guide](https://github.com/electron/electron/blob/main/docs/development/style-guide.md)
+- [ ] relevant documentation, tutorials, templates and examples are changed or added
 - [ ] [PR release notes](https://github.com/electron/clerk/blob/main/README.md) describe the change in a way relevant to app developers, and are [capitalized, punctuated, and past tense](https://github.com/electron/clerk/blob/main/README.md#examples).
 
 #### Release Notes

.github/actions/build-electron/action.yml

@@ -5,10 +5,10 @@ inputs:
     description: 'Target arch'
     required: true
   target-platform:
-    description: 'Target platform, should be linux, win, macos'
+    description: 'Target platform'
     required: true
   artifact-platform:
-    description: 'Artifact platform, should be linux, win, darwin or mas'
+    description: 'Artifact platform, should be linux, darwin or mas'
     required: true
   step-suffix:
     description: 'Suffix for build steps'
@@ -26,9 +26,6 @@ inputs:
   is-asan:
     description: 'The ASan Linux build'
     required: false
-  upload-out-gen-artifacts:
-    description: 'Whether to upload the out/${dir}/gen artifacts'
-    required: false
 runs:
   using: "composite"
   steps:
@@ -36,19 +33,9 @@ runs:
       shell: bash
       if: ${{ inputs.target-arch == 'x64' && inputs.target-platform == 'macos' }}
       run: |
-        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"x64\" v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
+        GN_APPENDED_ARGS="$GN_EXTRA_ARGS v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
         echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
-    - name: Set GN_EXTRA_ARGS for Windows
-      shell: bash
-      if: ${{inputs.target-arch != 'x64' && inputs.target-platform == 'win' }}
-      run: |
-        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"${{ inputs.target-arch }}\""
-        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
     - name: Build Electron ${{ inputs.step-suffix }}
-      if: ${{ inputs.target-platform != 'win' }}
       shell: bash
       run: |
         rm -rf "src/out/Default/Electron Framework.framework"
@@ -64,63 +51,27 @@ runs:
           sudo launchctl limit maxfiles 65536 200000
         fi
 
-        if [ "${{ inputs.is-release }}" = "true" ]; then
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:release_build
-        else
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:testing_build
-        fi
+        NINJA_SUMMARIZE_BUILD=1 e build -j $NUMBER_OF_NINJA_PROCESSES
         cp out/Default/.ninja_log out/electron_ninja_log
         node electron/script/check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ! [ -z $DD_API_KEY ]; then
-          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true          
-        else
-          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        fi
-    - name: Build Electron (Windows) ${{ inputs.step-suffix }}
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        cd src\electron
-        git pack-refs
-        cd ..
-
-        $env:NINJA_SUMMARIZE_BUILD = 1
-        if ("${{ inputs.is-release }}" -eq "true") {          
-          e build --target electron:release_build
-        } else {
-          e build --target electron:testing_build
-        }
-        Copy-Item out\Default\.ninja_log out\electron_ninja_log
-        node electron\script\check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ($env:DD_API_KEY) {
-          try {
-            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats ; $LASTEXITCODE = 0
-          } catch {
-            Write-Host "Build stats upload failed, continuing..."
-          }
-        } else {
-          Write-Host "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        }
-    - name: Verify dist.zip ${{ inputs.step-suffix }}
+    - name: Build Electron dist.zip ${{ inputs.step-suffix }}
       shell: bash
       run: |
-        cd src        
+        cd src
+        e build electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES
         if [ "${{ inputs.is-asan }}" != "true" ]; then
-          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
+          target_os=${{ inputs.target-platform == 'linux' && 'linux' || 'mac'}}
           if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
             target_os="${target_os}_mas"
           fi
           electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.$target_os.${{ inputs.target-arch }}.manifest
         fi
-    - name: Fixup Mksnapshot ${{ inputs.step-suffix }}
+    - name: Build Mksnapshot ${{ inputs.step-suffix }}
       shell: bash
       run: |
         cd src
-        ELECTRON_DEPOT_TOOLS_DISABLE_LOG=1 e d gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
+        e build electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
+        gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
         # Remove unused args from mksnapshot_args
         SEDOPTION="-i"
         if [ "`uname`" = "Darwin" ]; then
@@ -128,16 +79,23 @@ runs:
         fi
         sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
         sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/The gn arg use_goma=true .*/d' out/Default/mksnapshot_args
 
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          cd out/Default
-          powershell Compress-Archive -update mksnapshot_args mksnapshot.zip
-          powershell mkdir mktmp\\gen\\v8
-          powershell Copy-Item gen\\v8\\embedded.S mktmp\\gen\\v8
-          powershell Compress-Archive -update -Path mktmp\\gen mksnapshot.zip
-        else
-          (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
+        if [ "`uname`" = "Linux" ]; then
+          if [ "${{ inputs.target-arch }}" = "arm" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/v8_context_snapshot_generator
+          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/v8_context_snapshot_generator
+          else
+            electron/script/strip-binaries.py --file $PWD/out/Default/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/v8_context_snapshot_generator
+          fi
         fi
+
+        e build electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
+        (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
     - name: Generate Cross-Arch Snapshot (arm/arm64)  ${{ inputs.step-suffix }}
       shell: bash
       if: ${{ (inputs.target-arch == 'arm' || inputs.target-arch == 'arm64') && inputs.target-platform == 'linux' }}
@@ -162,39 +120,24 @@ runs:
       shell: bash
       run: |
         cd src
-        e build --target electron:electron_chromedriver_zip
-
-        if [ "${{ inputs.is-asan }}" != "true" ]; then
-          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
-          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
-            target_os="${target_os}_mas"
-          fi
-          electron/script/zip_manifests/check-zip-manifest.py out/Default/chromedriver.zip electron/script/zip_manifests/chromedriver_zip.$target_os.${{ inputs.target-arch }}.manifest
+        e build electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
+        e build electron:electron_chromedriver_zip
+    - name: Build Node.js headers ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build electron:node_headers
+    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        # Generate breakpad symbols on release builds
+        if [ "${{ inputs.generate-symbols }}" = "true" ]; then
+          e build electron:electron_symbols
         fi
-    - name: Create installed_software.json ${{ inputs.step-suffix }}
-      shell: powershell
-      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
-      run: |
-        cd src
-        Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
-    - name: Profile Windows Toolchain ${{ inputs.step-suffix }}
-      shell: bash
-      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
-      run: |
-        cd src
-        python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
-    - name: Add msdia140.dll to Path ${{ inputs.step-suffix }}
-      shell: bash
-      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
-      run: |
-        # Needed for msdia140.dll on 64-bit windows
-        cd src
-        export PATH="$PATH:$(pwd)/third_party/llvm-build/Release+Asserts/bin"
-    - name: Zip Symbols ${{ inputs.step-suffix }}
-      shell: bash
-      run: |
         cd src
         export BUILD_PATH="$(pwd)/out/Default"
+        e build electron:licenses
+        e build electron:electron_version_file
         if [ "${{ inputs.is-release }}" = "true" ]; then
           DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
         else
@@ -205,21 +148,32 @@ runs:
       if: ${{ inputs.is-release == 'true' }}
       run: |
         cd src
-        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $GN_EXTRA_ARGS"
-        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
-    - name: Remove Clang problem matcher
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true $GN_EXTRA_ARGS"
+        autoninja -C out/ffmpeg electron:electron_ffmpeg_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Hunspell Dictionaries ${{ inputs.step-suffix }}
       shell: bash
-      run: echo "::remove-matcher owner=clang::"
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        cd src
+        autoninja -C out/Default electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Libcxx ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        cd src
+        autoninja -C out/Default electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
     - name: Generate TypeScript Definitions ${{ inputs.step-suffix }}
       if: ${{ inputs.is-release == 'true' }}
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
+    # TODO(vertedinde): These uploads currently point to a different Azure bucket & GitHub Repo
     - name: Publish Electron Dist ${{ inputs.step-suffix }}
       if: ${{ inputs.is-release == 'true' }}
       shell: bash
-      id: github-upload
       run: |
         rm -rf src/out/Default/obj
         cd src/electron
@@ -230,62 +184,27 @@ runs:
           echo 'Uploading Electron release distribution to GitHub releases'
           script/release/uploaders/upload.py --verbose
         fi
-    - name: Generate artifact attestation
-      if: ${{ inputs.is-release == 'true' }}
-      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
-      with:
-        subject-path: ${{ steps.github-upload.outputs.UPLOADED_PATHS }}
-    - name: Generate siso report
-      if: ${{ inputs.target-platform != 'win' && !cancelled() }}
-      shell: bash
-      run: |
-        cd src
-        e d siso report -C out/Default > siso_report.txt
-        SISO_REPORT_PATH=$(grep -o '/.*siso-report-[^ ]*' siso_report.txt)
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $GITHUB_ENV
-        cat siso_report.txt
-        echo "SISO REPORT AT $SISO_REPORT_PATH"
-    - name: Generate siso report (Windows)
-      if: ${{ inputs.target-platform == 'win' && !cancelled() }}
-      shell: powershell
-      run: |
-        cd src
-        e d siso report -C out\Default > siso_report.txt
-        $SISO_REPORT_PATH = Get-Content "siso_report.txt" | Select-String "report file:\s*(.+)" | ForEach-Object { 
-          $_.Matches.Groups[1].Value.Trim() 
-        }
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH"
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $env:GITHUB_ENV
     - name: Generate Artifact Key
-      if: always() && !cancelled()
       shell: bash
       run: |
         if [ "${{ inputs.is-asan }}" = "true" ]; then 
-          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ inputs.target-arch }}_asan
+          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}_asan
         else
-          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}
         fi
         echo "ARTIFACT_KEY=$ARTIFACT_KEY" >> $GITHUB_ENV
     # The current generated_artifacts_<< artifact.key >> name was taken from CircleCI
     # to ensure we don't break anything, but we may be able to improve that.
     - name: Move all Generated Artifacts to Upload Folder ${{ inputs.step-suffix }}
-      if: always() && !cancelled()
       shell: bash
       run: ./src/electron/script/actions/move-artifacts.sh
     - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
-      if: always() && !cancelled()
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+        path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}
     - name: Upload Src Artifacts ${{ inputs.step-suffix }}
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
-    - name: Upload Out Gen Artifacts ${{ inputs.step-suffix }}
-      if: ${{ inputs.upload-out-gen-artifacts == 'true' }}
-      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/Default/gen
+        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}

.github/actions/build-git-cache/action.yml

@@ -1,83 +0,0 @@
-name: 'Build Git Cache'
-description: 'Runs a gclient sync to build the git cache for Electron'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'    
-runs:
-  using: "composite"
-  steps:
-  - name: Set GIT_CACHE_PATH to make gclient to use the cache
-    shell: bash
-    run: |
-      echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
-  - name: Set Chromium Git Cookie
-    uses: ./src/electron/.github/actions/set-chromium-cookie
-  - name: Install Build Tools
-    uses: ./src/electron/.github/actions/install-build-tools
-  - name: Set up cache drive
-    shell: bash
-    run: |
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        echo "CACHE_DRIVE=/mnt/win-cache" >> $GITHUB_ENV
-      else
-        echo "CACHE_DRIVE=/mnt/cross-instance-cache" >> $GITHUB_ENV
-      fi
-  - name: Check cross instance cache disk space
-    shell: bash
-    run: |    
-      # if there is less than 35 GB free space then creating the cache might fail so exit early
-      freespace=`df -m $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      freespace_human=`df -h $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      if [ $freespace -le 35000 ]; then
-        echo "The cross mount cache has $freespace_human free space which is not enough - exiting"
-        exit 1
-      else
-        echo "The cross mount cache has $freespace_human free space - continuing"
-      fi
-  - name: Restore gitcache
-    shell: bash
-    run: |
-      GIT_CACHE_TAR="$CACHE_DRIVE/gitcache.tar"
-      if [ ! -f "$GIT_CACHE_TAR" ]; then
-        echo "Git cache tar file does not exist, skipping restore"
-        exit 0
-      fi
-      echo "Restoring git cache from $GIT_CACHE_TAR to $GIT_CACHE_PATH"
-      mkdir -p $GIT_CACHE_PATH
-      tar -xf $GIT_CACHE_TAR -C $GIT_CACHE_PATH
-  - name: Gclient Sync
-    shell: bash
-    run: |
-      e d gclient config \
-        --name "src/electron" \
-        --unmanaged \
-        ${GCLIENT_EXTRA_ARGS} \
-        "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
-
-      if [ "$TARGET_OS" != "" ]; then
-        echo "target_os=['$TARGET_OS']" >> ./.gclient
-      fi
-
-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags --nohooks -vv 
-  - name: Compress Git Cache Directory
-    shell: bash
-    run: |
-      echo "Uncompressed gitcache size: $(du -sh $GIT_CACHE_PATH | cut -f1 -d' ')"
-      cd $GIT_CACHE_PATH
-      tar -cf ../gitcache.tar .
-      cd ..
-      echo "Compressed gitcache to $(du -sh gitcache.tar | cut -f1 -d' ')"
-      # remove the old cache file if it exists 
-      if [ -f $CACHE_DRIVE/gitcache.tar ]; then
-        echo "Removing old gitcache.tar from $CACHE_DRIVE"
-        rm $CACHE_DRIVE/gitcache.tar
-      fi      
-      cp ./gitcache.tar $CACHE_DRIVE/
-  - name: Wait for active SSH sessions
-    shell: bash
-    if: always() && !cancelled()
-    run: |
-      while [ -f /var/.ssh-lock ]
-      do
-        sleep 60
-      done

.github/actions/checkout/action.yml

@@ -5,12 +5,6 @@ inputs:
     description: 'Whether to generate and persist a SAS token for the item in the cache'
     required: false
     default: 'false'
-  use-cache:
-    description: 'Whether to persist the cache to the shared drive'
-    required: false
-    default: 'true'
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'    
 runs:
   using: "composite"
   steps:
@@ -19,105 +13,81 @@ runs:
     run: |
       echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
   - name: Install Dependencies
-    uses: ./src/electron/.github/actions/install-dependencies
-  - name: Set Chromium Git Cookie
-    uses: ./src/electron/.github/actions/set-chromium-cookie
-  - name: Install Build Tools
-    uses: ./src/electron/.github/actions/install-build-tools
+    shell: bash
+    run: |
+      cd src/electron
+      node script/yarn install --frozen-lockfile
+  - name: Get Depot Tools
+    shell: bash
+    run: |
+      git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+      sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+      # Remove swift-format dep from cipd on macOS until we send a patch upstream.
+      cd depot_tools
+      git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+
+      # Ensure depot_tools does not update.
+      test -d depot_tools && cd depot_tools
+      touch .disable_auto_update
+  - name: Add Depot Tools to PATH
+    shell: bash
+    run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
   - name: Generate DEPS Hash
     shell: bash
     run: |
-      node src/electron/script/generate-deps-hash.js
-      DEPSHASH="v1-src-cache-$(cat src/electron/.depshash)"
-      echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-      echo "CACHE_FILE=$DEPSHASH.tar" >> $GITHUB_ENV
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        echo "CACHE_DRIVE=/mnt/win-cache" >> $GITHUB_ENV
-      else
-        echo "CACHE_DRIVE=/mnt/cross-instance-cache" >> $GITHUB_ENV
-      fi
+      node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+      echo "DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
   - name: Generate SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
     shell: bash
     run: |
-      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
+      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$DEPSHASH.tar" > sas-token
   - name: Save SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/save@v4
     with:
-      path: sas-token
-      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
-      enableCrossOsArchive: true
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-${{ github.run_attempt }}
   - name: Check If Cache Exists
     id: check-cache
     shell: bash
     run: |
-      if [[ "${{ inputs.use-cache }}" == "false" ]]; then
-        echo "Not using cache this time..."
+      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
+      echo "Using cache key: $DEPSHASH"
+      echo "Checking for cache in: $cache_path"
+      if [ ! -f "$cache_path" ]; then
         echo "cache_exists=false" >> $GITHUB_OUTPUT
+        echo "Cache Does Not Exist for $DEPSHASH"
       else
-        cache_path=$CACHE_DRIVE/$CACHE_FILE
-        echo "Using cache key: $DEPSHASH"
-        echo "Checking for cache in: $cache_path"
-        if [ ! -f "$cache_path" ] || [ `du $cache_path | cut -f1` = "0" ]; then
-          echo "cache_exists=false" >> $GITHUB_OUTPUT
-          echo "Cache Does Not Exist for $DEPSHASH"
-        else
-          echo "cache_exists=true" >> $GITHUB_OUTPUT
-          echo "Cache Already Exists for $DEPSHASH, Skipping.."
-        fi
+        echo "cache_exists=true" >> $GITHUB_OUTPUT
+        echo "Cache Already Exists for $DEPSHASH, Skipping.."
       fi
-  - name: Check cross instance cache disk space
-    if: steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache  == 'true'
-    shell: bash
-    run: |    
-      # if there is less than 35 GB free space then creating the cache might fail so exit early
-      freespace=`df -m $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      freespace_human=`df -h $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      if [ $freespace -le 35000 ]; then
-        echo "The cross mount cache has $freespace_human free space which is not enough - exiting"
-        exit 1
-      else
-        echo "The cross mount cache has $freespace_human free space - continuing"
-      fi
-  - name: Add patch conflict problem matcher
-    shell: bash
-    run: echo "::add-matcher::src/electron/.github/problem-matchers/patch-conflict.json"
-  - name: Restore gitcache
-    if: steps.check-cache.outputs.cache_exists == 'false'
-    shell: bash
-    run: |
-      GIT_CACHE_TAR="$CACHE_DRIVE/gitcache.tar"
-      if [ ! -f "$GIT_CACHE_TAR" ]; then
-        echo "Git cache tar file does not exist, skipping restore"
-        exit 0
-      fi
-      echo "Restoring git cache from $GIT_CACHE_TAR to $GIT_CACHE_PATH"
-      mkdir -p $GIT_CACHE_PATH
-      tar -xf $GIT_CACHE_TAR -C $GIT_CACHE_PATH
   - name: Gclient Sync
     if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
-      e d gclient config \
+      gclient config \
         --name "src/electron" \
         --unmanaged \
         ${GCLIENT_EXTRA_ARGS} \
         "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
 
-      if [ "$TARGET_OS" != "" ]; then
-        echo "target_os=['$TARGET_OS']" >> ./.gclient
-      fi
-
-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags -vv
-      if [[ "${{ inputs.is-release }}" != "true" ]]; then
+      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 gclient sync --with_branch_heads --with_tags -vvvvv
+      if [ "${{ inputs.is-release }}" != "true" ]; then
         # Re-export all the patches to check if there were changes.
         python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
         cd src/electron
         git update-index --refresh || true
         if ! git diff-index --quiet HEAD --; then
           # There are changes to the patches. Make a git commit with the updated patches
-          if node ./script/patch-up.js; then
+          git add patches
+          GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
+          # Export it
+          mkdir -p ../../patches
+          git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
+          if (node ./script/push-patch.js 2> /dev/null > /dev/null); then
             echo
             echo "======================================================================"
             echo "Changes to the patches when applying, we have auto-pushed the diff to the current branch"
@@ -125,35 +95,16 @@ runs:
             echo "======================================================================"
             exit 1
           else
-            git add patches
-            GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
-            # Export it
-            mkdir -p ../../patches
-            git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
             echo
             echo "======================================================================"
             echo "There were changes to the patches when applying."
             echo "Check the CI artifacts for a patch you can apply to fix it."
             echo "======================================================================"
-            echo
-            cat ../../patches/update-patches.patch
             exit 1
           fi
-        else
-          echo "No changes to patches detected"
         fi
       fi
-  - name: Remove patch conflict problem matchers
-    shell: bash
-    run: |
-      echo "::remove-matcher owner=merge-conflict::"
-      echo "::remove-matcher owner=patch-conflict::"
-      echo "::remove-matcher owner=patch-needs-update::"
-  - name: Upload patches stats
-    if: ${{ inputs.target-platform == 'linux' && github.ref == 'refs/heads/main' }}
-    shell: bash
-    run: |
-      node src/electron/script/patches-stats.mjs --upload-stats || true
+
   # delete all .git directories under src/ except for
   # third_party/angle/ and third_party/dawn/ because of build time generation of files
   # gen/angle/commit.h depends on third_party/angle/.git/HEAD
@@ -162,39 +113,37 @@ runs:
   # https://dawn-review.googlesource.com/c/dawn/+/83901
   # TODO: maybe better to always leave out */.git/HEAD file for all targets ?
   - name: Delete .git directories under src to free space
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
       cd src
       ( find . -type d -name ".git" -not -path "./third_party/angle/*" -not -path "./third_party/dawn/*" -not -path "./electron/*" ) | xargs rm -rf
   - name: Minimize Cache Size for Upload
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
       rm -rf src/android_webview
       rm -rf src/ios/chrome
+      rm -rf src/third_party/blink/web_tests
       rm -rf src/third_party/blink/perf_tests
       rm -rf src/chrome/test/data/xr/webvr_info
       rm -rf src/third_party/angle/third_party/VK-GL-CTS/src
       rm -rf src/third_party/swift-toolchain
       rm -rf src/third_party/swiftshader/tests/regres/testlists
-      cp src/electron/.github/actions/checkout/action.yml ./
       rm -rf src/electron
-      mkdir -p src/electron/.github/actions/checkout
-      mv action.yml src/electron/.github/actions/checkout
   - name: Compress Src Directory
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
       echo "Uncompressed src size: $(du -sh src | cut -f1 -d' ')"
-      tar -cf $CACHE_FILE src
-      echo "Compressed src to $(du -sh $CACHE_FILE | cut -f1 -d' ')"
-      cp ./$CACHE_FILE $CACHE_DRIVE/
+      tar -cf $DEPSHASH.tar src
+      echo "Compressed src to $(du -sh $DEPSHASH.tar | cut -f1 -d' ')"
+      cp ./$DEPSHASH.tar /mnt/cross-instance-cache/
   - name: Persist Src Cache
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
-      final_cache_path=$CACHE_DRIVE/$CACHE_FILE
+      final_cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
       echo "Using cache key: $DEPSHASH"
       echo "Checking path: $final_cache_path"
       if [ ! -f "$final_cache_path" ]; then
@@ -202,12 +151,4 @@ runs:
         exit 1
       else
         echo "Cache key persisted in $final_cache_path"
-      fi
-  - name: Wait for active SSH sessions
-    shell: bash
-    if: always() && !cancelled()
-    run: |
-      while [ -f /var/.ssh-lock ]
-      do
-        sleep 60
-      done
+      fi

.github/actions/cipd-install/action.yml

@@ -1,51 +0,0 @@
-name: 'CIPD install'
-description: 'Installs the specified CIPD package'
-inputs:
-  cipd-root-prefix-path:
-    description: 'Path to prepend to installation directory'
-    default: ''
-  dependency:
-    description: 'Name of dependency to install'
-  deps-file:
-    description: 'Location of DEPS file that defines the dependency'
-  installation-dir:
-    description: 'Location to install dependency'
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
-  package:
-    description: 'Package to install'
-  dependency-version:
-    description: 'Version of the dependency to install'
-    default: ''
-runs:
-  using: "composite"
-  steps:
-    - name: Delete wrong ${{ inputs.dependency }}
-      shell: bash
-      run : |
-        rm -rf ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }}
-    - name: Create ensure file for ${{ inputs.dependency }}
-      if: ${{ inputs.dependency-version == '' }}
-      shell: bash
-      run: |
-        echo '${{ inputs.package }}' `e d gclient getdep --deps-file=${{ inputs.deps-file }} -r '${{ inputs.installation-dir }}:${{ inputs.package }}'` > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
-
-    - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
-      if: ${{ inputs.dependency-version != '' }}
-      shell: bash
-      run: |
-        echo '${{ inputs.package }} ${{ inputs.dependency-version }}'  > ${{ inputs.dependency }}_ensure_file
-        cat ${{ inputs.dependency }}_ensure_file
-    - name: CIPD installation of ${{ inputs.dependency }} (macOS)
-      if: ${{ inputs.target-platform != 'win' }}
-      shell: bash
-      run: |
-        echo "ensuring ${{ inputs.dependency }}"
-        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file
-    - name: CIPD installation of ${{ inputs.dependency }} (Windows)
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        echo "ensuring ${{ inputs.dependency }} on Windows"
-        e d cipd ensure --root ${{ inputs.cipd-root-prefix-path }}${{ inputs.installation-dir }} -ensure-file ${{ inputs.dependency }}_ensure_file

.github/actions/fix-sync-macos/action.yml

@@ -0,0 +1,61 @@
+name: 'Fix Sync macOS'
+description: 'Checks out Electron and stores it in the AKS Cache'
+runs:
+  using: "composite"
+  steps:
+    - name: Fix Sync
+      shell: bash
+      # This step is required to correct for differences between "gclient sync"
+      # on Linux and the expected state on macOS. This requires:
+      # 1. Fixing Clang Install (wrong binary)
+      # 2. Fixing esbuild (wrong binary)
+      # 3. Fixing rustc (wrong binary)
+      # 4. Fixing gn (wrong binary)
+      # 5. Fix reclient (wrong binary)
+      # 6. Fixing dsymutil (wrong binary)
+      # 7. Ensuring we are using the correct ninja and adding it to PATH
+      # 8. Fixing angle (wrong remote)
+      run : |
+        SEDOPTION="-i ''"
+        rm -rf src/third_party/llvm-build
+        python3 src/tools/clang/scripts/update.py
+
+        echo 'infra/3pp/tools/esbuild/${platform}' `gclient getdep --deps-file=src/third_party/devtools-frontend/src/DEPS -r 'third_party/esbuild:infra/3pp/tools/esbuild/${platform}'` > esbuild_ensure_file
+        # Remove extra output from calling gclient getdep which always calls update_depot_tools
+        sed -i '' "s/Updating depot_tools... //g" esbuild_ensure_file
+        cipd ensure --root src/third_party/devtools-frontend/src/third_party/esbuild -ensure-file esbuild_ensure_file
+
+        rm -rf src/third_party/rust-toolchain
+        python3 src/tools/rust/update_rust.py
+        
+        # Prevent calling gclient getdep which always calls update_depot_tools
+        echo 'gn/gn/mac-${arch}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/mac:gn/gn/mac-${arch}'` > gn_ensure_file
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/mac -ensure-file gn_ensure_file
+
+        # Prevent calling gclient getdep which always calls update_depot_tools
+        echo 'infra/rbe/client/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/reclient:infra/rbe/client/${platform}'` > gn_ensure_file
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/reclient -ensure-file gn_ensure_file
+        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
+
+        if  [ "${{ env.TARGET_ARCH }}" == "arm64" ]; then
+          DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.arm64.sha1
+        else
+          DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.x64.sha1
+        fi
+        python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
+
+        echo 'infra/3pp/tools/ninja/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/third_party/ninja:infra/3pp/tools/ninja/${platform}'` > ninja_ensure_file
+        sed $SEDOPTION "s/Updating depot_tools... //g" ninja_ensure_file
+        cipd ensure --root src/third_party/ninja -ensure-file ninja_ensure_file
+
+        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
+
+        cd src/third_party/angle
+        rm -f .git/objects/info/alternates
+        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
+        cp .git/config .git/config.backup
+        git remote remove origin
+        mv .git/config.backup .git/config
+        git fetch

.github/actions/fix-sync/action.yml

@@ -1,154 +0,0 @@
-name: 'Fix Sync'
-description: 'Ensures proper binaries are in place'
-# This action is required to correct for differences between "gclient sync"
-# on Linux and the expected state on macOS/windows. This requires:
-# 1. Fixing Clang Install (wrong binary)
-# 2. Fixing esbuild (wrong binary)
-# 3. Fixing rustc (wrong binary)
-# 4. Fixing gn (wrong binary)
-# 5. Fix reclient (wrong binary)
-# 6. Fixing dsymutil (wrong binary)
-# 7. Ensuring we are using the correct ninja and adding it to PATH
-# 8. Fixing angle (wrong remote)
-# 9. Install windows toolchain on Windows
-# 10. Fix node binary on Windows
-# 11. Fix rc binary on Windows
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
-runs:
-  using: "composite"
-  steps:
-    - name: Fix llvm toolchain
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        rm -rf src/third_party/llvm-build
-        python3 src/tools/clang/scripts/update.py
-        # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6667681
-        python3 src/tools/clang/scripts/update.py --package objdump
-    - name: Fix esbuild
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
-        dependency: esbuild
-        deps-file: src/third_party/devtools-frontend/src/DEPS
-        installation-dir: third_party/esbuild
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/esbuild/${platform}
-    - name: Fix rollup
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
-        dependency: rollup_libs
-        deps-file: src/third_party/devtools-frontend/src/DEPS
-        installation-dir: third_party/rollup_libs
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/rollup_libs/${platform}
-    - name: Sync native rollup libs
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        cd src/third_party/devtools-frontend/src
-        python3 scripts/deps/sync_rollup_libs.py
-    - name: Fix rustc
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        rm -rf src/third_party/rust-toolchain
-        python3 src/tools/rust/update_rust.py
-    - name: Fix gn (macOS)
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: gn
-        deps-file: src/DEPS
-        installation-dir: src/buildtools/mac
-        target-platform: ${{ inputs.target-platform }}
-        package: gn/gn/mac-${arch}
-    - name: Fix gn (Windows)
-      if: ${{ inputs.target-platform == 'win' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: gn
-        deps-file: src/DEPS
-        installation-dir: src/buildtools/win 
-        target-platform: ${{ inputs.target-platform }}
-        package: gn/gn/windows-amd64
-    - name: Fix reclient
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: reclient
-        deps-file: src/DEPS
-        installation-dir: src/buildtools/reclient
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/rbe/client/${platform}
-    - name: Configure reclient configs
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
-    - name: Fix dsymutil (macOS)
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run : |
-        # Fix dsymutil
-        if [ "${{ inputs.target-platform }}" = "macos" ]; then
-          if  [ "${{ env.TARGET_ARCH }}" == "arm64" ]; then
-            DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.arm64.sha1
-          else
-            DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.x64.sha1
-          fi
-          python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
-        fi
-    - name: Fix ninja
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: ninja
-        deps-file: src/DEPS
-        installation-dir: src/third_party/ninja
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/ninja/${platform}
-    - name: Set ninja in path
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
-    - name: Fix siso
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: siso
-        deps-file: src/DEPS
-        installation-dir: src/third_party/siso/cipd
-        target-platform: ${{ inputs.target-platform }}
-        package: build/siso/${platform}
-    - name: Fixup angle git
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        cd src/third_party/angle
-        rm -f .git/objects/info/alternates
-        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
-        cp .git/config .git/config.backup
-        git remote remove origin
-        mv .git/config.backup .git/config
-        git fetch
-    - name: Get Windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: e d vpython3 src\build\vs_toolchain.py update --force
-    - name: Download nodejs
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        $nodedeps = e d gclient getdep --deps-file=src/DEPS -r src/third_party/node/win | ConvertFrom-JSON
-        python3 src\third_party\depot_tools\download_from_google_storage.py --no_resume --no_auth --bucket chromium-nodejs -o src\third_party\node\win\node.exe $nodedeps.object_name
-    - name: Install rc
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: bash
-      run: |
-        python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang/rc -s src/build/toolchain/win/rc/win/rc.exe.sha1

.github/actions/free-space-macos/action.yml

@@ -6,8 +6,6 @@ runs:
     - name: Free Space on MacOS
       shell: bash
       run: |
-        echo "Disk usage before cleanup:"
-        df -h
         sudo mkdir -p $TMPDIR/del-target
 
         tmpify() {
@@ -17,30 +15,28 @@ runs:
         }
 
         strip_universal_deep() {
-          if [ -d "$1" ]; then
-            opwd=$(pwd)
-            cd $1
-            f=$(find . -perm +111 -type f)
-            for fp in $f
-            do
-              if [[ $(file "$fp") == *"universal binary"* ]]; then
-                if [ "`arch`" == "arm64" ]; then
-                  if [[ $(file "$fp") == *"x86_64"* ]]; then
-                    sudo lipo -remove x86_64 "$fp" -o "$fp" || true
-                  fi
-                else
-                  if [[ $(file "$fp") == *"arm64e)"* ]]; then
-                    sudo lipo -remove arm64e "$fp" -o "$fp" || true
-                  fi
-                  if [[ $(file "$fp") == *"arm64)"* ]]; then
-                    sudo lipo -remove arm64 "$fp" -o "$fp" || true
-                  fi
+          opwd=$(pwd)
+          cd $1
+          f=$(find . -perm +111 -type f)
+          for fp in $f
+          do
+            if [[ $(file "$fp") == *"universal binary"* ]]; then
+              if [ "`arch`" == "arm64" ]; then
+                if [[ $(file "$fp") == *"x86_64"* ]]; then
+                  sudo lipo -remove x86_64 "$fp" -o "$fp" || true
+                fi
+              else
+                if [[ $(file "$fp") == *"arm64e)"* ]]; then
+                  sudo lipo -remove arm64e "$fp" -o "$fp" || true
+                fi
+                if [[ $(file "$fp") == *"arm64)"* ]]; then
+                  sudo lipo -remove arm64 "$fp" -o "$fp" || true
                 fi
               fi
-            done
+            fi
+          done
 
-            cd $opwd
-          fi
+          cd $opwd
         }
 
         tmpify /Library/Developer/CoreSimulator
@@ -61,31 +57,9 @@ runs:
         sudo rm -rf $TMPDIR/del-target
 
         sudo rm -rf /Applications/Safari.app
-        sudo rm -rf /Applications/Xcode_16.1.app
-        sudo rm -rf /Applications/Xcode_16.2.app
-        sudo rm -rf /Applications/Xcode_16.3.app
-        sudo rm -rf /Applications/Xcode_26*
-        sudo rm -rf /Applications/Google Chrome.app
-        sudo rm -rf /Applications/Google Chrome for Testing.app
-        sudo rm -rf /Applications/Firefox.app
-        sudo rm -rf /Applications/Microsoft Edge.app
         sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
         sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
-        sudo rm -rf /Users/runner/Library/Android
-        sudo rm -rf $JAVA_HOME_11_arm64
-        sudo rm -rf $JAVA_HOME_17_arm64
-        sudo rm -rf $JAVA_HOME_21_arm64
-        sudo rm -rf $JAVA_HOME_25_arm64
-        sudo rm -rf /Users/runner/.dotnet/
-        sudo rm -rf /Users/runner/.rustup
-
-        # remove homebrew packages we don't need
-        if command -v brew &> /dev/null; then
-          brew uninstall -f --zap aws-sam-cli session-manager-plugin gcc gcc@13 gcc@14 llvm@18 gradle maven ant azure-cli
-          brew autoremove
-        fi
 
         # lipo off some huge binaries arm64 versions to save space
         strip_universal_deep $(xcode-select -p)/../SharedFrameworks
-        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
-        sudo mdutil -a -i off
+        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr

.github/actions/generate-types/action.yml

@@ -1,28 +0,0 @@
-name: 'Generate Types for Archaeologist Dig'
-description: 'Generate Types for Archaeologist Dig'
-inputs:
-  sha-file:
-    description: 'File containing sha'
-    required: true
-  filename:
-    description: 'Filename to write types to'
-    required: true
-runs:
-  using: "composite"
-  steps:
-  - name: Generating Types for SHA in ${{ inputs.sha-file }}
-    shell: bash
-    run: |
-      export ELECTRON_DIR=$(pwd)
-      if [ "${{ inputs.sha-file }}" == ".dig-old" ]; then
-        cd /tmp
-        git clone https://github.com/electron/electron.git
-        cd electron
-      fi
-      git checkout $(cat $ELECTRON_DIR/${{ inputs.sha-file }})
-      node script/yarn.js install --immutable
-      echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
-      node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
-      node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
-      mv artifacts/electron.d.ts $ELECTRON_DIR/artifacts/${{ inputs.filename }}
-    working-directory: ./electron

.github/actions/install-build-tools/action.yml

@@ -6,27 +6,6 @@ runs:
   - name: Install Build Tools
     shell: bash
     run: |
-      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
-        git config --global core.filemode false
-        git config --global core.autocrlf false
-        git config --global branch.autosetuprebase always
-        git config --global core.fscache true
-        git config --global core.longpaths true
-        git config --global core.preloadindex true
-        git config --global core.longpaths true
-      fi
-      export BUILD_TOOLS_SHA=a0cc95a1884a631559bcca0c948465b725d9295a
+      export BUILD_TOOLS_SHA=ff3e40a9a2ebb735c18b6450ecd5ddaa8bb364a9
       npm i -g @electron/build-tools
-      # Update depot_tools to ensure python
-      e d update_depot_tools
       e auto-update disable
-      # Disable further updates of depot_tools
-      e d auto-update disable
-      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
-        e d cipd.bat --version
-        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
-        echo "C:\Users\ContainerAdministrator\.electron_build_tools\third_party\depot_tools" >> $GITHUB_PATH
-      else
-        echo "$HOME/.electron_build_tools/third_party/depot_tools" >> $GITHUB_PATH
-        echo "$HOME/.electron_build_tools/third_party/depot_tools/python-bin" >> $GITHUB_PATH
-      fi

.github/actions/install-dependencies/action.yml

@@ -1,31 +0,0 @@
-name: 'Install Dependencies'
-description: 'Installs yarn depdencies using cache when available'
-runs:
-  using: "composite"
-  steps:
-  - name: Get yarn cache directory path
-    shell: bash
-    id: yarn-cache-dir-path
-    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-    id: yarn-cache
-    with:
-      path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-      key: ${{ runner.os }}-yarn-${{ hashFiles('src/electron/yarn.lock') }}
-      restore-keys: |
-        ${{ runner.os }}-yarn-
-  - name: Install Dependencies
-    shell: bash
-    run: |
-      cd src/electron
-      if [ "$TARGET_ARCH" = "x86" ]; then
-        export npm_config_arch="ia32"
-      fi
-      # if running on linux arm skip yarn Builds
-      ARCH=$(uname -m)
-      if [ "$ARCH" = "armv7l" ]; then
-        echo "Skipping yarn build on linux arm"
-        node script/yarn.js install --immutable --mode=skip-build
-      else
-        node script/yarn.js install --immutable
-      fi

.github/actions/restore-cache-aks/action.yml

@@ -1,20 +1,12 @@
 name: 'Restore Cache AKS'
 description: 'Restores Electron src cache via AKS'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
 runs:
   using: "composite"
   steps:
   - name: Restore and Ensure Src Cache
     shell: bash
     run: |
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        cache_path=/mnt/win-cache/$DEPSHASH.tar
-      else
-        cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
-      fi
-
+      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
       echo "Using cache key: $DEPSHASH"
       echo "Checking for cache in: $cache_path"
       if [ ! -f "$cache_path" ]; then
@@ -25,11 +17,6 @@ runs:
       fi
 
       echo "Persisted cache is $(du -sh $cache_path | cut -f1)"
-      if [ `du  $cache_path | cut -f1` = "0" ]; then
-        echo "Cache is empty - exiting"
-        exit 1
-      fi
-
       mkdir temp-cache
       tar -xf $cache_path -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"

.github/actions/restore-cache-azcopy/action.yml

@@ -1,67 +1,46 @@
 name: 'Restore Cache AZCopy'
 description: 'Restores Electron src cache via AZCopy'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
 runs:
   using: "composite"
   steps:
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
     with:
-      path: sas-token
-      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
-      enableCrossOsArchive: true
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-1
   - name: Obtain SAS Key
     continue-on-error: true
-    uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+    uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9
     with:
-      path: sas-token
-      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
-      enableCrossOsArchive: true
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-${{ github.run_attempt }}
   - name: Download Src Cache from AKS
     # The cache will always exist here as a result of the checkout job
     # Either it was uploaded to Azure in the checkout job for this commit
     # or it was uploaded in the checkout job for a previous commit.
     uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
     with:
-      timeout_minutes: 30
+      timeout_minutes: 20
       max_attempts: 3
       retry_on: error
-      shell: bash
       command: |
         sas_token=$(cat sas-token)
-        if [ -z "$sas_token" ]; then
+        if [ -z $sas-token ]; then
           echo "SAS Token not found; exiting src cache download early..."
           exit 1
-        else
-          sas_token=$(jq -r '.sasToken' sas-token)
-          account_name=$(jq -r '.accountName' sas-token)
-          if [ "${{ inputs.target-platform }}" = "win" ]; then
-            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_WIN_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
-          else
-            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
-          fi            
         fi
-    env:
-      AZURE_AKS_CACHE_SHARE_NAME: linux-cache
-      AZURE_AKS_WIN_CACHE_SHARE_NAME: windows-cache
+        azcopy copy \
+          "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
   - name: Clean SAS Key
     shell: bash
     run: rm -f sas-token
   - name: Unzip and Ensure Src Cache
-    if: ${{ inputs.target-platform == 'macos' }}
     shell: bash
     run: |
       echo "Downloaded cache is $(du -sh $DEPSHASH.tar | cut -f1)"
-      if [ `du $DEPSHASH.tar | cut -f1` = "0" ]; then
-        echo "Cache is empty - exiting"
-        exit 1
-      fi
-      
       mkdir temp-cache
       tar -xf $DEPSHASH.tar -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
@@ -81,45 +60,4 @@ runs:
       fi
 
       echo "Wiping Electron Directory"
-      rm -rf src/electron
-
-  - name: Unzip and Ensure Src Cache (Windows)
-    if: ${{ inputs.target-platform == 'win' }}
-    shell: powershell
-    run: |
-      $src_cache = "$env:DEPSHASH.tar"
-      $cache_size = $(Get-Item $src_cache).length
-      Write-Host "Downloaded cache is $cache_size"
-      if ($cache_size -eq 0) {
-        Write-Host "Cache is empty - exiting"
-        exit 1
-      }
-
-      $TEMP_DIR=New-Item -ItemType Directory -Path temp-cache
-      $TEMP_DIR_PATH = $TEMP_DIR.FullName
-      C:\ProgramData\Chocolatey\bin\7z.exe -y -snld20 x $src_cache -o"$TEMP_DIR_PATH"
-
-  - name: Move Src Cache (Windows)
-    if: ${{ inputs.target-platform == 'win' }}
-    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
-    with:
-      timeout_minutes: 30
-      max_attempts: 3
-      retry_on: error
-      shell: powershell  
-      command: |
-        if (Test-Path "temp-cache\src") {
-          Write-Host "Relocating Cache"
-          Remove-Item -Recurse -Force src
-          Move-Item temp-cache\src src
-
-          Write-Host "Deleting zip file"
-          Remove-Item -Force $src_cache
-        }
-        if (-Not (Test-Path "src\third_party\blink")) {
-          Write-Host "Cache was not correctly restored - exiting"
-          exit 1
-        }
-
-        Write-Host "Wiping Electron Directory"
-        Remove-Item -Recurse -Force src\electron
+      rm -rf src/electron

.github/actions/set-chromium-cookie/action.yml

@@ -1,58 +0,0 @@
-name: 'Set Chromium Git Cookie'
-description: 'Sets an authenticated cookie from Chromium to allow for a higher request limit'
-runs:
-  using: "composite"
-  steps:
-  - name: Set the git cookie from chromium.googlesource.com (Unix)
-    if: ${{ runner.os != 'Windows' }}
-    shell: bash
-    run: |
-      if [[ -z "${{ env.CHROMIUM_GIT_COOKIE }}" ]]; then
-        echo "CHROMIUM_GIT_COOKIE is not set - cannot authenticate."
-        exit 0
-      fi
-
-      eval 'set +o history' 2>/dev/null || setopt HIST_IGNORE_SPACE 2>/dev/null
-      touch ~/.gitcookies
-      chmod 0600 ~/.gitcookies
-
-      git config --global http.cookiefile ~/.gitcookies
-
-      tr , \\t <<\__END__ >>~/.gitcookies
-      ${{ env.CHROMIUM_GIT_COOKIE }}
-      __END__
-      eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
-
-      RESPONSE=$(curl -s -b ~/.gitcookies https://chromium-review.googlesource.com/a/accounts/self)
-      if [[ $RESPONSE == ")]}'"* ]]; then
-        # Extract account email for verification
-        EMAIL=$(echo "$RESPONSE" | tail -c +5 | jq -r '.email // "No email found"')
-        echo "Cookie authentication successful - authenticated as: $EMAIL"
-      else
-        echo "Cookie authentication failed - ensure CHROMIUM_GIT_COOKIE is set correctly"
-        echo $RESPONSE
-      fi
-  - name: Set the git cookie from chromium.googlesource.com (Windows)
-    if: ${{ runner.os == 'Windows' }}
-    shell: cmd
-    run: |
-      if "%CHROMIUM_GIT_COOKIE_WINDOWS_STRING%"=="" (
-        echo CHROMIUM_GIT_COOKIE_WINDOWS_STRING is not set - cannot authenticate.
-        exit /b 0
-      )
-
-      git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
-      powershell -noprofile -nologo -command Write-Output "${{ env.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}" >>"%USERPROFILE%\.gitcookies"
-
-      curl -s -b "%USERPROFILE%\.gitcookies" https://chromium-review.googlesource.com/a/accounts/self > response.txt
-
-      findstr /B /C:")]}'" response.txt > nul
-      if %ERRORLEVEL% EQU 0 (
-        echo Cookie authentication successful
-        powershell -NoProfile -Command "& {$content = Get-Content -Raw response.txt; $content = $content.Substring(4); try { $json = ConvertFrom-Json $content; if($json.email) { Write-Host 'Authenticated as:' $json.email } else { Write-Host 'No email found in response' } } catch { Write-Host 'Error parsing JSON:' $_ }}"
-      ) else (
-        echo Cookie authentication failed - ensure CHROMIUM_GIT_COOKIE_WINDOWS_STRING is set correctly
-        type response.txt
-      )
-
-      del response.txt

.github/actions/ssh-debug/action.yml

@@ -1,20 +0,0 @@
-name: Debug via SSH
-description: Setup a SSH server with a tunnel to access it to debug via SSH.
-inputs:
-  tunnel:
-    description: 'Enable SSH tunneling via cloudflared'
-    required: true
-    default: 'false'
-  timeout:
-    description: 'SSH session timeout in seconds'
-    required: false
-    type: number
-    default: 3600
-runs:
-  using: composite
-  steps:
-    - run: $GITHUB_ACTION_PATH/setup-ssh.sh
-      shell: bash
-      env:
-        TUNNEL: ${{ inputs.tunnel }}
-        TIMEOUT: ${{ inputs.timeout }}

.github/actions/ssh-debug/bashrc

@@ -1,4 +0,0 @@
-# If we're in an interactive SSH session and we're not already in tmux and there's no explicit SSH command, auto attach tmux
-if [ -n "$SSH_TTY" ] && [ -z "$TMUX" ] && [ -z "$SSH_ORIGINAL_COMMAND" ]; then
-    exec tmux attach || exec tmux
-fi

.github/actions/ssh-debug/setup-ssh.sh

@@ -1,146 +0,0 @@
-#!/bin/bash -e
-
-if [ "${TUNNEL}" != "true" ]; then
-    echo "SSH tunneling is disabled. Set enable-tunnel: true to enable remote access."
-    echo "Local SSH server would be available on localhost:2222 if this were a local environment."
-    exit 0
-fi
-
-echo ::group::Configuring Tunnel
-
-echo "SSH tunneling enabled. Setting up remote access..."
-
-EXTERNAL_DEPS="curl jq ssh-keygen"
-
-for dep in $EXTERNAL_DEPS; do
-    if ! command -v "${dep}" > /dev/null 2>&1; then
-       echo "Command ${dep} not installed on the system!" >&2
-       exit 1
-    fi
-done
-
-cd "$GITHUB_ACTION_PATH"
-
-bashrc_path=$(pwd)/bashrc
-
-# Source `bashrc` to auto start tmux on SSH login.
-if ! grep -q "${bashrc_path}" ~/.bash_profile; then
-    echo >> ~/.bash_profile # On macOS runner there's no newline at the end of the file
-    echo "source \"${bashrc_path}\"" >> ~/.bash_profile
-fi
-
-OS=$(uname -s | tr '[:upper:]' '[:lower:]')
-ARCH=$(uname -m)
-
-if [ "${ARCH}" = "x86_64" ]; then
-    ARCH="amd64"
-elif [ "${ARCH}" = "aarch64" ]; then
-    ARCH="arm64"
-fi
-
-if [ "${OS}" = "darwin" ] && ! command -v tmux > /dev/null 2>&1; then
-    echo "Installing tmux..."
-    brew install tmux
-fi
-
-if [ "$OS" = "darwin" ]; then
-    cloudflared_url="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-${OS}-${ARCH}.tgz"
-    echo "Downloading \`cloudflared\` from <$cloudflared_url>..."
-    curl --location --silent --output cloudflared.tgz "${cloudflared_url}"
-    tar xf cloudflared.tgz
-    rm cloudflared.tgz
-fi
-
-chmod +x cloudflared
-
-echo 'Creating SSH server key...'
-ssh-keygen -q -f ssh_host_rsa_key -N ''
-
-echo 'Creating SSH server config...'
-sed "s,\$PWD,${PWD},;s,\$USER,${USER}," sshd_config.template > sshd_config
-
-echo 'Starting SSH server...'
-sudo /usr/sbin/sshd -f sshd_config -D &
-sshd_pid=$!
-
-echo "SSH server started successfully (PID: ${sshd_pid})"
-
-echo 'Starting tmux session...'
-(cd "${GITHUB_WORKSPACE}" && tmux new-session -d -s debug)
-
-mkdir ~/.cloudflared
-CLEAN_TUNNEL_CERT=$(printf '%s\n' "${CLOUDFLARE_TUNNEL_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
-
-echo "${CLEAN_TUNNEL_CERT}" > ~/.cloudflared/cert.pem
-
-CLEAN_USER_CA_CERT=$(printf '%s\n' "${CLOUDFLARE_USER_CA_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
-
-echo "${CLEAN_USER_CA_CERT}" | sudo tee /etc/ssh/ca.pub > /dev/null
-sudo chmod 644 /etc/ssh/ca.pub
-
-random_suffix=$(openssl rand -hex 5 | cut -c1-10)
-tunnel_name="${GITHUB_SHA}-${GITHUB_RUN_ID}-${random_suffix}"
-tunnel_url="${tunnel_name}.${CLOUDFLARE_TUNNEL_HOSTNAME}"
-
-if ./cloudflared tunnel list | grep -q "${tunnel_name}"; then
-    echo "Deleting existing tunnel: ${tunnel_name}"
-    ./cloudflared tunnel delete ${tunnel_name}
-fi
-
-echo "Creating new cloudflare tunnel: ${tunnel_name}"
-./cloudflared tunnel create ${tunnel_name}
-
-credentials_file=$(find ~/.cloudflared -name "*.json" | head -n 1)
-if [ -z "${credentials_file}" ]; then
-    echo "Error: Could not find tunnel credentials file"
-    exit 1
-fi
-
-echo "Found credentials file: ${credentials_file}"
-
-echo 'Creating tunnel configuration...'
-cat > tunnel_config.yml << EOF
-tunnel: ${tunnel_name}
-credentials-file: ${credentials_file}
-
-ingress:
-  - hostname: ${tunnel_url}
-    service: ssh://localhost:2222
-  - service: http_status:404
-EOF
-
-echo 'Setting up DNS routing for tunnel...'
-./cloudflared tunnel route dns ${tunnel_name} ${tunnel_url}
-
-echo 'Running cloudflare tunnel...'
-./cloudflared tunnel --no-autoupdate --config tunnel_config.yml run 2>&1 | tee cloudflared.log | sed -u 's/^/cloudflared: /' &
-cloudflared_pid=$!
-
-echo ::endgroup::
-
-echo ::notice title=SSH Debug Session Ready::ssh ${tunnel_url}
-
-
-(
-    echo '    '
-    echo '    '
-    echo '🔗 SSH Debug Session Ready!'
-    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
-    echo '    '
-    echo '📋 Infra WG can copy and run this command to connect:'
-    echo '    '
-    echo "ssh ${tunnel_url}"
-    echo '    '
-    echo "⏰ Session expires automatically in ${TIMEOUT} seconds"
-    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
-    echo '    '
-    echo '    '
-) | cat
-
-echo ::group::Starting Background Session
-echo 'Starting SSH session in background...'
-./ssh-session.sh "${sshd_pid}" "${cloudflared_pid}" "${TIMEOUT}" "${tunnel_name}" &
-
-echo 'SSH session is running in background. GitHub Action will continue.'
-echo 'Session will auto-cleanup after timeout or when processes end.'
-echo ::endgroup::

.github/actions/ssh-debug/ssh-session.sh

@@ -1,52 +0,0 @@
-#!/bin/bash
-
-SSHD_PID=$1
-CLOUDFLARED_PID=$2
-SESSION_TIMEOUT=${3:-10000}
-TUNNEL_NAME=$4
-
-cleanup() {
-    # Kill processes.
-    for pid in "$SLEEP_PID" "$SSHD_PID" "$CLOUDFLARED_PID"; do
-        if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
-            kill "$pid" 2>/dev/null || true
-        fi
-    done
-
-    # Clean up tunnel.
-    if [ -n "$TUNNEL_NAME" ]; then
-        cd "$GITHUB_ACTION_PATH"
-        ./cloudflared tunnel delete "$TUNNEL_NAME" 2>/dev/null || {
-            echo "Failed to delete tunnel"
-        }
-    fi
-
-    echo "Session ended at $(date)"
-    exit 0
-}
-
-# Trap signals to ensure cleanup.
-trap cleanup SIGTERM SIGINT SIGQUIT SIGHUP EXIT
-
-# Wait for timeout or until processes die.
-sleep "$SESSION_TIMEOUT" &
-SLEEP_PID=$!
-
-# Monitor processes
-while kill -0 "$SLEEP_PID" 2>/dev/null; do
-    # Check SSH daemon.
-    if ! kill -0 "$SSHD_PID" 2>/dev/null; then
-        echo "SSH daemon died at $(date)"
-        break
-    fi
-
-    # Check cloudflared,
-    if ! kill -0 "$CLOUDFLARED_PID" 2>/dev/null; then
-        echo "Cloudflared died at $(date)"
-        break
-    fi
-
-    sleep 10
-done
-
-cleanup

.github/actions/ssh-debug/sshd_config.template

@@ -1,25 +0,0 @@
-Port 2222
-HostKey $PWD/ssh_host_rsa_key
-PidFile $PWD/sshd.pid
-
-# Connection settings
-ClientAliveInterval 30
-ClientAliveCountMax 10
-MaxStartups 10
-LoginGraceTime 120
-
-# Allow TCP forwarding for tunneling
-AllowTcpForwarding yes
-
-# Try to prevent timeouts
-TCPKeepAlive yes
-
-# Security
-TrustedUserCAKeys /etc/ssh/ca.pub
-PubkeyAuthentication yes
-PasswordAuthentication no
-
-AuthorizedPrincipalsCommand /bin/bash -c "echo '%t %k' | ssh-keygen -L -f - | grep -A1 Principals"
-AuthorizedPrincipalsCommandUser nobody
-
-PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com

.github/config.yml

@@ -2,8 +2,6 @@
 newPRWelcomeComment: |
   💖 Thanks for opening this pull request! 💖
 
-  ### Semantic PR titles
-
   We use [semantic commit messages](https://github.com/electron/electron/blob/main/docs/development/pull-requests.md#commit-message-guidelines) to streamline the release process. Before your pull request can be merged, you should **update your pull request title** to start with a semantic prefix.
 
   Examples of commit messages with semantic prefixes:
@@ -12,13 +10,6 @@ newPRWelcomeComment: |
   - `feat: add app.isPackaged() method`
   - `docs: app.isDefaultProtocolClient is now available on Linux`
 
-  ### Commit signing
-
-  This repo enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) for all incoming PRs.
-  To sign your commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
-  
-  ### PR tips
-
   Things that will help get your PR across the finish line:
 
   - Follow the JavaScript, C++, and Python [coding style](https://github.com/electron/electron/blob/main/docs/development/coding-style.md).

.github/copilot-instructions.md

@@ -1,122 +0,0 @@
-# Copilot Instructions for Electron
-
-## Build System
-
-Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
-
-```bash
-e sync              # Fetch sources and apply patches
-e build             # Build Electron (GN + Ninja)
-e build -k 999      # Build, continuing through errors
-e start             # Run built Electron
-e start --version   # Verify Electron launches
-e test              # Run full test suite
-e debug             # Run in debugger (lldb on macOS, gdb on Linux)
-```
-
-### Linting
-
-```bash
-npm run lint              # Run all linters (JS, C++, Python, GN, docs)
-npm run lint:js           # JavaScript/TypeScript only
-npm run lint:clang-format # C++ formatting only
-npm run lint:cpp          # C++ linting only
-npm run lint:docs         # Documentation only
-```
-
-### Running a Single Test
-
-```bash
-npm run test -- -g "pattern"   # Run tests matching a regex pattern
-# Example: npm run test -- -g "ipc"
-```
-
-### Running a Single Node.js Test
-
-```bash
-node script/node-spec-runner.js parallel/test-crypto-keygen
-```
-
-## Architecture
-
-Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
-
-### Process Model
-
-Electron has two primary process types, mirroring Chromium:
-
-- **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
-- **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
-
-### Native ↔ JavaScript Bridge
-
-Each API is implemented as a C++/JS pair:
-
-- C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
-- JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
-- Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
-- Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
-
-### Patches System
-
-Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
-
-```text
-patches/{target}/*.patch  →  [e sync]   →  target repo commits
-                          ←  [e patches] ←
-```
-
-Key rules:
-
-- Fix existing patches rather than creating new ones
-- Preserve original authorship in TODO comments — never change `TODO(name)` assignees
-- Each patch commit message must explain why the patch exists
-- After modifying patches, run `e patches {target}` to export
-
-When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
-
-## Conventions
-
-### File Naming
-
-- JS/TS files: kebab-case (`file-name.ts`)
-- C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
-- Test files: `api-{module-name}-spec.ts` in `spec/`
-- Source file lists are maintained in `filenames.gni` (with platform-specific sections)
-
-### JavaScript/TypeScript
-
-- Semicolons required (`"semi": ["error", "always"]`)
-- `const` and `let` only (no `var`)
-- Arrow functions preferred
-- Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
-- API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
-- Prefer getters/setters over jQuery-style `.text([text])` patterns
-
-### C++
-
-- Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
-- Uses Chromium abstractions (`base::`, `content::`, etc.)
-- Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
-- Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
-
-### Testing
-
-- Framework: Mocha + Chai + Sinon
-- Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
-- Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
-- Tests import from `electron/main` or `electron/renderer`
-
-### Documentation
-
-- API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
-- API history tracked via YAML blocks in HTML comments within doc files
-- Docs must pass `npm run lint:docs`
-
-### Build Configuration
-
-- `BUILD.gn`: Main GN build config
-- `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
-- `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
-- `DEPS`: Dependency versions and checkout paths
-- `chromium_src/`: Chromium source file overrides (compiled instead of originals)

.github/dependabot.yml

@@ -7,62 +7,3 @@ updates:
     directory: /
     schedule:
       interval: weekly
-    labels:
-      - "no-backport"
-      - "semver/none"
-    target-branch: main
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "no-backport"
-    open-pull-requests-limit: 2
-    target-branch: main
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 33-x-y
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 32-x-y
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 31-x-y
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 30-x-y

.github/problem-matchers/clang.json

@@ -1,18 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "clang",
-      "fromPath": "src/out/Default/args.gn",
-      "pattern": [
-        {
-          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|error):\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "severity": 4,
-          "message": 5
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/eslint-stylish.json

@@ -1,22 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "eslint-stylish",
-      "pattern": [
-        {
-          "regexp": "^\\s*([^\\s].*)$",
-          "file": 1
-        },
-        {
-          "regexp": "^\\s+(\\d+):(\\d+)\\s+(error|warning|info)\\s+(.*)\\s\\s+(.*)$",
-          "line": 1,
-          "column": 2,
-          "severity": 3,
-          "message": 4,
-          "code": 5,
-          "loop": true
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/markdownlint.json

@@ -1,16 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "markdownlint",
-      "pattern": [
-        {
-          "regexp": "^(.+):(\\d+):(\\d+)\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/patch-conflict.json

@@ -1,34 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "merge-conflict",
-      "pattern": [
-        {
-          "regexp": "^CONFLICT\\s\\(\\S+\\): (Merge conflict in \\S+)$",
-          "message": 1
-        }
-      ]
-    },
-    {
-      "owner": "patch-conflict",
-      "pattern": [
-        {
-          "regexp": "^error: (patch failed: (\\S+):(\\d+))$",
-          "message": 1,
-          "file": 2,
-          "line": 3
-        }
-      ]
-    },
-    {
-      "owner": "patch-needs-update",
-      "pattern": [
-        {
-          "regexp": "^((patches\/.*): needs update)$",
-          "message": 1,
-          "file": 2
-        }
-      ]
-    }
-  ]
-}

.github/workflows/apply-patches.yml

@@ -1,73 +0,0 @@
-name: Apply Patches
-
-on:
-  pull_request:
-
-permissions: {}
-
-concurrency:
-  group: apply-patches-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: read
-    outputs:
-      has-patches: ${{ steps.filter.outputs.patches }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.head.sha }}
-    # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
-    # so that the output can be used to conditionally run the apply-patches job, which lets
-    # the job be marked as a required status check (conditional skip counts as a success).
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-      id: filter
-      with:
-        filters: |
-          patches:
-            - DEPS
-            - 'patches/**'
-
-  apply-patches:
-    needs: setup
-    if: ${{ needs.setup.outputs.has-patches == 'true' }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.base.ref }}
-    - name: Merge PR HEAD
-      working-directory: src/electron
-      env:
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        git config user.email "electron@github.com"
-        git config user.name "Electron Bot"
-        git fetch origin refs/pull/${PR_NUMBER}/head
-        git merge --squash FETCH_HEAD
-        git commit -n -m "Squashed commits"
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux

.github/workflows/archaeologist-dig.yml

@@ -1,69 +0,0 @@
-name: Archaeologist
-
-on:
-  pull_request:
-
-permissions: {}
-
-jobs:
-   archaeologist-dig:
-    name: Archaeologist Dig
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js/npm
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
-        with:
-          node-version: 24.12.x
-      - name: Setting Up Dig Site
-        run: |
-          echo "remote: ${{ github.event.pull_request.head.repo.clone_url }}"
-          echo "sha ${{ github.event.pull_request.head.sha }}"
-          echo "base ref ${{ github.event.pull_request.base.ref }}"
-          git clone https://github.com/electron/electron.git electron          
-          cd electron
-          mkdir -p artifacts
-          git remote add fork ${{ github.event.pull_request.head.repo.clone_url }} && git fetch fork
-          git checkout  ${{ github.event.pull_request.head.sha }}
-          git merge-base origin/${{ github.event.pull_request.base.ref }} HEAD > .dig-old
-          echo  ${{ github.event.pull_request.head.sha }} > .dig-new
-          cp .dig-old artifacts
-
-      - name: Generating Types for SHA in .dig-new
-        uses: ./.github/actions/generate-types
-        with:
-          sha-file: .dig-new
-          filename: electron.new.d.ts
-      - name: Generating Types for SHA in .dig-old
-        uses: ./.github/actions/generate-types
-        with:
-          sha-file: .dig-old
-          filename: electron.old.d.ts
-      - name: Upload artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
-        with:
-          name: artifacts
-          path: electron/artifacts
-          include-hidden-files: true
-      - name: Set job output
-        run: |
-          git diff --no-index electron.old.d.ts electron.new.d.ts > patchfile || true
-          if [ -s patchfile ]; then
-            echo "Changes Detected"
-            echo "## Changes Detected" > $GITHUB_STEP_SUMMARY
-            echo "Looks like the \`electron.d.ts\` file changed." >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "\`\`\`\`\`\`diff" >> $GITHUB_STEP_SUMMARY
-            cat patchfile >> $GITHUB_STEP_SUMMARY
-            echo "\`\`\`\`\`\`" >> $GITHUB_STEP_SUMMARY    
-          else
-            echo "No Changes Detected"
-            echo "## No Changes" > $GITHUB_STEP_SUMMARY
-            echo "We couldn't see any changes in the \`electron.d.ts\` artifact" >> $GITHUB_STEP_SUMMARY
-          fi
-        working-directory: ./electron/artifacts

.github/workflows/audit-branch-ci.yml

@@ -1,162 +0,0 @@
-name: Audit CI on Branches
-
-on:
-  workflow_dispatch:
-  schedule:
-    # Run every 2 hours
-    - cron: '0 */2 * * *'
-
-permissions: {}
-
-jobs:
-  audit_branch_ci:
-    name: Audit CI on Branches
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Setup Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
-        with:
-          node-version: 22.17.x
-      - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        id: audit-errors
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const cache = require('@actions/cache');
-            const { ElectronVersions } = require('@electron/fiddle-core');
-
-            const runsWithErrors = [];
-
-            // Only want the most recent workflow run that wasn't skipped or cancelled
-            const isValidWorkflowRun = (run) => !['skipped', 'cancelled'].includes(run.conclusion);
-
-            const versions = await ElectronVersions.create({ ignoreCache: true });
-            const branches = versions.supportedMajors.map((branch) => `${branch}-x-y`);
-
-            for (const branch of ["main", ...branches]) {
-              const latestCheckRuns = new Map();
-              const allCheckRuns = await github.paginate(github.rest.checks.listForRef, {
-                owner: "electron",
-                repo: "electron",
-                ref: branch,
-                status: 'completed',
-              });
-
-              // Sort the check runs by completed_at so that multiple check runs on the
-              // same ref (like a scheduled workflow) only looks at the most recent one
-              for (const checkRun of allCheckRuns.filter(
-                (run) => !['skipped', 'cancelled'].includes(run.conclusion),
-              ).sort((a, b) => new Date(b.completed_at) - new Date(a.completed_at))) {
-                if (!latestCheckRuns.has(checkRun.name)) {
-                  latestCheckRuns.set(checkRun.name, checkRun);
-                }
-              }
-
-              // Check for runs which had error annotations
-              for (const checkRun of Array.from(latestCheckRuns.values())) {
-                if (checkRun.name === "Audit CI on Branches") {
-                  continue; // Skip the audit workflow itself
-                }
-
-                const annotations = (await github.rest.checks.listAnnotations({
-                  owner: "electron",
-                  repo: "electron",
-                  check_run_id: checkRun.id,
-                })).data ?? [];
-
-                if (
-                  annotations.find(
-                    ({ annotation_level, message }) =>
-                      annotation_level === "failure" &&
-                      !message.startsWith("Process completed with exit code") &&
-                      !message.startsWith("Response status code does not indicate success") &&
-                      !message.startsWith("The hosted runner lost communication with the server") &&
-                      !message.startsWith("Dependabot encountered an error performing the update") &&
-                      !/Unable to make request/.test(message) &&
-                      !/The requested URL returned error/.test(message),
-                  )
-                ) {
-                  checkRun.hasErrorAnnotations = true;
-                } else {
-                  continue;
-                }
-
-                // Check if this is a known failure from a previous audit run
-                const cacheKey = `check-run-error-annotations-${checkRun.id}`;
-                const cacheHit =
-                  (await cache.restoreCache(['/dev/null'], cacheKey, undefined, {
-                    lookupOnly: true,
-                  })) !== undefined;
-
-                if (cacheHit) {
-                  checkRun.isStale = true;
-                }
-
-                checkRun.branch = branch;
-                runsWithErrors.push(checkRun);
-  
-                // Create a cache entry (only the name matters) to keep track of
-                // failures we've seen from previous runs to mark them as stale
-                if (!cacheHit) {
-                  await cache.saveCache(['/dev/null'], cacheKey);
-                }
-              }
-            }
-
-            if (runsWithErrors.length > 0) {
-              core.summary.addHeading('⚠️ Runs with Errors');
-              core.summary.addTable([
-                [
-                  { data: 'Branch', header: true },
-                  { data: 'Workflow Run', header: true },
-                  { data: 'Status', header: true },
-                ],
-                ...runsWithErrors
-                  .sort(
-                    (a, b) =>
-                      a.branch.localeCompare(b.branch) ||
-                      a.name.localeCompare(b.name),
-                  )
-                  .map((run) => [
-                    run.branch,
-                    `<a href="${run.html_url}">${run.name}</a>`,
-                    run.isStale
-                      ? '📅 Stale'
-                      : run.hasErrorAnnotations
-                      ? '⚠️ Errors'
-                      : '✅ Succeeded',
-                  ]),
-              ]);
-
-              // Set this as failed so it's easy to scan runs to find failures
-              if (runsWithErrors.find((run) => !run.isStale)) {
-                core.setOutput('errorsFound', true);
-                process.exitCode = 1;
-              }
-            } else {
-              core.summary.addRaw('🎉 No runs with errors');
-            }
-
-            await core.summary.write();
-      - name: Send Slack message if errors
-        if: ${{ always() && steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-        with:
-          payload: |
-            link: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-          webhook: ${{ secrets.CI_ERRORS_SLACK_WEBHOOK_URL }}
-          webhook-type: webhook-trigger

.github/workflows/auto-close-pull-request.yml

@@ -0,0 +1,24 @@
+name: Auto Close Pull Request
+
+on:
+  pull_request_target:
+    paths:
+      - 'yarn.lock'
+      - 'spec/yarn.lock'
+
+permissions: {}
+
+jobs:
+  auto-close-dependency-pull-request:
+    name: Auto close non-maintainer dependency pull request
+    if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.pull_request.author_association) && github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
+    permissions:
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close pull request
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr close $PR_URL --comment 'Hello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of PRs, so this PR will be closed.'

.github/workflows/branch-created.yml

@@ -14,7 +14,7 @@ permissions: {}
 jobs:
   release-branch-created:
     name: Release Branch Created
-    if: ${{ github.repository == 'electron/electron' && (github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller'))) }}
+    if: ${{ github.event_name == 'workflow_dispatch' || (github.event.ref_type == 'branch' && endsWith(github.event.ref, '-x-y') && !startsWith(github.event.ref, 'roller')) }}
     permissions:
       contents: read
       pull-requests: write
@@ -23,13 +23,11 @@ jobs:
     steps:
       - name: Determine Major Version
         id: check-major-version
-        env:
-          BRANCH_NAME: ${{ github.event.inputs.branch-name || github.event.ref }}
         run: |
-          if [[ "$BRANCH_NAME" =~ ^([0-9]+)-x-y$ ]]; then
+          if [[ ${{ github.event.inputs.branch-name || github.event.ref }} =~ ^([0-9]+)-x-y$ ]]; then
             echo "MAJOR=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
           else
-            echo "Not a release branch: $BRANCH_NAME"
+            echo "Not a release branch: ${{ github.event.inputs.branch-name || github.event.ref }}"
           fi
       - name: New Release Branch Tasks
         if: ${{ steps.check-major-version.outputs.MAJOR }}
@@ -68,14 +66,14 @@ jobs:
           done
       - name: Generate GitHub App token
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Generate Release Project Board Metadata
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         id: generate-project-metadata
         with:
           script: |
@@ -94,7 +92,7 @@ jobs:
             }))
       - name: Create Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/copy-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         id: create-release-board
         with:
           drafts: true
@@ -114,15 +112,14 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Find Previous Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/find-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         id: find-prev-release-board
         with:
-          fail-if-project-not-found: false
           title: ${{ steps.generate-project-metadata.outputs.prev-prev-major }}-x-y
           token: ${{ steps.generate-token.outputs.token }}
       - name: Close Previous Release Project Board
-        if: ${{ steps.find-prev-release-board.outputs.number }}
-        uses: dsanders11/project-actions/close-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        if: ${{ steps.check-major-version.outputs.MAJOR }}
+        uses: dsanders11/project-actions/close-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           project-number: ${{ steps.find-prev-release-board.outputs.number }}
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/build-git-cache.yml

@@ -1,85 +0,0 @@
-name: Build Git Cache
-# This workflow updates git cache on the cross-instance cache volumes
-# It runs daily at midnight.
-
-on:  
-  schedule:
-    - cron: "0 0 * * *"
-
-permissions: {}
-
-jobs:
-  build-git-cache-linux:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}      
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: linux
-
-  build-git-cache-windows:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: win
-
-  build-git-cache-macos:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    # This job updates the same git cache as linux, so it needs to run after the linux one.
-    needs: build-git-cache-linux
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: macos

.github/workflows/build.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
         required: true
       skip-macos:
         type: boolean
@@ -18,39 +18,21 @@ on:
         description: 'Skip Linux builds'
         default: false
         required: false
-      skip-windows:
-        type: boolean
-        description: 'Skip Windows builds'
-        default: false
-        required: false
       skip-lint:
         type: boolean
         description: 'Skip lint check'
         default: false
         required: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
   push:
     branches:
       - main
       - '[1-9][0-9]-x-y'
   pull_request:
-
-defaults:
-  run:
-    shell: bash
-
-permissions: {}
-
+      
 jobs:
   setup:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
-      contents: read
       pull-requests: read
     outputs:
         docs: ${{ steps.filter.outputs.docs }}
@@ -58,26 +40,20 @@ jobs:
         build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
         docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.0.2
     - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
       id: filter
       with:
         filters: |
           docs:
             - 'docs/**'
-            - README.md
-            - SECURITY.md
-            - CONTRIBUTING.md
-            - CODE_OF_CONDUCT.md
           src:
             - '!docs/**'
     - name: Set Outputs for Build Image SHA & Docs Only
       id: set-output
       run: |
         if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb" >> "$GITHUB_OUTPUT"
+          echo "build-image-sha=cf814a4d2501e8e843caea071a6b70a48e78b855" >> "$GITHUB_OUTPUT"
         else
           echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
         fi
@@ -88,30 +64,24 @@ jobs:
     needs: setup
     if: ${{ !inputs.skip-lint }}
     uses: ./.github/workflows/pipeline-electron-lint.yml
-    permissions:
-      contents: read
     with:
       container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
     secrets: inherit
 
   # Docs Only Jobs
   docs-only:
-    needs: [setup, checkout-linux]
+    needs: setup
     if: ${{ needs.setup.outputs.docs-only == 'true' }}
     uses: ./.github/workflows/pipeline-electron-docs-only.yml
-    permissions:
-      contents: read
     with:
-      container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
     secrets: inherit
 
   # Checkout Jobs
   checkout-macos:
     needs: setup
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: aks-linux-large
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
@@ -119,29 +89,24 @@ jobs:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     outputs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Checkout & Sync & Save
       uses: ./src/electron/.github/actions/checkout
       with:
         generate-sas-token: 'true'
-        target-platform: macos
 
   checkout-linux:
     needs: setup
-    if: ${{ !inputs.skip-linux}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-linux}}
+    runs-on: aks-linux-large
     container:
       image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
       options: --user root
@@ -149,96 +114,17 @@ jobs:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      DD_API_KEY: ${{ secrets.DD_API_KEY }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-      PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }}
     outputs:
       build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Checkout & Sync & Save
       uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux
-
-  checkout-windows:
-    needs: setup
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
-    outputs:
-      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        generate-sas-token: 'true'
-        target-platform: win
-
-  # GN Check Jobs
-  macos-gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
-    needs: checkout-macos
-    with:
-      target-platform: macos
-      target-archs: x64 arm64
-      check-runs-on: macos-15
-      gn-build-type: testing
-    secrets: inherit
-
-  linux-gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
-    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
-    with:
-      target-platform: linux
-      target-archs: x64 arm arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
-      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      gn-build-type: testing
-    secrets: inherit
-
-  windows-gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
-    needs: checkout-windows
-    with:
-      target-platform: win
-      target-archs: x64 x86 arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
-      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/win-cache:/mnt/win-cache"]}'
-      gn-build-type: testing
-    secrets: inherit
 
   # Build Jobs - These cascade into testing jobs
   macos-x64:
@@ -249,15 +135,14 @@ jobs:
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
-      build-runs-on: macos-15-xlarge
-      test-runs-on: macos-15-large
+      build-runs-on: macos-14-xlarge
+      test-runs-on: macos-13
       target-platform: macos
       target-arch: x64
       is-release: false
       gn-build-type: testing
       generate-symbols: false
       upload-to-storage: '0'
-      enable-ssh: ${{ inputs.enable-ssh || false }}
     secrets: inherit
   
   macos-arm64:
@@ -268,15 +153,14 @@ jobs:
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
-      build-runs-on: macos-15-xlarge
-      test-runs-on: macos-15
+      build-runs-on: macos-14-xlarge
+      test-runs-on: macos-14
       target-platform: macos
       target-arch: arm64
       is-release: false
       gn-build-type: testing
       generate-symbols: false
       upload-to-storage: '0'
-      enable-ssh: ${{ inputs.enable-ssh || false }}
     secrets: inherit
 
   linux-x64:
@@ -284,15 +168,12 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+    uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      clang-tidy-runs-on: electron-arc-centralus-linux-amd64-8core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-medium
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      clang-tidy-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
       target-arch: x64
@@ -309,10 +190,9 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-medium
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
@@ -331,12 +211,11 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-arm64-4core
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-arm-medium
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init --memory=12g","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
       target-platform: linux
       target-arch: arm
       is-release: false
@@ -352,10 +231,9 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: ubuntu-22.04-arm
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-arm-medium
       build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
@@ -365,72 +243,3 @@ jobs:
       generate-symbols: false
       upload-to-storage: '0'
     secrets: inherit
-
-  windows-x64:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-latest
-      target-platform: win
-      target-arch: x64
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-    secrets: inherit
-
-  windows-x86:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-latest
-      target-platform: win
-      target-arch: x86
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-    secrets: inherit
-
-  windows-arm64:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-windows
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-11-arm
-      target-platform: win
-      target-arch: arm64
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-    secrets: inherit
-
-  gha-done:
-    name: GitHub Actions Completed
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, windows-x64, windows-x86, windows-arm64]
-    if: always() && github.repository == 'electron/electron' && !contains(needs.*.result, 'failure')
-    steps: 
-    - name: GitHub Actions Jobs Done
-      run: |
-        echo "All GitHub Actions Jobs are done"

.github/workflows/clean-src-cache.yml

@@ -1,34 +0,0 @@
-name: Clean Source Cache
-
-# Description:
-# This workflow cleans up the source cache on the cross-instance cache volume
-# to free up space. It runs daily at midnight and clears files older than 15 days.
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-
-permissions: {}
-
-jobs:
-  clean-src-cache:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /mnt/win-cache:/mnt/win-cache
-    steps:
-    - name: Cleanup Source Cache
-      shell: bash
-      run: |
-        df -h /mnt/cross-instance-cache
-        find /mnt/cross-instance-cache -type f -mtime +15 -delete
-        df -h /mnt/cross-instance-cache
-        df -h /mnt/win-cache
-        find /mnt/win-cache -type f -mtime +15 -delete
-        df -h /mnt/win-cache

.github/workflows/config/gclient.diff

@@ -0,0 +1,14 @@
+diff --git a/gclient.py b/gclient.py
+index 59e2b4c5197928bdba1ef69bdbe637d7dfe471c1..b4bae5e48c83c84bd867187afaf40eed16e69851 100755
+--- a/gclient.py
++++ b/gclient.py
+@@ -783,7 +783,8 @@ class Dependency(gclient_utils.WorkItem, DependencySettings):
+                         not condition or "non_git_source" not in condition):
+                     continue
+                 cipd_root = self.GetCipdRoot()
+-                for package in dep_value.get('packages', []):
++                packages = dep_value.get('packages', [])
++                for package in (x for x in packages if "infra/3pp/tools/swift-format" not in x.get('package')):
+                     deps_to_add.append(
+                         CipdDependency(parent=self,
+                                        name=name,

.github/workflows/issue-commented.yml

@@ -9,27 +9,18 @@ permissions: {}
 
 jobs:
   issue-commented:
-    name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    name: Remove blocked/need-repro on comment
+    if: ${{ contains(github.event.issue.labels.*.name, 'blocked/need-repro') && !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.comment.author_association) && github.event.comment.user.type != 'Bot' }}
     runs-on: ubuntu-latest
     steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
-          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
       - name: Remove label
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
         env:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
           ISSUE_URL: ${{ github.event.issue.html_url }}
         run: |
-          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
+          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro'

.github/workflows/issue-labeled.yml

@@ -4,51 +4,46 @@ on:
   issues:
     types: [labeled]
 
-permissions: {}
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
 
 jobs:
   issue-labeled-with-status:
     name: status/{confirmed,reviewed} label added
     if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
           field: Status
           field-value: ✅ Triaged
-          fail-if-item-not-found: false
   issue-labeled-blocked:
     name: blocked/* label added
     if: startsWith(github.event.label.name, 'blocked/')
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
           field: Status
           field-value: 🛑 Blocked
-          fail-if-item-not-found: false
   issue-labeled-blocked-need-repro:
     name: blocked/need-repro label added
     if: github.event.label.name == 'blocked/need-repro'
@@ -69,13 +64,13 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
       - name: Create comment
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
         with:
           actions: 'create-comment'
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/issue-opened.yml

@@ -11,16 +11,15 @@ jobs:
   add-to-issue-triage:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/add-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           field: Reporter
           field-value: ${{ github.event.issue.user.login }}
@@ -29,37 +28,24 @@ jobs:
   set-labels:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
-      - name: Sparse checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
+      - run: npm install mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
       - name: Add labels
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        id: add-labels
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           ISSUE_BODY: ${{ github.event.issue.body }}
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const { ElectronVersions } = require('@electron/fiddle-core');
-            const { fromMarkdown } = require('mdast-util-from-markdown');
-            const { select } = require('unist-util-select');
-            const semver = require('semver');
+            const { fromMarkdown } = await import('${{ github.workspace }}/node_modules/mdast-util-from-markdown/index.js');
+            const { select } = await import('${{ github.workspace }}/node_modules/unist-util-select/index.js');
+            const semver = await import('${{ github.workspace }}/node_modules/semver/index.js');
 
             const [ owner, repo ] = '${{ github.repository }}'.split('/');
             const issue_number = ${{ github.event.issue.number }};
@@ -70,65 +56,24 @@ jobs:
 
             const electronVersion = select('heading:has(> text[value="Electron Version"]) + paragraph > text', tree)?.value.trim();
             if (electronVersion !== undefined) {
-              // It's possible for multiple versions to be listed -
-              // for now check for comma or space separated version.
-              const versions = electronVersion.split(/, | /);
-              let hasSupportedVersion = false;
+              const major = semver.parse(electronVersion)?.major;
+              if (major) {
+                const versionLabel = `${major}-x-y`;
+                let labelExists = false;
 
-              for (const version of versions) {
-                const major = semver.coerce(version, { loose: true })?.major;
-                if (major) {
-                  const versionLabel = `${major}-x-y`;
-                  let labelExists = false;
+                try {
+                  await github.rest.issues.getLabel({
+                    owner,
+                    repo,
+                    name: versionLabel,
+                  });
+                  labelExists = true;
+                } catch {}
 
-                  try {
-                    await github.rest.issues.getLabel({
-                      owner,
-                      repo,
-                      name: versionLabel,
-                    });
-                    labelExists = true;
-                  } catch {}
-
-                  const electronVersions = await ElectronVersions.create(undefined, { ignoreCache: true });
-                  const validVersions = [...electronVersions.supportedMajors, ...electronVersions.prereleaseMajors];
-
-                  if (validVersions.includes(major)) {
-                    hasSupportedVersion = true;
-                    if (labelExists) {
-                      labels.push(versionLabel);
-                    }
-                  }
+                if (labelExists) {
+                  labels.push(versionLabel);
                 }
               }
-
-              if (!hasSupportedVersion) {
-                core.setOutput('unsupportedMajor', true);
-                labels.push('blocked/need-info ❌');
-              }
-            }
-
-            const operatingSystems = select('heading:has(> text[value="What operating system(s) are you using?"]) + paragraph > text', tree)?.value.trim().split(', ');
-            const platformLabels = new Set();
-            for (const operatingSystem of (operatingSystems ?? [])) {
-              switch (operatingSystem) {
-                case 'Windows':
-                  platformLabels.add('platform/windows');
-                  break;
-                case 'macOS':
-                  platformLabels.add('platform/macOS');
-                  break;
-                case 'Ubuntu':
-                case 'Other Linux':
-                  platformLabels.add('platform/linux');
-                  break;
-              }
-            }
-
-            if (platformLabels.size === 3) {
-              labels.push('platform/all');
-            } else {
-              labels.push(...platformLabels);
             }
 
             const gistUrl = select('heading:has(> text[value="Testcase Gist URL"]) + paragraph > text', tree)?.value.trim();
@@ -144,17 +89,3 @@ jobs:
                 labels,
               });
             }
-      - name: Create unsupported major comment
-        if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
-        with:
-          actions: 'create-comment'
-          token: ${{ steps.generate-token.outputs.token }}
-          body: |
-            <!-- end-of-life -->
-
-            Hello @${{ github.event.issue.user.login }}. Thanks for reporting this and helping to make Electron better!
-            
-            The version of Electron reported in this issue has reached end-of-life and is [no longer supported](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline). If you're still experiencing this issue on a [supported version](https://www.electronjs.org/releases/stable) of Electron, please update this issue to reflect that version of Electron.
-
-            Now adding the https://github.com/electron/electron/labels/blocked%2Fneed-info%20%E2%9D%8C label for this reason. This issue will be closed in 10 days if the above is not addressed.

.github/workflows/issue-transferred.yml

@@ -1,28 +0,0 @@
-name: Issue Transferred
-
-on:
-  issues:
-    types: [transferred]
-
-permissions: {}
-
-jobs:
-  issue-transferred:
-    name: Issue Transferred
-    runs-on: ubuntu-latest
-    permissions: {}
-    if: ${{ !github.event.changes.new_repository.private }}
-    steps:
-      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-        id: generate-token
-        with:
-          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-          org: electron
-      - name: Remove from issue triage
-        uses: dsanders11/project-actions/delete-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          project-number: 90
-          item: ${{ github.event.changes.new_issue.html_url }}
-          fail-if-item-not-found: false

.github/workflows/issue-unlabeled.yml

@@ -4,15 +4,14 @@ on:
   issues:
     types: [unlabeled]
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   issue-unlabeled-blocked:
     name: All blocked/* labels removed
     if: startsWith(github.event.label.name, 'blocked/') && github.event.issue.state == 'open'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Check for any blocked labels
         id: check-for-blocked-labels
@@ -24,17 +23,16 @@ jobs:
           fi
       - name: Generate GitHub App token
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
           field: Status
           field-value: 📥 Was Blocked
-          fail-if-item-not-found: false

.github/workflows/linux-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -17,14 +17,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-linux:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: aks-linux-large
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -32,11 +27,10 @@ jobs:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
@@ -44,16 +38,11 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
 
   publish-x64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: aks-linux-large
       build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: x64
@@ -64,16 +53,11 @@ jobs:
     secrets: inherit
 
   publish-arm:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: aks-linux-large
       build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm
@@ -84,16 +68,11 @@ jobs:
     secrets: inherit
 
   publish-arm64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: aks-linux-large
       build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm64

.github/workflows/macos-disk-cleanup.yml

@@ -1,105 +0,0 @@
-name: macOS Disk Space Cleanup
-
-# Description:
-# This workflow runs the disk space reclaimer on macOS runners every night
-# and logs disk space metrics to Datadog for monitoring.
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  macos-disk-cleanup:
-    if: github.repository == 'electron/electron'
-    strategy:
-      fail-fast: false
-      matrix:
-        runner:
-          - macos-15
-          - macos-15-large
-          - macos-15-xlarge
-    runs-on: ${{ matrix.runner }}
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          sparse-checkout: |
-            .github/actions/free-space-macos
-          sparse-checkout-cone-mode: false
-
-      - name: Get Disk Space Before Cleanup
-        id: disk-before
-        shell: bash
-        run: |
-          echo "Disk space before cleanup:"
-          df -h /
-          FREE_SPACE_BEFORE=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_BEFORE" >> $GITHUB_OUTPUT
-
-      - name: Free Space on macOS
-        uses: ./.github/actions/free-space-macos
-
-      - name: Get Disk Space After Cleanup
-        id: disk-after
-        shell: bash
-        run: |
-          echo "Disk space after cleanup:"
-          df -h /
-          FREE_SPACE_AFTER=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_AFTER" >> $GITHUB_OUTPUT
-
-      - name: Log Disk Space to Datadog
-        if: ${{ env.DD_API_KEY != '' }}
-        shell: bash
-        env:
-          DD_API_KEY: ${{ secrets.DD_API_KEY }}
-          FREE_BEFORE: ${{ steps.disk-before.outputs.free_kb }}
-          FREE_AFTER: ${{ steps.disk-after.outputs.free_kb }}
-          MATRIX_RUNNER: ${{ matrix.runner }}
-        run: |
-          TIMESTAMP=$(date +%s)
-          FREE_BEFORE_GB=$(echo "scale=2; $FREE_BEFORE / 1024 / 1024" | bc)
-          FREE_AFTER_GB=$(echo "scale=2; $FREE_AFTER / 1024 / 1024" | bc)
-          SPACE_FREED_GB=$(echo "scale=2; ($FREE_AFTER - $FREE_BEFORE) / 1024 / 1024" | bc)
-
-          echo "Free space before: ${FREE_BEFORE_GB}GB"
-          echo "Free space after: ${FREE_AFTER_GB}GB"
-          echo "Space freed: ${SPACE_FREED_GB}GB"
-
-          curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
-            -H "Content-Type: application/json" \
-            -H "DD-API-KEY: ${DD_API_KEY}" \
-            -d @- << EOF
-          {
-            "series": [
-              {
-                "metric": "electron.macos.disk.free_space_before_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_BEFORE_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.free_space_after_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_AFTER_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.space_freed_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${SPACE_FREED_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              }
-            ]
-          }
-          EOF
-
-          echo "Disk space metrics logged to Datadog"

.github/workflows/macos-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
         required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
@@ -18,14 +18,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-macos:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: aks-linux-large
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -33,11 +28,10 @@ jobs:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
@@ -45,82 +39,29 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
       with:
         generate-sas-token: 'true'
-        target-platform: macos
 
-  publish-x64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+  publish-x64:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: x64
-      target-variant: darwin
       is-release: true
       gn-build-type: release
       generate-symbols: true
       upload-to-storage: ${{ inputs.upload-to-storage }}
     secrets: inherit
 
-  publish-x64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+  publish-arm64:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
-      target-platform: macos
-      target-arch: x64
-      target-variant: mas
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-arm64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-macos
-    with:
-      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: arm64
-      target-variant: darwin
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-arm64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-macos
-    with:
-      environment: production-release
-      build-runs-on: macos-15-xlarge
-      target-platform: macos
-      target-arch: arm64
-      target-variant: mas
       is-release: true
       gn-build-type: release
       generate-symbols: true

.github/workflows/non-maintainer-dependency-change.yml

@@ -1,49 +0,0 @@
-name: Check for Disallowed Non-Maintainer Change
-
-on:
-  pull_request_target:
-    paths:
-      - 'yarn.lock'
-      - 'spec/yarn.lock'
-      - '.github/workflows/**'
-      - '.github/actions/**'
-      - '.yarn/**'
-      - '.yarnrc.yml'
-
-permissions: {}
-
-jobs:
-  check-for-non-maintainer-dependency-change:
-    name: Check for disallowed non-maintainer change
-    if: ${{ github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/pulls/${{ github.event.pull_request.number }} --jq '.author_association')
-          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
-      - name: Check for existing review
-        id: check-for-review
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          set -eo pipefail
-          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- disallowed-non-maintainer-change -->")) ] | length')
-          if [[ $REVIEW_COUNT -eq 0 ]]; then
-            echo "SHOULD_REVIEW=1" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Request changes
-        if: ${{ steps.check-for-review.outputs.SHOULD_REVIEW }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-

.github/workflows/package.json

@@ -1,13 +0,0 @@
-{
-  "name": "@electron/gha-workflows",
-  "version": "0.0.0-development",
-  "private": true,
-  "type": "module",
-  "dependencies": {
-    "@actions/cache": "^4.0.3",
-    "@electron/fiddle-core": "^2.0.1",
-    "mdast-util-from-markdown": "^2.0.0",
-    "semver": "^7.7.2",
-    "unist-util-select": "^5.1.0"
-  }
-}

.github/workflows/pipeline-electron-build-and-test-and-nan.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux.'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -55,17 +55,13 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -76,12 +72,18 @@ jobs:
       generate-symbols: ${{ inputs.generate-symbols }}
       upload-to-storage: ${{ inputs.upload-to-storage }}
     secrets: inherit
+  gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    with:
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      check-runs-on: ${{ inputs.build-runs-on }}
+      check-container: ${{ inputs.build-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+      is-asan: ${{ inputs.is-asan }}
+    secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}
@@ -91,8 +93,6 @@ jobs:
     secrets: inherit
   nn-test:
     uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-electron-build-and-test.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -54,23 +54,19 @@ on:
         required: false
         type: boolean
         default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
 
 concurrency:
-  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read  
 
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -80,21 +76,25 @@ jobs:
       gn-build-type: ${{ inputs.gn-build-type }}
       generate-symbols: ${{ inputs.generate-symbols }}
       upload-to-storage: ${{ inputs.upload-to-storage }}
+      is-asan: ${{ inputs.is-asan}}
+    secrets: inherit
+  gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    with:
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      check-runs-on: ${{ inputs.build-runs-on }}
+      check-container: ${{ inputs.build-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
       is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
     secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}
       target-platform: ${{ inputs.target-platform }}
       test-runs-on: ${{ inputs.test-runs-on }}
       test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
+      is-asan: ${{ inputs.is-asan}}
     secrets: inherit

.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml

@@ -1,124 +0,0 @@
-name: Electron Build & Clang Tidy & Test (+ Node + NaN) Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux.'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-
-permissions: {}
-
-concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-    secrets: inherit
-  nn-test:
-    uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-    secrets: inherit

.github/workflows/pipeline-electron-build-and-tidy-and-test.yml

@@ -1,121 +0,0 @@
-name: Electron Build & Clang Tidy & Test Pipeline
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      build-runs-on:
-        type: string
-        description: 'What host to run the build'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      test-runs-on:
-        type: string
-        description: 'What host to run the tests on'
-        required: true
-      build-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information to run clang-tidy on'
-        required: false
-        default: '{"image":null}'
-      test-container:
-        type: string
-        description: 'JSON container information for testing'
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: 'Whether this build job is a release job'
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: 'The gn build type - testing or release'
-        required: true
-        type: string
-        default: testing
-      generate-symbols: 
-        description: 'Whether or not to generate symbols'
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage: 
-        description: 'Whether or not to upload build artifacts to external storage'
-        required: true
-        type: string
-        default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
-
-concurrency:
-  group: electron-build-and-tidy-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-permissions: {}
-
-jobs:
-  build:
-    uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
-    with:
-      build-runs-on: ${{ inputs.build-runs-on }}
-      build-container: ${{ inputs.build-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-      is-release: ${{ inputs.is-release }}
-      gn-build-type: ${{ inputs.gn-build-type }}
-      generate-symbols: ${{ inputs.generate-symbols }}
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-      upload-out-gen-artifacts: true
-    secrets: inherit
-  clang-tidy:
-    uses: ./.github/workflows/pipeline-segment-electron-clang-tidy.yml
-    permissions:
-      contents: read
-    needs: build
-    with:
-      clang-tidy-runs-on: ${{ inputs.clang-tidy-runs-on }}
-      clang-tidy-container: ${{ inputs.clang-tidy-container }}
-      target-platform: ${{ inputs.target-platform }}
-      target-arch: ${{ inputs.target-arch }}
-    secrets: inherit
-  test:
-    uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    needs: build
-    with:
-      target-arch: ${{ inputs.target-arch }}
-      target-platform: ${{ inputs.target-platform }}
-      test-runs-on: ${{ inputs.test-runs-on }}
-      test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
-    secrets: inherit

.github/workflows/pipeline-electron-docs-only.yml

@@ -8,58 +8,36 @@ on:
         description: 'Container to run the docs-only ts compile in'
         type: string
 
-permissions: {}
-
 concurrency:
   group: electron-docs-only-${{ github.ref }}
   cancel-in-progress: true
 
-env:  
-  GCLIENT_EXTRA_ARGS: --custom-var=checkout_arm=True --custom-var=checkout_arm64=True
-
 jobs:
   docs-only:
     name: Docs Only Compile
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: aks-linux-medium
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AKS
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: linux
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Run TS/JS compile
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
-        node script/yarn.js tsc -p tsconfig.default_app.json --noEmit
+        node script/yarn create-typescript-definitions
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
         for f in build/webpack/*.js
         do
             out="${f:29}"
             if [ "$out" != "base.js" ]; then
-            node script/yarn.js webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
             fi
         done

.github/workflows/pipeline-electron-lint.yml

@@ -8,39 +8,31 @@ on:
         description: 'Container to run lint in'
         type: string
 
-permissions: {}
-
 concurrency:
-  group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}  
+  group: electron-lint-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 jobs:
   lint:
     name: Lint
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: aks-linux-medium
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Setup third_party Depot Tools
       shell: bash
       run: |
         # "depot_tools" has to be checkout into "//third_party/depot_tools" so pylint.py can a "pylintrc" file.
-        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
+        git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
         echo "$(pwd)/src/third_party/depot_tools" >> $GITHUB_PATH
     - name: Download GN Binary
       shell: bash
@@ -64,12 +56,7 @@ jobs:
         mkdir -p src/buildtools
         curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
 
-        gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add problem matchers
-      shell: bash
-      run: |
-        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
-        echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
+        gclient runhooks --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
     - name: Run Lint
       shell: bash
       run: |
@@ -80,15 +67,11 @@ jobs:
         # but then we would lint its contents (at least gn format), and it doesn't pass it.
 
         cd src/electron
-        node script/yarn.js install --immutable
-        node script/yarn.js lint
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
     - name: Run Script Typechecker
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js tsc -p tsconfig.script.json
-    - name: Check GHA Workflows
-      shell: bash
-      run: |
-        cd src/electron
-        node script/copy-pipeline-segment-publish.js --check
+        node script/yarn tsc -p tsconfig.script.json
+    

.github/workflows/pipeline-segment-electron-build.yml

@@ -9,16 +9,12 @@ on:
         type: string
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
-        description: 'Arch to build for, can be x64, arm64, ia32 or arm'
+        description: 'Arch to build for, can be x64, arm64 or arm'
         required: true
-      target-variant:
-        type: string
-        description: 'Variant to build for, no effect on non-macOS target platforms. Can be darwin, mas or all.'
-        default: all
       build-runs-on:
         type: string
         description: 'What host to run the build'
@@ -53,84 +49,50 @@ on:
         required: false
         type: boolean
         default: false
-      upload-out-gen-artifacts:
-        description: 'Whether to upload the src/gen artifacts'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
 
-permissions: {}
 
 concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
+  AZURE_AKS_CACHE_STORAGE_ACCOUNT: ${{ secrets.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}
+  AZURE_AKS_CACHE_SHARE_NAME: ${{ secrets.AZURE_AKS_CACHE_SHARE_NAME }}
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  ELECTRON_GITHUB_TOKEN: ${{ secrets.ELECTRON_GITHUB_TOKEN }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  # Only disable this in the Asan build
+  CHECK_DIST_MANIFEST: true
+  IS_GHA_RELEASE: true
   ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
 
 jobs:
   build:
-    defaults:
-      run:
-        shell: bash
     runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.build-container) }}
     environment: ${{ inputs.environment }}
     env:
       TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
     steps:
     - name: Create src dir
-      run: |
-        mkdir src
+      run: mkdir src
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Setup SSH Debugging
-      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
-      uses: ./src/electron/.github/actions/ssh-debug
-      with:
-        tunnel: 'true'
-      env:
-        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - name: Free up space (macOS)
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/free-space-macos
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
       with:
-        node-version: 22.21.x
+        node-version: 20.11.x
         cache: yarn
         cache-dependency-path: src/electron/yarn.lock
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Install AZCopy
       if: ${{ inputs.target-platform == 'macos' }}
       run: brew install azcopy
@@ -149,72 +111,94 @@ jobs:
           GN_EXTRA_ARGS='is_asan=true'
         fi
         echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
-    - name: Install Build Tools
-      uses: ./src/electron/.github/actions/install-build-tools      
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+
+        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        if [ "`uname`" = "Linux" ]; then
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
     - name: Generate DEPS Hash
       run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
-      if: ${{ inputs.target-platform != 'linux' }}
+      if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}
     - name: Restore src cache via AKS
       if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Fix Sync
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/fix-sync
-      with:
-        target-platform: ${{ inputs.target-platform }}
-      env:
-        ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
+    - name: Install Build Tools
+      uses: ./src/electron/.github/actions/install-build-tools
     - name: Init Build Tools
       run: |
-        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --remote-build siso
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --only-sdk
     - name: Run Electron Only Hooks
       run: |
-        e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
+        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
     - name: Regenerate DEPS Hash
       run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
+    - name: Fix Sync (macOS)
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/fix-sync-macos
+    - name: Install build-tools & Setup RBE
+      run: |
+        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform == 'linux' && '300' || '200' }}" >> $GITHUB_ENV
+        cd ~/.electron_build_tools
+        npx yarn --ignore-engines
+        # Pull down credential helper and print status
+        node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
+        HELPER=$(node -p "require('./src/utils/reclient.js').helperPath({})")
+        $HELPER login
+        echo 'RBE_service='`node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"` >> $GITHUB_ENV
+        echo 'RBE_experimental_credentials_helper='`node -e "console.log(require('./src/utils/reclient.js').helperPath({}))"` >> $GITHUB_ENV
+        echo 'RBE_experimental_credentials_helper_args=print' >> $GITHUB_ENV
     - name: Free up space (macOS)
       if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/free-space-macos
     - name: Build Electron
-      if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' || inputs.target-variant == 'darwin') }}
       uses: ./src/electron/.github/actions/build-electron
       with:
         target-arch: ${{ inputs.target-arch }}
         target-platform: ${{ inputs.target-platform }}
-        artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
+        artifact-platform: ${{ inputs.target-platform == 'linux' && 'linux' || 'darwin' }}
         is-release: '${{ inputs.is-release }}'
         generate-symbols: '${{ inputs.generate-symbols }}'
         upload-to-storage: '${{ inputs.upload-to-storage }}'
         is-asan: '${{ inputs.is-asan }}'
-        upload-out-gen-artifacts: '${{ inputs.upload-out-gen-artifacts }}'
     - name: Set GN_EXTRA_ARGS for MAS Build
-      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
+      if: ${{ inputs.target-platform == 'macos' }}
       run: |
         echo "MAS_BUILD=true" >> $GITHUB_ENV
         GN_EXTRA_ARGS='is_mas_build=true'
         echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
     - name: Build Electron (MAS)
-      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
+      if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/build-electron
       with:
         target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-segment-electron-clang-tidy.yml

@@ -1,159 +0,0 @@
-name: Pipeline Segment - Electron Clang-Tidy
-
-on:
-  workflow_call:
-    inputs:
-      target-platform:
-        type: string
-        description: 'Platform to run on, can be macos, win or linux'
-        required: true
-      target-arch:
-        type: string
-        description: 'Arch to build for, can be x64, arm64 or arm'
-        required: true
-      clang-tidy-runs-on:
-        type: string
-        description: 'What host to run clang-tidy on'
-        required: true
-      clang-tidy-container:
-        type: string
-        description: 'JSON container information for aks runs-on'
-        required: false
-        default: '{"image":null}'
-
-permissions: {}
-
-concurrency:
-  group: electron-clang-tidy-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
-  cancel-in-progress: true
-
-env:
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
-  ELECTRON_OUT_DIR: Default
-
-jobs:
-  clang-tidy:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.clang-tidy-runs-on }}
-    permissions:
-      contents: read
-    container: ${{ fromJSON(inputs.clang-tidy-container) }}
-    env:
-      BUILD_TYPE: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-      ARTIFACT_KEY: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}_${{ inputs.target-arch }}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Cleanup disk space on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run: |   
-        sudo mkdir -p $TMPDIR/del-target
-
-        tmpify() {
-          if [ -d "$1" ]; then
-            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
-          fi
-        }   
-        tmpify /Library/Developer/CoreSimulator
-        tmpify ~/Library/Developer/CoreSimulator
-        sudo rm -rf $TMPDIR/del-target
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
-    - name: Install Build Tools
-      uses: ./src/electron/.github/actions/install-build-tools
-    - name: Enable windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
-      run: |
-        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AZCopy
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}      
-    - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: ${{ inputs.target-platform }}
-    - name: Run Electron Only Hooks
-      run: |
-        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
-          echo "target_os=['win']" >> tmpgclient
-        fi
-        e d gclient runhooks --gclientfile=tmpgclient
-
-        # Fix VS Toolchain
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
-          e d python3 src/build/vs_toolchain.py update --force
-        fi
-    - name: Regenerate DEPS Hash
-      run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-    - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-      run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Default GN gen
-      run: |
-        cd src/electron
-        git pack-refs
-    - name: Download Out Gen Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
-      with:
-        name: out_gen_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src/out/${{ env.ELECTRON_OUT_DIR }}/gen
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Run Clang-Tidy
-      run: |
-        e init -f --root=$(pwd) --out=${ELECTRON_OUT_DIR} testing --target-cpu ${TARGET_ARCH}
-
-        export GN_EXTRA_ARGS="target_cpu=\"${TARGET_ARCH}\""
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
-        fi
-
-        e build --only-gen
-
-        cd src/electron
-        node script/yarn.js lint:clang-tidy --jobs 8 --out-dir ../out/${ELECTRON_OUT_DIR}
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
-    - name: Wait for active SSH sessions
-      if: always() && !cancelled()
-      shell: bash
-      run: |
-        while [ -f /var/.ssh-lock ]
-        do
-          sleep 60
-        done

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -5,11 +5,11 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
-      target-archs:
+      target-arch:
         type: string
-        description: 'Archs to check for, can be x64, x86, arm64 or arm space separated'
+        description: 'Arch to build for, can be x64, arm64 or arm'
         required: true
       check-runs-on:
         type: string
@@ -25,140 +25,117 @@ on:
         required: true
         type: string
         default: testing
-
-permissions: {}
+      is-asan: 
+        description: 'Building the Address Sanitizer (ASan) Linux build'
+        required: false
+        type: boolean
+        default: false
 
 concurrency:
-  group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
+  group: electron-gn-check-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
+  AZURE_AKS_CACHE_STORAGE_ACCOUNT: ${{ secrets.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}
+  AZURE_AKS_CACHE_SHARE_NAME: ${{ secrets.AZURE_AKS_CACHE_SHARE_NAME }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
   ELECTRON_OUT_DIR: Default
+  TARGET_ARCH: ${{ inputs.target-arch }}
 
 jobs:
   gn-check:
-    defaults:
-      run:
-        shell: bash
+    # TODO(codebytere): Change this to medium VM
     runs-on: ${{ inputs.check-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.check-container) }}
+    env:
+      TARGET_ARCH: ${{ inputs.target-arch }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Cleanup disk space on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run: |   
-        sudo mkdir -p $TMPDIR/del-target
-
-        tmpify() {
-          if [ -d "$1" ]; then
-            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
-          fi
-        }   
-        tmpify /Library/Developer/CoreSimulator
-        tmpify ~/Library/Developer/CoreSimulator
-        sudo rm -rf $TMPDIR/del-target
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
     - name: Install Build Tools
       uses: ./src/electron/.github/actions/install-build-tools
-    - name: Enable windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
+    - name: Init Build Tools
       run: |
-        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --only-sdk
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+
+        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        if [ "`uname`" = "Linux" ]; then
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Set GN_EXTRA_ARGS for Linux
+      if: ${{ inputs.target-platform == 'linux' }}
+      run: |
+        if [ "${{ inputs.target-arch  }}" = "arm" ]; then
+          GN_EXTRA_ARGS='build_tflite_with_xnnpack=false'
+        elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+          GN_EXTRA_ARGS='fatal_linker_warnings=false enable_linux_installer=false'
+        fi
+        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
     - name: Generate DEPS Hash
       run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
+        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
       if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}      
     - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
+      if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: ${{ inputs.target-platform }}
     - name: Run Electron Only Hooks
       run: |
-        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
-          echo "target_os=['win']" >> tmpgclient
-        fi
-        e d gclient runhooks --gclientfile=tmpgclient
-
-        # Fix VS Toolchain
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
-          e d python3 src/build/vs_toolchain.py update --force
-        fi
+        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
     - name: Regenerate DEPS Hash
       run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
     - name: Default GN gen
       run: |
         cd src/electron
         git pack-refs
-    - name: Run GN Check for ${{ inputs.target-archs }}
+        cd ..
+
+        e build --only-gen
+    - name: Run GN Check
       run: |
-        for target_cpu in ${{ inputs.target-archs }}
-        do
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu
-          cd src
-          export GN_EXTRA_ARGS="target_cpu=\"$target_cpu\""
-          if [ "${{ inputs.target-platform }}" = "linux" ]; then
-            if [ "$target_cpu" = "arm" ]; then
-              export GN_EXTRA_ARGS="$GN_EXTRA_ARGS build_tflite_with_xnnpack=false"
-            elif [ "$target_cpu" = "arm64" ]; then
-              export GN_EXTRA_ARGS="$GN_EXTRA_ARGS fatal_linker_warnings=false enable_linux_installer=false"
-            fi
-          fi
-          if [ "${{ inputs.target-platform }}" = "win" ]; then
-            export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
-          fi
+        cd src
+        gn check out/Default //electron:electron_lib
+        gn check out/Default //electron:electron_app
+        gn check out/Default //electron/shell/common/api:mojo
 
-          e build --only-gen
-
-          e d gn check out/Default //electron:electron_lib
-          e d gn check out/Default //electron:electron_app
-          e d gn check out/Default //electron/shell/common:mojo
-          e d gn check out/Default //electron/shell/common:plugin
-
-          # Check the hunspell filenames
-          node electron/script/gen-hunspell-filenames.js --check
-          node electron/script/gen-libc++-filenames.js --check
-          cd ..
-        done
+        # Check the hunspell filenames
+        node electron/script/gen-hunspell-filenames.js --check
+        node electron/script/gen-libc++-filenames.js --check
     - name: Wait for active SSH sessions
       if: always() && !cancelled()
-      shell: bash
       run: |
         while [ -f /var/.ssh-lock ]
         do

.github/workflows/pipeline-segment-electron-publish.yml

@@ -1,243 +0,0 @@
-# AUTOGENERATED FILE - DO NOT EDIT MANUALLY
-# ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml
-
-name: Pipeline Segment - Electron Build
-on:
-  workflow_call:
-    inputs:
-      environment:
-        description: using the production or testing environment
-        required: false
-        type: string
-      target-platform:
-        type: string
-        description: Platform to run on, can be macos, win or linux
-        required: true
-      target-arch:
-        type: string
-        description: Arch to build for, can be x64, arm64, ia32 or arm
-        required: true
-      target-variant:
-        type: string
-        description: Variant to build for, no effect on non-macOS target platforms. Can
-          be darwin, mas or all.
-        default: all
-      build-runs-on:
-        type: string
-        description: What host to run the build
-        required: true
-      build-container:
-        type: string
-        description: JSON container information for aks runs-on
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: Whether this build job is a release job
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: The gn build type - testing or release
-        required: true
-        type: string
-        default: testing
-      generate-symbols:
-        description: Whether or not to generate symbols
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage:
-        description: Whether or not to upload build artifacts to external storage
-        required: true
-        type: string
-        default: "0"
-      is-asan:
-        description: Building the Address Sanitizer (ASan) Linux build
-        required: false
-        type: boolean
-        default: false
-      upload-out-gen-artifacts:
-        description: Whether to upload the src/gen artifacts
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: Enable SSH debugging
-        required: false
-        type: boolean
-        default: false
-permissions: {}
-concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch
-    }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{
-    github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
-  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
-  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  SUDOWOODO_EXCHANGE_TOKEN: ${{ secrets.SUDOWOODO_EXCHANGE_TOKEN }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
-    '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
-    inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
-    '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
-  ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
-jobs:
-  build:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    container: ${{ fromJSON(inputs.build-container) }}
-    environment: ${{ inputs.environment }}
-    env:
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-    steps:
-      - name: Create src dir
-        run: |
-          mkdir src
-      - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Setup SSH Debugging
-        if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh ||
-          env.ACTIONS_STEP_DEBUG == 'true') }}
-        uses: ./src/electron/.github/actions/ssh-debug
-        with:
-          tunnel: "true"
-        env:
-          CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-          CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-          CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-          AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Check disk space after freeing up space
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: df -h
-      - name: Setup Node.js/npm
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
-        with:
-          node-version: 22.21.x
-          cache: yarn
-          cache-dependency-path: src/electron/yarn.lock
-      - name: Install Dependencies
-        uses: ./src/electron/.github/actions/install-dependencies
-      - name: Install AZCopy
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: brew install azcopy
-      - name: Set GN_EXTRA_ARGS for Linux
-        if: ${{ inputs.target-platform == 'linux' }}
-        run: >
-          if [ "${{ inputs.target-arch  }}" = "arm" ]; then
-            if [ "${{ inputs.is-release  }}" = true ]; then
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
-            else
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
-            fi
-          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
-            GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
-          elif [ "${{ inputs.is-asan }}" = true ]; then
-            GN_EXTRA_ARGS='is_asan=true'
-          fi
-
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Set Chromium Git Cookie
-        uses: ./src/electron/.github/actions/set-chromium-cookie
-      - name: Install Build Tools
-        uses: ./src/electron/.github/actions/install-build-tools
-      - name: Generate DEPS Hash
-        run: |
-          node src/electron/script/generate-deps-hash.js
-          DEPSHASH=v1-src-cache-$(cat src/electron/.depshash)
-          echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-          echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-      - name: Restore src cache via AZCopy
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-azcopy
-        with:
-          target-platform: ${{ inputs.target-platform }}
-      - name: Restore src cache via AKS
-        if: ${{ inputs.target-platform == 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-aks
-      - name: Checkout Electron
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Fix Sync
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/fix-sync
-        with:
-          target-platform: ${{ inputs.target-platform }}
-        env:
-          ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
-      - name: Init Build Tools
-        run: >
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
-          --import ${{ inputs.gn-build-type }} --target-cpu ${{
-          inputs.target-arch }} --remote-build siso
-      - name: Run Electron Only Hooks
-        run: |
-          e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
-      - name: Regenerate DEPS Hash
-        run: >
-          (cd src/electron && git checkout .) && node
-          src/electron/script/generate-deps-hash.js
-
-          echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-      - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-        run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Build Electron
-        if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'darwin') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' ||
-            inputs.target-platform }}
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          is-asan: ${{ inputs.is-asan }}
-          upload-out-gen-artifacts: ${{ inputs.upload-out-gen-artifacts }}
-      - name: Set GN_EXTRA_ARGS for MAS Build
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        run: |
-          echo "MAS_BUILD=true" >> $GITHUB_ENV
-          GN_EXTRA_ARGS='is_mas_build=true'
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Build Electron (MAS)
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: mas
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          step-suffix: (mas)

.github/workflows/pipeline-segment-electron-test.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -25,60 +25,42 @@ on:
         required: false
         type: boolean
         default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
 
 concurrency:
-  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
 
 env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
+  ELECTRON_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
   test:
-    defaults:
-      run:
-        shell: bash
     runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     container: ${{ fromJSON(inputs.test-container) }}
     strategy:
       fail-fast: false
       matrix:
-        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ inputs.target-platform == 'linux' && fromJSON('[1, 2, 3]') || fromJSON('[1, 2]') }}
+        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || fromJSON('["linux"]') }}
+        shard: ${{ inputs.target-platform == 'macos' && fromJSON('[1, 2]') || fromJSON('[1, 2, 3]') }}
     env:
       BUILD_TYPE: ${{ matrix.build-type }}
       TARGET_ARCH: ${{ inputs.target-arch }}
       ARTIFACT_KEY: ${{ matrix.build-type }}_${{ inputs.target-arch }}
     steps:
     - name: Fix node20 on arm32 runners
-      if: ${{ inputs.target-arch == 'arm' && inputs.target-platform == 'linux' }}
+      if: ${{ inputs.target-arch == 'arm' }}
       run: |
         cp $(which node) /mnt/runner-externals/node20/bin/
-        cp $(which node) /mnt/runner-externals/node24/bin/
-    - name: Setup Node.js/npm
-      if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238
-      with:
-        node-version: 22.21.x
     - name: Add TCC permissions on macOS
       if: ${{ inputs.target-platform == 'macos' }}
       run: |
-        epochdate=$(($(date +'%s * 1000 + %-N / 1000000')))
         configure_user_tccdb () {
           local values=$1
           local dbPath="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
@@ -94,17 +76,14 @@ jobs:
         }
 
         userValuesArray=(
+            "'kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
             "'kTCCServiceCamera','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
             "'kTCCServiceBluetoothAlways','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceAppleEvents','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceCamera','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceBluetoothAlways','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceScreenCapture','/bin/bash',1,2,3,1,NULL,NULL,NULL,'UNUSED',NULL,0,$epochdate"
         )
         for values in "${userValuesArray[@]}"; do
           # Sonoma and higher have a few extra values
           # Ref: https://github.com/actions/runner-images/blob/main/images/macos/scripts/build/configure-tccdb-macos.sh
-          if [ "$OSTYPE" = "darwin23" ] || [ "$OSTYPE" = "darwin24" ]; then
+          if [ "$OSTYPE" = "darwin23" ]; then
             configure_user_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
             configure_sys_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
           else
@@ -112,50 +91,28 @@ jobs:
             configure_sys_tccdb "$values"
           fi
         done
-    - name: Turn off the unexpectedly quit dialog on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: defaults write com.apple.CrashReporter DialogType server
-    - name: Set xcode to 16.4
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: sudo xcode-select --switch /Applications/Xcode_16.4.app
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Turn off screenshot nag on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: |
-        defaults write ~/Library/Group\ Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist "/bin/bash" -date "3024-09-23 12:00:00 +0000"
-        src/electron/script/actions/screencapture-nag-remover.sh -a $(which bash)
-        src/electron/script/actions/screencapture-nag-remover.sh -a /opt/hca/hosted-compute-agent
-    - name: Setup SSH Debugging
-      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
-      uses: ./src/electron/.github/actions/ssh-debug
-      with:
-        tunnel: 'true'
-      env:
-        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Get Depot Tools
       timeout-minutes: 5
       run: |
-        git config --global core.filemode false
-        git config --global core.autocrlf false
-        git config --global branch.autosetuprebase always
-        git config --global core.fscache true
-        git config --global core.longpaths true
-        git config --global core.preloadindex true
-        git config --global core.longpaths true
-        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        if [ "`uname`" = "Darwin" ]; then
+          # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+          sed -i '' '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        else
+          sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+          # Remove swift-format dep from cipd on macOS until we send a patch upstream.
+          cd depot_tools
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
         # Ensure depot_tools does not update.
         test -d depot_tools && cd depot_tools
         touch .disable_auto_update
@@ -168,62 +125,47 @@ jobs:
         echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
         echo "IS_ASAN=true" >> $GITHUB_ENV
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: src_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
     - name: Restore Generated Artifacts
       run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist (win)
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        Set-ExecutionPolicy Bypass -Scope Process -Force
-        cd src/out/Default
-        Expand-Archive -Force dist.zip -DestinationPath ./
-    - name: Unzip Dist (unix)
-      if: ${{ inputs.target-platform != 'win' }}
+    - name: Unzip Dist, Mksnapshot & Chromedriver
       run: |
         cd src/out/Default
         unzip -:o dist.zip
-    #- name: Import & Trust Self-Signed Codesigning Cert on MacOS
-    #  if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
-    #  run: |
-    #    sudo security authorizationdb write com.apple.trust-settings.admin allow
-    #    cd src/electron
-    #    ./script/codesign/generate-identity.sh
-
+        unzip -:o chromedriver.zip
+        unzip -:o mksnapshot.zip
+    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
+      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
+      run: |
+        sudo security authorizationdb write com.apple.trust-settings.admin allow
+        cd src/electron
+        ./script/codesign/generate-identity.sh
     - name: Run Electron Tests
       shell: bash
       env:
         MOCHA_REPORTER: mocha-multi-reporters
+        ELECTRON_TEST_RESULTS_DIR: junit
         MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
         ELECTRON_DISABLE_SECURITY_WARNINGS: 1
+        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
         DISPLAY: ':99.0'
-        NPM_CONFIG_MSVS_VERSION: '2022'
       run: |
         cd src/electron
-        export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
         # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'linux' && 3 || 2 }})
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'macos' && 2 || 3 }})
 
         # Run tests
-        if [ "${{ inputs.target-platform }}" != "linux" ]; then
+        if [ "`uname`" = "Darwin" ]; then
           echo "About to start tests"
-          if [ "${{ inputs.target-platform }}" = "win" ]; then
-            if [ "${{ inputs.target-arch }}" = "x86" ]; then
-              export npm_config_arch="ia32"
-            fi
-            if [ "${{ inputs.target-arch }}" = "arm64" ]; then
-              export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
-            fi
-          fi
-          node script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
+          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
         else
           chown :builduser .. && chmod g+w ..
           chown -R :builduser . && chmod -R g+w .
@@ -240,42 +182,15 @@ jobs:
             export MOCHA_TIMEOUT=180000
             echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
             cd electron
-            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
           else
-            if [ "${{ inputs.target-arch }}" = "arm" ]; then
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            else 
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            fi
-            
+            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
           fi
         fi
-    - name: Upload Test results to Datadog
-      env:
-        DD_ENV: ci
-        DD_SERVICE: electron
-        DD_API_KEY: ${{ secrets.DD_API_KEY }}
-        DD_CIVISIBILITY_LOGS_ENABLED: true
-        DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
-      run: |
-        if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
-          cd src/electron
-          export DATADOG_PATH=`node script/yarn.js bin datadog-ci`
-          $DATADOG_PATH junit upload junit/test-results-main.xml
-        fi
-      if: always() && !cancelled()
-    - name: Upload Test Artifacts
-      if: always() && !cancelled()
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
-      with:
-        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
-        path: src/electron/spec/artifacts
-        if-no-files-found: ignore
     - name: Wait for active SSH sessions
       if: always() && !cancelled()
-      shell: bash
       run: |
         while [ -f /var/.ssh-lock ]
         do
           sleep 60
-        done
+        done

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -26,51 +26,57 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
-  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
 
 jobs:
   node-tests:
     name: Run Node.js Tests
-    runs-on: electron-arc-centralus-linux-amd64-8core
-    permissions:
-      contents: read
-    timeout-minutes: 30
+    runs-on: aks-linux-medium-plus
+    timeout-minutes: 20
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
       BUILD_TYPE: linux
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
     - name: Install Build Tools
       uses: ./src/electron/.github/actions/install-build-tools
     - name: Init Build Tools
       run: |
         e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        cd depot_tools
+        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -88,7 +94,6 @@ jobs:
         node electron/script/node-spec-runner.js --default --jUnitDir=junit
     - name: Wait for active SSH sessions
       if: always() && !cancelled()
-      shell: bash
       run: |
         while [ -f /var/.ssh-lock ]
         do
@@ -96,37 +101,46 @@ jobs:
         done
   nan-tests:
     name: Run Nan Tests
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
-    timeout-minutes: 30
+    runs-on: aks-linux-medium
+    timeout-minutes: 20
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
       BUILD_TYPE: linux
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
     - name: Install Build Tools
       uses: ./src/electron/.github/actions/install-build-tools
     - name: Init Build Tools
       run: |
         e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        cd depot_tools
+        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -138,18 +152,11 @@ jobs:
         unzip -:o dist.zip
     - name: Setup Linux for Headless Testing
       run: sh -e /etc/init.d/xvfb start
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Run Nan Tests
+    - name: Run Node.js Tests
       run: |
         cd src
         node electron/script/nan-spec-runner.js
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
     - name: Wait for active SSH sessions
-      shell: bash
       if: always() && !cancelled()
       run: |
         while [ -f /var/.ssh-lock ]

.github/workflows/pull-request-labeled.yml

@@ -11,68 +11,31 @@ jobs:
     name: backport/requested label added
     if: github.event.label.name == 'backport/requested 🗳'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         with:
-          webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
-          webhook-type: webhook-trigger
           payload: |
             {
-              "base_ref": ${{ toJSON(github.event.pull_request.base.ref) }},
-              "title": ${{ toJSON(github.event.pull_request.title) }},
-              "url": ${{ toJSON(github.event.pull_request.html_url) }},
-              "user": ${{ toJSON(github.event.pull_request.user.login) }}
+              "url": "${{ github.event.pull_request.html_url }}"
             }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }}
   pull-request-labeled-deprecation-review-complete:
     name: deprecation-review/complete label added
     if: github.event.label.name == 'deprecation-review/complete ✅'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 94
           field: Status
           field-value: ✅ Reviewed
-  pull-request-labeled-ai-pr:
-    name: ai-pr label added
-    if: github.event.label.name == 'ai-pr'
-    runs-on: ubuntu-latest
-    permissions: {}
-    steps:
-    - name: Generate GitHub App token
-      uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
-      id: generate-token
-      with:
-        creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-    - name: Create comment
-      uses: actions-cool/issues-helper@71b62d7da76e59ff7b193904feb6e77d4dbb2777 # v3.7.6
-      with:
-        actions: 'create-comment'
-        token: ${{ steps.generate-token.outputs.token }}
-        issue-number: ${{ github.event.pull_request.number }}
-        body: |
-          <!-- ai-pr -->
-
-          *AI PR Detected*
-
-          Hello @${{ github.event.pull_request.user.login }}. Due to the high amount of AI spam PRs we receive, if a PR is detected to be majority AI-generated without disclosure and untested, we will automatically close the PR.
-
-          We welcome the use of AI tools, as long as the PR meets our quality standards and has clearly been built and tested. If you believe your PR was closed in error, we welcome you to resubmit. However, please read our [CONTRIBUTING.md](http://contributing.md/) carefully before reopening. Thanks for your contribution.
-    - name: Close the pull request
-      env:
-        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
-        GH_REPO: electron/electron
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        gh pr close "$PR_NUMBER"

.github/workflows/rerun-apply-patches.yml

@@ -1,71 +0,0 @@
-name: Rerun PR Apply Patches
-
-on:
-  push:
-    branches:
-      - main
-      - '[1-9][0-9]-x-y'
-    paths:
-      - 'DEPS'
-      - 'patches/**'
-
-permissions: {}
-
-jobs:
-  rerun-apply-patches:
-    runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      checks: read
-      contents: read
-      pull-requests: read
-    steps:
-      - name: Find PRs and Rerun Apply Patches
-        env:
-          GH_REPO: ${{ github.repository }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          BRANCH="${GITHUB_REF#refs/heads/}"
-
-          # Find all open PRs targeting this branch
-          PRS=$(gh pr list --base "$BRANCH" --state open --limit 250 --json number)
-
-          echo "$PRS" | jq -c '.[]' | while read -r pr; do
-            PR_NUMBER=$(echo "$pr" | jq -r '.number')
-            echo "Processing PR #${PR_NUMBER}"
-
-            # Find the Apply Patches workflow check for this PR
-            CHECK=$(gh pr view "$PR_NUMBER" --json statusCheckRollup --jq '[.statusCheckRollup[] | select(.workflowName == "Apply Patches" and .name == "apply-patches")] | first')
-
-            if [ -z "$CHECK" ] || [ "$CHECK" = "null" ]; then
-              echo "  No Apply Patches workflow found for PR #${PR_NUMBER}"
-              continue
-            fi
-
-            CONCLUSION=$(echo "$CHECK" | jq -r '.conclusion')
-            if [ "$CONCLUSION" = "SKIPPED" ]; then
-              echo "  apply-patches job was skipped for PR #${PR_NUMBER} (no patches)"
-              continue
-            fi
-
-            LINK=$(echo "$CHECK" | jq -r '.detailsUrl')
-
-            # Extract the run ID from the link (format: .../runs/RUN_ID/job/JOB_ID)
-            RUN_ID=$(echo "$LINK" | grep -oE 'runs/[0-9]+' | cut -d'/' -f2)
-
-            if [ -z "$RUN_ID" ]; then
-              echo "  Could not extract run ID from link: ${LINK}"
-              continue
-            fi
-
-            # Check if the workflow is currently in progress
-            RUN_STATUS=$(gh run view "$RUN_ID" --json status --jq '.status')
-
-            if [ "$RUN_STATUS" = "in_progress" ] || [ "$RUN_STATUS" = "queued" ] || [ "$RUN_STATUS" = "waiting" ]; then
-              echo "  Workflow run ${RUN_ID} is ${RUN_STATUS}, cancelling..."
-              gh run cancel "$RUN_ID" --force
-              gh run watch "$RUN_ID"
-            fi
-
-            gh run rerun "$RUN_ID"
-          done

.github/workflows/scorecards.yml

@@ -13,7 +13,6 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecards analysis
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
     permissions:
       # Needed to upload the results to code-scanning dashboard.
@@ -23,13 +22,13 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
       # This is a pre-submit / pre-release.
       - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -43,7 +42,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
@@ -51,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v3.29.5
+        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -7,7 +7,8 @@ on:
       - edited
       - synchronize
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   main:
@@ -18,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: semantic-pull-request
-        uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/stable-prep-items.yml

@@ -10,12 +10,10 @@ permissions: {}
 jobs:
   check-stable-prep-items:
     name: Check Stable Prep Items
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
@@ -29,7 +27,7 @@ jobs:
           PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
           echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
       - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/completed-by@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           field: Prep Status
           field-value: ✅ Complete

.github/workflows/stale.yml

@@ -9,16 +9,14 @@ permissions: {}
 
 jobs:
   stale:
-    if: github.repository == 'electron/electron'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: 90
@@ -29,20 +27,19 @@ jobs:
             This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
           close-issue-message: >
             This issue has been closed due to inactivity, and will not be monitored.  If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
-          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt,upgrade-follow-up,tracking-upstream"
+          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt"
           only-pr-labels: not-a-real-label
   pending-repro:
     runs-on: ubuntu-latest
-    permissions: {}
-    if: ${{ always() && github.repository == 'electron/electron' }}
+    if: ${{ always() }}
     needs: stale
     steps:
       - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@e14e47722ed120360649d0789e25b9baece12725 # v2.0.0
+        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: -1

.github/workflows/update-website-docs.yml

@@ -1,39 +0,0 @@
-name: Update Website Docs
-
-on:
-  release:
-    types: [published]
-
-permissions: {}
-
-jobs:
-  update-website-docs:
-    name: Update Website Docs
-    runs-on: ubuntu-latest
-    environment: website-docs-updater
-    permissions:
-      contents: read
-      id-token: write # needed for secret-service-action
-    steps:
-      - name: Get GitHub App token
-        id: secret-service
-        uses: electron/secret-service-action@3476425e8b30555aac15b1b7096938e254b0e155 # v1.0.0
-      - name: Check if this release is the latest
-        id: check-if-latest-release
-        env:
-          GH_REPO: electron/electron
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          LATEST_RELEASE_TAG="$(gh release view --json tagName --jq '.tagName')"
-          if [ "$LATEST_RELEASE_TAG" = "${GITHUB_REF#refs/tags/}" ]; then
-            echo "isLatestRelease=true" >> $GITHUB_OUTPUT
-          else
-            echo "isLatestRelease=false" >> $GITHUB_OUTPUT
-          fi
-      - name: Trigger website docs update
-        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease }}
-        env:
-          GH_REPO: electron/website
-          GH_TOKEN: ${{ fromJSON(steps.secret-service.outputs.secrets).WEBSITE_DOCS_UPDATER_APP_TOKEN }}
-        run: |
-          gh workflow run update-docs.yml -f sha=$GITHUB_SHA

.github/workflows/update_appveyor_image.yml

@@ -0,0 +1,73 @@
+name: Update AppVeyor Image
+
+# Run chron daily Mon-Fri
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 8 * * 1-5' # runs 8:00 every business day (see https://crontab.guru)
+
+permissions: {}
+
+jobs:
+  bake-appveyor-image:
+    name: Bake AppVeyor Image
+    runs-on: ubuntu-latest
+    steps:
+    - name: Generate GitHub App token
+      uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
+      id: generate-token
+      with:
+        creds: ${{ secrets.APPVEYOR_UPDATER_GH_APP_CREDS }}
+    - name: Checkout
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        fetch-depth: 0
+        token: ${{ steps.generate-token.outputs.token }}
+    - name: Yarn install
+      run: |
+        node script/yarn.js install --frozen-lockfile
+    - name: Set Repo for Commit
+      run: git config --global --add safe.directory $GITHUB_WORKSPACE
+    - name: Check AppVeyor Image
+      env:
+        APPVEYOR_TOKEN: ${{ secrets.APPVEYOR_TOKEN }}
+      run: |
+        node ./script/prepare-appveyor
+        if [ -f ./image_version.txt ]; then
+          echo "APPVEYOR_IMAGE_VERSION="$(cat image_version.txt)"" >> $GITHUB_ENV
+          rm image_version.txt
+        fi
+    - name: (Optionally) Update Appveyor Image
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      uses: mikefarah/yq@f15500b20a1c991c8729870ba60a4dc3524b6a94 # v4.44.2
+      with:
+        cmd: |
+          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor.yml" > "appveyor2.yml"
+          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor-woa.yml" > "appveyor-woa2.yml"
+    - name: (Optionally) Generate Commit Diff
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        diff -w -B appveyor.yml appveyor2.yml > appveyor.diff || true
+        patch -f appveyor.yml < appveyor.diff
+        rm appveyor2.yml appveyor.diff
+        git add appveyor.yml
+    - name: (Optionally) Generate Commit Diff for WOA
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        diff -w -B appveyor-woa.yml appveyor-woa2.yml > appveyor-woa.diff || true
+        patch -f appveyor-woa.yml < appveyor-woa.diff
+        rm appveyor-woa2.yml appveyor-woa.diff
+        git add appveyor-woa.yml
+    - name: (Optionally) Commit to Branch
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      uses: dsanders11/github-app-commit-action@48d2ff8c1a855eb15d16afa97ae12616456d7cbc # v1.4.0
+      with:
+        message: 'build: update appveyor image to latest version'
+        ref: bump-appveyor-image
+        token: ${{ steps.generate-token.outputs.token }}
+    - name: (Optionally) Create Pull Request
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        printf "This PR updates appveyor.yml to the latest baked image, ${{ env.APPVEYOR_IMAGE_VERSION }}.\n\nNotes: none" | gh pr create --head bump-appveyor-image --label no-backport --label semver/none --title 'build: update appveyor image to latest version' --body-file=-
+      env:
+        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

.github/workflows/windows-publish.yml

@@ -1,109 +0,0 @@
-name: Publish Windows
-
-on:
-  workflow_dispatch:
-    inputs:
-      build-image-sha:
-        type: string
-        description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
-        required: true
-      upload-to-storage:
-        description: 'Uploads to Azure storage'
-        required: false
-        default: '1'
-        type: string
-      run-windows-publish:
-        description: 'Run the publish jobs vs just the build jobs'
-        type: boolean
-        default: false
-
-permissions: {}
-
-jobs:
-  checkout-windows:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
-    outputs:
-      build-image-sha: ${{ inputs.build-image-sha }}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        generate-sas-token: 'true'
-        target-platform: win
-
-  publish-x64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-windows
-    with:
-      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      target-platform: win
-      target-arch: x64
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-arm64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-windows
-    with:
-      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      target-platform: win
-      target-arch: arm64
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-x86-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-windows
-    with:
-      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      target-platform: win
-      target-arch: x86
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit

.gitignore

@@ -48,10 +48,9 @@ ts-gen
 
 # Used to accelerate CI builds
 .depshash
+.depshash-target
 
 # Used to accelerate builds after sync
 patches/mtime-cache.json
 
 spec/fixtures/logo.png
-
-.yarn/install-state.gz

.husky/pre-commit

@@ -1 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
 npm run precommit

.husky/pre-push

@@ -1 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
 npm run prepack

.markdownlint-cli2.jsonc

@@ -1,14 +1,10 @@
 {
   "config": {
     "extends": "@electron/lint-roller/configs/markdownlint.json",
-    "descriptive-link-text": false,
     "link-image-style": {
       "autolink": false,
       "shortcut": false
     },
-    "MD049": {
-      "style": "underscore"
-    },
     "no-angle-brackets": true,
     "no-curly-braces": true,
     "no-inline-html": {
@@ -21,14 +17,12 @@
         "ul",
         "unknown",
         "Tabs",
-        "TabItem",
-        "DocCardList",
-        "kbd"
+        "TabItem"
       ]
     },
     "no-newline-in-links": true
   },
   "customRules": [
-    "./node_modules/@electron/lint-roller/markdownlint-rules/index.mjs"
+    "@electron/lint-roller/markdownlint-rules/"
   ]
 }

.nvmrc

@@ -1 +1 @@
-22
+16

.yarnrc.yml

@@ -1,12 +0,0 @@
-enableScripts: false
-
-nmHoistingLimits: workspaces
-
-nodeLinker: node-modules
-
-npmMinimalAgeGate: 10080
-
-npmPreapprovedPackages:
-  - "@electron/*"
-
-yarnPath: .yarn/releases/yarn-4.12.0.cjs