chore: re-add nan patch (attempt 2)

Refs https://chromium-review.googlesource.com/c/chromium/src/+/5569748
Refs https://issues.chromium.org/issues/344606399

.circleci/.gitignore

@@ -0,0 +1 @@
+config-staging

.circleci/config.yml

@@ -0,0 +1,79 @@
+version: 2.1
+
+# Required for dynamic configuration
+setup: true
+
+# Orbs
+orbs:
+  path-filtering: circleci/path-filtering@0.1.0
+  continuation: circleci/continuation@0.2.0
+
+# All input parameters to pass to build config
+parameters:
+  run-docs-only:
+    type: boolean
+    default: false
+
+  upload-to-storage:
+    type: string
+    default: '1'
+
+  run-build-linux:
+    type: boolean
+    default: false
+
+  run-build-mac:
+    type: boolean
+    default: false
+
+  run-linux-publish:
+    type: boolean
+    default: false
+
+  linux-publish-arch-limit:
+    type: enum
+    default: all
+    enum: ["all", "arm", "arm64", "x64", "ia32"]
+
+  run-macos-publish:
+    type: boolean
+    default: false
+
+  macos-publish-arch-limit:
+    type: enum
+    default: all
+    enum: ["all", "osx-x64", "osx-arm64", "mas-x64", "mas-arm64"]
+
+jobs:
+  generate-config:
+    docker:
+      - image: cimg/node:16.14
+    steps:
+      - checkout
+      - path-filtering/set-parameters:
+          base-revision: main
+          mapping: |
+            ^((?!docs/).)*$ run-build-mac true
+            ^((?!docs/).)*$ run-build-linux true
+            docs/.* run-docs-only true
+            ^((?!docs/).)*$ run-docs-only false
+      - run:
+          command: |
+            cd .circleci/config
+            yarn
+            export CIRCLECI_BINARY="$HOME/circleci"
+            curl -fLSs https://raw.githubusercontent.com/CircleCI-Public/circleci-cli/main/install.sh | DESTDIR=$CIRCLECI_BINARY bash
+            node build.js
+          name: Pack config.yml
+      - run:
+          name: Set params
+          command: node .circleci/config/params.js
+      - continuation/continue:
+          configuration_path: .circleci/config-staging/built.yml
+          parameters: /tmp/pipeline-parameters.json
+
+# Initial setup workflow
+workflows:
+  setup:
+    jobs:
+      - generate-config

.circleci/config/build.js

@@ -0,0 +1,34 @@
+const cp = require('child_process');
+const fs = require('fs-extra');
+const path = require('path');
+const yaml = require('js-yaml');
+
+const STAGING_DIR = path.resolve(__dirname, '..', 'config-staging');
+
+function copyAndExpand(dir = './') {
+    const absDir = path.resolve(__dirname, dir);
+    const targetDir = path.resolve(STAGING_DIR, dir);
+
+    if (!fs.existsSync(targetDir)) {
+        fs.mkdirSync(targetDir);
+    }
+
+    for (const file of fs.readdirSync(absDir)) {
+        if (!file.endsWith('.yml')) {
+            if (fs.statSync(path.resolve(absDir, file)).isDirectory()) {
+                copyAndExpand(path.join(dir, file));
+            }
+            continue;
+        }
+
+        fs.writeFileSync(path.resolve(targetDir, file), yaml.dump(yaml.load(fs.readFileSync(path.resolve(absDir, file), 'utf8')), {
+            noRefs: true,
+        }));
+    }
+}
+
+if (fs.pathExists(STAGING_DIR)) fs.removeSync(STAGING_DIR);
+copyAndExpand();
+
+const output = cp.spawnSync(process.env.CIRCLECI_BINARY || 'circleci', ['config', 'pack', STAGING_DIR]);
+fs.writeFileSync(path.resolve(STAGING_DIR, 'built.yml'), output.stdout.toString());

.circleci/config/jobs/lint.yml

@@ -0,0 +1,51 @@
+executor:
+  name: linux-docker
+  size: medium
+steps:
+  - checkout:
+      path: src/electron
+  - run:
+      name: Setup third_party Depot Tools
+      command: |
+        # "depot_tools" has to be checkout into "//third_party/depot_tools" so pylint.py can a "pylintrc" file.
+        git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
+        echo 'export PATH="$PATH:'"$PWD"'/src/third_party/depot_tools"' >> $BASH_ENV
+  - run:
+      name: Download GN Binary
+      command: |
+        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
+
+        cipd ensure -ensure-file - -root . \<<-CIPD
+        \$ServiceURL https://chrome-infra-packages.appspot.com/
+        @Subdir src/buildtools/linux64
+        gn/gn/linux-amd64 $gn_version
+        CIPD
+
+        echo 'export CHROMIUM_BUILDTOOLS_PATH="'"$PWD"'/src/buildtools"' >> $BASH_ENV
+  - run:
+      name: Download clang-format Binary
+      command: |
+        chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
+
+        mkdir -p src/buildtools
+        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
+
+        gclient runhooks --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
+  - run:
+      name: Run Lint
+      command: |
+        # gn.py tries to find a gclient root folder starting from the current dir.
+        # When it fails and returns "None" path, the whole script fails. Let's "fix" it.
+        touch .gclient
+        # Another option would be to checkout "buildtools" inside the Electron checkout,
+        # but then we would lint its contents (at least gn format), and it doesn't pass it.
+
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
+  - run:
+      name: Run Script Typechecker
+      command: |
+        cd src/electron
+        node script/yarn tsc -p tsconfig.script.json

.circleci/config/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "@electron/circleci-config",
+  "version": "0.0.0",
+  "private": true,
+  "license": "MIT",
+  "dependencies": {
+    "fs-extra": "^10.1.0",
+    "js-yaml": "^4.1.0"
+  }
+}

.circleci/config/params.js

@@ -0,0 +1,12 @@
+const fs = require('fs');
+
+const PARAMS_PATH = '/tmp/pipeline-parameters.json';
+
+const content = JSON.parse(fs.readFileSync(PARAMS_PATH, 'utf-8'));
+
+// Choose resource class for linux hosts
+const currentBranch = process.env.CIRCLE_BRANCH || '';
+content['large-linux-executor'] = /^pull\/[0-9-]+$/.test(currentBranch) ? '2xlarge' : 'electronjs/aks-linux-large';
+content['medium-linux-executor'] = /^pull\/[0-9-]+$/.test(currentBranch) ? 'medium' : 'electronjs/aks-linux-medium';
+
+fs.writeFileSync(PARAMS_PATH, JSON.stringify(content));

.circleci/config/yarn.lock

@@ -0,0 +1,43 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+# yarn lockfile v1
+
+
+argparse@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38"
+  integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==
+
+fs-extra@^10.1.0:
+  version "10.1.0"
+  resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-10.1.0.tgz#02873cfbc4084dde127eaa5f9905eef2325d1abf"
+  integrity sha512-oRXApq54ETRj4eMiFzGnHWGy+zo5raudjuxN0b8H7s/RU2oW0Wvsx9O0ACRN/kRq9E8Vu/ReskGB5o3ji+FzHQ==
+  dependencies:
+    graceful-fs "^4.2.0"
+    jsonfile "^6.0.1"
+    universalify "^2.0.0"
+
+graceful-fs@^4.1.6, graceful-fs@^4.2.0:
+  version "4.2.10"
+  resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c"
+  integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==
+
+js-yaml@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
+  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
+  dependencies:
+    argparse "^2.0.1"
+
+jsonfile@^6.0.1:
+  version "6.1.0"
+  resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae"
+  integrity sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==
+  dependencies:
+    universalify "^2.0.0"
+  optionalDependencies:
+    graceful-fs "^4.1.6"
+
+universalify@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.0.tgz#75a4984efedc4b08975c5aeb73f530d02df25717"
+  integrity sha512-hAZsKq7Yy11Zu1DE0OzWjw7nnLZmJZYTDZZyEFHZdUhV8FkH5MCfoU1XMaxXovpyW5nq5scPqq0ZDP9Zyl04oQ==

.circleci/fix-known-hosts.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+
+mkdir -p ~/.ssh
+echo "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=" >> ~/.ssh/known_hosts

.claude/.gitignore

@@ -1 +0,0 @@
-settings.local.json

.claude/settings.json

@@ -1,25 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(e sync)",
-      "Bash(e patches --list-targets:*)",
-      "Bash(git add:*)",
-      "Bash(git am:*)",
-      "Bash(git commit:*)",
-      "Bash(git log:*)",
-      "Bash(git show:*)",
-      "Bash(e patches:*)",
-      "Bash(e sync:*)",
-      "Skill(electron-chromium-upgrade)",
-      "Skill(electron-node-upgrade)",
-      "Read(*)",
-      "Bash(echo:*)",
-      "Bash(e build:*)",
-      "Bash(tee:*)",
-      "Bash(git diff:*)",
-      "Bash(git rev-parse:*)"
-    ],
-    "deny": [],
-    "ask": []
-  }
-}

.claude/skills/electron-chromium-upgrade/SKILL.md

@@ -1,199 +0,0 @@
----
-name: electron-chromium-upgrade
-description: Guide for performing Chromium version upgrades in the Electron project. Use when working on the roller/chromium/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Chromium changes, and proper commit formatting for patch fixes.
----
-
-# Electron Chromium Upgrade: Phase One
-
-## Summary
-
-Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then run `e patches all` and commit changes atomically.
-
-## Success Criteria
-
-Phase One is complete when:
-- `e sync --3` exits with code 0 (no patch failures)
-- `e patches all` has been run to export all changes
-- All changes are committed per the commit guidelines below
-
-Do not stop until these criteria are met.
-
-**CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
-
-## Context
-
-The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `..` (parent): Chromium repo (where most patches apply)
-- `patches/`: Patch files organized by target
-- `docs/development/patches.md`: Patch system documentation
-
-## Workflow
-
-1. Delete the `.git/rr-cache` in both the `electron` and `..` folder to ensure no accidental rerere replays occur from before this upgrade phase attempt started
-2. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
-3. If succeeds → skip to step 6
-4. If patch fails:
-   - Identify target repo and patch from error output
-   - Analyze failure (see references/patch-analysis.md)
-   - Fix conflict in target repo's working directory
-   - Run `git am --continue` in affected repo
-   - Repeat until all patches for that repo apply
-   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches {target}` to export fixes
-   - Return to step 1
-5. When `e sync --3` succeeds, run `e patches all`
-6. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-
-Before committing any Phase One changes, you MUST read `references/phase-one-commit-guidelines.md` and follow its instructions exactly.
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e sync --3` | Clone deps and apply patches with 3-way merge |
-| `git am --continue` | Continue after resolving conflict (run in target repo) |
-| `e patches {target}` | Export commits from target repo to patch files |
-| `e patches all` | Export all patches from all targets |
-| `e patches --list-targets` | List targets and config paths |
-
-## Patch System Mental Model
-
-```
-patches/{target}/*.patch  →  [e sync --3]  →  target repo commits
-                          ←  [e patches]   ←
-```
-
-## When to Edit Patches
-
-| Situation | Action |
-|-----------|--------|
-| During active `git am` conflict | Fix in target repo, then `git am --continue` |
-| Modifying patch outside conflict | Edit `.patch` file directly |
-| Creating new patch (rare, avoid) | Commit in target repo, then `e patches {target}` |
-
-Fix existing patches 99% of the time rather than creating new ones.
-
-## Patch Fixing Rules
-
-1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
-2. **Never change TODO assignees**: `TODO(name)` must retain original name
-3. **Update descriptions**: If upstream changed (e.g., `DCHECK` → `CHECK_IS_TEST`), update patch commit message to reflect current state
-
-## Final Deliverable
-
-After Phase One, write a summary of every change: what was fixed, why, reasoning, and Chromium CL links.
-
-# Electron Chromium Upgrade: Phase Two
-
-## Summary
-
-Run `e build -k 999` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
-
-Run Phase Two immediately after Phase One is complete.
-
-## Success Criteria
-
-Phase Two is complete when:
-- `e build -k 999` exits with code 0 (no build failures)
-- `e start --version` has been run to check Electron launches
-- All changes are committed per the commit guidelines below
-
-Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
-
-## Context
-
-The `roller/chromium/main` branch is created by automation to update Electron's Chromium dependency SHA. No work has been done to handle breaking changes between the old and new versions. Chromium APIs frequently are renamed or refactored. In every case the code in Electron must be updated to account for the change in Chromium, strongly avoid making changes to the code in chromium to fix Electrons build.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `..` (parent): Chromium repo (do not touch this code to fix build issues, just read it to obtain context)
-
-## Workflow
-
-1. Run `e build -k 999` (the `-k 999` flag is a flag to ninja to say "do not stop until you find that many errors" it is an attempt to get as much error
-  context as possible for each time we run build)
-2. If succeeds → skip to step 6
-3. If build fails:
-    - Identify underlying file in "electron" from the compilation error message
-    - Analyze failure
-    - Fix build issue by adapting Electron's code for the change in Chromium
-    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
-        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/chromium_src/chrome/process_singleton_posix.o" CXX obj/electron/chromium_src/chrome/process_singleton_posix.o` the target name is `obj/electron/chromium_src/chrome/process_singleton_posix.o`
-    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-    - Return to step 1
-4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
-    - Look for other modified `.patch` files that only have index/hunk header changes
-    - These are dependent patches affected by your fix
-    - Commit them immediately with: `git commit -am "chore: update patch hunk headers"`
-    - This prevents losing track of necessary updates
-5. Return to step 1
-6. When `e build` succeeds, run `e start --version`
-7. Check if you have any pending changes in the Chromium repo by running `git status`
-    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
-
-Before committing any Phase Two changes, you MUST read `references/phase-two-commit-guidelines.md` and follow its instructions exactly.
-
-## Build Error Detection
-
-When monitoring `e build -k 999` output, filter for errors using this regex pattern:
-error:|FAILED:|fatal:|subcommand failed|build finished
-
-The build output is extremely verbose. Filtering is essential to catch errors quickly.
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e build -k 999` | Builds Electron and won't stop until either all targets attempted or 999 errors found |
-| `e build -t {target}.o` | Build just one specific target to verify a fix |
-| `e start --version` | Validate Electron launches after successful build |
-
-## Two Types of Build Fixes
-
-### A. Patch Fixes (for files in chromium_src or patched Chromium files)
-
-When the error is in a file that Electron patches (check with `grep -l "filename" patches/chromium/*.patch`):
-
-1. Edit the file in the Chromium source tree (e.g., `/src/chrome/browser/...`)
-2. Create a fixup commit targeting the original patch commit:
-    ```bash
-    cd ..  # to chromium repo
-    git add <modified-file>
-    git commit --fixup=<original-patch-commit-hash>
-    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-3. Export the updated patch: e patches chromium
-4. Commit the updated patch file in the electron repo following the `references/phase-one-commit-guidelines.md`, then commit changes following those instructions exactly. **READ THESE GUIDELINES BEFORE COMMITTING THESE CHANGES**
-
-To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
-
-The base commit for rebase is the Chromium commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
-
-B. Electron Code Fixes (for files in shell/, electron/, etc.)
-
-When the error is in Electron's own source code:
-
-1. Edit files directly in the electron repo
-2. Commit directly (no patch export needed)
-
-Dependent Patch Updates
-
-IMPORTANT: When you modify a patch, other patches that apply to the same file may have their hunk headers invalidated. After committing a patch fix:
-
-1. Run git status in the electron repo
-2. Look for other modified .patch files with just index/hunk header changes
-3. Commit these with: git commit -m "chore: update patch hunk headers"
-
-# Critical: Read Before Committing
-
-- Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
-- Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
-
-# Skill Directory Structure
-This skill has additional reference files in `references/`:
-- patch-analysis.md - How to analyze patch failures
-- phase-one-commit-guidelines.md - Commit format for Phase One
-- phase-two-commit-guidelines.md - Commit format for Phase Two
-
-Read these when referenced in the workflow steps.

.claude/skills/electron-chromium-upgrade/references/patch-analysis.md

@@ -1,69 +0,0 @@
-# Analyzing Patch Failures
-
-## Investigation Steps
-
-1. **Read the patch file** at `patches/{target}/{patch_name}.patch`
-
-2. **Examine current state** of the file in Chromium at mentioned line numbers
-
-3. **Check recent upstream changes:**
-   ```bash
-   cd ..  # or relevant target repo
-   git log --oneline -10 -- {file}
-   ```
-
-4. **Find Chromium CL** in commit messages:
-   ```
-   Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/{CL_NUMBER}
-   ```
-
-## Common Failure Patterns
-
-| Pattern | Cause | Solution |
-|---------|-------|----------|
-| Context lines don't match | Surrounding code changed | Update context in patch |
-| File not found | File renamed/moved | Update patch target path |
-| Function not found | Refactored upstream | Find new function name |
-| `DCHECK` → `CHECK_IS_TEST` | Macro change | Update to new macro |
-| Deleted code | Feature removed | Verify patch still needed |
-
-## Using Git Blame
-
-To find the CL that changed specific lines:
-
-```bash
-cd ..
-git blame -L {start},{end} -- {file}
-git log -1 {commit_sha}  # Look for Reviewed-on: line
-```
-
-## Verifying Patch Necessity
-
-Before deleting a patch, verify:
-1. The patched functionality was intentionally removed upstream
-2. Electron doesn't need the patch for other reasons
-3. No other code depends on the patched behavior
-
-When in doubt, keep the patch and adapt it.
-
-## Phase Two: Build-Time Patch Issues
-
-Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
-
-1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
-2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
-
-### Finding Which Patch Affects a File
-
-```bash
-grep -l "filename.cc" patches/chromium/*.patch
-```
-
-Matching Existing Patch Patterns
-
-When fixing build errors in patched files, examine the existing patch to understand its style:
-- Does it use #if 0 / #endif guards?
-- Does it use #if BUILDFLAG(...) conditionals?
-- What's the pattern for disabled functionality?
-
-Apply fixes consistent with the existing patch style.

.claude/skills/electron-chromium-upgrade/references/phase-one-commit-guidelines.md

@@ -1,52 +0,0 @@
-# Phase One Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Atomic Commits
-
-For each fix made to a patch, create a separate commit:
-
-```
-fix(patch-conflict): {concise title}
-
-{Brief explanation, 1-2 paragraphs max}
-
-Ref: {Chromium CL link}
-```
-
-IMPORTANT: Ensure that any changes made to patch content as a result of a change in Chromium is committed individually. Each change should have it's own commit message and it's own REF.
-
-IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
-
-## Finding CL References
-
-Use `git log` or `git blame` on Chromium source files. Look for:
-
-```
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-```
-
-If no CL found after searching: `Ref: Unable to locate CL`
-
-## Final Cleanup
-
-After all fix commits, stage remaining changes:
-
-```bash
-git add patches
-git commit -m "chore: update patch hunk headers"
-```
-
-## Example Commit
-
-```
-fix(patch-conflict): update web_contents_impl.cc context for navigation refactor
-
-The upstream navigation code was refactored to use NavigationRequest directly
-instead of going through NavigationController. Updated surrounding context
-to match new code structure.
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/1234567
-```

.claude/skills/electron-chromium-upgrade/references/phase-two-commit-guidelines.md

@@ -1,82 +0,0 @@
-# Phase Two Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Two Commit Types
-
-### For Electron Source Changes (shell/, electron/, etc.)
-
-```
-{CL-Number}: {concise description of API change}
-
-{Brief explanation of what upstream changed and how Electron was adapted}
-
-Ref: {Chromium CL link}
-```
-
-IMPORTANT: Ensure that any change made to electron as a result of a change in Chromium is committed individually. Each change should have it's own commit message and it's own REF. Logically grouped into commits that make sense rather than one giant commit.
-
-IMPORTANT: Try really hard to find the CL reference per the instructions below. Each change you made should in theory have been in response to a change made in Chromium that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
-
-You may include multiple "Ref" links if required.
-
-For a CL link in the format `https://chromium-review.googlesource.com/c/chromium/src/+/2958369` the "CL-Number" is `2958369`
-
-### For Patch Updates (patches/chromium/*.patch)
-
-Use the same fixup workflow as Phase One:
-1. Fix in Chromium source tree
-2. Fixup commit + rebase
-3. Export with `e patches chromium`
-4. Commit the patch file:
-
-```
-fix(patch-update): {concise description}
-
-{Brief explanation}
-
-Ref: {Chromium CL link}
-```
-
-## Dependent Patch Header Updates
-
-After any patch modification, check for other affected patches:
-
-```bash
-git status
-# If other .patch files show as modified with only hunk header changes:
-git add patches/
-git commit -m "chore: update patch hunk headers"
-```
-
-## Finding CL References
-
-Use git log or git blame on Chromium source files. Look for:
-
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/XXXXXXX
-
-If no CL found after searching: Ref: Unable to locate CL
-
-## Example Commits
-
-### Electron Source Fix
-
-fix: update GetPlugins to GetPluginsAsync for API change
-
-The upstream Chromium API changed:
-- Old: GetPlugins(callback) - took a callback
-- New: GetPluginsAsync(callback) - async version takes a callback
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/1234567
-
-### Patch Fix
-
-fix(patch-conflict): update picture-in-picture for gesture handling refactor
-
-Upstream added new gesture handling code that accesses live caption dialog.
-The live caption functionality is disabled in Electron's patch, so wrapped
-the new code in #if 0 guards to match existing pattern.
-
-Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7654321

.claude/skills/electron-node-upgrade/SKILL.md

@@ -1,323 +0,0 @@
----
-name: electron-node-upgrade
-description: Guide for performing Node.js version upgrades in the Electron project. Use when working on the roller/node/main branch to fix patch conflicts during `e sync --3`. Covers the patch application workflow, conflict resolution, analyzing upstream Node.js changes, building, running the Node.js test suite, and proper commit formatting for patch fixes.
----
-
-# Electron Node.js Upgrade: Phase One
-
-## Summary
-
-Run `e sync --3` repeatedly, fixing patch conflicts as they arise, until it succeeds. Then export patches and commit changes atomically.
-
-## Success Criteria
-
-Phase One is complete when:
-- `e sync --3` exits with code 0 (no patch failures)
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met.
-
-**CRITICAL** Do not delete or skip patches unless 100% certain the patch is no longer needed. For major version upgrades, patches that shim deprecated V8 APIs or backport upstream changes are often deletable because the new Node.js version already incorporates them — but verify before removing. Complicated conflicts or hard to resolve issues should be presented to the user after you have exhausted all other options. Do not delete the patch just because you can't solve it.
-
-**CRITICAL** Never use `git am --skip` and then manually recreate a patch by making a new commit. This destroys the original patch's authorship, commit message, and position in the series. If `git am --continue` reports "No changes", investigate why — the changes were likely absorbed by a prior conflict resolution's 3-way merge. Present this situation to the user rather than skipping and recreating.
-
-## Context
-
-The `roller/node/main` branch is created by automation to update Electron's Node.js dependency version in `DEPS`. No work has been done to handle breaking changes between the old and new versions.
-
-There are two types of Node.js version updates:
-- **Bumps** (patch/minor): Automated by `electron-roller[bot]` with commit title `chore: bump node to v{version}`. Trivial patch index updates are handled automatically by `patchup[bot]`. These often land cleanly, but may require manual patch fixes.
-- **Major upgrades** (e.g., v22 → v24): Manual, large PRs with commit title `chore: upgrade Node.js to v{X}.{Y}.{Z}`. These typically involve deleting obsolete patches, adapting many others, and updating `@types/node` in `package.json`.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `../third_party/electron_node`: Node.js repo (where patches apply)
-- `patches/node/`: Patch files for Node.js
-- `docs/development/patches.md`: Patch system documentation
-
-## Pre-flight Checks
-
-Run these once at the start of each upgrade session:
-
-1. **Clear rerere cache** (if enabled): `git rerere clear` in both the electron and `../third_party/electron_node` repos. Stale recorded resolutions from a prior attempt can silently apply wrong merges.
-2. **Ensure pre-commit hooks are installed**: Check that `.git/hooks/pre-commit` exists. If not, run `yarn husky` to install it. The hook runs `lint-staged` which handles clang-format for C++ files.
-
-## Workflow
-
-1. Run `e sync --3` (the `--3` flag enables 3-way merge, always required)
-2. If succeeds → skip to step 5
-3. If patch fails:
-   - Identify target repo and patch from error output
-   - Analyze failure (see references/patch-analysis.md)
-   - Fix conflict in `../third_party/electron_node` working directory
-   - Run `git am --continue` in `../third_party/electron_node`
-   - Repeat until all patches for that repo apply
-   - IMPORTANT: Once `git am --continue` succeeds you MUST run `e patches node` to export fixes
-   - Return to step 1
-4. When `e sync --3` succeeds, run `e patches all`
-5. **Read `references/phase-one-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e sync --3` | Clone deps and apply patches with 3-way merge |
-| `git am --continue` | Continue after resolving conflict (run in node repo) |
-| `e patches node` | Export commits from node repo to patch files |
-| `e patches all` | Export all patches from all targets |
-| `e patches node --commit-updates` | Export patches and auto-commit trivial changes |
-| `e patches --list-targets` | List targets and config paths |
-
-## Patch System Mental Model
-
-```
-patches/node/*.patch  →  [e sync --3]  →  ../third_party/electron_node commits
-                      ←  [e patches]   ←
-```
-
-## When to Edit Patches
-
-| Situation | Action |
-|-----------|--------|
-| During active `git am` conflict | Fix in node repo, then `git am --continue` |
-| Modifying patch outside conflict | Edit `.patch` file directly |
-| Creating new patch (rare, avoid) | Commit in node repo, then `e patches node` |
-
-Fix existing patches 99% of the time rather than creating new ones.
-
-## Patch Fixing Rules
-
-1. **Preserve authorship**: Keep original author in TODO comments (from patch `From:` field)
-2. **Never change TODO assignees**: `TODO(name)` must retain original name
-3. **Update descriptions**: If upstream changed APIs or macros, update patch commit message to reflect current state
-4. **Never skip-and-recreate a patch**: If `git am --continue` says "No changes — did you forget to use 'git add'?", do NOT run `git am --skip` and create a replacement commit. The patch's changes were already absorbed by a prior 3-way merge resolution. This means an earlier conflict resolution pulled in too many changes. Present the situation to the user for guidance — the correct fix may require re-doing an earlier resolution more carefully to keep each patch's changes separate.
-
-# Electron Node.js Upgrade: Phase Two
-
-## Summary
-
-Run `e build -k 999 -- --quiet` repeatedly, fixing build issues as they arise, until it succeeds. Then run `e start --version` to validate Electron launches and commit changes atomically.
-
-Run Phase Two immediately after Phase One is complete.
-
-## Success Criteria
-
-Phase Two is complete when:
-- `e build -k 999 -- --quiet` exits with code 0 (no build failures)
-- `e start --version` has been run to check Electron launches
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met. Do not delete code or features, never comment out code in order to take short cut. Make all existing code, logic and intention work.
-
-## Context
-
-The `roller/node/main` branch is created by automation to update Electron's Node.js dependency version in `DEPS`. No work has been done to handle breaking changes between the old and new versions. Node.js APIs (especially internal V8 integration, OpenSSL/BoringSSL compatibility, and build system files) frequently change between versions. In every case the code in Electron must be updated to account for the change in Node.js, strongly avoid making changes to the code in Node.js to fix Electron's build.
-
-**Key directories:**
-- Current directory: Electron repo (always run `e` commands here)
-- `../third_party/electron_node`: Node.js repo (do not touch this code to fix build issues, just read it to obtain context)
-
-## Workflow
-
-1. Run `e build -k 999 -- --quiet` (the `--quiet` flag suppresses per-target status lines, showing only errors and the final result)
-2. If succeeds → skip to step 6
-3. If build fails:
-    - Identify underlying file in "electron" from the compilation error message
-    - Analyze failure
-    - Fix build issue by adapting Electron's code for the change in Node.js
-    - Run `e build -t {target_that_failed}.o` to build just the failed target we were specifically fixing
-        - You can identify the target_that_failed from the failure line in the build log. E.g. `FAILED: 2e506007-8d5d-4f38-bdd1-b5cd77999a77 "./obj/electron/shell/browser/api/electron_api_utility_process.o" CXX obj/electron/shell/browser/api/electron_api_utility_process.o` the target name is `obj/electron/shell/browser/api/electron_api_utility_process.o`
-    - **Read `references/phase-two-commit-guidelines.md` NOW**, then commit changes following those instructions exactly.
-    - Return to step 1
-4. **CRITICAL**: After ANY commit (especially patch commits), immediately run `git status` in the electron repo
-    - Look for other modified `.patch` files that only have index/hunk header changes
-    - These are dependent patches affected by your fix
-    - Commit them immediately with: `git commit -am "chore: update patches (trivial only)"`
-5. Return to step 1
-6. When `e build` succeeds, run `e start --version`
-7. Check if you have any pending changes in the Node.js repo by running `git status` in `../third_party/electron_node`
-    - If you have changes follow the instructions below in "A. Patch Fixes" to correctly commit those modifications into the appropriate patch file
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `e build -k 999 -- --quiet` | Build Electron, continue on errors, suppress status lines |
-| `e build -t {target}.o` | Build just one specific target to verify a fix |
-| `e start --version` | Validate Electron launches after successful build |
-
-## Two Types of Build Fixes
-
-### A. Patch Fixes (for files in patched Node.js files)
-
-When the error is in a file that Electron patches (check with `grep -l "filename" patches/node/*.patch`):
-
-1. Edit the file in the Node.js source tree (`../third_party/electron_node/...`)
-2. Create a fixup commit targeting the original patch commit:
-    ```bash
-    cd ../third_party/electron_node
-    git add <modified-file>
-    git commit --fixup=<original-patch-commit-hash>
-    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
-3. Export the updated patch: `e patches node`
-4. Commit the updated patch file following `references/phase-one-commit-guidelines.md`.
-
-To find the original patch commit to fixup: `git log --oneline | grep -i "keyword from patch name"`
-
-The base commit for rebase is the Node.js commit before patches were applied. Find it by checking the `refs/patches/upstream-head` ref.
-
-### B. Electron Code Fixes (for files in shell/, electron/, etc.)
-
-When the error is in Electron's own source code:
-
-1. Edit files directly in the electron repo
-2. Commit directly (no patch export needed)
-
-# Electron Node.js Upgrade: Phase Three
-
-## Summary
-
-Run the Node.js test suite via `script/node-spec-runner.js`, fix failing tests, and commit fixes until all tests pass. Certain tests are permanently disabled (listed in `script/node-disabled-tests.json`) and should not be run.
-
-Run Phase Three immediately after Phase Two is complete.
-
-## Success Criteria
-
-Phase Three is complete when:
-- `node script/node-spec-runner.js --default` exits with zero failures
-- All changes are committed per the commit guidelines
-
-Do not stop until these criteria are met.
-
-## Context
-
-Electron runs a subset of Node.js's upstream test suite using a custom runner (`script/node-spec-runner.js`). Tests are executed with the built Electron binary via `ELECTRON_RUN_AS_NODE=true`. Many tests need adaptation because Electron uses BoringSSL (not OpenSSL) and Chromium's V8 (which may differ from Node.js's bundled V8).
-
-**Key files:**
-- `script/node-spec-runner.js` — Test runner script
-- `script/node-disabled-tests.json` — Permanently disabled tests (do not try to fix these)
-- `../third_party/electron_node/test/` — Node.js test files (where patches apply)
-- `patches/node/fix_crypto_tests_to_run_with_bssl.patch` — BoringSSL crypto test adaptations
-- `patches/node/test_formally_mark_some_tests_as_flaky.patch` — Flaky test list
-
-## Workflow
-
-1. Run `node script/node-spec-runner.js --default` from the electron repo
-2. If all tests pass → Phase Three is complete
-3. If tests fail:
-    - Identify the failing test file(s) from the output
-    - Analyze each failure (see "Common Failure Patterns" below)
-    - Fix the test in `../third_party/electron_node/test/...`
-    - Re-run the specific failing test to verify: `node script/node-spec-runner.js {test-path}`
-        - The test path is relative to the node `test/` directory, e.g. `test/parallel/test-crypto-key-objects-raw.js`
-        - Do NOT use `--default` when running specific tests — it adds the full suite flags
-        - Do NOT run tests directly with `ELECTRON_RUN_AS_NODE` — the runner handles environment setup (e.g. temporarily switching `package.json` from ESM to CommonJS)
-    - Commit the fix using the fixup workflow and commit guidelines
-    - Return to step 1
-
-## Commands Reference
-
-| Command | Purpose |
-|---------|---------|
-| `node script/node-spec-runner.js --default` | Run full Node.js test suite |
-| `node script/node-spec-runner.js test/parallel/test-foo.js` | Run a single test |
-| `NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs` | Regenerate snapshot for a snapshot-based test |
-
-## Common Failure Patterns
-
-### BoringSSL incompatibilities
-
-Electron uses BoringSSL (via Chromium) instead of OpenSSL. Many crypto features are missing or behave differently:
-
-| Unsupported in BoringSSL | Guard pattern |
-|--------------------------|---------------|
-| ChaCha20-Poly1305 | `if (!process.features.openssl_is_boringssl)` |
-| AES-CCM (aes-128-ccm, aes-256-ccm) | `if (ciphers.includes('aes-128-ccm'))` |
-| AES-KW (key wrapping) | `if (!process.features.openssl_is_boringssl)` |
-| DSA keys | `if (!process.features.openssl_is_boringssl)` |
-| Ed448 / X448 curves | `if (!process.features.openssl_is_boringssl)` |
-| DH key PEM loading | `if (!process.features.openssl_is_boringssl)` |
-| PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) | `if (hasOpenSSL(3, 5))` (already guards these) |
-
-When guarding tests, prefer checking cipher availability (`ciphers.includes(algo)`) over blanket BoringSSL checks where possible, as it's more precise and self-documenting.
-
-New upstream tests that exercise these features will need guards added to the `fix_crypto_tests_to_run_with_bssl` patch.
-
-### Snapshot test mismatches
-
-Some tests compare output against committed `.snapshot` files using `assert.strictEqual` — these are NOT wildcard comparisons. When Chromium's V8 produces different output (e.g. different stack traces due to V8 enhancements), the snapshot must be regenerated:
-
-```bash
-NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs
-```
-
-Then inspect the diff to verify the changes are expected, and commit the updated snapshot into the appropriate patch.
-
-### V8 behavioral differences
-
-Chromium's V8 may be ahead of Node.js's bundled V8. This can cause:
-- Different stack trace formats (e.g. thenable async stack frames)
-- Different error messages
-- Features available in Chromium V8 that aren't in stock Node.js V8 (or vice versa)
-
-## Two Types of Test Fixes
-
-### A. Patch Fixes (most common for test failures)
-
-Most test fixes go into existing patches in `patches/node/`. Use the fixup workflow:
-
-1. Edit the test file in `../third_party/electron_node/test/...`
-2. Find the relevant patch commit: `git log --oneline | grep -i "keyword"`
-    - Crypto/BoringSSL tests → `fix crypto tests to run with bssl`
-    - Snapshot tests → the specific snapshot patch (e.g. `test: accomodate V8 thenable`)
-    - Flaky tests → `test: formally mark some tests as flaky`
-3. Create a fixup commit:
-    ```bash
-    cd ../third_party/electron_node
-    git add test/path/to/test.js
-    git commit --fixup=<patch-commit-hash>
-    GIT_SEQUENCE_EDITOR=: git rebase --autosquash --autostash -i <commit>^
-    ```
-4. Export: `e patches node`
-5. **Read `references/phase-three-commit-guidelines.md` NOW**, then commit the updated patch file.
-
-### B. New Patches (rare)
-
-Only create a new patch when the fix doesn't belong in any existing patch. The new patch commit in `../third_party/electron_node` must include a description explaining why the patch exists and when it can be removed — the lint check enforces this.
-
-## Adding to Disabled Tests
-
-Only add a test to `script/node-disabled-tests.json` as a **last resort** — when the test is fundamentally incompatible with Electron's architecture (not just a BoringSSL difference that can be guarded). Tests disabled here are completely skipped and never run.
-
-# Critical: Read Before Committing
-
-- Before ANY Phase One commits: Read `references/phase-one-commit-guidelines.md`
-- Before ANY Phase Two commits: Read `references/phase-two-commit-guidelines.md`
-- Before ANY Phase Three commits: Read `references/phase-three-commit-guidelines.md`
-
-# High-Churn Patches
-
-These patches consistently require the most work during Node.js upgrades:
-
-- **`fix_handle_boringssl_and_openssl_incompatibilities.patch`** — Electron uses BoringSSL (via Chromium) while Node.js expects OpenSSL. This patch is large and complex, and upstream OpenSSL API changes frequently break it.
-- **`fix_crypto_tests_to_run_with_bssl.patch`** — Companion to the above; adapts Node.js crypto tests for BoringSSL. Can grow significantly during major upgrades.
-- **`support_v8_sandboxed_pointers.patch`** — V8 sandbox pointer support requires careful adaptation when V8 APIs change.
-- **`build_add_gn_build_files.patch`** — The GN build file patch is large and touches many build targets. Upstream build system changes frequently conflict.
-
-# Major Version Upgrades
-
-Major Node.js version transitions (e.g., v22 → v24) are significantly more involved than patch bumps:
-
-1. **Expect patch deletions.** Electron uses Chromium's V8, which is often ahead of the V8 version bundled in Node.js. Many patches exist to bridge this gap — shimming newer V8 APIs that Chromium's V8 has but Node.js' older V8 doesn't. When Node.js bumps to a newer major version, its V8 catches up to Chromium's, and those bridge patches can be deleted. In the v22 → v24 upgrade, 17 patches were deleted for this reason.
-2. **Update `@types/node`** in `package.json` to match the new major version.
-3. **Post-upgrade regressions are expected.** Even after the upgrade lands, follow-up fix PRs for edge cases (ESM path handling, certificate loading, platform-specific issues) are normal.
-
-# Skill Directory Structure
-This skill has additional reference files in `references/`:
-- patch-analysis.md - How to analyze patch failures
-- phase-one-commit-guidelines.md - Commit format for Phase One
-- phase-two-commit-guidelines.md - Commit format for Phase Two
-- phase-three-commit-guidelines.md - Commit format for Phase Three
-
-Read these when referenced in the workflow steps.

.claude/skills/electron-node-upgrade/references/patch-analysis.md

@@ -1,112 +0,0 @@
-# Analyzing Patch Failures
-
-## Investigation Steps
-
-1. **Read the patch file** at `patches/node/{patch_name}.patch`
-
-2. **Examine current state** of the file in the Node.js repo at mentioned line numbers
-
-3. **Check recent upstream changes:**
-   ```bash
-   cd ../third_party/electron_node
-   git log --oneline -10 -- {file}
-   ```
-
-4. **Find Node.js PR** in commit messages:
-   ```
-   PR-URL: https://github.com/nodejs/node/pull/{PR_NUMBER}
-   ```
-
-## Critical: Resolve by Intent, Not by Mechanical Merge
-
-When resolving a patch conflict, do NOT blindly preserve the patch's old code. Instead:
-
-1. **Understand the upstream commit's full scope** — not just the conflicting hunk.
-   Run `git show <commit> --stat` and read diffs for all affected files.
-   Upstream may have removed structs, members, or methods that the patch
-   references in other hunks or files.
-
-2. **Re-read the patch commit message** to understand its *intent* — what
-   behavior does it need to preserve or add?
-
-3. **Implement the intent against the new upstream code.** If the patch's
-   purpose is "add BoringSSL compatibility", add only the compatibility
-   layer — don't also restore old code that upstream separately removed.
-
-### Lesson: Upstream Removals Break Patch References
-
-- **Trigger:** Patch conflict involves an upstream refactor (not just context drift)
-- **Strategy:** After identifying the upstream commit, check its full diff for
-  removed types, members, and methods. If the patch's old code references
-  something removed, the resolution must use the new upstream mechanism.
-
-### Lesson: Separate Patch Purpose from Patch Implementation
-
-- **Trigger:** Conflict between "upstream simplified code" vs "patch has older code"
-- **Strategy:** Identify the *minimal* change the patch needs. If the patch
-  wraps code in a conditional, only add the conditional — don't restore old
-  code that was inside the conditional but was separately cleaned up upstream.
-
-### Lesson: Finish the Adaptation at Conflict Time
-
-- **Trigger:** A patch conflict involves an upstream API removal or replacement
-- **Strategy:** When resolving the conflict, fully adapt the patch to use the
-  new API in the same commit. Don't remove the old code and leave behind stale
-  references that will "be fixed in Phase Two." Each patch fix commit should be
-  a complete resolution.
-
-## Common Failure Patterns
-
-| Pattern | Cause | Solution |
-|---------|-------|----------|
-| Context lines don't match | Surrounding code changed | Update context in patch |
-| File not found | File renamed/moved | Update patch target path |
-| Function not found | Refactored upstream | Find new function name |
-| OpenSSL → BoringSSL mismatch | Crypto API change | Update to BoringSSL-compatible API |
-| GYP/GN build change | Build system refactor | Adapt build patch to new structure |
-| Deleted code | Feature removed | Verify patch still needed |
-| V8 API bridge patch conflicts | Node.js caught up to Chromium's V8 | Patch may be deletable — verify the API is now in Node.js' V8 natively |
-
-## Using Git Blame
-
-To find the commit that changed specific lines:
-
-```bash
-cd ../third_party/electron_node
-git blame -L {start},{end} -- {file}
-git log -1 {commit_sha}  # Look for PR-URL: line
-```
-
-## Verifying Patch Necessity
-
-Before deleting a patch, verify:
-1. The patched functionality was intentionally removed upstream
-2. Electron doesn't need the patch for other reasons
-3. No other code depends on the patched behavior
-
-**V8 bridge patches:** Electron uses Chromium's V8, which is often ahead of the V8 bundled in Node.js. Many patches exist to bridge this version gap — adapting Node.js code to work with newer V8 APIs that Chromium's V8 exposes. During major Node.js upgrades, Node.js' V8 catches up to Chromium's, and these bridge patches often become unnecessary. Check whether the API the patch shims is now available natively in the new Node.js version's V8.
-
-When in doubt, keep the patch and adapt it.
-
-## Phase Two: Build-Time Patch Issues
-
-Sometimes patches that applied successfully in Phase One cause build errors in Phase Two. This can happen when:
-
-1. **Incomplete types**: A patch disables a header include, but new upstream code uses the type
-2. **Missing members**: A patch modifies a class, but upstream added new code referencing the original
-
-### Finding Which Patch Affects a File
-
-```bash
-grep -l "filename.cc" patches/node/*.patch
-```
-
-### Matching Existing Patch Patterns
-
-When fixing build errors in patched files, examine the existing patch to understand its style:
-- Does it use `#if 0` / `#endif` guards?
-- Does it use `#if BUILDFLAG(...)` conditionals?
-- Does it use `#ifndef` / `#ifdef` guards for BoringSSL vs OpenSSL?
-- What's the pattern for disabled functionality?
-
-Apply fixes consistent with the existing patch style.

.claude/skills/electron-node-upgrade/references/phase-one-commit-guidelines.md

@@ -1,111 +0,0 @@
-# Phase One Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes to `patches/` after Phase One succeeds.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Each Commit Must Be Complete
-
-When resolving a patch conflict, fully adapt the patch to the new upstream code in the same commit. If the upstream change removes an API the patch uses, update the patch to use the replacement API now — don't leave stale references knowing they'll need fixing later. The goal is that each commit represents a finished resolution, not a partial one that defers known work to a future phase.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-### Patch conflict fixes
-
-Use `fix(patch):` prefix. The title should name the upstream change, not your response to it:
-
-```
-fix(patch): {topic headline}
-
-Ref: {Node.js commit or issue link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Only add a description body if it provides clarity beyond the title. For straightforward context drift or simple API renames, the title + Ref is sufficient.
-
-Examples:
-- `fix(patch): stop using v8::PropertyCallbackInfo<T>::This()`
-- `fix(patch): BoringSSL and OpenSSL incompatibilities`
-- `fix(patch): refactor module_wrap.cc FixedArray::Get params`
-
-### Upstreamed patch removal
-
-When patches are no longer needed (applied cleanly with "already applied" or confirmed upstreamed), group ALL removals into a single commit:
-
-```
-chore: remove upstreamed patch
-```
-
-or (if multiple):
-
-```
-chore: remove upstreamed patches
-```
-
-Most Node.js patches in Electron are Electron-authored (no upstream `PR-URL:`). If the patch originated from an upstream Node.js PR, no extra `Ref:` is needed. Otherwise, add a `Ref:` pointing to the relevant Node.js issue or commit if one exists.
-
-### Trivial patch updates
-
-After all fix commits, stage remaining trivial changes (index, line numbers, context only):
-
-```bash
-git add patches
-git commit -m "chore: update patches (trivial only)"
-```
-
-**Conflict resolution can produce trivial results.** A `git am` conflict doesn't always mean the patch content changed — context drift alone can cause a conflict. After resolving and exporting, inspect the patch diff: if only index hashes, line numbers, and context lines changed (not the patch's own `+`/`-` lines), it's trivial and belongs here, not in a `fix(patch):` commit.
-
-## Atomic Commits
-
-Each patch conflict fix gets its own commit with its own Ref.
-
-IMPORTANT: Try really hard to find the PR or commit reference per the instructions below. Each change you made should in theory have been in response to a change made in Node.js that you identified or can identify. Try for a while to identify and include the ref in the commit message. Do not give up easily.
-
-## Finding Commit/Issue References
-
-Use `git log` or `git blame` on Node.js source files in `../third_party/electron_node`. Look for:
-
-```
-PR-URL: https://github.com/nodejs/node/pull/XXXXX
-```
-
-or issue references in the patch itself:
-
-```
-Refs: https://github.com/nodejs/node/issues/XXXXX
-```
-
-Note: Most Node.js patches in Electron are Electron-authored and won't have upstream references. In that case, check `git log` in the Node.js repo to find which upstream commit caused the conflict.
-
-If no reference found after searching: `Ref: Unable to locate reference`
-
-## Example Commits
-
-### Patch conflict fix (simple — title is sufficient)
-
-```
-fix(patch): stop using v8::PropertyCallbackInfo<T>::This()
-
-Ref: https://github.com/nodejs/node/issues/60616
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Patch conflict fix (complex — description adds value)
-
-```
-fix(patch): BoringSSL and OpenSSL incompatibilities
-
-Upstream updated OpenSSL APIs that diverge from BoringSSL. Adapted
-the compatibility shims in crypto patches to use the BoringSSL
-equivalents.
-
-Ref: Unable to locate reference
-
-Co-Authored-By: <AI model attribution>
-```

.claude/skills/electron-node-upgrade/references/phase-three-commit-guidelines.md

@@ -1,80 +0,0 @@
-# Phase Three Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes after fixing a test failure during Phase Three.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-## Commit Types
-
-### Patch updates (most test fixes)
-
-Test fixes go into existing patches via the fixup workflow. Use `fix(patch):` prefix with a descriptive topic:
-
-```
-fix(patch): {topic headline}
-
-Ref: {Node.js commit or issue link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Examples:
-- `fix(patch): guard DH key test for BoringSSL`
-- `fix(patch): adapt new crypto tests for BoringSSL`
-- `fix(patch): correct thenable snapshot for Chromium V8`
-- `fix(patch): skip AES-KW tests with BoringSSL`
-
-Group related test fixes into a single commit when they address the same root cause (e.g., multiple crypto tests all needing BoringSSL guards for the same missing cipher). Don't create one commit per test file if they share the same fix pattern.
-
-### Snapshot regeneration
-
-When a snapshot test fails because Chromium's V8 produces different output, regenerate it:
-
-```bash
-NODE_REGENERATE_SNAPSHOTS=1 node script/node-spec-runner.js test/test-runner/test-foo.mjs
-```
-
-Then commit the updated snapshot patch with a title describing what changed:
-
-```
-fix(patch): correct {name} snapshot for Chromium V8
-
-Ref: {V8 CL or issue link if known}
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Trivial patch updates
-
-After any patch modification, check for dependent patches that only have index/hunk header changes:
-
-```bash
-git status
-# If other .patch files show as modified with only trivial changes:
-git add patches/
-git commit -m "chore: update patches (trivial only)"
-```
-
-## Finding References
-
-For BoringSSL-related test fixes, the reference is typically the upstream Node.js PR that added the new test:
-
-```bash
-cd ../third_party/electron_node
-git log --oneline -5 -- test/parallel/test-crypto-foo.js
-git log -1 <commit> --format="%B" | grep "PR-URL"
-```
-
-For V8 behavioral differences, reference the Chromium CL:
-
-```
-Ref: https://chromium-review.googlesource.com/c/v8/v8/+/NNNNNNN
-```
-
-If no reference found after searching: `Ref: Unable to locate reference`

.claude/skills/electron-node-upgrade/references/phase-two-commit-guidelines.md

@@ -1,96 +0,0 @@
-# Phase Two Commit Guidelines
-
-Only follow these instructions if there are uncommitted changes in the Electron repo after any fixes are made during Phase Two that result a target that was failing, successfully building.
-
-Ignore other instructions about making commit messages, our guidelines are CRITICALLY IMPORTANT and must be followed.
-
-## Commit Message Style
-
-**Titles** follow the 60/80-character guideline: simple changes fit within 60 characters, otherwise the limit is 80 characters. Exception: upstream Node.js PR titles are used verbatim even if longer.
-
-Always include a `Co-Authored-By` trailer identifying the AI model that assisted (e.g., `Co-Authored-By: <AI model attribution>`).
-
-## Two Commit Types
-
-### For Electron Source Changes (shell/, electron/, etc.)
-
-When the upstream Node.js commit has a `PR-URL:`:
-
-```
-node#{PR-Number}: {upstream PR's original title}
-
-Ref: {Node.js PR link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-When there is no `PR-URL:` but there is an issue reference or commit:
-
-```
-fix: {description of the adaptation}
-
-Ref: {Node.js issue or commit link}
-
-Co-Authored-By: <AI model attribution>
-```
-
-Use the **upstream commit's original title** when available — do not paraphrase or rewrite it. To find it: check the commit message in `../third_party/electron_node` for `PR-URL:` or `Refs:` lines.
-
-Only add a description body if it provides clarity beyond what the title already says (e.g., when Electron's adaptation is non-obvious). For simple renames, method additions, or straightforward API updates, the title + Ref link is sufficient.
-
-Each change should have its own commit and its own Ref. Logically group into commits that make sense rather than one giant commit. You may include multiple "Ref" links if required.
-
-IMPORTANT: Try really hard to find a reference. Each change you made should in theory have been in response to a change in Node.js. Check `git log` and `git blame` in the Node.js repo. Do not give up easily.
-
-### For Patch Updates (patches/node/*.patch)
-
-Use the same fixup workflow as Phase One and follow `references/phase-one-commit-guidelines.md` for the commit message format (`fix(patch):` prefix, topic style).
-
-## Dependent Patch Header Updates
-
-After any patch modification, check for other affected patches:
-
-```bash
-git status
-# If other .patch files show as modified with only index, line number, and context changes:
-git add patches/
-git commit -m "chore: update patches (trivial only)"
-```
-
-## Finding References
-
-Use `git log` or `git blame` on Node.js source files in `../third_party/electron_node`. Look for:
-
-```
-PR-URL: https://github.com/nodejs/node/pull/XXXXX
-Refs: https://github.com/nodejs/node/issues/XXXXX
-```
-
-Note: Many Node.js patches in Electron are Electron-authored and won't have upstream `PR-URL:` lines. Check the patch's own commit message for `Refs:` lines, or use `git log` in the Node.js repo to find which upstream commit caused the build break.
-
-If no reference found after searching: `Ref: Unable to locate reference`
-
-## Example Commits
-
-### Electron Source Fix (with upstream PR)
-
-```
-node#61898: src: stop using v8::PropertyCallbackInfo<T>::This()
-
-Ref: https://github.com/nodejs/node/pull/61898
-
-Co-Authored-By: <AI model attribution>
-```
-
-### Electron Source Fix (with issue reference, no PR)
-
-```
-fix: adapt to v8::PropertyCallbackInfo<T>::This() removal
-
-Updated NodeBindings to use HolderV2() after upstream Node.js
-stopped using the deprecated This() API.
-
-Ref: https://github.com/nodejs/node/issues/60616
-
-Co-Authored-By: <AI model attribution>
-```

.devcontainer/README.md

@@ -25,19 +25,9 @@ Codespaces doesn't lean very well into gclient based checkouts, the directory st
 /workspaces/electron
 ```
 
-## Reclient
+## Goma
 
-If you are a maintainer [with Reclient access](../docs/development/reclient.md) you'll need to ensure you're authenticated when you spin up a new codespaces instance.  You can validate this by checking `e d rbe info` - your build-tools configuration should have `Access` type `Cache & Execute`:
-
-```console
-Authentication Status: Authenticated
-Since:     2024-05-28 10:29:33 +0200 CEST
-Expires:   2024-08-26 10:29:33 +0200 CEST
-...
-Access:    Cache & Execute
-```
-
-To authenticate if you're not logged in, run `e d rbe login` and follow the link to authenticate.
+If you are a maintainer [with Goma access](../docs/development/goma.md) it should be automatically configured and authenticated when you spin up a new codespaces instance.  You can validate this by checking `e d goma_auth info` or by checking that your build-tools configuration has a goma mode of `cluster`.
 
 ## Running Electron
 

.devcontainer/devcontainer.json

@@ -1,5 +1,4 @@
 {
-	"name": "Electron Core Development Environment",
 	"dockerComposeFile": "docker-compose.yml",
 	"service": "buildtools",
 	"onCreateCommand": ".devcontainer/on-create-command.sh",
@@ -34,15 +33,28 @@
 				"surajbarkale.ninja",
 				"ms-vscode.cpptools",
 				"mutantdino.resourcemonitor",
-				"dsanders11.vscode-electron-build-tools",
 				"dbaeumer.vscode-eslint",
 				"shakram02.bash-beautify",
-				"marshallofsound.gnls-electron"
+				"marshallofsound.gnls-electron",
+				"CircleCI.circleci"
 			],
 			"settings": {
 				"editor.tabSize": 2,
 				"bashBeautify.tabSize": 2,
 				"typescript.tsdk": "node_modules/typescript/lib",
+				"[gn]": {
+					"editor.formatOnSave": true
+				},
+				"[javascript]": {
+					"editor.codeActionsOnSave": {
+						"source.fixAll.eslint": true
+					}
+				},
+				"[typescript]": {
+					"editor.codeActionsOnSave": {
+						"source.fixAll.eslint": true
+					}
+				},
 				"javascript.preferences.quoteStyle": "single",
 				"typescript.preferences.quoteStyle": "single"
 			}

.devcontainer/docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
   buildtools:
-    image: ghcr.io/electron/devcontainer:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
+    image: ghcr.io/electron/devcontainer:9a43c14f5c19be0359843299f79e736521373adc
 
     volumes:
       - ..:/workspaces/gclient/src/electron:cached

.devcontainer/on-create-command.sh

@@ -48,8 +48,7 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
             \"gen\": {
                 \"args\": [
                     \"import(\\\"//electron/build/args/testing.gn\\\")\",
-                    \"use_remoteexec = true\",
-                    \"use_siso=true\"
+                    \"use_remoteexec = true\"
                 ],
                 \"out\": \"Testing\"
             },
@@ -59,13 +58,14 @@ if [ ! -f $buildtools/configs/evm.testing.json ]; then
             },
             \"\$schema\": \"file:///home/builduser/.electron_build_tools/evm-config.schema.json\",
             \"configValidationLevel\": \"strict\",
-            \"remoteBuild\": \"siso\",
-            \"preserveSDK\": 5
+            \"reclient\": \"$1\",
+            \"goma\": \"none\",
+            \"preserveXcode\": 5
         }
     " >$buildtools/configs/evm.testing.json
   }
 
-  write_config
+  write_config remote_exec
 
   e use testing 
 else

.env.example

@@ -1,4 +1,6 @@
 # These env vars are only necessary for creating Electron releases.
 # See docs/development/releasing.md
 
+APPVEYOR_CLOUD_TOKEN=
+CIRCLE_TOKEN=
 ELECTRON_GITHUB_TOKEN=

.eslintrc.json

@@ -19,40 +19,7 @@
     "prefer-const": ["error", {
       "destructuring": "all"
     }],
-    "n/no-callback-literal": "off",
-    "import/newline-after-import": "error",
-    "import/order": ["error", {
-      "alphabetize": {
-        "order": "asc"
-      },
-      "newlines-between": "always",
-      "pathGroups": [
-        {
-          "pattern": "@electron/internal/**",
-          "group": "external",
-          "position": "before"
-        },
-        {
-          "pattern": "@electron/**",
-          "group": "external",
-          "position": "before"
-        },
-        {
-          "pattern": "{electron,electron/**}",
-          "group": "external",
-          "position": "before"
-        }
-      ],
-      "pathGroupsExcludedImportTypes": [],
-      "distinctGroup": true,
-      "groups": [
-        "external",
-        "builtin",
-        ["sibling", "parent"],
-        "index",
-        "type"
-      ]
-    }]
+    "standard/no-callback-literal": "off"
   },
   "parserOptions": {
     "ecmaVersion": 6,

.gitattributes

@@ -1,9 +1,6 @@
 # `git apply` and friends don't understand CRLF, even on windows. Force those
 # files to be checked out with LF endings even if core.autocrlf is true.
 *.patch text eol=lf
-DEPS text eol=lf
-yarn.lock text eol=lf
-script/zip_manifests/*.manifest text eol=lf
 patches/**/.patches merge=union
 
 # Source code and markdown files should always use LF as line ending.
@@ -25,7 +22,6 @@ patches/**/.patches merge=union
 *.md text eol=lf
 *.mm text eol=lf
 *.mojom text eol=lf
-*.patches text eol=lf
 *.proto text eol=lf
 *.py text eol=lf
 *.ps1 text eol=lf

.github/CODEOWNERS

@@ -11,15 +11,12 @@ DEPS                                    @electron/wg-upgrades
 /docs/breaking-changes.md               @electron/wg-releases
 /npm/                                   @electron/wg-releases
 /script/release                         @electron/wg-releases
+appveyor.yml                            @electron/wg-releases
+appveyor-bake.yml                       @electron/wg-releases
+appveyor-woa.yml                        @electron/wg-releases
 
 # Security WG
 /lib/browser/devtools.ts                @electron/wg-security
 /lib/browser/guest-view-manager.ts      @electron/wg-security
 /lib/browser/rpc-server.ts              @electron/wg-security
 /lib/renderer/security-warnings.ts      @electron/wg-security
-
-# Infra WG
-/.github/actions/                       @electron/wg-infra
-/.github/workflows/*-publish.yml        @electron/wg-infra
-/.github/workflows/build.yml            @electron/wg-infra
-/.github/workflows/pipeline-*.yml       @electron/wg-infra

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,6 @@
 name: Bug Report
-description: Report a bug in Electron
-type: 'bug'
+description: Report an Electron bug
+title: "[Bug]: "
 labels: "bug :beetle:"
 body:
 - type: checkboxes
@@ -20,14 +20,13 @@ body:
     description: |
       What version of Electron are you using?
 
-      Note: Please only report issues for [currently supported versions of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline).
-    placeholder: 32.0.0
+      Note: Please only report issues for [currently supported versions of Electron](https://www.electronjs.org/docs/latest/tutorial/support#currently-supported-versions).
+    placeholder: 17.0.0
   validations:
     required: true
 - type: dropdown
   attributes:
-    label: What operating system(s) are you using?
-    multiple: true
+    label: What operating system are you using?
     options:
       - Windows
       - macOS
@@ -58,16 +57,6 @@ body:
     label: Last Known Working Electron version
     description: What is the last version of Electron this worked in, if applicable?
     placeholder: 16.0.0
-- type: dropdown
-  attributes:
-    label: Does the issue also appear in Chromium / Google Chrome?
-    description: If it does, please report the issue in the [Chromium issue tracker](https://issues.chromium.org/issues), not against Electron. Electron will inherit the fix once Chromium resolves the issue.
-    options:
-      - I don't know how to test
-      - "Yes"
-      - "No"
-  validations:
-    required: true
 - type: textarea
   attributes:
     label: Expected Behavior
@@ -83,7 +72,7 @@ body:
 - type: input
   attributes:
     label: Testcase Gist URL
-    description: Electron maintainers need a standalone test case to reproduce and fix your issue. Please use [Electron Fiddle](https://github.com/electron/fiddle) to create one and to publish it as a [GitHub gist](https://gist.github.com). Then put the gist URL here. Issues without testcase gists receive less attention and might be closed without a maintainer taking a closer look. To maximize how much attention your issue receives, please include a testcase gist right from the start.
+    description: If you can reproduce the issue in a standalone test case, please use [Electron Fiddle](https://github.com/electron/fiddle) to create one and to publish it as a [GitHub gist](https://gist.github.com) and put the gist URL here. This is **the best way** to ensure this issue is triaged quickly.
     placeholder: https://gist.github.com/...
 - type: textarea
   attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,4 +1,3 @@
-blank_issues_enabled: false
 contact_links:
   - name: Discord Chat
     url: https://discord.gg/APGC3k5yaH

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,6 +1,6 @@
 name: Feature Request
 description: Suggest an idea for Electron
-type: 'enhancement'
+title: "[Feature Request]: "
 labels: "enhancement :sparkles:"
 body:
 - type: checkboxes

.github/ISSUE_TEMPLATE/maintainer_issue.yml

@@ -1,14 +0,0 @@
-name: Maintainer Issue (not for public use)
-description: Only to be created by Electron maintainers
-body:
-- type: checkboxes
-  attributes:
-    label: Confirmation
-    options:
-      - label: I am a [maintainer](https://github.com/orgs/electron/people) of the Electron project. (If not, please create a [different issue type](https://github.com/electron/electron/issues/new/).)
-        required: true
-- type: textarea
-  attributes:
-    label: Description
-  validations:
-    required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -10,10 +10,10 @@ Contributors guide: https://github.com/electron/electron/blob/main/CONTRIBUTING.
 #### Checklist
 <!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
 
-- [ ] PR description included
+- [ ] PR description included and stakeholders cc'd
 - [ ] `npm test` passes
 - [ ] tests are [changed or added](https://github.com/electron/electron/blob/main/docs/development/testing.md)
-- [ ] relevant API documentation, tutorials, and examples are updated and follow the [documentation style guide](https://github.com/electron/electron/blob/main/docs/development/style-guide.md)
+- [ ] relevant documentation, tutorials, templates and examples are changed or added
 - [ ] [PR release notes](https://github.com/electron/clerk/blob/main/README.md) describe the change in a way relevant to app developers, and are [capitalized, punctuated, and past tense](https://github.com/electron/clerk/blob/main/README.md#examples).
 
 #### Release Notes

.github/actions/build-electron/action.yml

@@ -5,10 +5,10 @@ inputs:
     description: 'Target arch'
     required: true
   target-platform:
-    description: 'Target platform, should be linux, win, macos'
+    description: 'Target platform'
     required: true
   artifact-platform:
-    description: 'Artifact platform, should be linux, win, darwin or mas'
+    description: 'Artifact platform, should be linux, darwin or mas'
     required: true
   step-suffix:
     description: 'Suffix for build steps'
@@ -23,9 +23,6 @@ inputs:
   upload-to-storage:
     description: 'Upload to storage'
     required: true
-  is-asan:
-    description: 'The ASan Linux build'
-    required: false
 runs:
   using: "composite"
   steps:
@@ -33,19 +30,9 @@ runs:
       shell: bash
       if: ${{ inputs.target-arch == 'x64' && inputs.target-platform == 'macos' }}
       run: |
-        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"x64\" v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
+        GN_APPENDED_ARGS="$GN_EXTRA_ARGS v8_snapshot_toolchain=\"//build/toolchain/mac:clang_x64\""
         echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
-    - name: Set GN_EXTRA_ARGS for Windows
-      shell: bash
-      if: ${{inputs.target-arch != 'x64' && inputs.target-platform == 'win' }}
-      run: |
-        GN_APPENDED_ARGS="$GN_EXTRA_ARGS target_cpu=\"${{ inputs.target-arch }}\""
-        echo "GN_EXTRA_ARGS=$GN_APPENDED_ARGS" >> $GITHUB_ENV
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
     - name: Build Electron ${{ inputs.step-suffix }}
-      if: ${{ inputs.target-platform != 'win' }}
       shell: bash
       run: |
         rm -rf "src/out/Default/Electron Framework.framework"
@@ -61,67 +48,27 @@ runs:
           sudo launchctl limit maxfiles 65536 200000
         fi
 
-        if [ "${{ inputs.is-release }}" = "true" ]; then
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:release_build
-        else
-          NINJA_SUMMARIZE_BUILD=1 e build --target electron:testing_build
-        fi
+        NINJA_SUMMARIZE_BUILD=1 e build -j $NUMBER_OF_NINJA_PROCESSES
         cp out/Default/.ninja_log out/electron_ninja_log
         node electron/script/check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ! [ -z $DD_API_KEY ]; then
-          npx node electron/script/build-stats.mjs out/Default/siso.INFO --upload-stats || true          
-        else
-          echo "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        fi
-    - name: Build Electron (Windows) ${{ inputs.step-suffix }}
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        cd src\electron
-        git pack-refs
-        cd ..
-
-        $env:NINJA_SUMMARIZE_BUILD = 1
-        if ("${{ inputs.is-release }}" -eq "true") {          
-          e build --target electron:release_build
-        } else {
-          e build --target electron:testing_build
-        }
-        if ($LASTEXITCODE -ne 0) {
-          Write-Host "e build failed with exit code $LASTEXITCODE"
-          exit $LASTEXITCODE
-        }
-        Copy-Item out\Default\.ninja_log out\electron_ninja_log
-        node electron\script\check-symlinks.js
-
-        # Upload build stats to Datadog
-        if ($env:DD_API_KEY) {
-          try {
-            npx node electron\script\build-stats.mjs out\Default\siso.exe.INFO --upload-stats ; $LASTEXITCODE = 0
-          } catch {
-            Write-Host "Build stats upload failed, continuing..."
-          }
-        } else {
-          Write-Host "Skipping build-stats.mjs upload because DD_API_KEY is not set"
-        }
-    - name: Verify dist.zip ${{ inputs.step-suffix }}
+    - name: Build Electron dist.zip ${{ inputs.step-suffix }}
       shell: bash
       run: |
-        cd src        
-        if [ "${{ inputs.is-asan }}" != "true" ]; then
-          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
+        cd src
+        e build electron:electron_dist_zip -j $NUMBER_OF_NINJA_PROCESSES
+        if [ "${{ env.CHECK_DIST_MANIFEST }}" = "true" ]; then
+          target_os=${{ inputs.target-platform == 'linux' && 'linux' || 'mac'}}
           if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
             target_os="${target_os}_mas"
           fi
           electron/script/zip_manifests/check-zip-manifest.py out/Default/dist.zip electron/script/zip_manifests/dist_zip.$target_os.${{ inputs.target-arch }}.manifest
         fi
-    - name: Fixup Mksnapshot ${{ inputs.step-suffix }}
+    - name: Build Mksnapshot ${{ inputs.step-suffix }}
       shell: bash
       run: |
         cd src
-        ELECTRON_DEPOT_TOOLS_DISABLE_LOG=1 e d gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
+        e build electron:electron_mksnapshot -j $NUMBER_OF_NINJA_PROCESSES
+        gn desc out/Default v8:run_mksnapshot_default args > out/Default/mksnapshot_args
         # Remove unused args from mksnapshot_args
         SEDOPTION="-i"
         if [ "`uname`" = "Darwin" ]; then
@@ -129,19 +76,23 @@ runs:
         fi
         sed $SEDOPTION '/.*builtins-pgo/d' out/Default/mksnapshot_args
         sed $SEDOPTION '/--turbo-profiling-input/d' out/Default/mksnapshot_args
-        sed $SEDOPTION '/--reorder-builtins/d' out/Default/mksnapshot_args
-        sed $SEDOPTION '/--warn-about-builtin-profile-data/d' out/Default/mksnapshot_args
-        sed $SEDOPTION '/--abort-on-bad-builtin-profile-data/d' out/Default/mksnapshot_args
+        sed $SEDOPTION '/The gn arg use_goma=true .*/d' out/Default/mksnapshot_args
 
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          cd out/Default
-          powershell Compress-Archive -update mksnapshot_args mksnapshot.zip
-          powershell mkdir mktmp\\gen\\v8
-          powershell Copy-Item gen\\v8\\embedded.S mktmp\\gen\\v8
-          powershell Compress-Archive -update -Path mktmp\\gen mksnapshot.zip
-        else
-          (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
+        if [ "`uname`" = "Linux" ]; then
+          if [ "${{ inputs.target-arch }}" = "arm" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x86_v8_arm/v8_context_snapshot_generator
+          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/clang_x64_v8_arm64/v8_context_snapshot_generator
+          else
+            electron/script/strip-binaries.py --file $PWD/out/Default/mksnapshot
+            electron/script/strip-binaries.py --file $PWD/out/Default/v8_context_snapshot_generator
+          fi
         fi
+
+        e build electron:electron_mksnapshot_zip -j $NUMBER_OF_NINJA_PROCESSES
+        (cd out/Default; zip mksnapshot.zip mksnapshot_args gen/v8/embedded.S)
     - name: Generate Cross-Arch Snapshot (arm/arm64)  ${{ inputs.step-suffix }}
       shell: bash
       if: ${{ (inputs.target-arch == 'arm' || inputs.target-arch == 'arm64') && inputs.target-platform == 'linux' }}
@@ -166,39 +117,24 @@ runs:
       shell: bash
       run: |
         cd src
-        e build --target electron:electron_chromedriver_zip
-
-        if [ "${{ inputs.is-asan }}" != "true" ]; then
-          target_os=${{ inputs.target-platform == 'macos' && 'mac' || inputs.target-platform }}
-          if [ "${{ inputs.artifact-platform }}" = "mas" ]; then
-            target_os="${target_os}_mas"
-          fi
-          electron/script/zip_manifests/check-zip-manifest.py out/Default/chromedriver.zip electron/script/zip_manifests/chromedriver_zip.$target_os.${{ inputs.target-arch }}.manifest
+        e build electron:electron_chromedriver -j $NUMBER_OF_NINJA_PROCESSES
+        e build electron:electron_chromedriver_zip
+    - name: Build Node.js headers ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        cd src
+        e build electron:node_headers
+    - name: Generate & Zip Symbols ${{ inputs.step-suffix }}
+      shell: bash
+      run: |
+        # Generate breakpad symbols on release builds
+        if [ "${{ inputs.generate-symbols }}" = "true" ]; then
+          e build electron:electron_symbols
         fi
-    - name: Create installed_software.json ${{ inputs.step-suffix }}
-      shell: powershell
-      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
-      run: |
-        cd src
-        Get-CimInstance -Namespace root\cimv2 -Class Win32_product | Select vendor, description, @{l='install_location';e='InstallLocation'}, @{l='install_date';e='InstallDate'}, @{l='install_date_2';e='InstallDate2'}, caption, version, name, @{l='sku_number';e='SKUNumber'} | ConvertTo-Json | Out-File -Encoding utf8 -FilePath .\installed_software.json
-    - name: Profile Windows Toolchain ${{ inputs.step-suffix }}
-      shell: bash
-      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
-      run: |
-        cd src
-        python3 electron/build/profile_toolchain.py --output-json=out/Default/windows_toolchain_profile.json
-    - name: Add msdia140.dll to Path ${{ inputs.step-suffix }}
-      shell: bash
-      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'win' }}
-      run: |
-        # Needed for msdia140.dll on 64-bit windows
-        cd src
-        export PATH="$PATH:$(pwd)/third_party/llvm-build/Release+Asserts/bin"
-    - name: Zip Symbols ${{ inputs.step-suffix }}
-      shell: bash
-      run: |
         cd src
         export BUILD_PATH="$(pwd)/out/Default"
+        e build electron:licenses
+        e build electron:electron_version_file
         if [ "${{ inputs.is-release }}" = "true" ]; then
           DELETE_DSYMS_AFTER_ZIP=1 electron/script/zip-symbols.py -b $BUILD_PATH
         else
@@ -209,31 +145,32 @@ runs:
       if: ${{ inputs.is-release == 'true' }}
       run: |
         cd src
-        # Reuse the hermetic mac_sdk_path that `e build` wrote for out/Default so
-        # out/ffmpeg builds against the same SDK instead of the runner's system Xcode.
-        # The path has to live under root_build_dir, so copy the symlink tree and
-        # rewrite Default -> ffmpeg.
-        MAC_SDK_ARG=""
-        if [ "$(uname)" = "Darwin" ]; then
-          mkdir -p out/ffmpeg
-          cp -a out/Default/xcode_links out/ffmpeg/
-          MAC_SDK_ARG=$(sed -n 's|^\(mac_sdk_path = "//out/\)Default/|\1ffmpeg/|p' out/Default/args.gn)
-        fi
-        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true use_siso=true $MAC_SDK_ARG $GN_EXTRA_ARGS"
-        e build --target electron:electron_ffmpeg_zip -C ../../out/ffmpeg
-    - name: Remove Clang problem matcher
+        gn gen out/ffmpeg --args="import(\"//electron/build/args/ffmpeg.gn\") use_remoteexec=true $GN_EXTRA_ARGS"
+        autoninja -C out/ffmpeg electron:electron_ffmpeg_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Hunspell Dictionaries ${{ inputs.step-suffix }}
       shell: bash
-      run: echo "::remove-matcher owner=clang::"
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        cd src
+        autoninja -C out/Default electron:hunspell_dictionaries_zip -j $NUMBER_OF_NINJA_PROCESSES
+    - name: Generate Libcxx ${{ inputs.step-suffix }}
+      shell: bash
+      if: ${{ inputs.is-release == 'true' && inputs.target-platform == 'linux' }}
+      run: |
+        cd src
+        autoninja -C out/Default electron:libcxx_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxxabi_headers_zip -j $NUMBER_OF_NINJA_PROCESSES
+        autoninja -C out/Default electron:libcxx_objects_zip -j $NUMBER_OF_NINJA_PROCESSES
     - name: Generate TypeScript Definitions ${{ inputs.step-suffix }}
       if: ${{ inputs.is-release == 'true' }}
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
+        node script/yarn create-typescript-definitions
+    # TODO(vertedinde): These uploads currently point to a different Azure bucket & GitHub Repo
     - name: Publish Electron Dist ${{ inputs.step-suffix }}
       if: ${{ inputs.is-release == 'true' }}
       shell: bash
-      id: github-upload
       run: |
         rm -rf src/out/Default/obj
         cd src/electron
@@ -244,56 +181,18 @@ runs:
           echo 'Uploading Electron release distribution to GitHub releases'
           script/release/uploaders/upload.py --verbose
         fi
-    - name: Generate artifact attestation
-      if: ${{ inputs.is-release == 'true' }}
-      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
-      with:
-        subject-path: ${{ steps.github-upload.outputs.UPLOADED_PATHS }}
-    - name: Generate siso report
-      if: ${{ inputs.target-platform != 'win' && !cancelled() }}
-      shell: bash
-      run: |
-        cd src
-        e d siso report -C out/Default > siso_report.txt
-        SISO_REPORT_PATH=$(grep -o '/.*siso-report-[^ ]*' siso_report.txt)
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $GITHUB_ENV
-        cat siso_report.txt
-        echo "SISO REPORT AT $SISO_REPORT_PATH"
-    - name: Generate siso report (Windows)
-      if: ${{ inputs.target-platform == 'win' && !cancelled() }}
-      shell: powershell
-      run: |
-        cd src
-        e d siso report -C out\Default > siso_report.txt
-        $SISO_REPORT_PATH = Get-Content "siso_report.txt" | Select-String "report file:\s*(.+)" | ForEach-Object { 
-          $_.Matches.Groups[1].Value.Trim() 
-        }
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH"
-        echo "SISO_REPORT_PATH=$SISO_REPORT_PATH" >> $env:GITHUB_ENV
-    - name: Generate Artifact Key
-      if: always() && !cancelled()
-      shell: bash
-      run: |
-        if [ "${{ inputs.is-asan }}" = "true" ]; then 
-          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ inputs.target-arch }}_asan
-        else
-          ARTIFACT_KEY=${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
-        fi
-        echo "ARTIFACT_KEY=$ARTIFACT_KEY" >> $GITHUB_ENV
     # The current generated_artifacts_<< artifact.key >> name was taken from CircleCI
     # to ensure we don't break anything, but we may be able to improve that.
     - name: Move all Generated Artifacts to Upload Folder ${{ inputs.step-suffix }}
-      if: always() && !cancelled()
       shell: bash
       run: ./src/electron/script/actions/move-artifacts.sh
     - name: Upload Generated Artifacts ${{ inputs.step-suffix }}
-      if: always() && !cancelled()
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
       with:
-        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+        name: generated_artifacts_${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}
+        path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}
     - name: Upload Src Artifacts ${{ inputs.step-suffix }}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
       with:
-        name: src_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+        name: src_artifacts_${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}
+        path: ./src_artifacts_${{ inputs.artifact-platform }}_${{ env.TARGET_ARCH }}

.github/actions/build-git-cache/action.yml

@@ -1,83 +0,0 @@
-name: 'Build Git Cache'
-description: 'Runs a gclient sync to build the git cache for Electron'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'    
-runs:
-  using: "composite"
-  steps:
-  - name: Set GIT_CACHE_PATH to make gclient to use the cache
-    shell: bash
-    run: |
-      echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
-  - name: Set Chromium Git Cookie
-    uses: ./src/electron/.github/actions/set-chromium-cookie
-  - name: Install Build Tools
-    uses: ./src/electron/.github/actions/install-build-tools
-  - name: Set up cache drive
-    shell: bash
-    run: |
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        echo "CACHE_DRIVE=/mnt/win-cache" >> $GITHUB_ENV
-      else
-        echo "CACHE_DRIVE=/mnt/cross-instance-cache" >> $GITHUB_ENV
-      fi
-  - name: Check cross instance cache disk space
-    shell: bash
-    run: |    
-      # if there is less than 35 GB free space then creating the cache might fail so exit early
-      freespace=`df -m $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      freespace_human=`df -h $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      if [ $freespace -le 35000 ]; then
-        echo "The cross mount cache has $freespace_human free space which is not enough - exiting"
-        exit 1
-      else
-        echo "The cross mount cache has $freespace_human free space - continuing"
-      fi
-  - name: Restore gitcache
-    shell: bash
-    run: |
-      GIT_CACHE_TAR="$CACHE_DRIVE/gitcache.tar"
-      if [ ! -f "$GIT_CACHE_TAR" ]; then
-        echo "Git cache tar file does not exist, skipping restore"
-        exit 0
-      fi
-      echo "Restoring git cache from $GIT_CACHE_TAR to $GIT_CACHE_PATH"
-      mkdir -p $GIT_CACHE_PATH
-      tar -xf $GIT_CACHE_TAR -C $GIT_CACHE_PATH
-  - name: Gclient Sync
-    shell: bash
-    run: |
-      e d gclient config \
-        --name "src/electron" \
-        --unmanaged \
-        ${GCLIENT_EXTRA_ARGS} \
-        "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
-
-      if [ "$TARGET_OS" != "" ]; then
-        echo "target_os=['$TARGET_OS']" >> ./.gclient
-      fi
-
-      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags --nohooks -vv 
-  - name: Compress Git Cache Directory
-    shell: bash
-    run: |
-      echo "Uncompressed gitcache size: $(du -sh $GIT_CACHE_PATH | cut -f1 -d' ')"
-      cd $GIT_CACHE_PATH
-      tar -cf ../gitcache.tar .
-      cd ..
-      echo "Compressed gitcache to $(du -sh gitcache.tar | cut -f1 -d' ')"
-      # remove the old cache file if it exists 
-      if [ -f $CACHE_DRIVE/gitcache.tar ]; then
-        echo "Removing old gitcache.tar from $CACHE_DRIVE"
-        rm $CACHE_DRIVE/gitcache.tar
-      fi      
-      cp ./gitcache.tar $CACHE_DRIVE/
-  - name: Wait for active SSH sessions
-    shell: bash
-    if: always() && !cancelled()
-    run: |
-      while [ -f /var/.ssh-lock ]
-      do
-        sleep 60
-      done

.github/actions/checkout/action.yml

@@ -5,12 +5,6 @@ inputs:
     description: 'Whether to generate and persist a SAS token for the item in the cache'
     required: false
     default: 'false'
-  use-cache:
-    description: 'Whether to persist the cache to the shared drive'
-    required: false
-    default: 'true'
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'    
 runs:
   using: "composite"
   steps:
@@ -19,105 +13,81 @@ runs:
     run: |
       echo "GIT_CACHE_PATH=$(pwd)/git-cache" >> $GITHUB_ENV
   - name: Install Dependencies
-    uses: ./src/electron/.github/actions/install-dependencies
-  - name: Set Chromium Git Cookie
-    uses: ./src/electron/.github/actions/set-chromium-cookie
-  - name: Install Build Tools
-    uses: ./src/electron/.github/actions/install-build-tools
+    shell: bash
+    run: |
+      cd src/electron
+      node script/yarn install --frozen-lockfile
+  - name: Get Depot Tools
+    shell: bash
+    run: |
+      git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+      sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+      # Remove swift-format dep from cipd on macOS until we send a patch upstream.
+      cd depot_tools
+      git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+
+      # Ensure depot_tools does not update.
+      test -d depot_tools && cd depot_tools
+      touch .disable_auto_update
+  - name: Add Depot Tools to PATH
+    shell: bash
+    run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
   - name: Generate DEPS Hash
     shell: bash
     run: |
-      node src/electron/script/generate-deps-hash.js
-      DEPSHASH="v2-src-cache-$(cat src/electron/.depshash)"
-      echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-      echo "CACHE_FILE=$DEPSHASH.tar" >> $GITHUB_ENV
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        echo "CACHE_DRIVE=/mnt/win-cache" >> $GITHUB_ENV
-      else
-        echo "CACHE_DRIVE=/mnt/cross-instance-cache" >> $GITHUB_ENV
-      fi
+      node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+      echo "DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
   - name: Generate SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
     shell: bash
     run: |
-      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$CACHE_FILE?platform=${{ inputs.target-platform }}&getAccountName=true" > sas-token
+      curl --unix-socket /var/run/sas/sas.sock --fail "http://foo/$DEPSHASH.tar" > sas-token
   - name: Save SAS Key
     if: ${{ inputs.generate-sas-token == 'true' }}
-    uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+    uses: actions/cache/save@v4
     with:
-      path: sas-token
-      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
-      enableCrossOsArchive: true
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-${{ github.run_attempt }}
   - name: Check If Cache Exists
     id: check-cache
     shell: bash
     run: |
-      if [[ "${{ inputs.use-cache }}" == "false" ]]; then
-        echo "Not using cache this time..."
+      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
+      echo "Using cache key: $DEPSHASH"
+      echo "Checking for cache in: $cache_path"
+      if [ ! -f "$cache_path" ]; then
         echo "cache_exists=false" >> $GITHUB_OUTPUT
+        echo "Cache Does Not Exist for $DEPSHASH"
       else
-        cache_path=$CACHE_DRIVE/$CACHE_FILE
-        echo "Using cache key: $DEPSHASH"
-        echo "Checking for cache in: $cache_path"
-        if [ ! -f "$cache_path" ] || [ `du $cache_path | cut -f1` = "0" ]; then
-          echo "cache_exists=false" >> $GITHUB_OUTPUT
-          echo "Cache Does Not Exist for $DEPSHASH"
-        else
-          echo "cache_exists=true" >> $GITHUB_OUTPUT
-          echo "Cache Already Exists for $DEPSHASH, Skipping.."
-        fi
+        echo "cache_exists=true" >> $GITHUB_OUTPUT
+        echo "Cache Already Exists for $DEPSHASH, Skipping.."
       fi
-  - name: Check cross instance cache disk space
-    if: steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache  == 'true'
-    shell: bash
-    run: |    
-      # if there is less than 35 GB free space then creating the cache might fail so exit early
-      freespace=`df -m $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      freespace_human=`df -h $CACHE_DRIVE | grep -w $CACHE_DRIVE | awk '{print $4}'`
-      if [ $freespace -le 35000 ]; then
-        echo "The cross mount cache has $freespace_human free space which is not enough - exiting"
-        exit 1
-      else
-        echo "The cross mount cache has $freespace_human free space - continuing"
-      fi
-  - name: Add patch conflict problem matcher
-    shell: bash
-    run: echo "::add-matcher::src/electron/.github/problem-matchers/patch-conflict.json"
-  - name: Restore gitcache
-    if: steps.check-cache.outputs.cache_exists == 'false'
-    shell: bash
-    run: |
-      GIT_CACHE_TAR="$CACHE_DRIVE/gitcache.tar"
-      if [ ! -f "$GIT_CACHE_TAR" ]; then
-        echo "Git cache tar file does not exist, skipping restore"
-        exit 0
-      fi
-      echo "Restoring git cache from $GIT_CACHE_TAR to $GIT_CACHE_PATH"
-      mkdir -p $GIT_CACHE_PATH
-      tar -xf $GIT_CACHE_TAR -C $GIT_CACHE_PATH
   - name: Gclient Sync
     if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
-      e d gclient config \
+      gclient config \
         --name "src/electron" \
         --unmanaged \
         ${GCLIENT_EXTRA_ARGS} \
         "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
 
-      if [ "$TARGET_OS" != "" ]; then
-        echo "target_os=['$TARGET_OS']" >> ./.gclient
-      fi
-
-      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=0 DEPOT_TOOLS_WIN_TOOLCHAIN=0 ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags
-      if [[ "${{ inputs.is-release }}" != "true" ]]; then
+      ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 gclient sync --with_branch_heads --with_tags -vvvvv
+      if [ "${{ inputs.is-release }}" != "true" ]; then
         # Re-export all the patches to check if there were changes.
         python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
         cd src/electron
         git update-index --refresh || true
         if ! git diff-index --quiet HEAD --; then
           # There are changes to the patches. Make a git commit with the updated patches
-          if node ./script/patch-up.js; then
+          git add patches
+          GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
+          # Export it
+          mkdir -p ../../patches
+          git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
+          if (node ./script/push-patch.js 2> /dev/null > /dev/null); then
             echo
             echo "======================================================================"
             echo "Changes to the patches when applying, we have auto-pushed the diff to the current branch"
@@ -125,35 +95,16 @@ runs:
             echo "======================================================================"
             exit 1
           else
-            git add patches
-            GIT_COMMITTER_NAME="PatchUp" GIT_COMMITTER_EMAIL="73610968+patchup[bot]@users.noreply.github.com" git commit -m "chore: update patches" --author="PatchUp <73610968+patchup[bot]@users.noreply.github.com>"
-            # Export it
-            mkdir -p ../../patches
-            git format-patch -1 --stdout --keep-subject --no-stat --full-index > ../../patches/update-patches.patch
             echo
             echo "======================================================================"
             echo "There were changes to the patches when applying."
             echo "Check the CI artifacts for a patch you can apply to fix it."
             echo "======================================================================"
-            echo
-            cat ../../patches/update-patches.patch
             exit 1
           fi
-        else
-          echo "No changes to patches detected"
         fi
       fi
-  - name: Remove patch conflict problem matchers
-    shell: bash
-    run: |
-      echo "::remove-matcher owner=merge-conflict::"
-      echo "::remove-matcher owner=patch-conflict::"
-      echo "::remove-matcher owner=patch-needs-update::"
-  - name: Upload patches stats
-    if: ${{ inputs.target-platform == 'linux' && github.ref == 'refs/heads/main' }}
-    shell: bash
-    run: |
-      node src/electron/script/patches-stats.mjs --upload-stats || true
+
   # delete all .git directories under src/ except for
   # third_party/angle/ and third_party/dawn/ because of build time generation of files
   # gen/angle/commit.h depends on third_party/angle/.git/HEAD
@@ -162,66 +113,42 @@ runs:
   # https://dawn-review.googlesource.com/c/dawn/+/83901
   # TODO: maybe better to always leave out */.git/HEAD file for all targets ?
   - name: Delete .git directories under src to free space
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
       cd src
       ( find . -type d -name ".git" -not -path "./third_party/angle/*" -not -path "./third_party/dawn/*" -not -path "./electron/*" ) | xargs rm -rf
   - name: Minimize Cache Size for Upload
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
       rm -rf src/android_webview
       rm -rf src/ios/chrome
+      rm -rf src/third_party/blink/web_tests
       rm -rf src/third_party/blink/perf_tests
       rm -rf src/chrome/test/data/xr/webvr_info
       rm -rf src/third_party/angle/third_party/VK-GL-CTS/src
       rm -rf src/third_party/swift-toolchain
       rm -rf src/third_party/swiftshader/tests/regres/testlists
-      cp src/electron/.github/actions/checkout/action.yml ./
       rm -rf src/electron
-      mkdir -p src/electron/.github/actions/checkout
-      mv action.yml src/electron/.github/actions/checkout
   - name: Compress Src Directory
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
       echo "Uncompressed src size: $(du -sh src | cut -f1 -d' ')"
-      # Named .tar but zstd-compressed; the sas-sidecar's filename allowlist
-      # only permits .tar/.tgz so we keep the extension and decode on restore.
-      tar -cf - src | zstd -T0 --long=30 -f -o $CACHE_FILE
-      echo "Compressed src to $(du -sh $CACHE_FILE | cut -f1 -d' ')"
+      tar -cf $DEPSHASH.tar src
+      echo "Compressed src to $(du -sh $DEPSHASH.tar | cut -f1 -d' ')"
+      cp ./$DEPSHASH.tar /mnt/cross-instance-cache/
   - name: Persist Src Cache
-    if: ${{ steps.check-cache.outputs.cache_exists == 'false' && inputs.use-cache == 'true' }}
+    if: steps.check-cache.outputs.cache_exists == 'false'
     shell: bash
     run: |
-      final_cache_path=$CACHE_DRIVE/$CACHE_FILE
-      # Upload to a run-unique temp name first so concurrent readers never
-      # observe a partially-written file, and an interrupted copy can't leave
-      # a truncated file at the final path. Orphaned temp files get swept by
-      # the clean-orphaned-cache-uploads workflow.
-      tmp_cache_path=$final_cache_path.upload-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}
-      echo "Uploading to temp path: $tmp_cache_path"
-      cp ./$CACHE_FILE $tmp_cache_path
-
+      final_cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
       echo "Using cache key: $DEPSHASH"
-      if [ -f "$final_cache_path" ]; then
-        echo "Cache already persisted at $final_cache_path by a concurrent run; discarding ours"
-        rm -f $tmp_cache_path
-      else
-        mv -f $tmp_cache_path $final_cache_path
-        echo "Cache key persisted in $final_cache_path"
-      fi
-
+      echo "Checking path: $final_cache_path"
       if [ ! -f "$final_cache_path" ]; then
         echo "Cache key not found"
         exit 1
-      fi
-  - name: Wait for active SSH sessions
-    shell: bash
-    if: always() && !cancelled()
-    run: |
-      while [ -f /var/.ssh-lock ]
-      do
-        sleep 60
-      done
+      else
+        echo "Cache key persisted in $final_cache_path"
+      fi

.github/actions/cipd-install/action.yml

@@ -1,71 +0,0 @@
-name: 'CIPD install'
-description: 'Installs the specified CIPD package'
-inputs:
-  cipd-root-prefix-path:
-    description: 'Path to prepend to installation directory'
-    default: ''
-  dependency:
-    description: 'Name of dependency to install'
-  deps-file:
-    description: 'Location of DEPS file that defines the dependency'
-  installation-dir:
-    description: 'Location to install dependency'
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
-  package:
-    description: 'Package to install'
-  dependency-version:
-    description: 'Version of the dependency to install'
-    default: ''
-runs:
-  using: "composite"
-  steps:
-    - name: Delete wrong ${{ inputs.dependency }}
-      shell: bash
-      env:
-        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
-        INSTALLATION_DIR: ${{ inputs.installation-dir }}
-      run : |
-        rm -rf "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}"
-    - name: Create ensure file for ${{ inputs.dependency }}
-      if: ${{ inputs.dependency-version == '' }}
-      shell: bash
-      env:
-        PACKAGE: ${{ inputs.package }}
-        DEPS_FILE: ${{ inputs.deps-file }}
-        INSTALLATION_DIR: ${{ inputs.installation-dir }}
-        DEPENDENCY: ${{ inputs.dependency }}
-      run: |
-        echo "$PACKAGE" $(e d gclient getdep --deps-file="$DEPS_FILE" -r "${INSTALLATION_DIR}:${PACKAGE}") > "${DEPENDENCY}_ensure_file"
-        cat "${DEPENDENCY}_ensure_file"
-
-    - name: Create ensure file for ${{ inputs.dependency }} from dependency-version
-      if: ${{ inputs.dependency-version != '' }}
-      shell: bash
-      env:
-        PACKAGE: ${{ inputs.package }}
-        DEPENDENCY_VERSION: ${{ inputs.dependency-version }}
-        DEPENDENCY: ${{ inputs.dependency }}
-      run: |
-        echo "$PACKAGE $DEPENDENCY_VERSION" > "${DEPENDENCY}_ensure_file"
-        cat "${DEPENDENCY}_ensure_file"
-    - name: CIPD installation of ${{ inputs.dependency }} (macOS)
-      if: ${{ inputs.target-platform != 'win' }}
-      shell: bash
-      env:
-        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
-        INSTALLATION_DIR: ${{ inputs.installation-dir }}
-        DEPENDENCY: ${{ inputs.dependency }}
-      run: |
-        echo "ensuring $DEPENDENCY"
-        e d cipd ensure --root "${CIPD_ROOT_PREFIX}${INSTALLATION_DIR}" -ensure-file "${DEPENDENCY}_ensure_file"
-    - name: CIPD installation of ${{ inputs.dependency }} (Windows)
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      env:
-        CIPD_ROOT_PREFIX: ${{ inputs.cipd-root-prefix-path }}
-        INSTALLATION_DIR: ${{ inputs.installation-dir }}
-        DEPENDENCY: ${{ inputs.dependency }}
-      run: |
-        echo "ensuring $env:DEPENDENCY on Windows"
-        e d cipd ensure --root "$env:CIPD_ROOT_PREFIX$env:INSTALLATION_DIR" -ensure-file "$($env:DEPENDENCY)_ensure_file"

.github/actions/fix-sync-macos/action.yml

@@ -0,0 +1,61 @@
+name: 'Fix Sync macOS'
+description: 'Checks out Electron and stores it in the AKS Cache'
+runs:
+  using: "composite"
+  steps:
+    - name: Fix Sync
+      shell: bash
+      # This step is required to correct for differences between "gclient sync"
+      # on Linux and the expected state on macOS. This requires:
+      # 1. Fixing Clang Install (wrong binary)
+      # 2. Fixing esbuild (wrong binary)
+      # 3. Fixing rustc (wrong binary)
+      # 4. Fixing gn (wrong binary)
+      # 5. Fix reclient (wrong binary)
+      # 6. Fixing dsymutil (wrong binary)
+      # 7. Ensuring we are using the correct ninja and adding it to PATH
+      # 8. Fixing angle (wrong remote)
+      run : |
+        SEDOPTION="-i ''"
+        rm -rf src/third_party/llvm-build
+        python3 src/tools/clang/scripts/update.py
+
+        echo 'infra/3pp/tools/esbuild/${platform}' `gclient getdep --deps-file=src/third_party/devtools-frontend/src/DEPS -r 'third_party/esbuild:infra/3pp/tools/esbuild/${platform}'` > esbuild_ensure_file
+        # Remove extra output from calling gclient getdep which always calls update_depot_tools
+        sed -i '' "s/Updating depot_tools... //g" esbuild_ensure_file
+        cipd ensure --root src/third_party/devtools-frontend/src/third_party/esbuild -ensure-file esbuild_ensure_file
+
+        rm -rf src/third_party/rust-toolchain
+        python3 src/tools/rust/update_rust.py
+        
+        # Prevent calling gclient getdep which always calls update_depot_tools
+        echo 'gn/gn/mac-${arch}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/mac:gn/gn/mac-${arch}'` > gn_ensure_file
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/mac -ensure-file gn_ensure_file
+
+        # Prevent calling gclient getdep which always calls update_depot_tools
+        echo 'infra/rbe/client/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/buildtools/reclient:infra/rbe/client/${platform}'` > gn_ensure_file
+        sed -i '' "s/Updating depot_tools... //g" gn_ensure_file
+        cipd ensure --root src/buildtools/reclient -ensure-file gn_ensure_file
+        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
+
+        if  [ "${{ env.TARGET_ARCH }}" == "arm64" ]; then
+          DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.arm64.sha1
+        else
+          DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.x64.sha1
+        fi
+        python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
+
+        echo 'infra/3pp/tools/ninja/${platform}' `gclient getdep --deps-file=src/DEPS -r 'src/third_party/ninja:infra/3pp/tools/ninja/${platform}'` > ninja_ensure_file
+        sed $SEDOPTION "s/Updating depot_tools... //g" ninja_ensure_file
+        cipd ensure --root src/third_party/ninja -ensure-file ninja_ensure_file
+
+        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
+
+        cd src/third_party/angle
+        rm -f .git/objects/info/alternates
+        git remote set-url origin https://chromium.googlesource.com/angle/angle.git
+        cp .git/config .git/config.backup
+        git remote remove origin
+        mv .git/config.backup .git/config
+        git fetch

.github/actions/fix-sync/action.yml

@@ -1,155 +0,0 @@
-name: 'Fix Sync'
-description: 'Ensures proper binaries are in place'
-# This action is required to correct for differences between "gclient sync"
-# on Linux and the expected state on macOS/windows. This requires:
-# 1. Fixing Clang Install (wrong binary)
-# 2. Fixing esbuild (wrong binary)
-# 3. Fixing rustc (wrong binary)
-# 4. Fixing gn (wrong binary)
-# 5. Fix reclient (wrong binary)
-# 6. Fixing dsymutil (wrong binary)
-# 7. Ensuring we are using the correct ninja and adding it to PATH
-# 8. Fixing angle (wrong remote)
-# 9. Install windows toolchain on Windows
-# 10. Fix node binary on Windows
-# 11. Fix rc binary on Windows
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
-runs:
-  using: "composite"
-  steps:
-    - name: Fix llvm toolchain
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        rm -rf src/third_party/llvm-build
-        python3 src/tools/clang/scripts/update.py
-        # Refs https://chromium-review.googlesource.com/c/chromium/src/+/6667681
-        python3 src/tools/clang/scripts/update.py --package objdump
-        python3 src/tools/clang/scripts/update.py --package clang-tidy
-    - name: Fix esbuild
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
-        dependency: esbuild
-        deps-file: src/third_party/devtools-frontend/src/DEPS
-        installation-dir: third_party/esbuild
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/esbuild/${platform}
-    - name: Fix rollup
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        cipd-root-prefix-path: src/third_party/devtools-frontend/src/
-        dependency: rollup_libs
-        deps-file: src/third_party/devtools-frontend/src/DEPS
-        installation-dir: third_party/rollup_libs
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/rollup_libs/${platform}
-    - name: Sync native rollup libs
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        cd src/third_party/devtools-frontend/src
-        python3 scripts/deps/sync_rollup_libs.py
-    - name: Fix rustc
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        rm -rf src/third_party/rust-toolchain
-        python3 src/tools/rust/update_rust.py
-    - name: Fix gn (macOS)
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: gn
-        deps-file: src/DEPS
-        installation-dir: src/buildtools/mac
-        target-platform: ${{ inputs.target-platform }}
-        package: gn/gn/mac-${arch}
-    - name: Fix gn (Windows)
-      if: ${{ inputs.target-platform == 'win' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: gn
-        deps-file: src/DEPS
-        installation-dir: src/buildtools/win 
-        target-platform: ${{ inputs.target-platform }}
-        package: gn/gn/windows-amd64
-    - name: Fix reclient
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: reclient
-        deps-file: src/DEPS
-        installation-dir: src/buildtools/reclient
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/rbe/client/${platform}
-    - name: Configure reclient configs
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        python3 src/buildtools/reclient_cfgs/configure_reclient_cfgs.py --rbe_instance "projects/rbe-chrome-untrusted/instances/default_instance" --reproxy_cfg_template reproxy.cfg.template --rewrapper_cfg_project "" --skip_remoteexec_cfg_fetch
-    - name: Fix dsymutil (macOS)
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run : |
-        # Fix dsymutil
-        if [ "${{ inputs.target-platform }}" = "macos" ]; then
-          if  [ "${{ env.TARGET_ARCH }}" == "arm64" ]; then
-            DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.arm64.sha1
-          else
-            DSYM_SHA_FILE=src/tools/clang/dsymutil/bin/dsymutil.x64.sha1
-          fi
-          python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang -s $DSYM_SHA_FILE -o src/tools/clang/dsymutil/bin/dsymutil
-        fi
-    - name: Fix ninja
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: ninja
-        deps-file: src/DEPS
-        installation-dir: src/third_party/ninja
-        target-platform: ${{ inputs.target-platform }}
-        package: infra/3pp/tools/ninja/${platform}
-    - name: Set ninja in path
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        echo "$(pwd)/src/third_party/ninja" >> $GITHUB_PATH
-    - name: Fix siso
-      uses: ./src/electron/.github/actions/cipd-install
-      with:
-        dependency: siso
-        deps-file: src/DEPS
-        installation-dir: src/third_party/siso/cipd
-        target-platform: ${{ inputs.target-platform }}
-        package: build/siso/${platform}
-    - name: Fixup angle git
-      if: ${{ inputs.target-platform != 'linux' }}
-      shell: bash
-      run : |
-        cd src/third_party/angle
-        rm -f .git/objects/info/alternates
-        git remote set-url origin https://github.com/google/angle.git
-        cp .git/config .git/config.backup
-        git remote remove origin
-        mv .git/config.backup .git/config
-        git fetch
-    - name: Get Windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: e d vpython3 src\build\vs_toolchain.py update --force
-    - name: Download nodejs
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        $nodedeps = e d gclient getdep --deps-file=src/DEPS -r src/third_party/node/win | ConvertFrom-JSON
-        python3 src\third_party\depot_tools\download_from_google_storage.py --no_resume --no_auth --bucket chromium-nodejs -o src\third_party\node\win\node.exe $nodedeps.object_name
-    - name: Install rc
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: bash
-      run: |
-        python3 src/third_party/depot_tools/download_from_google_storage.py --no_resume --no_auth --bucket chromium-browser-clang/rc -s src/build/toolchain/win/rc/win/rc.exe.sha1

.github/actions/free-space-macos/action.yml

@@ -6,8 +6,6 @@ runs:
     - name: Free Space on MacOS
       shell: bash
       run: |
-        echo "Disk usage before cleanup:"
-        df -h
         sudo mkdir -p $TMPDIR/del-target
 
         tmpify() {
@@ -17,30 +15,28 @@ runs:
         }
 
         strip_universal_deep() {
-          if [ -d "$1" ]; then
-            opwd=$(pwd)
-            cd $1
-            f=$(find . -perm +111 -type f)
-            for fp in $f
-            do
-              if [[ $(file "$fp") == *"universal binary"* ]]; then
-                if [ "`arch`" == "arm64" ]; then
-                  if [[ $(file "$fp") == *"x86_64"* ]]; then
-                    sudo lipo -remove x86_64 "$fp" -o "$fp" || true
-                  fi
-                else
-                  if [[ $(file "$fp") == *"arm64e)"* ]]; then
-                    sudo lipo -remove arm64e "$fp" -o "$fp" || true
-                  fi
-                  if [[ $(file "$fp") == *"arm64)"* ]]; then
-                    sudo lipo -remove arm64 "$fp" -o "$fp" || true
-                  fi
+          opwd=$(pwd)
+          cd $1
+          f=$(find . -perm +111 -type f)
+          for fp in $f
+          do
+            if [[ $(file "$fp") == *"universal binary"* ]]; then
+              if [ "`arch`" == "arm64" ]; then
+                if [[ $(file "$fp") == *"x86_64"* ]]; then
+                  sudo lipo -remove x86_64 "$fp" -o "$fp" || true
+                fi
+              else
+                if [[ $(file "$fp") == *"arm64e)"* ]]; then
+                  sudo lipo -remove arm64e "$fp" -o "$fp" || true
+                fi
+                if [[ $(file "$fp") == *"arm64)"* ]]; then
+                  sudo lipo -remove arm64 "$fp" -o "$fp" || true
                 fi
               fi
-            done
+            fi
+          done
 
-            cd $opwd
-          fi
+          cd $opwd
         }
 
         tmpify /Library/Developer/CoreSimulator
@@ -61,31 +57,9 @@ runs:
         sudo rm -rf $TMPDIR/del-target
 
         sudo rm -rf /Applications/Safari.app
-        sudo rm -rf /Applications/Xcode_16.1.app
-        sudo rm -rf /Applications/Xcode_16.2.app
-        sudo rm -rf /Applications/Xcode_16.3.app
-        sudo rm -rf /Applications/Xcode_26*
-        sudo rm -rf /Applications/Google Chrome.app
-        sudo rm -rf /Applications/Google Chrome for Testing.app
-        sudo rm -rf /Applications/Firefox.app
-        sudo rm -rf /Applications/Microsoft Edge.app
         sudo rm -rf ~/project/src/third_party/catapult/tracing/test_data
         sudo rm -rf ~/project/src/third_party/angle/third_party/VK-GL-CTS
-        sudo rm -rf /Users/runner/Library/Android
-        sudo rm -rf $JAVA_HOME_11_arm64
-        sudo rm -rf $JAVA_HOME_17_arm64
-        sudo rm -rf $JAVA_HOME_21_arm64
-        sudo rm -rf $JAVA_HOME_25_arm64
-        sudo rm -rf /Users/runner/.dotnet/
-        sudo rm -rf /Users/runner/.rustup
-
-        # remove homebrew packages we don't need
-        if command -v brew &> /dev/null; then
-          brew uninstall -f --zap aws-sam-cli session-manager-plugin gcc gcc@13 gcc@14 llvm@18 gradle maven ant azure-cli
-          brew autoremove
-        fi
 
         # lipo off some huge binaries arm64 versions to save space
         strip_universal_deep $(xcode-select -p)/../SharedFrameworks
-        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr
-        sudo mdutil -a -i off
+        # strip_arm_deep /System/Volumes/Data/Library/Developer/CommandLineTools/usr

.github/actions/generate-types/action.yml

@@ -1,28 +0,0 @@
-name: 'Generate Types for Archaeologist Dig'
-description: 'Generate Types for Archaeologist Dig'
-inputs:
-  sha-file:
-    description: 'File containing sha'
-    required: true
-  filename:
-    description: 'Filename to write types to'
-    required: true
-runs:
-  using: "composite"
-  steps:
-  - name: Generating Types for SHA in ${{ inputs.sha-file }}
-    shell: bash
-    run: |
-      export ELECTRON_DIR=$(pwd)
-      if [ "${{ inputs.sha-file }}" == ".dig-old" ]; then
-        cd /tmp
-        git clone https://github.com/electron/electron.git
-        cd electron
-      fi
-      git checkout $(cat $ELECTRON_DIR/${{ inputs.sha-file }})
-      node script/yarn.js install --immutable
-      echo "#!/usr/bin/env node\nglobal.x=1" > node_modules/typescript/bin/tsc
-      node node_modules/.bin/electron-docs-parser --dir=./ --outDir=./ --moduleVersion=0.0.0-development
-      node node_modules/.bin/electron-typescript-definitions --api=electron-api.json --outDir=artifacts
-      mv artifacts/electron.d.ts $ELECTRON_DIR/artifacts/${{ inputs.filename }}
-    working-directory: ./electron

.github/actions/install-build-tools/action.yml

@@ -6,27 +6,6 @@ runs:
   - name: Install Build Tools
     shell: bash
     run: |
-      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
-        git config --global core.filemode false
-        git config --global core.autocrlf false
-        git config --global branch.autosetuprebase always
-        git config --global core.fscache true
-        git config --global core.longpaths true
-        git config --global core.preloadindex true
-        git config --global core.longpaths true
-      fi
-      export BUILD_TOOLS_SHA=1b7bd25dae4a780bb3170fff56c9327b53aaf7eb
+      export BUILD_TOOLS_SHA=ff3e40a9a2ebb735c18b6450ecd5ddaa8bb364a9
       npm i -g @electron/build-tools
-      # Update depot_tools to ensure python
-      e d update_depot_tools
       e auto-update disable
-      # Disable further updates of depot_tools
-      e d auto-update disable
-      if [ "$(expr substr $(uname -s) 1 10)" == "MSYS_NT-10" ]; then
-        e d cipd.bat --version
-        cp "C:\Python311\python.exe" "C:\Python311\python3.exe"
-        echo "C:\Users\ContainerAdministrator\.electron_build_tools\third_party\depot_tools" >> $GITHUB_PATH
-      else
-        echo "$HOME/.electron_build_tools/third_party/depot_tools" >> $GITHUB_PATH
-        echo "$HOME/.electron_build_tools/third_party/depot_tools/python-bin" >> $GITHUB_PATH
-      fi

.github/actions/install-dependencies/action.yml

@@ -1,31 +0,0 @@
-name: 'Install Dependencies'
-description: 'Installs yarn depdencies using cache when available'
-runs:
-  using: "composite"
-  steps:
-  - name: Get yarn cache directory path
-    shell: bash
-    id: yarn-cache-dir-path
-    run: echo "dir=$(node src/electron/script/yarn.js config get cacheFolder)" >> $GITHUB_OUTPUT
-  - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
-    id: yarn-cache
-    with:
-      path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-      key: ${{ runner.os }}-yarn-${{ hashFiles('src/electron/yarn.lock') }}
-      restore-keys: |
-        ${{ runner.os }}-yarn-
-  - name: Install Dependencies
-    shell: bash
-    run: |
-      cd src/electron
-      if [ "$TARGET_ARCH" = "x86" ]; then
-        export npm_config_arch="ia32"
-      fi
-      # if running on linux arm skip yarn Builds
-      ARCH=$(uname -m)
-      if [ "$ARCH" = "armv7l" ]; then
-        echo "Skipping yarn build on linux arm"
-        node script/yarn.js install --immutable --mode=skip-build
-      else
-        node script/yarn.js install --immutable
-      fi

.github/actions/restore-cache-aks/action.yml

@@ -1,20 +1,12 @@
 name: 'Restore Cache AKS'
 description: 'Restores Electron src cache via AKS'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
 runs:
   using: "composite"
   steps:
   - name: Restore and Ensure Src Cache
     shell: bash
     run: |
-      if [ "${{ inputs.target-platform }}" = "win" ]; then
-        cache_path=/mnt/win-cache/$DEPSHASH.tar
-      else
-        cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
-      fi
-
+      cache_path=/mnt/cross-instance-cache/$DEPSHASH.tar
       echo "Using cache key: $DEPSHASH"
       echo "Checking for cache in: $cache_path"
       if [ ! -f "$cache_path" ]; then
@@ -25,13 +17,8 @@ runs:
       fi
 
       echo "Persisted cache is $(du -sh $cache_path | cut -f1)"
-      if [ `du  $cache_path | cut -f1` = "0" ]; then
-        echo "Cache is empty - exiting"
-        exit 1
-      fi
-
       mkdir temp-cache
-      zstd -d --long=30 -c $cache_path | tar -xf - -C temp-cache
+      tar -xf $cache_path -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
 
       if [ -d "temp-cache/src" ]; then

.github/actions/restore-cache-azcopy/action.yml

@@ -1,69 +1,36 @@
 name: 'Restore Cache AZCopy'
 description: 'Restores Electron src cache via AZCopy'
-inputs:
-  target-platform:
-    description: 'Target platform, should be linux, win, macos'
 runs:
   using: "composite"
   steps:
   - name: Obtain SAS Key
-    continue-on-error: true
-    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+    uses: actions/cache/restore@v4
     with:
-      path: sas-token
-      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-1
-      enableCrossOsArchive: true
-  - name: Obtain SAS Key
-    continue-on-error: true
-    uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
-    with:
-      path: sas-token
-      key: sas-key-${{ inputs.target-platform }}-${{ github.run_number }}-${{ github.run_attempt }}
-      enableCrossOsArchive: true
+      path: |
+        sas-token
+      key: sas-key-${{ github.run_number }}-${{ github.run_attempt }}
   - name: Download Src Cache from AKS
     # The cache will always exist here as a result of the checkout job
     # Either it was uploaded to Azure in the checkout job for this commit
     # or it was uploaded in the checkout job for a previous commit.
-    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
+    uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
     with:
-      timeout_minutes: 30
+      timeout_minutes: 20
       max_attempts: 3
       retry_on: error
-      shell: bash
       command: |
         sas_token=$(cat sas-token)
-        if [ -z "$sas_token" ]; then
-          echo "SAS Token not found; exiting src cache download early..."
-          exit 1
-        else
-          sas_token=$(jq -r '.sasToken' sas-token)
-          account_name=$(jq -r '.accountName' sas-token)
-          if [ "${{ inputs.target-platform }}" = "win" ]; then
-            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_WIN_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
-          else
-            azcopy copy --log-level=ERROR \
-            "https://$account_name.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
-          fi            
-        fi
-    env:
-      AZURE_AKS_CACHE_SHARE_NAME: linux-cache
-      AZURE_AKS_WIN_CACHE_SHARE_NAME: windows-cache
+        azcopy copy \
+          "https://${{ env.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}.file.core.windows.net/${{ env.AZURE_AKS_CACHE_SHARE_NAME }}/${{ env.CACHE_PATH }}?$sas_token" $DEPSHASH.tar
   - name: Clean SAS Key
     shell: bash
     run: rm -f sas-token
   - name: Unzip and Ensure Src Cache
-    if: ${{ inputs.target-platform == 'macos' }}
     shell: bash
     run: |
       echo "Downloaded cache is $(du -sh $DEPSHASH.tar | cut -f1)"
-      if [ `du $DEPSHASH.tar | cut -f1` = "0" ]; then
-        echo "Cache is empty - exiting"
-        exit 1
-      fi
-
       mkdir temp-cache
-      zstd -d --long=30 -c $DEPSHASH.tar | tar -xf - -C temp-cache
+      tar -xf $DEPSHASH.tar -C temp-cache
       echo "Unzipped cache is $(du -sh temp-cache/src | cut -f1)"
 
       if [ -d "temp-cache/src" ]; then
@@ -81,40 +48,4 @@ runs:
       fi
 
       echo "Wiping Electron Directory"
-      rm -rf src/electron
-
-  - name: Unzip and Ensure Src Cache (Windows)
-    if: ${{ inputs.target-platform == 'win' }}
-    shell: bash
-    run: |
-      echo "Downloaded cache is $(du -sh $DEPSHASH.tar | cut -f1)"
-      if [ `du $DEPSHASH.tar | cut -f1` = "0" ]; then
-        echo "Cache is empty - exiting"
-        exit 1
-      fi
-
-      mkdir temp-cache
-      zstd -d --long=30 -c $DEPSHASH.tar | tar -xf - -C temp-cache
-      rm -f $DEPSHASH.tar
-
-  - name: Move Src Cache (Windows)
-    if: ${{ inputs.target-platform == 'win' }}
-    uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0
-    with:
-      timeout_minutes: 30
-      max_attempts: 3
-      retry_on: error
-      shell: powershell  
-      command: |
-        if (Test-Path "temp-cache\src") {
-          Write-Host "Relocating Cache"
-          Remove-Item -Recurse -Force src
-          Move-Item temp-cache\src src
-        }
-        if (-Not (Test-Path "src\third_party\blink")) {
-          Write-Host "Cache was not correctly restored - exiting"
-          exit 1
-        }
-
-        Write-Host "Wiping Electron Directory"
-        Remove-Item -Recurse -Force src\electron
+      rm -rf src/electron

.github/actions/set-chromium-cookie/action.yml

@@ -1,56 +0,0 @@
-name: 'Set Chromium Git Cookie'
-description: 'Sets an authenticated cookie from Chromium to allow for a higher request limit'
-runs:
-  using: "composite"
-  steps:
-  - name: Set the git cookie from chromium.googlesource.com (Unix)
-    if: ${{ runner.os != 'Windows' }}
-    shell: bash
-    run: |
-      if [[ -z "$CHROMIUM_GIT_COOKIE" ]]; then
-        echo "CHROMIUM_GIT_COOKIE is not set - cannot authenticate."
-        exit 0
-      fi
-
-      eval 'set +o history' 2>/dev/null || setopt HIST_IGNORE_SPACE 2>/dev/null
-      touch ~/.gitcookies
-      chmod 0600 ~/.gitcookies
-
-      git config --global http.cookiefile ~/.gitcookies
-
-      echo "$CHROMIUM_GIT_COOKIE" | tr , \\t >>~/.gitcookies
-      eval 'set -o history' 2>/dev/null || unsetopt HIST_IGNORE_SPACE 2>/dev/null
-
-      RESPONSE=$(curl -s -b ~/.gitcookies https://chromium-review.googlesource.com/a/accounts/self)
-      if [[ $RESPONSE == ")]}'"* ]]; then
-        # Extract account email for verification
-        EMAIL=$(echo "$RESPONSE" | tail -c +5 | jq -r '.email // "No email found"')
-        echo "Cookie authentication successful - authenticated as: $EMAIL"
-      else
-        echo "Cookie authentication failed - ensure CHROMIUM_GIT_COOKIE is set correctly"
-        echo $RESPONSE
-      fi
-  - name: Set the git cookie from chromium.googlesource.com (Windows)
-    if: ${{ runner.os == 'Windows' }}
-    shell: cmd
-    run: |
-      if "%CHROMIUM_GIT_COOKIE_WINDOWS_STRING%"=="" (
-        echo CHROMIUM_GIT_COOKIE_WINDOWS_STRING is not set - cannot authenticate.
-        exit /b 0
-      )
-
-      git config --global http.cookiefile "%USERPROFILE%\.gitcookies"
-      powershell -noprofile -nologo -command Write-Output $env:CHROMIUM_GIT_COOKIE_WINDOWS_STRING >>"%USERPROFILE%\.gitcookies"
-
-      curl -s -b "%USERPROFILE%\.gitcookies" https://chromium-review.googlesource.com/a/accounts/self > response.txt
-
-      findstr /B /C:")]}'" response.txt > nul
-      if %ERRORLEVEL% EQU 0 (
-        echo Cookie authentication successful
-        powershell -NoProfile -Command "& {$content = Get-Content -Raw response.txt; $content = $content.Substring(4); try { $json = ConvertFrom-Json $content; if($json.email) { Write-Host 'Authenticated as:' $json.email } else { Write-Host 'No email found in response' } } catch { Write-Host 'Error parsing JSON:' $_ }}"
-      ) else (
-        echo Cookie authentication failed - ensure CHROMIUM_GIT_COOKIE_WINDOWS_STRING is set correctly
-        type response.txt
-      )
-
-      del response.txt

.github/actions/ssh-debug/action.yml

@@ -1,20 +0,0 @@
-name: Debug via SSH
-description: Setup a SSH server with a tunnel to access it to debug via SSH.
-inputs:
-  tunnel:
-    description: 'Enable SSH tunneling via cloudflared'
-    required: true
-    default: 'false'
-  timeout:
-    description: 'SSH session timeout in seconds'
-    required: false
-    type: number
-    default: 3600
-runs:
-  using: composite
-  steps:
-    - run: $GITHUB_ACTION_PATH/setup-ssh.sh
-      shell: bash
-      env:
-        TUNNEL: ${{ inputs.tunnel }}
-        TIMEOUT: ${{ inputs.timeout }}

.github/actions/ssh-debug/bashrc

@@ -1,4 +0,0 @@
-# If we're in an interactive SSH session and we're not already in tmux and there's no explicit SSH command, auto attach tmux
-if [ -n "$SSH_TTY" ] && [ -z "$TMUX" ] && [ -z "$SSH_ORIGINAL_COMMAND" ]; then
-    exec tmux attach || exec tmux
-fi

.github/actions/ssh-debug/setup-ssh.sh

@@ -1,146 +0,0 @@
-#!/bin/bash -e
-
-if [ "${TUNNEL}" != "true" ]; then
-    echo "SSH tunneling is disabled. Set enable-tunnel: true to enable remote access."
-    echo "Local SSH server would be available on localhost:2222 if this were a local environment."
-    exit 0
-fi
-
-echo ::group::Configuring Tunnel
-
-echo "SSH tunneling enabled. Setting up remote access..."
-
-EXTERNAL_DEPS="curl jq ssh-keygen"
-
-for dep in $EXTERNAL_DEPS; do
-    if ! command -v "${dep}" > /dev/null 2>&1; then
-       echo "Command ${dep} not installed on the system!" >&2
-       exit 1
-    fi
-done
-
-cd "$GITHUB_ACTION_PATH"
-
-bashrc_path=$(pwd)/bashrc
-
-# Source `bashrc` to auto start tmux on SSH login.
-if ! grep -q "${bashrc_path}" ~/.bash_profile; then
-    echo >> ~/.bash_profile # On macOS runner there's no newline at the end of the file
-    echo "source \"${bashrc_path}\"" >> ~/.bash_profile
-fi
-
-OS=$(uname -s | tr '[:upper:]' '[:lower:]')
-ARCH=$(uname -m)
-
-if [ "${ARCH}" = "x86_64" ]; then
-    ARCH="amd64"
-elif [ "${ARCH}" = "aarch64" ]; then
-    ARCH="arm64"
-fi
-
-if [ "${OS}" = "darwin" ] && ! command -v tmux > /dev/null 2>&1; then
-    echo "Installing tmux..."
-    brew install tmux
-fi
-
-if [ "$OS" = "darwin" ]; then
-    cloudflared_url="https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-${OS}-${ARCH}.tgz"
-    echo "Downloading \`cloudflared\` from <$cloudflared_url>..."
-    curl --location --silent --output cloudflared.tgz "${cloudflared_url}"
-    tar xf cloudflared.tgz
-    rm cloudflared.tgz
-fi
-
-chmod +x cloudflared
-
-echo 'Creating SSH server key...'
-ssh-keygen -q -f ssh_host_rsa_key -N ''
-
-echo 'Creating SSH server config...'
-sed "s,\$PWD,${PWD},;s,\$USER,${USER}," sshd_config.template > sshd_config
-
-echo 'Starting SSH server...'
-sudo /usr/sbin/sshd -f sshd_config -D &
-sshd_pid=$!
-
-echo "SSH server started successfully (PID: ${sshd_pid})"
-
-echo 'Starting tmux session...'
-(cd "${GITHUB_WORKSPACE}" && tmux new-session -d -s debug)
-
-mkdir ~/.cloudflared
-CLEAN_TUNNEL_CERT=$(printf '%s\n' "${CLOUDFLARE_TUNNEL_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
-
-echo "${CLEAN_TUNNEL_CERT}" > ~/.cloudflared/cert.pem
-
-CLEAN_USER_CA_CERT=$(printf '%s\n' "${CLOUDFLARE_USER_CA_CERT}" | tr -d '\r' | sed '/^[[:space:]]*$/d')
-
-echo "${CLEAN_USER_CA_CERT}" | sudo tee /etc/ssh/ca.pub > /dev/null
-sudo chmod 644 /etc/ssh/ca.pub
-
-random_suffix=$(openssl rand -hex 5 | cut -c1-10)
-tunnel_name="${GITHUB_SHA}-${GITHUB_RUN_ID}-${random_suffix}"
-tunnel_url="${tunnel_name}.${CLOUDFLARE_TUNNEL_HOSTNAME}"
-
-if ./cloudflared tunnel list | grep -q "${tunnel_name}"; then
-    echo "Deleting existing tunnel: ${tunnel_name}"
-    ./cloudflared tunnel delete ${tunnel_name}
-fi
-
-echo "Creating new cloudflare tunnel: ${tunnel_name}"
-./cloudflared tunnel create ${tunnel_name}
-
-credentials_file=$(find ~/.cloudflared -name "*.json" | head -n 1)
-if [ -z "${credentials_file}" ]; then
-    echo "Error: Could not find tunnel credentials file"
-    exit 1
-fi
-
-echo "Found credentials file: ${credentials_file}"
-
-echo 'Creating tunnel configuration...'
-cat > tunnel_config.yml << EOF
-tunnel: ${tunnel_name}
-credentials-file: ${credentials_file}
-
-ingress:
-  - hostname: ${tunnel_url}
-    service: ssh://localhost:2222
-  - service: http_status:404
-EOF
-
-echo 'Setting up DNS routing for tunnel...'
-./cloudflared tunnel route dns ${tunnel_name} ${tunnel_url}
-
-echo 'Running cloudflare tunnel...'
-./cloudflared tunnel --no-autoupdate --config tunnel_config.yml run 2>&1 | tee cloudflared.log | sed -u 's/^/cloudflared: /' &
-cloudflared_pid=$!
-
-echo ::endgroup::
-
-echo ::notice title=SSH Debug Session Ready::ssh ${tunnel_url}
-
-
-(
-    echo '    '
-    echo '    '
-    echo '🔗 SSH Debug Session Ready!'
-    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
-    echo '    '
-    echo '📋 Infra WG can copy and run this command to connect:'
-    echo '    '
-    echo "ssh ${tunnel_url}"
-    echo '    '
-    echo "⏰ Session expires automatically in ${TIMEOUT} seconds"
-    echo '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━'
-    echo '    '
-    echo '    '
-) | cat
-
-echo ::group::Starting Background Session
-echo 'Starting SSH session in background...'
-./ssh-session.sh "${sshd_pid}" "${cloudflared_pid}" "${TIMEOUT}" "${tunnel_name}" &
-
-echo 'SSH session is running in background. GitHub Action will continue.'
-echo 'Session will auto-cleanup after timeout or when processes end.'
-echo ::endgroup::

.github/actions/ssh-debug/ssh-session.sh

@@ -1,52 +0,0 @@
-#!/bin/bash
-
-SSHD_PID=$1
-CLOUDFLARED_PID=$2
-SESSION_TIMEOUT=${3:-10000}
-TUNNEL_NAME=$4
-
-cleanup() {
-    # Kill processes.
-    for pid in "$SLEEP_PID" "$SSHD_PID" "$CLOUDFLARED_PID"; do
-        if [ -n "$pid" ] && kill -0 "$pid" 2>/dev/null; then
-            kill "$pid" 2>/dev/null || true
-        fi
-    done
-
-    # Clean up tunnel.
-    if [ -n "$TUNNEL_NAME" ]; then
-        cd "$GITHUB_ACTION_PATH"
-        ./cloudflared tunnel delete "$TUNNEL_NAME" 2>/dev/null || {
-            echo "Failed to delete tunnel"
-        }
-    fi
-
-    echo "Session ended at $(date)"
-    exit 0
-}
-
-# Trap signals to ensure cleanup.
-trap cleanup SIGTERM SIGINT SIGQUIT SIGHUP EXIT
-
-# Wait for timeout or until processes die.
-sleep "$SESSION_TIMEOUT" &
-SLEEP_PID=$!
-
-# Monitor processes
-while kill -0 "$SLEEP_PID" 2>/dev/null; do
-    # Check SSH daemon.
-    if ! kill -0 "$SSHD_PID" 2>/dev/null; then
-        echo "SSH daemon died at $(date)"
-        break
-    fi
-
-    # Check cloudflared,
-    if ! kill -0 "$CLOUDFLARED_PID" 2>/dev/null; then
-        echo "Cloudflared died at $(date)"
-        break
-    fi
-
-    sleep 10
-done
-
-cleanup

.github/actions/ssh-debug/sshd_config.template

@@ -1,25 +0,0 @@
-Port 2222
-HostKey $PWD/ssh_host_rsa_key
-PidFile $PWD/sshd.pid
-
-# Connection settings
-ClientAliveInterval 30
-ClientAliveCountMax 10
-MaxStartups 10
-LoginGraceTime 120
-
-# Allow TCP forwarding for tunneling
-AllowTcpForwarding yes
-
-# Try to prevent timeouts
-TCPKeepAlive yes
-
-# Security
-TrustedUserCAKeys /etc/ssh/ca.pub
-PubkeyAuthentication yes
-PasswordAuthentication no
-
-AuthorizedPrincipalsCommand /bin/bash -c "echo '%t %k' | ssh-keygen -L -f - | grep -A1 Principals"
-AuthorizedPrincipalsCommandUser nobody
-
-PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com

.github/config.yml

@@ -2,8 +2,6 @@
 newPRWelcomeComment: |
   💖 Thanks for opening this pull request! 💖
 
-  ### Semantic PR titles
-
   We use [semantic commit messages](https://github.com/electron/electron/blob/main/docs/development/pull-requests.md#commit-message-guidelines) to streamline the release process. Before your pull request can be merged, you should **update your pull request title** to start with a semantic prefix.
 
   Examples of commit messages with semantic prefixes:
@@ -12,13 +10,6 @@ newPRWelcomeComment: |
   - `feat: add app.isPackaged() method`
   - `docs: app.isDefaultProtocolClient is now available on Linux`
 
-  ### Commit signing
-
-  This repo enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) for all incoming PRs.
-  To sign your commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
-  
-  ### PR tips
-
   Things that will help get your PR across the finish line:
 
   - Follow the JavaScript, C++, and Python [coding style](https://github.com/electron/electron/blob/main/docs/development/coding-style.md).

.github/copilot-instructions.md

@@ -1,122 +0,0 @@
-# Copilot Instructions for Electron
-
-## Build System
-
-Electron uses `@electron/build-tools` (`e` CLI). Install with `npm i -g @electron/build-tools`.
-
-```bash
-e sync              # Fetch sources and apply patches
-e build             # Build Electron (GN + Ninja)
-e build -k 999      # Build, continuing through errors
-e start             # Run built Electron
-e start --version   # Verify Electron launches
-e test              # Run full test suite
-e debug             # Run in debugger (lldb on macOS, gdb on Linux)
-```
-
-### Linting
-
-```bash
-npm run lint              # Run all linters (JS, C++, Python, GN, docs)
-npm run lint:js           # JavaScript/TypeScript only
-npm run lint:clang-format # C++ formatting only
-npm run lint:cpp          # C++ linting only
-npm run lint:docs         # Documentation only
-```
-
-### Running a Single Test
-
-```bash
-npm run test -- -g "pattern"   # Run tests matching a regex pattern
-# Example: npm run test -- -g "ipc"
-```
-
-### Running a Single Node.js Test
-
-```bash
-node script/node-spec-runner.js parallel/test-crypto-keygen
-```
-
-## Architecture
-
-Electron embeds Chromium (rendering) and Node.js (backend) to enable desktop apps with web technologies. The parent directory (`../`) is the Chromium source tree.
-
-### Process Model
-
-Electron has two primary process types, mirroring Chromium:
-
-- **Main process** (`shell/browser/` + `lib/browser/`): Controls app lifecycle, creates windows, system APIs
-- **Renderer process** (`shell/renderer/` + `lib/renderer/`): Runs web content in BrowserWindows
-
-### Native ↔ JavaScript Bridge
-
-Each API is implemented as a C++/JS pair:
-
-- C++ side: `shell/browser/api/electron_api_{name}.cc/.h` — uses `gin::Wrappable` and `ObjectTemplateBuilder`
-- JS side: `lib/browser/api/{name}.ts` — exports the module, registered in `lib/browser/api/module-list.ts`
-- Binding: `NODE_LINKED_BINDING_CONTEXT_AWARE(electron_browser_{name}, Initialize)` in C++ and registered in `shell/common/node_bindings.cc`
-- Type declaration: `typings/internal-ambient.d.ts` maps `process._linkedBinding('electron_browser_{name}')`
-
-### Patches System
-
-Electron patches upstream dependencies (Chromium, Node.js, V8, etc.) rather than forking them. Patches live in `patches/` organized by target, with `patches/config.json` mapping directories to repos.
-
-```text
-patches/{target}/*.patch  →  [e sync]   →  target repo commits
-                          ←  [e patches] ←
-```
-
-Key rules:
-
-- Fix existing patches rather than creating new ones
-- Preserve original authorship in TODO comments — never change `TODO(name)` assignees
-- Each patch commit message must explain why the patch exists
-- After modifying patches, run `e patches {target}` to export
-
-When working on the `roller/chromium/main` branch for Chromium upgrades, use `e sync --3` for 3-way merge conflict resolution.
-
-## Conventions
-
-### File Naming
-
-- JS/TS files: kebab-case (`file-name.ts`)
-- C++ files: snake_case with `electron_api_` prefix (`electron_api_safe_storage.cc`)
-- Test files: `api-{module-name}-spec.ts` in `spec/`
-- Source file lists are maintained in `filenames.gni` (with platform-specific sections)
-
-### JavaScript/TypeScript
-
-- Semicolons required (`"semi": ["error", "always"]`)
-- `const` and `let` only (no `var`)
-- Arrow functions preferred
-- Import order enforced: `@electron/internal` → `@electron` → `electron` → external → builtin → relative
-- API naming: `PascalCase` for classes (`BrowserWindow`), `camelCase` for module APIs (`globalShortcut`)
-- Prefer getters/setters over jQuery-style `.text([text])` patterns
-
-### C++
-
-- Follows Chromium coding style, enforced by `clang-format` and `clang-tidy`
-- Uses Chromium abstractions (`base::`, `content::`, etc.)
-- Header guards: `#ifndef ELECTRON_SHELL_BROWSER_API_ELECTRON_API_{NAME}_H_`
-- Platform-specific files: `_mac.mm`, `_win.cc`, `_linux.cc`
-
-### Testing
-
-- Framework: Mocha + Chai + Sinon
-- Test helpers in `spec/lib/` (e.g., `spec-helpers.ts`, `window-helpers.ts`)
-- Use `defer()` from spec-helpers for cleanup, `closeAllWindows()` for window teardown
-- Tests import from `electron/main` or `electron/renderer`
-
-### Documentation
-
-- API docs in `docs/api/` as Markdown, parsed by `@electron/docs-parser` to generate `electron.d.ts`
-- API history tracked via YAML blocks in HTML comments within doc files
-- Docs must pass `npm run lint:docs`
-
-### Build Configuration
-
-- `BUILD.gn`: Main GN build config
-- `buildflags/buildflags.gni`: Feature flags (PDF viewer, extensions, spellchecker)
-- `build/args/`: Build argument profiles (`testing.gn`, `release.gn`, `all.gn`)
-- `DEPS`: Dependency versions and checkout paths
-- `chromium_src/`: Chromium source file overrides (compiled instead of originals)

.github/dependabot.yml

@@ -7,62 +7,3 @@ updates:
     directory: /
     schedule:
       interval: weekly
-    labels:
-      - "no-backport"
-      - "semver/none"
-    target-branch: main
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "no-backport"
-    open-pull-requests-limit: 2
-    target-branch: main
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 33-x-y
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 32-x-y
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 31-x-y
-  - package-ecosystem: npm
-    directories:
-      - /
-      - /spec
-      - /npm
-    schedule:
-      interval: daily
-    labels:
-      - "backport-check-skip"
-    open-pull-requests-limit: 0
-    target-branch: 30-x-y

.github/problem-matchers/clang.json

@@ -1,18 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "clang",
-      "fromPath": "src/out/Default/args.gn",
-      "pattern": [
-        {
-          "regexp": "^(.+)[(:](\\d+)[:,](\\d+)\\)?:\\s+(warning|fatal error|error):\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "severity": 4,
-          "message": 5
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/eslint-stylish.json

@@ -1,22 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "eslint-stylish",
-      "pattern": [
-        {
-          "regexp": "^\\s*([^\\s].*)$",
-          "file": 1
-        },
-        {
-          "regexp": "^\\s+(\\d+):(\\d+)\\s+(error|warning|info)\\s+(.*)\\s\\s+(.*)$",
-          "line": 1,
-          "column": 2,
-          "severity": 3,
-          "message": 4,
-          "code": 5,
-          "loop": true
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/markdownlint.json

@@ -1,16 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "markdownlint",
-      "pattern": [
-        {
-          "regexp": "^(.+):(\\d+):(\\d+)\\s+(.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    }
-  ]
-}

.github/problem-matchers/patch-conflict.json

@@ -1,34 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "merge-conflict",
-      "pattern": [
-        {
-          "regexp": "^CONFLICT\\s\\(\\S+\\): (Merge conflict in \\S+)$",
-          "message": 1
-        }
-      ]
-    },
-    {
-      "owner": "patch-conflict",
-      "pattern": [
-        {
-          "regexp": "^error: (patch failed: (\\S+):(\\d+))$",
-          "message": 1,
-          "file": 2,
-          "line": 3
-        }
-      ]
-    },
-    {
-      "owner": "patch-needs-update",
-      "pattern": [
-        {
-          "regexp": "^((patches\/.*): needs update)$",
-          "message": 1,
-          "file": 2
-        }
-      ]
-    }
-  ]
-}

.github/siso-patches/0001-siso-reuse-the-outer-os.File-for-chunked-ReadAt-in-f.patch

@@ -1,47 +0,0 @@
-From 85b561ea4dbc76ba98af020b970f3aa6b20fdb9e Mon Sep 17 00:00:00 2001
-From: Samuel Attard <sam@electronjs.org>
-Date: Wed, 8 Apr 2026 23:24:15 -0700
-Subject: [PATCH] siso: reuse the outer *os.File for chunked ReadAt in
- fileParser.readFile
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The per-chunk goroutine currently re-opens fname to get its own handle
-for ReadAt. (*os.File).ReadAt is documented as safe for concurrent
-calls on the same File (on Windows it is ReadFile with an OVERLAPPED
-offset, so there is no shared seek state), so the extra open is
-redundant — the goroutines can share the outer f.
-
-Besides halving the CreateFileW calls per subninja, this avoids an
-intermittent 'The parameter is incorrect.' (ERROR_INVALID_PARAMETER)
-from bindflt.sys when out/ is a mapped directory inside a Windows
-container: bindflt's handle-relative NtCreateFile path races when a
-second relative open arrives while the first handle to the same target
-is still being set up. Absolute paths and single opens do not trigger
-it; see microsoft/Windows-Containers#<tbd>.
----
- siso/toolsupport/ninjautil/file_parser.go | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/siso/toolsupport/ninjautil/file_parser.go b/siso/toolsupport/ninjautil/file_parser.go
-index 8c18d084..63116662 100644
---- a/siso/toolsupport/ninjautil/file_parser.go
-+++ b/siso/toolsupport/ninjautil/file_parser.go
-@@ -111,13 +111,6 @@ func (p *fileParser) readFile(ctx context.Context, fname string) ([]byte, error)
- 		eg.Go(func() error {
- 			p.sema <- struct{}{}
- 			defer func() { <-p.sema }()
--			f, err := os.Open(fname)
--			if err != nil {
--				return err
--			}
--			defer func() {
--				_ = f.Close()
--			}()
- 			for len(chunkBuf) > 0 {
- 				n, err := f.ReadAt(chunkBuf, pos)
- 				if err != nil {
--- 
-2.53.0
-

.github/workflows/apply-patches.yml

@@ -1,81 +0,0 @@
-name: Apply Patches
-
-on:
-  pull_request:
-
-permissions: {}
-
-concurrency:
-  group: apply-patches-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  setup:
-    if: github.repository == 'electron/electron'
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: read
-    outputs:
-      has-patches: ${{ steps.filter.outputs.patches }}
-    steps:
-    - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.head.sha }}
-    # Use dorny/paths-filter instead of the path filter under the on: pull_request: block
-    # so that the output can be used to conditionally run the apply-patches job, which lets
-    # the job be marked as a required status check (conditional skip counts as a success).
-    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-      id: filter
-      with:
-        filters: |
-          patches:
-            - DEPS
-            - 'patches/**'
-
-  apply-patches:
-    needs: setup
-    if: ${{ needs.setup.outputs.has-patches == 'true' }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-      with:
-        path: src/electron
-        fetch-depth: 0
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.base.ref }}
-    - name: Merge PR HEAD
-      working-directory: src/electron
-      env:
-        PR_NUMBER: ${{ github.event.pull_request.number }}
-      run: |
-        git config user.email "electron@github.com"
-        git config user.name "Electron Bot"
-        git fetch origin refs/pull/${PR_NUMBER}/head
-        git merge --squash FETCH_HEAD
-        git commit -n -m "Squashed commits"
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux
-    - name: Upload Patch Conflict Fix
-      if: ${{ failure() }}
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-      with:
-        name: update-patches
-        path: patches/update-patches.patch
-        if-no-files-found: ignore
-        archive: false

.github/workflows/archaeologist-dig.yml

@@ -1,73 +0,0 @@
-name: Archaeologist
-
-on:
-  pull_request:
-
-permissions: {}
-
-jobs:
-   archaeologist-dig:
-    name: Archaeologist Dig
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout Electron
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js/npm
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
-        with:
-          node-version: 24.12.x
-      - name: Setting Up Dig Site
-        env:
-          CLONE_URL: ${{ github.event.pull_request.head.repo.clone_url }}
-          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
-          BASE_REF: ${{ github.event.pull_request.base.ref }}
-        run: |
-          echo "remote: $CLONE_URL"
-          echo "sha $HEAD_SHA"
-          echo "base ref $BASE_REF"
-          git clone https://github.com/electron/electron.git electron
-          cd electron
-          mkdir -p artifacts
-          git remote add fork "$CLONE_URL" && git fetch fork
-          git checkout "$HEAD_SHA"
-          git merge-base "origin/$BASE_REF" HEAD > .dig-old
-          echo "$HEAD_SHA" > .dig-new
-          cp .dig-old artifacts
-
-      - name: Generating Types for SHA in .dig-new
-        uses: ./.github/actions/generate-types
-        with:
-          sha-file: .dig-new
-          filename: electron.new.d.ts
-      - name: Generating Types for SHA in .dig-old
-        uses: ./.github/actions/generate-types
-        with:
-          sha-file: .dig-old
-          filename: electron.old.d.ts
-      - name: Upload artifacts
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
-        with:
-          name: artifacts
-          path: electron/artifacts
-          include-hidden-files: true
-      - name: Set job output
-        run: |
-          git diff --no-index electron.old.d.ts electron.new.d.ts > patchfile || true
-          if [ -s patchfile ]; then
-            echo "Changes Detected"
-            echo "## Changes Detected" > $GITHUB_STEP_SUMMARY
-            echo "Looks like the \`electron.d.ts\` file changed." >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "\`\`\`\`\`\`diff" >> $GITHUB_STEP_SUMMARY
-            cat patchfile >> $GITHUB_STEP_SUMMARY
-            echo "\`\`\`\`\`\`" >> $GITHUB_STEP_SUMMARY    
-          else
-            echo "No Changes Detected"
-            echo "## No Changes" > $GITHUB_STEP_SUMMARY
-            echo "We couldn't see any changes in the \`electron.d.ts\` artifact" >> $GITHUB_STEP_SUMMARY
-          fi
-        working-directory: ./electron/artifacts

.github/workflows/audit-branch-ci.yml

@@ -1,161 +0,0 @@
-name: Audit CI on Branches
-
-on:
-  workflow_dispatch:
-  schedule:
-    # Run every 2 hours
-    - cron: '0 */2 * * *'
-
-permissions: {}
-
-jobs:
-  audit_branch_ci:
-    name: Audit CI on Branches
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - name: Setup Node.js
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
-        with:
-          node-version: 22.17.x
-      - name: Sparse checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
-      - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        id: audit-errors
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const cache = require('@actions/cache');
-            const { ElectronVersions } = require('@electron/fiddle-core');
-
-            const runsWithErrors = [];
-
-            // Only want the most recent workflow run that wasn't skipped or cancelled
-            const isValidWorkflowRun = (run) => !['skipped', 'cancelled'].includes(run.conclusion);
-
-            const versions = await ElectronVersions.create({ ignoreCache: true });
-            const branches = versions.supportedMajors.map((branch) => `${branch}-x-y`);
-
-            for (const branch of ["main", ...branches]) {
-              const latestCheckRuns = new Map();
-              const allCheckRuns = await github.paginate(github.rest.checks.listForRef, {
-                owner: "electron",
-                repo: "electron",
-                ref: branch,
-                status: 'completed',
-              });
-
-              // Sort the check runs by completed_at so that multiple check runs on the
-              // same ref (like a scheduled workflow) only looks at the most recent one
-              for (const checkRun of allCheckRuns.filter(
-                (run) => !['skipped', 'cancelled'].includes(run.conclusion),
-              ).sort((a, b) => new Date(b.completed_at) - new Date(a.completed_at))) {
-                if (!latestCheckRuns.has(checkRun.name)) {
-                  latestCheckRuns.set(checkRun.name, checkRun);
-                }
-              }
-
-              // Check for runs which had error annotations
-              for (const checkRun of Array.from(latestCheckRuns.values())) {
-                if (checkRun.name === "Audit CI on Branches") {
-                  continue; // Skip the audit workflow itself
-                }
-
-                const annotations = (await github.rest.checks.listAnnotations({
-                  owner: "electron",
-                  repo: "electron",
-                  check_run_id: checkRun.id,
-                })).data ?? [];
-
-                if (
-                  annotations.find(
-                    ({ annotation_level, message }) =>
-                      annotation_level === "failure" &&
-                      !message.startsWith("Process completed with exit code") &&
-                      !message.startsWith("Response status code does not indicate success") &&
-                      !message.startsWith("The hosted runner lost communication with the server") &&
-                      !message.startsWith("Dependabot encountered an error performing the update") &&
-                      !/Unable to make request/.test(message) &&
-                      !/The requested URL returned error/.test(message),
-                  )
-                ) {
-                  checkRun.hasErrorAnnotations = true;
-                } else {
-                  continue;
-                }
-
-                // Check if this is a known failure from a previous audit run
-                const cacheKey = `check-run-error-annotations-${checkRun.id}`;
-                const cacheHit =
-                  (await cache.restoreCache(['/dev/null'], cacheKey, undefined, {
-                    lookupOnly: true,
-                  })) !== undefined;
-
-                if (cacheHit) {
-                  checkRun.isStale = true;
-                }
-
-                checkRun.branch = branch;
-                runsWithErrors.push(checkRun);
-  
-                // Create a cache entry (only the name matters) to keep track of
-                // failures we've seen from previous runs to mark them as stale
-                if (!cacheHit) {
-                  await cache.saveCache(['/dev/null'], cacheKey);
-                }
-              }
-            }
-
-            if (runsWithErrors.length > 0) {
-              core.summary.addHeading('⚠️ Runs with Errors');
-              core.summary.addTable([
-                [
-                  { data: 'Branch', header: true },
-                  { data: 'Workflow Run', header: true },
-                  { data: 'Status', header: true },
-                ],
-                ...runsWithErrors
-                  .sort(
-                    (a, b) =>
-                      a.branch.localeCompare(b.branch) ||
-                      a.name.localeCompare(b.name),
-                  )
-                  .map((run) => [
-                    run.branch,
-                    `<a href="${run.html_url}">${run.name}</a>`,
-                    run.isStale
-                      ? '📅 Stale'
-                      : run.hasErrorAnnotations
-                      ? '⚠️ Errors'
-                      : '✅ Succeeded',
-                  ]),
-              ]);
-
-              // Set this as failed so it's easy to scan runs to find failures
-              if (runsWithErrors.find((run) => !run.isStale)) {
-                core.setOutput('errorsFound', true);
-                process.exitCode = 1;
-              }
-            } else {
-              core.summary.addRaw('🎉 No runs with errors');
-            }
-
-            await core.summary.write();
-      - name: Send Slack message if errors
-        if: ${{ always() && steps.audit-errors.outputs.errorsFound && github.ref == 'refs/heads/main' }}
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
-        with:
-          payload: |
-            link: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-          webhook: ${{ secrets.CI_ERRORS_SLACK_WEBHOOK_URL }}
-          webhook-type: webhook-trigger

.github/workflows/auto-close-pull-request.yml

@@ -0,0 +1,24 @@
+name: Auto Close Pull Request
+
+on:
+  pull_request_target:
+    paths:
+      - 'yarn.lock'
+      - 'spec/yarn.lock'
+
+permissions: {}
+
+jobs:
+  auto-close-dependency-pull-request:
+    name: Auto close non-maintainer dependency pull request
+    if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.pull_request.author_association) && github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
+    permissions:
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close pull request
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
+          gh pr close $PR_URL --comment 'Hello @${{ github.event.pull_request.user.login }}! It looks like this pull request touches one of our dependency files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of PRs, so this PR will be closed.'

.github/workflows/branch-created.yml

@@ -23,13 +23,11 @@ jobs:
     steps:
       - name: Determine Major Version
         id: check-major-version
-        env:
-          BRANCH_NAME: ${{ github.event.inputs.branch-name || github.event.ref }}
         run: |
-          if [[ "$BRANCH_NAME" =~ ^([0-9]+)-x-y$ ]]; then
+          if [[ ${{ github.event.inputs.branch-name || github.event.ref }} =~ ^([0-9]+)-x-y$ ]]; then
             echo "MAJOR=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
           else
-            echo "Not a release branch: $BRANCH_NAME"
+            echo "Not a release branch: ${{ github.event.inputs.branch-name || github.event.ref }}"
           fi
       - name: New Release Branch Tasks
         if: ${{ steps.check-major-version.outputs.MAJOR }}
@@ -75,7 +73,7 @@ jobs:
           org: electron
       - name: Generate Release Project Board Metadata
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         id: generate-project-metadata
         with:
           script: |
@@ -94,7 +92,7 @@ jobs:
             }))
       - name: Create Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/copy-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/copy-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         id: create-release-board
         with:
           drafts: true
@@ -114,15 +112,14 @@ jobs:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
       - name: Find Previous Release Project Board
         if: ${{ steps.check-major-version.outputs.MAJOR }}
-        uses: dsanders11/project-actions/find-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/find-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         id: find-prev-release-board
         with:
-          fail-if-project-not-found: false
           title: ${{ steps.generate-project-metadata.outputs.prev-prev-major }}-x-y
           token: ${{ steps.generate-token.outputs.token }}
       - name: Close Previous Release Project Board
-        if: ${{ steps.find-prev-release-board.outputs.number }}
-        uses: dsanders11/project-actions/close-project@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        if: ${{ steps.check-major-version.outputs.MAJOR }}
+        uses: dsanders11/project-actions/close-project@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           project-number: ${{ steps.find-prev-release-board.outputs.number }}
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/build-git-cache.yml

@@ -1,82 +0,0 @@
-name: Build Git Cache
-# This workflow updates git cache on the cross-instance cache volumes
-# It runs daily at midnight.
-
-on:  
-  schedule:
-    - cron: "0 0 * * *"
-
-permissions: {}
-
-jobs:
-  build-git-cache-linux:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}      
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: linux
-
-  build-git-cache-windows:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: win
-
-  build-git-cache-macos:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    # This job updates the same git cache as linux, so it needs to run after the linux one.
-    needs: build-git-cache-linux
-    container:
-      image: ghcr.io/electron/build:a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Build Git Cache
-      uses: ./src/electron/.github/actions/build-git-cache
-      with:
-        target-platform: macos

.github/workflows/build.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
         required: true
       skip-macos:
         type: boolean
@@ -18,235 +18,94 @@ on:
         description: 'Skip Linux builds'
         default: false
         required: false
-      skip-windows:
-        type: boolean
-        description: 'Skip Windows builds'
-        default: false
-        required: false
       skip-lint:
         type: boolean
         description: 'Skip lint check'
         default: false
         required: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
-  push:
-    branches:
-      - main
-      - '[1-9][0-9]-x-y'
-  pull_request:
-
-defaults:
-  run:
-    shell: bash
-
-permissions: {}
+  # push:
+  # pull_request:
 
 jobs:
-  setup:
+  changes:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
       pull-requests: read
     outputs:
         docs: ${{ steps.filter.outputs.docs }}
         src: ${{ steps.filter.outputs.src }}
-        build-image-sha: ${{ steps.set-output.outputs.build-image-sha }}
-        docs-only: ${{ steps.set-output.outputs.docs-only }}
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        ref: ${{ github.event.pull_request.head.sha }}
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #v4.0.2
     - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
       id: filter
       with:
         filters: |
           docs:
             - 'docs/**'
-            - README.md
-            - SECURITY.md
-            - CONTRIBUTING.md
-            - CODE_OF_CONDUCT.md
           src:
             - '!docs/**'
-    - name: Set Outputs for Build Image SHA & Docs Only
-      id: set-output
-      run: |
-        if [ -z "${{ inputs.build-image-sha }}" ]; then
-          echo "build-image-sha=a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb" >> "$GITHUB_OUTPUT"
-        else
-          echo "build-image-sha=${{ inputs.build-image-sha }}" >> "$GITHUB_OUTPUT"
-        fi
-        echo "docs-only=${{ steps.filter.outputs.docs == 'true' && steps.filter.outputs.src == 'false' }}" >> "$GITHUB_OUTPUT"
 
   # Lint Jobs
   lint:
-    needs: setup
     if: ${{ !inputs.skip-lint }}
     uses: ./.github/workflows/pipeline-electron-lint.yml
-    permissions:
-      contents: read
     with:
-      container: '{"image":"ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}","options":"--user root"}'
+      container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root"}'
     secrets: inherit
 
   # Docs Only Jobs
   docs-only:
-    needs: [setup, checkout-linux]
-    if: ${{ needs.setup.outputs.docs-only == 'true' }}
+    needs: changes
+    if: ${{ needs.changes.outputs.docs == 'true' && needs.changes.outputs.src == 'false'}}
     uses: ./.github/workflows/pipeline-electron-docs-only.yml
-    permissions:
-      contents: read
     with:
-      container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root"}'
     secrets: inherit
 
   # Checkout Jobs
   checkout-macos:
-    needs: setup
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-macos}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    needs: changes
+    if: ${{ needs.changes.outputs.src == 'true' && !inputs.skip-macos}}
+    runs-on: aks-linux-large
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
-    outputs:
-      build-image-sha: ${{ needs.setup.outputs.build-image-sha }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Checkout & Sync & Save
       uses: ./src/electron/.github/actions/checkout
       with:
         generate-sas-token: 'true'
-        target-platform: macos
 
   checkout-linux:
-    needs: setup
-    if: ${{ !inputs.skip-linux}}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    needs: changes
+    if: ${{ needs.changes.outputs.src == 'true' && !inputs.skip-linux}}
+    runs-on: aks-linux-large
     container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
+      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
       volumes:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      DD_API_KEY: ${{ secrets.DD_API_KEY }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
-      PATCH_UP_APP_CREDS: ${{ secrets.PATCH_UP_APP_CREDS }}
-    outputs:
-      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Checkout & Sync & Save
       uses: ./src/electron/.github/actions/checkout
-      with:
-        target-platform: linux
-
-  checkout-windows:
-    needs: setup
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:${{ needs.setup.outputs.build-image-sha }}
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
-    outputs:
-      build-image-sha: ${{ needs.setup.outputs.build-image-sha}}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        generate-sas-token: 'true'
-        target-platform: win
-
-  # Build a patched siso binary for Windows CI in parallel with checkout-windows.
-  # The Windows build jobs download the resulting artifact and use it via SISO_PATH.
-  build-siso-windows:
-    needs: setup
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
-    permissions:
-      contents: read
-
-  # GN Check Jobs
-  macos-gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
-    needs: checkout-macos
-    with:
-      target-platform: macos
-      target-archs: x64 arm64
-      check-runs-on: macos-15
-      gn-build-type: testing
-    secrets: inherit
-
-  linux-gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
-    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
-    with:
-      target-platform: linux
-      target-archs: x64 arm arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
-      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      gn-build-type: testing
-    secrets: inherit
-
-  windows-gn-check:
-    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
-    permissions:
-      contents: read
-    needs: checkout-windows
-    with:
-      target-platform: win
-      target-archs: x64 x86 arm64
-      check-runs-on: electron-arc-centralus-linux-amd64-8core
-      check-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-windows.outputs.build-image-sha }}","options":"--user root --device /dev/fuse --cap-add SYS_ADMIN","volumes":["/mnt/win-cache:/mnt/win-cache"]}'
-      gn-build-type: testing
-    secrets: inherit
 
   # Build Jobs - These cascade into testing jobs
   macos-x64:
@@ -257,15 +116,14 @@ jobs:
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
-      build-runs-on: macos-15-xlarge
-      test-runs-on: macos-15-large
+      build-runs-on: macos-14-xlarge
+      test-runs-on: macos-13
       target-platform: macos
       target-arch: x64
       is-release: false
       gn-build-type: testing
       generate-symbols: false
       upload-to-storage: '0'
-      enable-ssh: ${{ inputs.enable-ssh || false }}
     secrets: inherit
   
   macos-arm64:
@@ -276,15 +134,14 @@ jobs:
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
-      build-runs-on: macos-15-xlarge
-      test-runs-on: macos-15
+      build-runs-on: macos-14-xlarge
+      test-runs-on: macos-14
       target-platform: macos
       target-arch: arm64
       is-release: false
       gn-build-type: testing
       generate-symbols: false
       upload-to-storage: '0'
-      enable-ssh: ${{ inputs.enable-ssh || false }}
     secrets: inherit
 
   linux-x64:
@@ -294,12 +151,11 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test-and-nan.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-medium
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
       target-arch: x64
       is-release: false
@@ -307,28 +163,6 @@ jobs:
       generate-symbols: false
       upload-to-storage: '0'
     secrets: inherit
-
-  linux-x64-asan:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
-    with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-amd64-4core
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
-      target-platform: linux
-      target-arch: x64
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-      is-asan: true
-    secrets: inherit
   
   linux-arm:
     permissions:
@@ -337,12 +171,11 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: electron-arc-centralus-linux-arm64-4core
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init --memory=12g","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-arm-medium
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm32v7-${{ inputs.build-image-sha }}","options":"--user root --privileged --init","volumes":["/home/runner/externals:/mnt/runner-externals"]}'
       target-platform: linux
       target-arch: arm
       is-release: false
@@ -358,12 +191,11 @@ jobs:
       pull-requests: read
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
-    if: ${{ needs.setup.outputs.src == 'true' }}
     with:
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
-      test-runs-on: ubuntu-22.04-arm
-      build-container: '{"image":"ghcr.io/electron/build:${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
-      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ needs.checkout-linux.outputs.build-image-sha }}","options":"--user root --privileged --init"}'
+      build-runs-on: aks-linux-large
+      test-runs-on: aks-linux-arm-medium
+      build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
+      test-container: '{"image":"ghcr.io/electron/test:arm64v8-${{ inputs.build-image-sha }}","options":"--user root --privileged --init"}'
       target-platform: linux
       target-arch: arm64
       is-release: false
@@ -371,99 +203,3 @@ jobs:
       generate-symbols: false
       upload-to-storage: '0'
     secrets: inherit
-
-  windows-x64:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: [checkout-windows, build-siso-windows]
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-latest
-      target-platform: win
-      target-arch: x64
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-    secrets: inherit
-
-  windows-x86:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: [checkout-windows, build-siso-windows]
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-latest
-      target-platform: win
-      target-arch: x86
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-    secrets: inherit
-
-  windows-arm64:
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
-    uses: ./.github/workflows/pipeline-electron-build-and-test.yml
-    needs: [checkout-windows, build-siso-windows]
-    if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
-    with:
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      test-runs-on: windows-11-arm
-      target-platform: win
-      target-arch: arm64
-      is-release: false
-      gn-build-type: testing
-      generate-symbols: false
-      upload-to-storage: '0'
-    secrets: inherit
-
-  gha-done:
-    name: GitHub Actions Completed
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs: [docs-only, macos-x64, macos-arm64, linux-x64, linux-x64-asan, linux-arm, linux-arm64, build-siso-windows, windows-x64, windows-x86, windows-arm64]
-    if: always() && !contains(needs.*.result, 'failure')
-    steps:
-    - name: GitHub Actions Jobs Done
-      run: |
-        echo "All GitHub Actions Jobs are done"
-
-  check-signed-commits:
-    name: Check signed commits in green PR
-    needs: gha-done
-    if: ${{ contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Check signed commits in PR
-        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
-        with:
-          comment: |
-            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
-            for all incoming PRs. To get your PR merged, please sign those commits 
-            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
-            (`git push --force-with-lease`)
-
-            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
-
-      - name: Remove needs-signed-commits label
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          gh pr edit $PR_URL --remove-label needs-signed-commits

.github/workflows/clean-orphaned-cache-uploads.yml

@@ -1,32 +0,0 @@
-name: Clean Orphaned Cache Uploads
-
-# Description:
-# Sweeps orphaned in-flight upload temp files left on the src-cache volumes
-# by checkout/action.yml when its cp-to-share step dies before the rename.
-# A successful upload finishes in minutes, so anything older than 4h is dead.
-
-on:
-  schedule:
-    - cron: "0 */4 * * *"
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  clean-orphaned-uploads:
-    if: github.repository == 'electron/electron'
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /mnt/win-cache:/mnt/win-cache
-    steps:
-    - name: Remove Orphaned Upload Temp Files
-      shell: bash
-      run: |
-        find /mnt/cross-instance-cache -maxdepth 1 -type f -name '*.tar.upload-*' -mmin +240 -print -delete
-        find /mnt/win-cache -maxdepth 1 -type f -name '*.tar.upload-*' -mmin +240 -print -delete

.github/workflows/clean-src-cache.yml

@@ -1,33 +0,0 @@
-name: Clean Source Cache
-
-# Description:
-# This workflow cleans up the source cache on the cross-instance cache volume
-# to free up space. It runs daily at midnight and clears files older than 15 days.
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-
-permissions: {}
-
-jobs:
-  clean-src-cache:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:bc2f48b2415a670de18d13605b1cf0eb5fdbaae1
-      options: --user root
-      volumes:
-        - /mnt/cross-instance-cache:/mnt/cross-instance-cache
-        - /mnt/win-cache:/mnt/win-cache
-    steps:
-    - name: Cleanup Source Cache
-      shell: bash
-      run: |
-        df -h /mnt/cross-instance-cache
-        find /mnt/cross-instance-cache -type f -mtime +15 -delete
-        df -h /mnt/cross-instance-cache
-        df -h /mnt/win-cache
-        find /mnt/win-cache -type f -mtime +15 -delete
-        df -h /mnt/win-cache

.github/workflows/config/gclient.diff

@@ -0,0 +1,14 @@
+diff --git a/gclient.py b/gclient.py
+index 59e2b4c5197928bdba1ef69bdbe637d7dfe471c1..b4bae5e48c83c84bd867187afaf40eed16e69851 100755
+--- a/gclient.py
++++ b/gclient.py
+@@ -783,7 +783,8 @@ class Dependency(gclient_utils.WorkItem, DependencySettings):
+                         not condition or "non_git_source" not in condition):
+                     continue
+                 cipd_root = self.GetCipdRoot()
+-                for package in dep_value.get('packages', []):
++                packages = dep_value.get('packages', [])
++                for package in (x for x in packages if "infra/3pp/tools/swift-format" not in x.get('package')):
+                     deps_to_add.append(
+                         CipdDependency(parent=self,
+                                        name=name,

.github/workflows/issue-commented.yml

@@ -9,27 +9,18 @@ permissions: {}
 
 jobs:
   issue-commented:
-    name: Remove blocked/{need-info,need-repro} on comment
-    if: ${{ (contains(github.event.issue.labels.*.name, 'blocked/need-repro') || contains(github.event.issue.labels.*.name, 'blocked/need-info ❌')) && github.event.comment.user.type != 'Bot' }}
+    name: Remove blocked/need-repro on comment
+    if: ${{ contains(github.event.issue.labels.*.name, 'blocked/need-repro') && !contains(fromJSON('["MEMBER", "OWNER"]'), github.event.comment.author_association) && github.event.comment.user.type != 'Bot' }}
     runs-on: ubuntu-latest
     steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/issues/comments/${{ github.event.comment.id }} --jq '.author_association')
-          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
       - name: Remove label
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER", "COLLABORATOR"]'), steps.get-author-association.outputs.author_association) }}
         env:
           GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
           ISSUE_URL: ${{ github.event.issue.html_url }}
         run: |
-          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro','blocked/need-info ❌'
+          gh issue edit $ISSUE_URL --remove-label 'blocked/need-repro'

.github/workflows/issue-labeled.yml

@@ -4,15 +4,14 @@ on:
   issues:
     types: [labeled]
 
-permissions: {}
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
 
 jobs:
   issue-labeled-with-status:
     name: status/{confirmed,reviewed} label added
     if: github.event.label.name == 'status/confirmed' || github.event.label.name == 'status/reviewed'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -21,19 +20,16 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
           field: Status
           field-value: ✅ Triaged
-          fail-if-item-not-found: false
   issue-labeled-blocked:
     name: blocked/* label added
     if: startsWith(github.event.label.name, 'blocked/')
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -42,13 +38,12 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
           field: Status
           field-value: 🛑 Blocked
-          fail-if-item-not-found: false
   issue-labeled-blocked-need-repro:
     name: blocked/need-repro label added
     if: github.event.label.name == 'blocked/need-repro'
@@ -61,10 +56,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GH_REPO: electron/electron
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
         run: |
           set -eo pipefail
-          COMMENT_COUNT=$(gh issue view "$ISSUE_NUMBER" --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
+          COMMENT_COUNT=$(gh issue view ${{ github.event.issue.number }} --comments --json comments | jq '[ .comments[] | select(.author.login == "electron-issue-triage" or .authorAssociation == "OWNER" or .authorAssociation == "MEMBER") | select(.body | startswith("<!-- blocked/need-repro -->")) ] | length')
           if [[ $COMMENT_COUNT -eq 0 ]]; then
             echo "SHOULD_COMMENT=1" >> "$GITHUB_OUTPUT"
           fi
@@ -76,7 +70,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
       - name: Create comment
         if: ${{ steps.check-for-comment.outputs.SHOULD_COMMENT }}
-        uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
+        uses: actions-cool/issues-helper@a610082f8ac0cf03e357eb8dd0d5e2ba075e017e # v3.6.0
         with:
           actions: 'create-comment'
           token: ${{ steps.generate-token.outputs.token }}

.github/workflows/issue-opened.yml

@@ -11,7 +11,6 @@ jobs:
   add-to-issue-triage:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -20,7 +19,7 @@ jobs:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
       - name: Add to Issue Triage
-        uses: dsanders11/project-actions/add-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/add-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           field: Reporter
           field-value: ${{ github.event.issue.user.login }}
@@ -29,7 +28,6 @@ jobs:
   set-labels:
     if: ${{ contains(github.event.issue.labels.*.name, 'bug :beetle:') }}
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -37,29 +35,17 @@ jobs:
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
           org: electron
-      - name: Sparse checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          sparse-checkout: |
-            .
-            .github
-            .yarn
-      - run: yarn workspaces focus @electron/gha-workflows
+      - run: npm install mdast-util-from-markdown@2.0.0 unist-util-select@5.1.0 semver@7.6.0
       - name: Add labels
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
-        id: add-labels
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         env:
           ISSUE_BODY: ${{ github.event.issue.body }}
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           script: |
-            const { chdir } = require('node:process');
-            chdir('${{ github.workspace }}/.github/workflows');
-
-            const { ElectronVersions } = require('@electron/fiddle-core');
-            const { fromMarkdown } = require('mdast-util-from-markdown');
-            const { select } = require('unist-util-select');
-            const semver = require('semver');
+            const { fromMarkdown } = await import('${{ github.workspace }}/node_modules/mdast-util-from-markdown/index.js');
+            const { select } = await import('${{ github.workspace }}/node_modules/unist-util-select/index.js');
+            const semver = await import('${{ github.workspace }}/node_modules/semver/index.js');
 
             const [ owner, repo ] = '${{ github.repository }}'.split('/');
             const issue_number = ${{ github.event.issue.number }};
@@ -70,65 +56,24 @@ jobs:
 
             const electronVersion = select('heading:has(> text[value="Electron Version"]) + paragraph > text', tree)?.value.trim();
             if (electronVersion !== undefined) {
-              // It's possible for multiple versions to be listed -
-              // for now check for comma or space separated version.
-              const versions = electronVersion.split(/, | /);
-              let hasSupportedVersion = false;
+              const major = semver.parse(electronVersion)?.major;
+              if (major) {
+                const versionLabel = `${major}-x-y`;
+                let labelExists = false;
 
-              for (const version of versions) {
-                const major = semver.coerce(version, { loose: true })?.major;
-                if (major) {
-                  const versionLabel = `${major}-x-y`;
-                  let labelExists = false;
+                try {
+                  await github.rest.issues.getLabel({
+                    owner,
+                    repo,
+                    name: versionLabel,
+                  });
+                  labelExists = true;
+                } catch {}
 
-                  try {
-                    await github.rest.issues.getLabel({
-                      owner,
-                      repo,
-                      name: versionLabel,
-                    });
-                    labelExists = true;
-                  } catch {}
-
-                  const electronVersions = await ElectronVersions.create(undefined, { ignoreCache: true });
-                  const validVersions = [...electronVersions.supportedMajors, ...electronVersions.prereleaseMajors];
-
-                  if (validVersions.includes(major)) {
-                    hasSupportedVersion = true;
-                    if (labelExists) {
-                      labels.push(versionLabel);
-                    }
-                  }
+                if (labelExists) {
+                  labels.push(versionLabel);
                 }
               }
-
-              if (!hasSupportedVersion) {
-                core.setOutput('unsupportedMajor', true);
-                labels.push('blocked/need-info ❌');
-              }
-            }
-
-            const operatingSystems = select('heading:has(> text[value="What operating system(s) are you using?"]) + paragraph > text', tree)?.value.trim().split(', ');
-            const platformLabels = new Set();
-            for (const operatingSystem of (operatingSystems ?? [])) {
-              switch (operatingSystem) {
-                case 'Windows':
-                  platformLabels.add('platform/windows');
-                  break;
-                case 'macOS':
-                  platformLabels.add('platform/macOS');
-                  break;
-                case 'Ubuntu':
-                case 'Other Linux':
-                  platformLabels.add('platform/linux');
-                  break;
-              }
-            }
-
-            if (platformLabels.size === 3) {
-              labels.push('platform/all');
-            } else {
-              labels.push(...platformLabels);
             }
 
             const gistUrl = select('heading:has(> text[value="Testcase Gist URL"]) + paragraph > text', tree)?.value.trim();
@@ -144,17 +89,3 @@ jobs:
                 labels,
               });
             }
-      - name: Create unsupported major comment
-        if: ${{ steps.add-labels.outputs.unsupportedMajor }}
-        uses: actions-cool/issues-helper@e2ff99831a4f13625d35064e2b3dfe65c07a0396 # v3.7.5
-        with:
-          actions: 'create-comment'
-          token: ${{ steps.generate-token.outputs.token }}
-          body: |
-            <!-- end-of-life -->
-
-            Hello @${{ github.event.issue.user.login }}. Thanks for reporting this and helping to make Electron better!
-            
-            The version of Electron reported in this issue has reached end-of-life and is [no longer supported](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline). If you're still experiencing this issue on a [supported version](https://www.electronjs.org/releases/stable) of Electron, please update this issue to reflect that version of Electron.
-
-            Now adding the https://github.com/electron/electron/labels/blocked%2Fneed-info%20%E2%9D%8C label for this reason. This issue will be closed in 10 days if the above is not addressed.

.github/workflows/issue-transferred.yml

@@ -1,28 +0,0 @@
-name: Issue Transferred
-
-on:
-  issues:
-    types: [transferred]
-
-permissions: {}
-
-jobs:
-  issue-transferred:
-    name: Issue Transferred
-    runs-on: ubuntu-latest
-    permissions: {}
-    if: ${{ !github.event.changes.new_repository.private }}
-    steps:
-      - name: Generate GitHub App token
-        uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
-        id: generate-token
-        with:
-          creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-          org: electron
-      - name: Remove from issue triage
-        uses: dsanders11/project-actions/delete-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          project-number: 90
-          item: ${{ github.event.changes.new_issue.html_url }}
-          fail-if-item-not-found: false

.github/workflows/issue-unlabeled.yml

@@ -4,23 +4,20 @@ on:
   issues:
     types: [unlabeled]
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   issue-unlabeled-blocked:
     name: All blocked/* labels removed
     if: startsWith(github.event.label.name, 'blocked/') && github.event.issue.state == 'open'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Check for any blocked labels
         id: check-for-blocked-labels
-        env:
-          LABELS_JSON: ${{ toJSON(github.event.issue.labels.*.name) }}
         run: |
           set -eo pipefail
-          BLOCKED_LABEL_COUNT=$(echo "$LABELS_JSON" | jq '[ .[] | select(startswith("blocked/")) ] | length')
+          BLOCKED_LABEL_COUNT=$(echo '${{ toJSON(github.event.issue.labels.*.name) }}' | jq '[ .[] | select(startswith("blocked/")) ] | length')
           if [[ $BLOCKED_LABEL_COUNT -eq 0 ]]; then
             echo "NOT_BLOCKED=1" >> "$GITHUB_OUTPUT"
           fi
@@ -33,10 +30,9 @@ jobs:
           org: electron
       - name: Set status
         if: ${{ steps.check-for-blocked-labels.outputs.NOT_BLOCKED }}
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 90
           field: Status
           field-value: 📥 Was Blocked
-          fail-if-item-not-found: false

.github/workflows/linux-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
       upload-to-storage:
         description: 'Uploads to Azure storage'
         required: false
@@ -17,13 +17,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-linux:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: aks-linux-large
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -31,11 +27,10 @@ jobs:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True'
+      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
@@ -43,16 +38,11 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
 
   publish-x64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: aks-linux-large
       build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: x64
@@ -63,16 +53,11 @@ jobs:
     secrets: inherit
 
   publish-arm:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: aks-linux-large
       build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm
@@ -83,16 +68,11 @@ jobs:
     secrets: inherit
 
   publish-arm64:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-linux
     with:
       environment: production-release
-      build-runs-on: electron-arc-centralus-linux-amd64-32core
+      build-runs-on: aks-linux-large
       build-container: '{"image":"ghcr.io/electron/build:${{ inputs.build-image-sha }}","options":"--user root","volumes":["/mnt/cross-instance-cache:/mnt/cross-instance-cache"]}'
       target-platform: linux
       target-arch: arm64

.github/workflows/macos-disk-cleanup.yml

@@ -1,104 +0,0 @@
-name: macOS Disk Space Cleanup
-
-# Description:
-# This workflow runs the disk space reclaimer on macOS runners every night
-# and logs disk space metrics to Datadog for monitoring.
-
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-permissions: {}
-
-jobs:
-  macos-disk-cleanup:
-    strategy:
-      fail-fast: false
-      matrix:
-        runner:
-          - macos-15
-          - macos-15-large
-          - macos-15-xlarge
-    runs-on: ${{ matrix.runner }}
-    permissions:
-      contents: read
-    steps:
-      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          sparse-checkout: |
-            .github/actions/free-space-macos
-          sparse-checkout-cone-mode: false
-
-      - name: Get Disk Space Before Cleanup
-        id: disk-before
-        shell: bash
-        run: |
-          echo "Disk space before cleanup:"
-          df -h /
-          FREE_SPACE_BEFORE=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_BEFORE" >> $GITHUB_OUTPUT
-
-      - name: Free Space on macOS
-        uses: ./.github/actions/free-space-macos
-
-      - name: Get Disk Space After Cleanup
-        id: disk-after
-        shell: bash
-        run: |
-          echo "Disk space after cleanup:"
-          df -h /
-          FREE_SPACE_AFTER=$(df -k / | tail -1 | awk '{print $4}')
-          echo "free_kb=$FREE_SPACE_AFTER" >> $GITHUB_OUTPUT
-
-      - name: Log Disk Space to Datadog
-        if: ${{ env.DD_API_KEY != '' }}
-        shell: bash
-        env:
-          DD_API_KEY: ${{ secrets.DD_API_KEY }}
-          FREE_BEFORE: ${{ steps.disk-before.outputs.free_kb }}
-          FREE_AFTER: ${{ steps.disk-after.outputs.free_kb }}
-          MATRIX_RUNNER: ${{ matrix.runner }}
-        run: |
-          TIMESTAMP=$(date +%s)
-          FREE_BEFORE_GB=$(echo "scale=2; $FREE_BEFORE / 1024 / 1024" | bc)
-          FREE_AFTER_GB=$(echo "scale=2; $FREE_AFTER / 1024 / 1024" | bc)
-          SPACE_FREED_GB=$(echo "scale=2; ($FREE_AFTER - $FREE_BEFORE) / 1024 / 1024" | bc)
-
-          echo "Free space before: ${FREE_BEFORE_GB}GB"
-          echo "Free space after: ${FREE_AFTER_GB}GB"
-          echo "Space freed: ${SPACE_FREED_GB}GB"
-
-          curl -s -X POST "https://api.datadoghq.com/api/v2/series" \
-            -H "Content-Type: application/json" \
-            -H "DD-API-KEY: ${DD_API_KEY}" \
-            -d @- << EOF
-          {
-            "series": [
-              {
-                "metric": "electron.macos.disk.free_space_before_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_BEFORE_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.free_space_after_cleanup_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${FREE_AFTER_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              },
-              {
-                "metric": "electron.macos.disk.space_freed_gb",
-                "points": [{"timestamp": ${TIMESTAMP}, "value": ${SPACE_FREED_GB}}],
-                "type": 3,
-                "unit": "gigabyte",
-                "tags": ["runner:${MATRIX_RUNNER}", "platform:macos"]
-              }
-            ]
-          }
-          EOF
-
-          echo "Disk space metrics logged to Datadog"

.github/workflows/macos-publish.yml

@@ -6,7 +6,7 @@ on:
       build-image-sha:
         type: string
         description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
+        default: 'cf814a4d2501e8e843caea071a6b70a48e78b855'
         required: true
       upload-to-storage:
         description: 'Uploads to Azure storage'
@@ -18,13 +18,9 @@ on:
         type: boolean
         default: false
 
-permissions: {}
-
 jobs:
   checkout-macos:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
+    runs-on: aks-linux-large
     container:
       image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
       options: --user root
@@ -32,11 +28,10 @@ jobs:
         - /mnt/cross-instance-cache:/mnt/cross-instance-cache
         - /var/run/sas:/var/run/sas
     env:
-      CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
       GCLIENT_EXTRA_ARGS: '--custom-var=checkout_mac=True --custom-var=host_os=mac'
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
@@ -44,82 +39,29 @@ jobs:
       uses: ./src/electron/.github/actions/checkout
       with:
         generate-sas-token: 'true'
-        target-platform: macos
 
-  publish-x64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+  publish-x64:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: x64
-      target-variant: darwin
       is-release: true
       gn-build-type: release
       generate-symbols: true
       upload-to-storage: ${{ inputs.upload-to-storage }}
     secrets: inherit
 
-  publish-x64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
+  publish-arm64:
+    uses: ./.github/workflows/pipeline-segment-electron-build.yml
     needs: checkout-macos
     with:
       environment: production-release
-      build-runs-on: macos-15-xlarge
-      target-platform: macos
-      target-arch: x64
-      target-variant: mas
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-arm64-darwin:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-macos
-    with:
-      environment: production-release
-      build-runs-on: macos-15-xlarge
+      build-runs-on: macos-14-xlarge
       target-platform: macos
       target-arch: arm64
-      target-variant: darwin
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-arm64-mas:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: checkout-macos
-    with:
-      environment: production-release
-      build-runs-on: macos-15-xlarge
-      target-platform: macos
-      target-arch: arm64
-      target-variant: mas
       is-release: true
       gn-build-type: release
       generate-symbols: true

.github/workflows/non-maintainer-dependency-change.yml

@@ -1,54 +0,0 @@
-name: Check for Disallowed Non-Maintainer Change
-
-on:
-  pull_request_target:
-    paths:
-      - 'yarn.lock'
-      - 'spec/yarn.lock'
-      - '.github/workflows/**'
-      - '.github/actions/**'
-      - '.yarn/**'
-      - '.yarnrc.yml'
-
-# SECURITY: This workflow uses pull_request_target and has access to secrets.
-# Do NOT checkout or run code from the PR head. All code execution must use
-# the base branch only. Adding a ref to PR head would expose secrets to
-# untrusted code.
-permissions: {}
-
-jobs:
-  check-for-non-maintainer-dependency-change:
-    name: Check for disallowed non-maintainer change
-    if: ${{ github.event.pull_request.user.type != 'Bot' && !github.event.pull_request.draft }}
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Get author association
-        id: get-author-association
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          AUTHOR_ASSOCIATION=$(gh api /repos/electron/electron/pulls/${{ github.event.pull_request.number }} --jq '.author_association')
-          echo "author_association=$AUTHOR_ASSOCIATION" >> "$GITHUB_OUTPUT"
-      - name: Check for existing review
-        id: check-for-review
-        if: ${{ !contains(fromJSON('["MEMBER", "OWNER"]'), steps.get-author-association.outputs.author_association) }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          set -eo pipefail
-          REVIEW_COUNT=$(gh pr view $PR_URL --json reviews | jq '[ .reviews[] | select(.author.login == "github-actions") | select(.body | startswith("<!-- disallowed-non-maintainer-change -->")) ] | length')
-          if [[ $REVIEW_COUNT -eq 0 ]]; then
-            echo "SHOULD_REVIEW=1" >> "$GITHUB_OUTPUT"
-          fi
-      - name: Request changes
-        if: ${{ steps.check-for-review.outputs.SHOULD_REVIEW }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
-        run: |
-          printf "<!-- disallowed-non-maintainer-change -->\n\nHello @${PR_AUTHOR}! It looks like this pull request touches one of our dependency or CI files, and per [our contribution policy](https://github.com/electron/electron/blob/main/CONTRIBUTING.md#dependencies-upgrades-policy) we do not accept these types of changes in PRs." | gh pr review $PR_URL -r --body-file=-

.github/workflows/package.json

@@ -1,13 +0,0 @@
-{
-  "name": "@electron/gha-workflows",
-  "version": "0.0.0-development",
-  "private": true,
-  "type": "module",
-  "dependencies": {
-    "@actions/cache": "^4.0.3",
-    "@electron/fiddle-core": "^2.0.1",
-    "mdast-util-from-markdown": "^2.0.0",
-    "semver": "^7.7.2",
-    "unist-util-select": "^5.1.0"
-  }
-}

.github/workflows/pipeline-electron-build-and-test-and-nan.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux.'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -49,23 +49,14 @@ on:
         required: true
         type: string
         default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-
-permissions: {}
 
 concurrency:
-  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-build-and-test-and-nan-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -76,12 +67,17 @@ jobs:
       generate-symbols: ${{ inputs.generate-symbols }}
       upload-to-storage: ${{ inputs.upload-to-storage }}
     secrets: inherit
+  gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    with:
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      check-runs-on: ${{ inputs.build-runs-on }}
+      check-container: ${{ inputs.build-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
+    secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}
@@ -91,8 +87,6 @@ jobs:
     secrets: inherit
   nn-test:
     uses: ./.github/workflows/pipeline-segment-node-nan-test.yml
-    permissions:
-      contents: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-electron-build-and-test.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -49,28 +49,19 @@ on:
         required: true
         type: string
         default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
 
 concurrency:
-  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-build-and-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read  
 
 jobs:
   build:
     uses: ./.github/workflows/pipeline-segment-electron-build.yml
-    permissions:
-      contents: read
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
@@ -80,21 +71,22 @@ jobs:
       gn-build-type: ${{ inputs.gn-build-type }}
       generate-symbols: ${{ inputs.generate-symbols }}
       upload-to-storage: ${{ inputs.upload-to-storage }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
+    secrets: inherit
+  gn-check:
+    uses: ./.github/workflows/pipeline-segment-electron-gn-check.yml
+    with:
+      target-platform: ${{ inputs.target-platform }}
+      target-arch: ${{ inputs.target-arch }}
+      check-runs-on: ${{ inputs.build-runs-on }}
+      check-container: ${{ inputs.build-container }}
+      gn-build-type: ${{ inputs.gn-build-type }}
     secrets: inherit
   test:
     uses: ./.github/workflows/pipeline-segment-electron-test.yml
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     needs: build
     with:
       target-arch: ${{ inputs.target-arch }}
       target-platform: ${{ inputs.target-platform }}
       test-runs-on: ${{ inputs.test-runs-on }}
       test-container: ${{ inputs.test-container }}
-      is-asan: ${{ inputs.is-asan }}
-      enable-ssh: ${{ inputs.enable-ssh }}
     secrets: inherit

.github/workflows/pipeline-electron-docs-only.yml

@@ -8,58 +8,36 @@ on:
         description: 'Container to run the docs-only ts compile in'
         type: string
 
-permissions: {}
-
 concurrency:
   group: electron-docs-only-${{ github.ref }}
   cancel-in-progress: true
 
-env:  
-  GCLIENT_EXTRA_ARGS: --custom-var=checkout_arm=True --custom-var=checkout_arm64=True
-
 jobs:
   docs-only:
     name: Docs Only Compile
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: aks-linux-medium
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Generate DEPS Hash
-      run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
-        echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-        echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-    - name: Restore src cache via AKS
-      uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: linux
-    - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        path: src/electron
-        fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Run TS/JS compile
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js create-typescript-definitions
-        node script/yarn.js tsc -p tsconfig.default_app.json --noEmit
+        node script/yarn create-typescript-definitions
+        node script/yarn tsc -p tsconfig.default_app.json --noEmit
         for f in build/webpack/*.js
         do
             out="${f:29}"
             if [ "$out" != "base.js" ]; then
-            node script/yarn.js webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
+            node script/yarn webpack --config $f --output-filename=$out --output-path=./.tmp --env mode=development
             fi
         done

.github/workflows/pipeline-electron-lint.yml

@@ -8,49 +8,37 @@ on:
         description: 'Container to run lint in'
         type: string
 
-permissions: {}
-
 concurrency:
-  group: electron-lint-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-
-env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}  
+  group: electron-lint-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 jobs:
   lint:
     name: Lint
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
+    runs-on: aks-linux-medium
     timeout-minutes: 20
     container: ${{ fromJSON(inputs.container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Setup third_party Depot Tools
       shell: bash
       run: |
         # "depot_tools" has to be checkout into "//third_party/depot_tools" so pylint.py can a "pylintrc" file.
-        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
+        git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git src/third_party/depot_tools
         echo "$(pwd)/src/third_party/depot_tools" >> $GITHUB_PATH
     - name: Download GN Binary
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
-          echo "::error::Invalid chromium_revision: $chromium_revision"
-          exit 1
-        fi
-        gn_version="$(curl -sL "https://raw.githubusercontent.com/chromium/chromium/refs/tags/${chromium_revision}/DEPS" | grep gn_version | head -n1 | cut -d\' -f4)"
+        gn_version="$(curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/DEPS?format=TEXT" | base64 -d | grep gn_version | head -n1 | cut -d\' -f4)"
 
         cipd ensure -ensure-file - -root . <<-CIPD
         \$ServiceURL https://chrome-infra-packages.appspot.com/
@@ -64,20 +52,11 @@ jobs:
       shell: bash
       run: |
         chromium_revision="$(grep -A1 chromium_version src/electron/DEPS | tr -d '\n' | cut -d\' -f4)"
-        if [[ ! "$chromium_revision" =~ ^[a-zA-Z0-9._-]+$ ]]; then
-          echo "::error::Invalid chromium_revision: $chromium_revision"
-          exit 1
-        fi
 
         mkdir -p src/buildtools
-        curl -sL "https://raw.githubusercontent.com/chromium/chromium/refs/tags/${chromium_revision}/buildtools/DEPS" > src/buildtools/DEPS
+        curl -sL "https://chromium.googlesource.com/chromium/src/+/${chromium_revision}/buildtools/DEPS?format=TEXT" | base64 -d > src/buildtools/DEPS
 
-        gclient sync --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
-    - name: Add problem matchers
-      shell: bash
-      run: |
-        echo "::add-matcher::src/electron/.github/problem-matchers/eslint-stylish.json"
-        echo "::add-matcher::src/electron/.github/problem-matchers/markdownlint.json"
+        gclient runhooks --spec="solutions=[{'name':'src/buildtools','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':True},'managed':False}]"
     - name: Run Lint
       shell: bash
       run: |
@@ -88,15 +67,11 @@ jobs:
         # but then we would lint its contents (at least gn format), and it doesn't pass it.
 
         cd src/electron
-        node script/yarn.js install --immutable
-        node script/yarn.js lint
+        node script/yarn install --frozen-lockfile
+        node script/yarn lint
     - name: Run Script Typechecker
       shell: bash
       run: |
         cd src/electron
-        node script/yarn.js tsc -p tsconfig.script.json
-    - name: Check GHA Workflows
-      shell: bash
-      run: |
-        cd src/electron
-        node script/copy-pipeline-segment-publish.js --check
+        node script/yarn tsc -p tsconfig.script.json
+    

.github/workflows/pipeline-segment-build-siso-windows.yml

@@ -1,98 +0,0 @@
-name: Pipeline Segment - Build Siso (Windows)
-
-# Builds a patched siso binary for Windows CI. Reads the siso revision from
-# the Chromium DEPS file at the pinned chromium_version, shallow-clones
-# chromium.googlesource.com/build at that revision, applies the patches under
-# .github/siso-patches/, cross-compiles siso.exe for windows/amd64, and
-# publishes it as the `siso-windows-amd64` artifact. The Windows build jobs
-# download it and use it via SISO_PATH. The built binary is cached keyed on
-# the siso revision + sha256 of the patch contents, so subsequent runs just
-# restore it.
-
-on:
-  workflow_call: {}
-
-permissions: {}
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      with:
-        fetch-depth: 1
-        ref: ${{ github.event.pull_request.head.sha }}
-        sparse-checkout: |
-          DEPS
-          .github/siso-patches
-    - name: Resolve siso revision from Chromium DEPS
-      id: resolve
-      run: |
-        set -euo pipefail
-        CHROMIUM_VERSION=$(python3 -c "import re; print(re.search(r\"'chromium_version':\s*\n\s*'([^']+)'\", open('DEPS').read()).group(1))")
-        if ! [[ "$CHROMIUM_VERSION" =~ ^[0-9]+(\.[0-9]+){1,3}$ ]]; then
-          echo "error: unexpected chromium_version format: $CHROMIUM_VERSION" >&2
-          exit 1
-        fi
-        curl -sfL "https://raw.githubusercontent.com/chromium/chromium/${CHROMIUM_VERSION}/DEPS" -o /tmp/chromium-DEPS
-        SISO_SHA=$(python3 -c "import re; print(re.search(r\"'siso_version':\s*'git_revision:([0-9a-f]+)'\", open('/tmp/chromium-DEPS').read()).group(1))")
-        if ! [[ "$SISO_SHA" =~ ^[0-9a-f]{40}$ ]]; then
-          echo "error: unexpected siso_version SHA: $SISO_SHA" >&2
-          exit 1
-        fi
-        PATCHES_HASH=$(find .github/siso-patches -type f -name '*.patch' | sort | xargs sha256sum | sha256sum | awk '{print $1}')
-        echo "siso-sha=${SISO_SHA}" >> "$GITHUB_OUTPUT"
-        echo "patches-hash=${PATCHES_HASH}" >> "$GITHUB_OUTPUT"
-        echo "Chromium ${CHROMIUM_VERSION} pins siso at ${SISO_SHA}"
-        echo "Patches hash: ${PATCHES_HASH}"
-    - name: Restore cached siso binary
-      id: cache-siso
-      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: siso-out/siso.exe
-        key: siso-windows-amd64-${{ steps.resolve.outputs.siso-sha }}-${{ steps.resolve.outputs.patches-hash }}
-    - name: Shallow clone chromium build repo at pinned revision
-      if: steps.cache-siso.outputs.cache-hit != 'true'
-      env:
-        SISO_SHA: ${{ steps.resolve.outputs.siso-sha }}
-      run: |
-        set -euo pipefail
-        mkdir chromium-build
-        cd chromium-build
-        git init -q
-        git remote add origin https://chromium.googlesource.com/build
-        git -c protocol.version=2 fetch --depth=1 origin "$SISO_SHA"
-        git checkout --detach FETCH_HEAD
-    - name: Apply in-tree siso patches
-      if: steps.cache-siso.outputs.cache-hit != 'true'
-      run: |
-        set -euo pipefail
-        cd chromium-build
-        git -c user.name=electron-ci -c user.email=ci@electronjs.org \
-          am --3way "${GITHUB_WORKSPACE}/.github/siso-patches"/*.patch
-    - name: Set up Go
-      if: steps.cache-siso.outputs.cache-hit != 'true'
-      uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
-      with:
-        go-version-file: chromium-build/siso/go.mod
-        cache: false
-    - name: Build siso (windows/amd64)
-      if: steps.cache-siso.outputs.cache-hit != 'true'
-      working-directory: chromium-build/siso
-      env:
-        CGO_ENABLED: '0'
-        GOOS: windows
-        GOARCH: amd64
-      run: |
-        mkdir -p "${GITHUB_WORKSPACE}/siso-out"
-        go build -trimpath -o "${GITHUB_WORKSPACE}/siso-out/siso.exe" .
-    - name: Upload siso artifact
-      uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-      with:
-        name: siso-windows-amd64
-        path: siso-out/siso.exe
-        if-no-files-found: error
-        retention-days: 1

.github/workflows/pipeline-segment-electron-build.yml

@@ -9,16 +9,12 @@ on:
         type: string
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
-        description: 'Arch to build for, can be x64, arm64, ia32 or arm'
+        description: 'Arch to build for, can be x64, arm64 or arm'
         required: true
-      target-variant:
-        type: string
-        description: 'Variant to build for, no effect on non-macOS target platforms. Can be darwin, mas or all.'
-        default: all
       build-runs-on:
         type: string
         description: 'What host to run the build'
@@ -48,83 +44,50 @@ on:
         required: true
         type: string
         default: '0'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
 
-permissions: {}
 
 concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
+  AZURE_AKS_CACHE_STORAGE_ACCOUNT: ${{ secrets.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}
+  AZURE_AKS_CACHE_SHARE_NAME: ${{ secrets.AZURE_AKS_CACHE_SHARE_NAME }}
   ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || inputs.target-platform == 'win' && '--custom-var=checkout_win=True' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  ELECTRON_GITHUB_TOKEN: ${{ secrets.ELECTRON_GITHUB_TOKEN }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
+  # Only disable this in the Asan build
+  CHECK_DIST_MANIFEST: true
+  IS_GHA_RELEASE: true
   ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
 
 jobs:
   build:
-    defaults:
-      run:
-        shell: bash
     runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.build-container) }}
     environment: ${{ inputs.environment }}
     env:
       TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
     steps:
     - name: Create src dir
-      run: |
-        mkdir src
+      run: mkdir src
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Setup SSH Debugging
-      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
-      uses: ./src/electron/.github/actions/ssh-debug
-      with:
-        tunnel: 'true'
-      env:
-        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    - name: Free up space (macOS)
-      if: ${{ inputs.target-platform == 'macos' }}
-      uses: ./src/electron/.github/actions/free-space-macos
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
     - name: Setup Node.js/npm
       if: ${{ inputs.target-platform == 'macos' }}
-      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
+      uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
       with:
-        node-version: 22.21.x
+        node-version: 20.11.x
         cache: yarn
         cache-dependency-path: src/electron/yarn.lock
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Install AZCopy
       if: ${{ inputs.target-platform == 'macos' }}
       run: brew install azcopy
@@ -139,91 +102,95 @@ jobs:
           fi
         elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
           GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
-        elif [ "${{ inputs.is-asan }}" = true ]; then
-          GN_EXTRA_ARGS='is_asan=true'
         fi
         echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
-    - name: Install Build Tools
-      uses: ./src/electron/.github/actions/install-build-tools      
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+
+        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        if [ "`uname`" = "Linux" ]; then
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
     - name: Generate DEPS Hash
       run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
+        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
-      if: ${{ inputs.target-platform != 'linux' }}
+      if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}
     - name: Restore src cache via AKS
       if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Fix Sync
-      if: ${{ inputs.target-platform != 'linux' }}
-      uses: ./src/electron/.github/actions/fix-sync
-      with:
-        target-platform: ${{ inputs.target-platform }}
-      env:
-        ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
+    - name: Install Build Tools
+      uses: ./src/electron/.github/actions/install-build-tools
     - name: Init Build Tools
       run: |
-        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --remote-build siso
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --only-sdk
     - name: Run Electron Only Hooks
       run: |
-        e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
+        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
     - name: Regenerate DEPS Hash
       run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
+    - name: Fix Sync (macOS)
+      if: ${{ inputs.target-platform == 'macos' }}
+      uses: ./src/electron/.github/actions/fix-sync-macos
+    - name: Install build-tools & Setup RBE
+      run: |
+        echo "NUMBER_OF_NINJA_PROCESSES=${{ inputs.target-platform == 'linux' && '300' || '200' }}" >> $GITHUB_ENV
+        cd ~/.electron_build_tools
+        npx yarn --ignore-engines
+        # Pull down credential helper and print status
+        node -e "require('./src/utils/reclient.js').downloadAndPrepare({})"
+        HELPER=$(node -p "require('./src/utils/reclient.js').helperPath({})")
+        $HELPER login
+        echo 'RBE_service='`node -e "console.log(require('./src/utils/reclient.js').serviceAddress)"` >> $GITHUB_ENV
+        echo 'RBE_experimental_credentials_helper='`node -e "console.log(require('./src/utils/reclient.js').helperPath({}))"` >> $GITHUB_ENV
+        echo 'RBE_experimental_credentials_helper_args=print' >> $GITHUB_ENV
     - name: Free up space (macOS)
       if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/free-space-macos
-    - name: Download custom siso binary (Windows)
-      if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-      with:
-        name: siso-windows-amd64
-        path: ${{ runner.temp }}/siso
-    - name: Set SISO_PATH (Windows)
-      if: ${{ inputs.target-platform == 'win' }}
-      run: |
-        SISO_BIN="${RUNNER_TEMP}/siso/siso.exe"
-        if [ ! -f "$SISO_BIN" ]; then
-          echo "error: expected siso binary at $SISO_BIN" >&2
-          exit 1
-        fi
-        echo "SISO_PATH=$SISO_BIN" >> "$GITHUB_ENV"
-        echo "Using custom siso binary at $SISO_BIN"
     - name: Build Electron
-      if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' || inputs.target-variant == 'darwin') }}
       uses: ./src/electron/.github/actions/build-electron
       with:
         target-arch: ${{ inputs.target-arch }}
         target-platform: ${{ inputs.target-platform }}
-        artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' || inputs.target-platform }}
+        artifact-platform: ${{ inputs.target-platform == 'linux' && 'linux' || 'darwin' }}
         is-release: '${{ inputs.is-release }}'
         generate-symbols: '${{ inputs.generate-symbols }}'
         upload-to-storage: '${{ inputs.upload-to-storage }}'
-        is-asan: '${{ inputs.is-asan }}'
     - name: Set GN_EXTRA_ARGS for MAS Build
-      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
+      if: ${{ inputs.target-platform == 'macos' }}
       run: |
         echo "MAS_BUILD=true" >> $GITHUB_ENV
         GN_EXTRA_ARGS='is_mas_build=true'
         echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
     - name: Build Electron (MAS)
-      if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' || inputs.target-variant == 'mas') }}
+      if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/build-electron
       with:
         target-arch: ${{ inputs.target-arch }}

.github/workflows/pipeline-segment-electron-gn-check.yml

@@ -5,11 +5,11 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
-      target-archs:
+      target-arch:
         type: string
-        description: 'Archs to check for, can be x64, x86, arm64 or arm space separated'
+        description: 'Arch to build for, can be x64, arm64 or arm'
         required: true
       check-runs-on:
         type: string
@@ -26,139 +26,111 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
-  group: electron-gn-check-${{ inputs.target-platform }}-${{ github.ref }}
+  group: electron-gn-check-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
   cancel-in-progress: true
 
 env:
+  AZURE_AKS_CACHE_STORAGE_ACCOUNT: ${{ secrets.AZURE_AKS_CACHE_STORAGE_ACCOUNT }}
+  AZURE_AKS_CACHE_SHARE_NAME: ${{ secrets.AZURE_AKS_CACHE_SHARE_NAME }}
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || (inputs.target-platform == 'linux' && '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' || '--custom-var=checkout_win=True') }}
+  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' && '--custom-var=checkout_mac=True --custom-var=host_os=mac' || '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
   ELECTRON_OUT_DIR: Default
+  TARGET_ARCH: ${{ inputs.target-arch }}
 
 jobs:
   gn-check:
-    defaults:
-      run:
-        shell: bash
+    # TODO(codebytere): Change this to medium VM
     runs-on: ${{ inputs.check-runs-on }}
-    permissions:
-      contents: read
     container: ${{ fromJSON(inputs.check-container) }}
+    env:
+      TARGET_ARCH: ${{ inputs.target-arch }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Cleanup disk space on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      shell: bash
-      run: |   
-        sudo mkdir -p $TMPDIR/del-target
-
-        tmpify() {
-          if [ -d "$1" ]; then
-            sudo mv "$1" $TMPDIR/del-target/$(echo $1|shasum -a 256|head -n1|cut -d " " -f1)
-          fi
-        }   
-        tmpify /Library/Developer/CoreSimulator
-        tmpify ~/Library/Developer/CoreSimulator
-        sudo rm -rf $TMPDIR/del-target
-    - name: Check disk space after freeing up space
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: df -h
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
     - name: Install Build Tools
       uses: ./src/electron/.github/actions/install-build-tools
-    - name: Enable windows toolchain
-      if: ${{ inputs.target-platform == 'win' }}
+    - name: Init Build Tools
       run: |
-        echo "ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN=1" >> $GITHUB_ENV
+        e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }} --only-sdk
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+
+        SEDOPTION="-i"
+        if [ "`uname`" = "Darwin" ]; then
+          SEDOPTION="-i ''"
+        fi
+
+        # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+        sed $SEDOPTION '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        if [ "`uname`" = "Linux" ]; then
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
+    - name: Set GN_EXTRA_ARGS for Linux
+      if: ${{ inputs.target-platform == 'linux' }}
+      run: |
+        if [ "${{ inputs.target-arch  }}" = "arm" ]; then
+          GN_EXTRA_ARGS='build_tflite_with_xnnpack=false'
+        elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
+          GN_EXTRA_ARGS='fatal_linker_warnings=false enable_linux_installer=false'
+        fi
+        echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
     - name: Generate DEPS Hash
       run: |
-        node src/electron/script/generate-deps-hash.js
-        DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
+        node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        DEPSHASH=v1-src-cache-$(shasum src/electron/.depshash | cut -f1 -d' ')
         echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
         echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
     - name: Restore src cache via AZCopy
       if: ${{ inputs.target-platform == 'macos' }}
       uses: ./src/electron/.github/actions/restore-cache-azcopy
-      with:
-        target-platform: ${{ inputs.target-platform }}      
     - name: Restore src cache via AKS
-      if: ${{ inputs.target-platform == 'linux' || inputs.target-platform == 'win' }}
+      if: ${{ inputs.target-platform == 'linux' }}
       uses: ./src/electron/.github/actions/restore-cache-aks
-      with:
-        target-platform: ${{ inputs.target-platform }}
     - name: Run Electron Only Hooks
       run: |
-        echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]" > tmpgclient
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          echo "solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False,'install_sysroot':False,'checkout_win':True},'managed':False}]" > tmpgclient
-          echo "target_os=['win']" >> tmpgclient
-        fi
-        e d gclient runhooks --gclientfile=tmpgclient
-
-        # Fix VS Toolchain
-        if [ "${{ inputs.target-platform }}" = "win" ]; then
-          rm -rf src/third_party/depot_tools/win_toolchain/vs_files
-          e d python3 src/build/vs_toolchain.py update --force
-        fi
+        gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
     - name: Regenerate DEPS Hash
       run: |
-        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js
-        echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
+        (cd src/electron && git checkout .) && node src/electron/script/generate-deps-hash.js && cat src/electron/.depshash-target
+        echo "DEPSHASH=$(shasum src/electron/.depshash | cut -f1 -d' ')" >> $GITHUB_ENV
     - name: Add CHROMIUM_BUILDTOOLS_PATH to env
       run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
     - name: Default GN gen
       run: |
         cd src/electron
         git pack-refs
-    - name: Run GN Check for ${{ inputs.target-archs }}
+        cd ..
+
+        e build --only-gen
+    - name: Run GN Check
       run: |
-        for target_cpu in ${{ inputs.target-archs }}
-        do
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu $target_cpu
-          cd src
-          export GN_EXTRA_ARGS="target_cpu=\"$target_cpu\""
-          if [ "${{ inputs.target-platform }}" = "linux" ]; then
-            if [ "$target_cpu" = "arm" ]; then
-              export GN_EXTRA_ARGS="$GN_EXTRA_ARGS build_tflite_with_xnnpack=false"
-            elif [ "$target_cpu" = "arm64" ]; then
-              export GN_EXTRA_ARGS="$GN_EXTRA_ARGS fatal_linker_warnings=false enable_linux_installer=false"
-            fi
-          fi
-          if [ "${{ inputs.target-platform }}" = "win" ]; then
-            export GN_EXTRA_ARGS="$GN_EXTRA_ARGS use_v8_context_snapshot=true target_os=\"win\""
-          fi
+        cd src
+        gn check out/Default //electron:electron_lib
+        gn check out/Default //electron:electron_app
+        gn check out/Default //electron/shell/common/api:mojo
 
-          e build --only-gen
-
-          e d gn check out/Default //electron:electron_lib
-          e d gn check out/Default //electron:electron_app
-          e d gn check out/Default //electron/shell/common:mojo
-          e d gn check out/Default //electron/shell/common:plugin
-
-          # Check the hunspell filenames
-          node electron/script/gen-hunspell-filenames.js --check
-          node electron/script/gen-libc++-filenames.js --check
-          cd ..
-        done
+        # Check the hunspell filenames
+        node electron/script/gen-hunspell-filenames.js --check
+        node electron/script/gen-libc++-filenames.js --check
     - name: Wait for active SSH sessions
       if: always() && !cancelled()
-      shell: bash
       run: |
         while [ -f /var/.ssh-lock ]
         do

.github/workflows/pipeline-segment-electron-publish.yml

@@ -1,252 +0,0 @@
-# AUTOGENERATED FILE - DO NOT EDIT MANUALLY
-# ONLY EDIT .github/workflows/pipeline-segment-electron-build.yml
-
-name: Pipeline Segment - Electron Build
-on:
-  workflow_call:
-    inputs:
-      environment:
-        description: using the production or testing environment
-        required: false
-        type: string
-      target-platform:
-        type: string
-        description: Platform to run on, can be macos, win or linux
-        required: true
-      target-arch:
-        type: string
-        description: Arch to build for, can be x64, arm64, ia32 or arm
-        required: true
-      target-variant:
-        type: string
-        description: Variant to build for, no effect on non-macOS target platforms. Can
-          be darwin, mas or all.
-        default: all
-      build-runs-on:
-        type: string
-        description: What host to run the build
-        required: true
-      build-container:
-        type: string
-        description: JSON container information for aks runs-on
-        required: false
-        default: '{"image":null}'
-      is-release:
-        description: Whether this build job is a release job
-        required: true
-        type: boolean
-        default: false
-      gn-build-type:
-        description: The gn build type - testing or release
-        required: true
-        type: string
-        default: testing
-      generate-symbols:
-        description: Whether or not to generate symbols
-        required: true
-        type: boolean
-        default: false
-      upload-to-storage:
-        description: Whether or not to upload build artifacts to external storage
-        required: true
-        type: string
-        default: "0"
-      is-asan:
-        description: Building the Address Sanitizer (ASan) Linux build
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: Enable SSH debugging
-        required: false
-        type: boolean
-        default: false
-permissions: {}
-concurrency:
-  group: electron-build-${{ inputs.target-platform }}-${{ inputs.target-arch
-    }}-${{ inputs.target-variant }}-${{ inputs.is-asan }}-${{
-    github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
-env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-  DD_API_KEY: ${{ secrets.DD_API_KEY }}
-  ELECTRON_ARTIFACTS_BLOB_STORAGE: ${{ secrets.ELECTRON_ARTIFACTS_BLOB_STORAGE }}
-  ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  SUDOWOODO_EXCHANGE_URL: ${{ secrets.SUDOWOODO_EXCHANGE_URL }}
-  GCLIENT_EXTRA_ARGS: ${{ inputs.target-platform == 'macos' &&
-    '--custom-var=checkout_mac=True --custom-var=host_os=mac' ||
-    inputs.target-platform == 'win' && '--custom-var=checkout_win=True' ||
-    '--custom-var=checkout_arm=True --custom-var=checkout_arm64=True' }}
-  ELECTRON_OUT_DIR: Default
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
-jobs:
-  build:
-    defaults:
-      run:
-        shell: bash
-    runs-on: ${{ inputs.build-runs-on }}
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    container: ${{ fromJSON(inputs.build-container) }}
-    environment: ${{ inputs.environment }}
-    env:
-      TARGET_ARCH: ${{ inputs.target-arch }}
-      TARGET_PLATFORM: ${{ inputs.target-platform }}
-    steps:
-      - name: Create src dir
-        run: |
-          mkdir src
-      - name: Checkout Electron
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Setup SSH Debugging
-        if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh ||
-          env.ACTIONS_STEP_DEBUG == 'true') }}
-        uses: ./src/electron/.github/actions/ssh-debug
-        with:
-          tunnel: "true"
-        env:
-          CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-          CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-          CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-          AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Check disk space after freeing up space
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: df -h
-      - name: Setup Node.js/npm
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
-        with:
-          node-version: 22.21.x
-          cache: yarn
-          cache-dependency-path: src/electron/yarn.lock
-      - name: Install Dependencies
-        uses: ./src/electron/.github/actions/install-dependencies
-      - name: Install AZCopy
-        if: ${{ inputs.target-platform == 'macos' }}
-        run: brew install azcopy
-      - name: Set GN_EXTRA_ARGS for Linux
-        if: ${{ inputs.target-platform == 'linux' }}
-        run: >
-          if [ "${{ inputs.target-arch  }}" = "arm" ]; then
-            if [ "${{ inputs.is-release  }}" = true ]; then
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false symbol_level=1'
-            else
-              GN_EXTRA_ARGS='target_cpu="arm" build_tflite_with_xnnpack=false'
-            fi
-          elif [ "${{ inputs.target-arch }}" = "arm64" ]; then
-            GN_EXTRA_ARGS='target_cpu="arm64" fatal_linker_warnings=false enable_linux_installer=false'
-          elif [ "${{ inputs.is-asan }}" = true ]; then
-            GN_EXTRA_ARGS='is_asan=true'
-          fi
-
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Set Chromium Git Cookie
-        uses: ./src/electron/.github/actions/set-chromium-cookie
-      - name: Install Build Tools
-        uses: ./src/electron/.github/actions/install-build-tools
-      - name: Generate DEPS Hash
-        run: |
-          node src/electron/script/generate-deps-hash.js
-          DEPSHASH=v2-src-cache-$(cat src/electron/.depshash)
-          echo "DEPSHASH=$DEPSHASH" >> $GITHUB_ENV
-          echo "CACHE_PATH=$DEPSHASH.tar" >> $GITHUB_ENV
-      - name: Restore src cache via AZCopy
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-azcopy
-        with:
-          target-platform: ${{ inputs.target-platform }}
-      - name: Restore src cache via AKS
-        if: ${{ inputs.target-platform == 'linux' }}
-        uses: ./src/electron/.github/actions/restore-cache-aks
-      - name: Checkout Electron
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-        with:
-          path: src/electron
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: Fix Sync
-        if: ${{ inputs.target-platform != 'linux' }}
-        uses: ./src/electron/.github/actions/fix-sync
-        with:
-          target-platform: ${{ inputs.target-platform }}
-        env:
-          ELECTRON_DEPOT_TOOLS_DISABLE_LOG: true
-      - name: Init Build Tools
-        run: >
-          e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
-          --import ${{ inputs.gn-build-type }} --target-cpu ${{
-          inputs.target-arch }} --remote-build siso
-      - name: Run Electron Only Hooks
-        run: |
-          e d gclient runhooks --spec="solutions=[{'name':'src/electron','url':None,'deps_file':'DEPS','custom_vars':{'process_deps':False},'managed':False}]"
-      - name: Regenerate DEPS Hash
-        run: >
-          (cd src/electron && git checkout .) && node
-          src/electron/script/generate-deps-hash.js
-
-          echo "DEPSHASH=$(cat src/electron/.depshash)" >> $GITHUB_ENV
-      - name: Add CHROMIUM_BUILDTOOLS_PATH to env
-        run: echo "CHROMIUM_BUILDTOOLS_PATH=$(pwd)/src/buildtools" >> $GITHUB_ENV
-      - name: Free up space (macOS)
-        if: ${{ inputs.target-platform == 'macos' }}
-        uses: ./src/electron/.github/actions/free-space-macos
-      - name: Download custom siso binary (Windows)
-        if: ${{ inputs.target-platform == 'win' }}
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
-        with:
-          name: siso-windows-amd64
-          path: ${{ runner.temp }}/siso
-      - name: Set SISO_PATH (Windows)
-        if: ${{ inputs.target-platform == 'win' }}
-        run: |
-          SISO_BIN="${RUNNER_TEMP}/siso/siso.exe"
-          if [ ! -f "$SISO_BIN" ]; then
-            echo "error: expected siso binary at $SISO_BIN" >&2
-            exit 1
-          fi
-          echo "SISO_PATH=$SISO_BIN" >> "$GITHUB_ENV"
-          echo "Using custom siso binary at $SISO_BIN"
-      - name: Build Electron
-        if: ${{ inputs.target-platform != 'macos' || (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'darwin') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: ${{ inputs.target-platform == 'macos' && 'darwin' ||
-            inputs.target-platform }}
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          is-asan: ${{ inputs.is-asan }}
-      - name: Set GN_EXTRA_ARGS for MAS Build
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        run: |
-          echo "MAS_BUILD=true" >> $GITHUB_ENV
-          GN_EXTRA_ARGS='is_mas_build=true'
-          echo "GN_EXTRA_ARGS=$GN_EXTRA_ARGS" >> $GITHUB_ENV
-      - name: Build Electron (MAS)
-        if: ${{ inputs.target-platform == 'macos' && (inputs.target-variant == 'all' ||
-          inputs.target-variant == 'mas') }}
-        uses: ./src/electron/.github/actions/build-electron
-        with:
-          target-arch: ${{ inputs.target-arch }}
-          target-platform: ${{ inputs.target-platform }}
-          artifact-platform: mas
-          is-release: ${{ inputs.is-release }}
-          generate-symbols: ${{ inputs.generate-symbols }}
-          upload-to-storage: ${{ inputs.upload-to-storage }}
-          step-suffix: (mas)

.github/workflows/pipeline-segment-electron-test.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -20,67 +20,41 @@ on:
         description: 'JSON container information for aks runs-on'
         required: false
         default: '{"image":null}'
-      is-asan: 
-        description: 'Building the Address Sanitizer (ASan) Linux build'
-        required: false
-        type: boolean
-        default: false
-      enable-ssh:
-        description: 'Enable SSH debugging'
-        required: false
-        type: boolean
-        default: false
 
 concurrency:
-  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ inputs.is-asan }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
-permissions: {}
+permissions:
+  contents: read
+  issues: read
+  pull-requests: read
 
 env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
-  CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
-  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
-  SENTRYCLI_SKIP_DOWNLOAD: 1
+  ELECTRON_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
 jobs:
   test:
-    defaults:
-      run:
-        shell: bash
     runs-on: ${{ inputs.test-runs-on }}
-    permissions:
-      contents: read
-      issues: read
-      pull-requests: read
     container: ${{ fromJSON(inputs.test-container) }}
     strategy:
       fail-fast: false
       matrix:
-        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || (inputs.target-platform == 'win' && fromJSON('["win"]') || fromJSON('["linux"]')) }}
-        shard: ${{ case(inputs.target-platform == 'linux', fromJSON('[1, 2, 3]'), inputs.target-platform == 'macos' && inputs.target-arch == 'x64', fromJSON('[1, 2, 3]'), fromJSON('[1, 2]')) }}
+        build-type: ${{ inputs.target-platform == 'macos' && fromJSON('["darwin","mas"]') || fromJSON('["linux"]') }}
+        shard: ${{ inputs.target-platform == 'macos' && fromJSON('[1, 2]') || fromJSON('[1, 2, 3]') }}
     env:
       BUILD_TYPE: ${{ matrix.build-type }}
       TARGET_ARCH: ${{ inputs.target-arch }}
-      ARTIFACT_KEY: ${{ matrix.build-type }}_${{ inputs.target-arch }}
     steps:
     - name: Fix node20 on arm32 runners
-      if: ${{ inputs.target-arch == 'arm' && inputs.target-platform == 'linux' }}
+      if: ${{ inputs.target-arch == 'arm' }}
       run: |
         cp $(which node) /mnt/runner-externals/node20/bin/
-        cp $(which node) /mnt/runner-externals/node24/bin/
-    - name: Setup Node.js/npm
-      if: ${{ inputs.target-platform == 'win' }}
-      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f
-      with:
-        node-version: 22.21.x
     - name: Add TCC permissions on macOS
       if: ${{ inputs.target-platform == 'macos' }}
       run: |
-        epochdate=$(($(date +'%s * 1000 + %-N / 1000000')))
         configure_user_tccdb () {
           local values=$1
           local dbPath="$HOME/Library/Application Support/com.apple.TCC/TCC.db"
@@ -96,17 +70,14 @@ jobs:
         }
 
         userValuesArray=(
+            "'kTCCServiceMicrophone','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
             "'kTCCServiceCamera','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
             "'kTCCServiceBluetoothAlways','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceAppleEvents','/usr/local/opt/runner/provisioner/provisioner',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceCamera','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceBluetoothAlways','/opt/hca/hosted-compute-agent',1,2,4,1,NULL,NULL,0,'UNUSED',NULL,0,1687786159"
-            "'kTCCServiceScreenCapture','/bin/bash',1,2,3,1,NULL,NULL,NULL,'UNUSED',NULL,0,$epochdate"
         )
         for values in "${userValuesArray[@]}"; do
           # Sonoma and higher have a few extra values
           # Ref: https://github.com/actions/runner-images/blob/main/images/macos/scripts/build/configure-tccdb-macos.sh
-          if [ "$OSTYPE" = "darwin23" ] || [ "$OSTYPE" = "darwin24" ]; then
+          if [ "$OSTYPE" = "darwin23" ]; then
             configure_user_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
             configure_sys_tccdb "$values,NULL,NULL,'UNUSED',${values##*,}"
           else
@@ -114,193 +85,86 @@ jobs:
             configure_sys_tccdb "$values"
           fi
         done
-    - name: Turn off the unexpectedly quit dialog on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: defaults write com.apple.CrashReporter DialogType server
-    - name: Set xcode to 16.4
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: sudo xcode-select --switch /Applications/Xcode_16.4.app
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Turn off screenshot nag on macOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: |
-        defaults write ~/Library/Group\ Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist "/bin/bash" -date "3024-09-23 12:00:00 +0000"
-        src/electron/script/actions/screencapture-nag-remover.sh -a $(which bash)
-        src/electron/script/actions/screencapture-nag-remover.sh -a /opt/hca/hosted-compute-agent
-    - name: Setup SSH Debugging
-      if: ${{ inputs.target-platform == 'macos' && (inputs.enable-ssh || env.ACTIONS_STEP_DEBUG == 'true') }}
-      uses: ./src/electron/.github/actions/ssh-debug
-      with:
-        tunnel: 'true'
-      env:
-        CLOUDFLARE_TUNNEL_CERT: ${{ secrets.CLOUDFLARE_TUNNEL_CERT }}
-        CLOUDFLARE_TUNNEL_HOSTNAME: ${{ vars.CLOUDFLARE_TUNNEL_HOSTNAME }}
-        CLOUDFLARE_USER_CA_CERT: ${{ secrets.CLOUDFLARE_USER_CA_CERT }}
-        AUTHORIZED_USERS: ${{ secrets.SSH_DEBUG_AUTHORIZED_USERS }}
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
     - name: Get Depot Tools
       timeout-minutes: 5
       run: |
-        git config --global core.filemode false
-        git config --global core.autocrlf false
-        git config --global branch.autosetuprebase always
-        git config --global core.fscache true
-        git config --global core.longpaths true
-        git config --global core.preloadindex true
-        git config --global core.longpaths true
-        git clone --filter=tree:0 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        if [ "`uname`" = "Darwin" ]; then
+          # remove ninjalog_uploader_wrapper.py from autoninja since we don't use it and it causes problems
+          sed -i '' '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        else
+          sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+          # Remove swift-format dep from cipd on macOS until we send a patch upstream.
+          cd depot_tools
+          git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        fi
         # Ensure depot_tools does not update.
         test -d depot_tools && cd depot_tools
         touch .disable_auto_update
     - name: Add Depot Tools to PATH
       run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
-    - name: Load ASan specific environment variables
-      if: ${{ inputs.is-asan == true }}
-      run: |
-        echo "ARTIFACT_KEY=${{ matrix.build-type }}_${{ inputs.target-arch }}_asan" >> $GITHUB_ENV
-        echo "DISABLE_CRASH_REPORTER_TESTS=true" >> $GITHUB_ENV
-        echo "IS_ASAN=true" >> $GITHUB_ENV
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
-        name: generated_artifacts_${{ env.ARTIFACT_KEY }}
+        name: generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
         path: ./generated_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
-        name: src_artifacts_${{ env.ARTIFACT_KEY }}
-        path: ./src_artifacts_${{ matrix.build-type }}_${{ inputs.target-arch }}
+        name: src_artifacts_${{ matrix.build-type }}_${{ env.TARGET_ARCH }}
+        path: ./src_artifacts_${{ matrix.build-type }}_${{ env.TARGET_ARCH }}
     - name: Restore Generated Artifacts
       run: ./src/electron/script/actions/restore-artifacts.sh
-    - name: Unzip Dist (win)
-      if: ${{ inputs.target-platform == 'win' }}
-      shell: powershell
-      run: |
-        Set-ExecutionPolicy Bypass -Scope Process -Force
-        cd src/out/Default
-        Expand-Archive -Force dist.zip -DestinationPath ./
-    - name: Unzip Dist (unix)
-      if: ${{ inputs.target-platform != 'win' }}
+    - name: Unzip Dist, Mksnapshot & Chromedriver
       run: |
         cd src/out/Default
         unzip -:o dist.zip
-    - name: Import & Trust Self-Signed Codesigning Cert on MacOS
-      if: ${{ inputs.target-platform == 'macos' }}
-      run: |
-        cd src/electron
-        ./script/codesign/generate-identity.sh
-    # Only sign on x64 — arm64 builds are already ad-hoc signed, and re-signing
-    # with an untrusted cert breaks macOS system integrations (e.g. dock bounce).
-    # Autoupdater tests sign their own fixture copies via signApp().
-    - name: Sign Electron.app for macOS tests
-      if: ${{ inputs.target-platform == 'macos' && inputs.target-arch == 'x64' }}
-      run: |
-        identity=$(src/electron/script/codesign/get-trusted-identity.sh)
-        if [ -n "$identity" ]; then
-          codesign -s "$identity" --deep --force src/out/Default/Electron.app
-        fi
-
+        unzip -:o chromedriver.zip
+        unzip -:o mksnapshot.zip
+    # - name: Import & Trust Self-Signed Codesigning Cert on MacOS
+    #   if: ${{ inputs.target-platform == 'macos' }}
+    #   run: |
+    #     sudo security authorizationdb write com.apple.trust-settings.admin allow
+    #     cd src/electron
+    #     ./script/codesign/generate-identity.sh
     - name: Run Electron Tests
       shell: bash
-      timeout-minutes: 40
       env:
         MOCHA_REPORTER: mocha-multi-reporters
+        ELECTRON_TEST_RESULTS_DIR: junit
         MOCHA_MULTI_REPORTERS: mocha-junit-reporter, tap
         ELECTRON_DISABLE_SECURITY_WARNINGS: 1
+        ELECTRON_SKIP_NATIVE_MODULE_TESTS: true
         DISPLAY: ':99.0'
-        NPM_CONFIG_MSVS_VERSION: '2022'
       run: |
         cd src/electron
-        export ELECTRON_TEST_RESULTS_DIR=`pwd`/junit
         # Get which tests are on this shard
-        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ case(inputs.target-platform == 'linux', 3, inputs.target-platform == 'macos' && inputs.target-arch == 'x64', 3, 2) }})
+        tests_files=$(node script/split-tests ${{ matrix.shard }} ${{ inputs.target-platform == 'macos' && 2 || 3 }})
 
         # Run tests
-        if [ "${{ inputs.target-platform }}" != "linux" ]; then
+        if [ "`uname`" = "Darwin" ]; then
           echo "About to start tests"
-          if [ "${{ inputs.target-platform }}" = "win" ]; then
-            if [ "${{ inputs.target-arch }}" = "x86" ]; then
-              export npm_config_arch="ia32"
-            fi
-            if [ "${{ inputs.target-arch }}" = "arm64" ]; then
-              export ELECTRON_FORCE_TEST_SUITE_EXIT="true"
-            fi
-          fi
-          node script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
+          node script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
         else
           chown :builduser .. && chmod g+w ..
           chown -R :builduser . && chmod -R g+w .
           chmod 4755 ../out/Default/chrome-sandbox
           runuser -u builduser -- git config --global --add safe.directory $(pwd)
-          if [ "${{ inputs.is-asan }}" == "true" ]; then
-            cd ..
-            ASAN_SYMBOLIZE="$PWD/tools/valgrind/asan/asan_symbolize.py --executable-path=$PWD/out/Default/electron"
-            export ASAN_OPTIONS="symbolize=0 handle_abort=1"
-            export G_SLICE=always-malloc
-            export NSS_DISABLE_ARENA_FREE_LIST=1
-            export NSS_DISABLE_UNLOAD=1
-            export LLVM_SYMBOLIZER_PATH=$PWD/third_party/llvm-build/Release+Asserts/bin/llvm-symbolizer
-            export MOCHA_TIMEOUT=180000
-            echo "Piping output to ASAN_SYMBOLIZE ($ASAN_SYMBOLIZE)"
-            cd electron
-            runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --trace-uncaught --enable-logging --files $tests_files | $ASAN_SYMBOLIZE
-          else
-            if [ "${{ inputs.target-arch }}" = "arm" ]; then
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --skipYarnInstall --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            else 
-              runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn.js test --runners=main --enableRerun=3 --trace-uncaught --enable-logging --files $tests_files
-            fi
-            
-          fi
+          runuser -u builduser -- xvfb-run script/actions/run-tests.sh script/yarn test --runners=main --trace-uncaught --enable-logging --files $tests_files
         fi
-    - name: Take screenshot on timeout or cancellation
-      if: ${{ inputs.target-platform != 'linux' && (cancelled() || failure()) }}
-      shell: bash
-      run: |
-        screenshot_dir="src/electron/spec/artifacts"
-        mkdir -p "$screenshot_dir"
-        screenshot_file="$screenshot_dir/screenshot-timeout-$(date +%Y%m%d%H%M%S).png"
-        if [ "${{ inputs.target-platform }}" = "macos" ]; then
-          screencapture -x "$screenshot_file" || true
-        elif [ "${{ inputs.target-platform }}" = "win" ]; then
-          powershell -command "Add-Type -AssemblyName System.Windows.Forms; \$screen = [System.Windows.Forms.Screen]::PrimaryScreen.Bounds; \$bitmap = New-Object System.Drawing.Bitmap(\$screen.Width, \$screen.Height); \$graphics = [System.Drawing.Graphics]::FromImage(\$bitmap); \$graphics.CopyFromScreen(\$screen.Location, [System.Drawing.Point]::Empty, \$screen.Size); \$bitmap.Save('$screenshot_file')" || true
-        fi
-
-    - name: Upload Test results to Datadog
-      env:
-        DD_ENV: ci
-        DD_SERVICE: electron
-        DD_API_KEY: ${{ secrets.DD_API_KEY }}
-        DD_CIVISIBILITY_LOGS_ENABLED: true
-        DD_TAGS: "os.architecture:${{ inputs.target-arch }},os.family:${{ inputs.target-platform }},os.platform:${{ inputs.target-platform }},asan:${{ inputs.is-asan }}"
-      run: |
-        if ! [ -z $DD_API_KEY ] && [ -f src/electron/junit/test-results-main.xml ]; then
-          cd src/electron
-          export DATADOG_PATH=`node script/yarn.js bin datadog-ci`
-          $DATADOG_PATH junit upload junit/test-results-main.xml
-        fi
-      if: always() && !cancelled()
-    - name: Upload Test Artifacts
-      if: always()
-      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
-      with:
-        name: test_artifacts_${{ env.ARTIFACT_KEY }}_${{ matrix.shard }}
-        path: src/electron/spec/artifacts
-        if-no-files-found: ignore
     - name: Wait for active SSH sessions
       if: always() && !cancelled()
-      shell: bash
       run: |
         while [ -f /var/.ssh-lock ]
         do
           sleep 60
-        done
+        done

.github/workflows/pipeline-segment-node-nan-test.yml

@@ -5,7 +5,7 @@ on:
     inputs:
       target-platform:
         type: string
-        description: 'Platform to run on, can be macos, win or linux'
+        description: 'Platform to run on, can be macos or linux'
         required: true
       target-arch:
         type: string
@@ -26,53 +26,57 @@ on:
         type: string
         default: testing
 
-permissions: {}
-
 concurrency:
-  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref_protected == true && github.run_id || github.ref }}
-  cancel-in-progress: ${{ github.ref_protected != true }}
+  group: electron-node-nan-test-${{ inputs.target-platform }}-${{ inputs.target-arch }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' && !endsWith(github.ref, '-x-y') }}
 
 env:
-  CHROMIUM_GIT_COOKIE: ${{ secrets.CHROMIUM_GIT_COOKIE }}
   ELECTRON_OUT_DIR: Default
   ELECTRON_RBE_JWT: ${{ secrets.ELECTRON_RBE_JWT }}
-  # @sentry/cli is only needed by release upload-symbols.py; skip the ~17MB CDN download on test jobs
-  SENTRYCLI_SKIP_DOWNLOAD: 1
 
 jobs:
   node-tests:
     name: Run Node.js Tests
-    runs-on: electron-arc-centralus-linux-amd64-8core
-    permissions:
-      contents: read
-    timeout-minutes: 30
+    runs-on: aks-linux-medium-plus
+    timeout-minutes: 20
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
       BUILD_TYPE: linux
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
     - name: Install Build Tools
       uses: ./src/electron/.github/actions/install-build-tools
     - name: Init Build Tools
       run: |
         e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }} --import ${{ inputs.gn-build-type }} --target-cpu ${{ inputs.target-arch }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        cd depot_tools
+        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -90,7 +94,6 @@ jobs:
         node electron/script/node-spec-runner.js --default --jUnitDir=junit
     - name: Wait for active SSH sessions
       if: always() && !cancelled()
-      shell: bash
       run: |
         while [ -f /var/.ssh-lock ]
         do
@@ -98,37 +101,46 @@ jobs:
         done
   nan-tests:
     name: Run Nan Tests
-    runs-on: electron-arc-centralus-linux-amd64-4core
-    permissions:
-      contents: read
-    timeout-minutes: 30
+    runs-on: aks-linux-medium
+    timeout-minutes: 20
     env: 
       TARGET_ARCH: ${{ inputs.target-arch }}
       BUILD_TYPE: linux
     container: ${{ fromJSON(inputs.test-container) }}
     steps:
     - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
       with:
         path: src/electron
         fetch-depth: 0
-        ref: ${{ github.event.pull_request.head.sha }}
-    - name: Set Chromium Git Cookie
-      uses: ./src/electron/.github/actions/set-chromium-cookie
     - name: Install Build Tools
       uses: ./src/electron/.github/actions/install-build-tools
     - name: Init Build Tools
       run: |
         e init -f --root=$(pwd) --out=Default ${{ inputs.gn-build-type }}
     - name: Install Dependencies
-      uses: ./src/electron/.github/actions/install-dependencies
+      run: |
+        cd src/electron
+        node script/yarn install --frozen-lockfile
+    - name: Get Depot Tools
+      timeout-minutes: 5
+      run: |
+        git clone --depth=1 https://chromium.googlesource.com/chromium/tools/depot_tools.git
+        sed -i '/ninjalog_uploader_wrapper.py/d' ./depot_tools/autoninja
+        cd depot_tools
+        git apply --3way ../src/electron/.github/workflows/config/gclient.diff
+        # Ensure depot_tools does not update.
+        test -d depot_tools && cd depot_tools
+        touch .disable_auto_update
+    - name: Add Depot Tools to PATH
+      run: echo "$(pwd)/depot_tools" >> $GITHUB_PATH
     - name: Download Generated Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
         path: ./generated_artifacts_${{ env.BUILD_TYPE }}_${{ env.TARGET_ARCH }}
     - name: Download Src Artifacts
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
       with:
         name: src_artifacts_linux_${{ env.TARGET_ARCH }}
         path: ./src_artifacts_linux_${{ env.TARGET_ARCH }}
@@ -140,18 +152,11 @@ jobs:
         unzip -:o dist.zip
     - name: Setup Linux for Headless Testing
       run: sh -e /etc/init.d/xvfb start
-    - name: Add Clang problem matcher
-      shell: bash
-      run: echo "::add-matcher::src/electron/.github/problem-matchers/clang.json"
-    - name: Run Nan Tests
+    - name: Run Node.js Tests
       run: |
         cd src
         node electron/script/nan-spec-runner.js
-    - name: Remove Clang problem matcher
-      shell: bash
-      run: echo "::remove-matcher owner=clang::"
     - name: Wait for active SSH sessions
-      shell: bash
       if: always() && !cancelled()
       run: |
         while [ -f /var/.ssh-lock ]

.github/workflows/pull-request-labeled.yml

@@ -4,10 +4,6 @@ on:
   pull_request_target:
     types: [labeled]
 
-# SECURITY: This workflow uses pull_request_target and has access to secrets.
-# Do NOT checkout or run code from the PR head. All code execution must use
-# the base branch only. Adding a ref to PR head would expose secrets to
-# untrusted code.
 permissions: {}
 
 jobs:
@@ -15,25 +11,20 @@ jobs:
     name: backport/requested label added
     if: github.event.label.name == 'backport/requested 🗳'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Trigger Slack workflow
-        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         with:
-          webhook: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }} 
-          webhook-type: webhook-trigger
           payload: |
             {
-              "base_ref": ${{ toJSON(github.event.pull_request.base.ref) }},
-              "title": ${{ toJSON(github.event.pull_request.title) }},
-              "url": ${{ toJSON(github.event.pull_request.html_url) }},
-              "user": ${{ toJSON(github.event.pull_request.user.login) }}
+              "url": "${{ github.event.pull_request.html_url }}"
             }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.BACKPORT_REQUESTED_SLACK_WEBHOOK_URL }}
   pull-request-labeled-deprecation-review-complete:
     name: deprecation-review/complete label added
     if: github.event.label.name == 'deprecation-review/complete ✅'
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -42,7 +33,7 @@ jobs:
           creds: ${{ secrets.RELEASE_BOARD_GH_APP_CREDS }}
           org: electron
       - name: Set status
-        uses: dsanders11/project-actions/edit-item@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/edit-item@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           token: ${{ steps.generate-token.outputs.token }}
           project-number: 94

.github/workflows/pull-request-opened-synchronized.yml

@@ -1,39 +0,0 @@
-name: Pull Request Opened/Synchronized
-
-on:
-  pull_request_target:
-    types: [opened, synchronize]
-
-# SECURITY: This workflow uses pull_request_target and has access to secrets.
-# Do NOT checkout or run code from the PR head. All code execution must use
-# the base branch only. Adding a ref to PR head would expose secrets to
-# untrusted code.
-permissions: {}
-
-jobs:
-  check-signed-commits:
-    name: Check signed commits in PR
-    if: ${{ !contains(github.event.pull_request.labels.*.name, 'needs-signed-commits')}}
-    runs-on: ubuntu-slim
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - name: Check signed commits in PR
-        uses: 1Password/check-signed-commits-action@ed2885f3ed2577a4f5d3c3fe895432a557d23d52 # v1
-        with:
-          comment: |
-            ⚠️ This PR contains unsigned commits. This repository enforces [commit signatures](https://docs.github.com/en/authentication/managing-commit-signature-verification) 
-            for all incoming PRs. To get your PR merged, please sign those commits 
-            (`git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}`) and force push them to this branch 
-            (`git push --force-with-lease`)
-
-            For more information on signing commits, see GitHub's documentation on [Telling Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key).
-
-      - name: Add needs-signed-commits label
-        if: ${{ failure() }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          gh pr edit $PR_URL --add-label needs-signed-commits

.github/workflows/rerun-apply-patches.yml

@@ -1,71 +0,0 @@
-name: Rerun PR Apply Patches
-
-on:
-  push:
-    branches:
-      - main
-      - '[1-9][0-9]-x-y'
-    paths:
-      - 'DEPS'
-      - 'patches/**'
-
-permissions: {}
-
-jobs:
-  rerun-apply-patches:
-    runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      checks: read
-      contents: read
-      pull-requests: read
-    steps:
-      - name: Find PRs and Rerun Apply Patches
-        env:
-          GH_REPO: ${{ github.repository }}
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          BRANCH="${GITHUB_REF#refs/heads/}"
-
-          # Find all open PRs targeting this branch
-          PRS=$(gh pr list --base "$BRANCH" --state open --limit 250 --json number)
-
-          echo "$PRS" | jq -c '.[]' | while read -r pr; do
-            PR_NUMBER=$(echo "$pr" | jq -r '.number')
-            echo "Processing PR #${PR_NUMBER}"
-
-            # Find the Apply Patches workflow check for this PR
-            CHECK=$(gh pr view "$PR_NUMBER" --json statusCheckRollup --jq '[.statusCheckRollup[] | select(.workflowName == "Apply Patches" and .name == "apply-patches")] | first')
-
-            if [ -z "$CHECK" ] || [ "$CHECK" = "null" ]; then
-              echo "  No Apply Patches workflow found for PR #${PR_NUMBER}"
-              continue
-            fi
-
-            CONCLUSION=$(echo "$CHECK" | jq -r '.conclusion')
-            if [ "$CONCLUSION" = "SKIPPED" ]; then
-              echo "  apply-patches job was skipped for PR #${PR_NUMBER} (no patches)"
-              continue
-            fi
-
-            LINK=$(echo "$CHECK" | jq -r '.detailsUrl')
-
-            # Extract the run ID from the link (format: .../runs/RUN_ID/job/JOB_ID)
-            RUN_ID=$(echo "$LINK" | grep -oE 'runs/[0-9]+' | cut -d'/' -f2)
-
-            if [ -z "$RUN_ID" ]; then
-              echo "  Could not extract run ID from link: ${LINK}"
-              continue
-            fi
-
-            # Check if the workflow is currently in progress
-            RUN_STATUS=$(gh run view "$RUN_ID" --json status --jq '.status')
-
-            if [ "$RUN_STATUS" = "in_progress" ] || [ "$RUN_STATUS" = "queued" ] || [ "$RUN_STATUS" = "waiting" ]; then
-              echo "  Workflow run ${RUN_ID} is ${RUN_STATUS}, cancelling..."
-              gh run cancel "$RUN_ID" --force
-              gh run watch "$RUN_ID"
-            fi
-
-            gh run rerun "$RUN_ID"
-          done

.github/workflows/scorecards.yml

@@ -22,13 +22,13 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
       # This is a pre-submit / pre-release.
       - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -42,7 +42,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v3.29.5
+        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -7,7 +7,8 @@ on:
       - edited
       - synchronize
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   main:
@@ -18,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: semantic-pull-request
-        uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+        uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/stable-prep-items.yml

@@ -11,7 +11,6 @@ jobs:
   check-stable-prep-items:
     name: Check Stable Prep Items
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
@@ -28,7 +27,7 @@ jobs:
           PROJECT_NUMBER=$(gh project list --owner electron --format json | jq -r '.projects | map(select(.title | test("^[0-9]+-x-y$"))) | max_by(.number) | .number')
           echo "PROJECT_NUMBER=$PROJECT_NUMBER" >> "$GITHUB_OUTPUT"
       - name: Update Completed Stable Prep Items
-        uses: dsanders11/project-actions/completed-by@2134fe7cc71c58b7ae259c82a8e63c6058255678 # v1.7.0
+        uses: dsanders11/project-actions/completed-by@eb760c48894b5702398529cbb8f6e98378e315d0 # v1.3.0
         with:
           field: Prep Status
           field-value: ✅ Complete

.github/workflows/stale.yml

@@ -10,14 +10,13 @@ permissions: {}
 jobs:
   stale:
     runs-on: ubuntu-latest
-    permissions: {}
     steps:
       - name: Generate GitHub App token
         uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: 90
@@ -28,11 +27,10 @@ jobs:
             This issue has been automatically marked as stale. **If this issue is still affecting you, please leave any comment** (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the [latest version of Electron](https://www.electronjs.org/releases/stable) or in the [beta](https://www.electronjs.org/releases/beta)—please include it with your comment!
           close-issue-message: >
             This issue has been closed due to inactivity, and will not be monitored.  If this is a bug and you can reproduce this issue on a [supported version of Electron](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#timeline) please open a new issue and include instructions for reproducing the issue.
-          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt,upgrade-follow-up,tracking-upstream"
+          exempt-issue-labels: "discussion,security \U0001F512,enhancement :sparkles:,status/confirmed,stale-exempt"
           only-pr-labels: not-a-real-label
   pending-repro:
     runs-on: ubuntu-latest
-    permissions: {}
     if: ${{ always() }}
     needs: stale
     steps:
@@ -41,7 +39,7 @@ jobs:
         id: generate-token
         with:
           creds: ${{ secrets.ISSUE_TRIAGE_GH_APP_CREDS }}
-      - uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # tag: v10.1.1
+      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # tag: v9.0.0
         with:
           repo-token: ${{ steps.generate-token.outputs.token }}
           days-before-stale: -1

.github/workflows/update-website-docs.yml

@@ -1,39 +0,0 @@
-name: Update Website Docs
-
-on:
-  release:
-    types: [published]
-
-permissions: {}
-
-jobs:
-  update-website-docs:
-    name: Update Website Docs
-    runs-on: ubuntu-latest
-    environment: website-docs-updater
-    permissions:
-      contents: read
-      id-token: write # needed for secret-service-action
-    steps:
-      - name: Get GitHub App token
-        id: secret-service
-        uses: electron/secret-service-action@3476425e8b30555aac15b1b7096938e254b0e155 # v1.0.0
-      - name: Check if this release is the latest
-        id: check-if-latest-release
-        env:
-          GH_REPO: electron/electron
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          LATEST_RELEASE_TAG="$(gh release view --json tagName --jq '.tagName')"
-          if [ "$LATEST_RELEASE_TAG" = "${GITHUB_REF#refs/tags/}" ]; then
-            echo "isLatestRelease=true" >> $GITHUB_OUTPUT
-          else
-            echo "isLatestRelease=false" >> $GITHUB_OUTPUT
-          fi
-      - name: Trigger website docs update
-        if: ${{ steps.check-if-latest-release.outputs.isLatestRelease == 'true' }}
-        env:
-          GH_REPO: electron/website
-          GH_TOKEN: ${{ fromJSON(steps.secret-service.outputs.secrets).WEBSITE_DOCS_UPDATER_APP_TOKEN }}
-        run: |
-          gh workflow run update-docs.yml -f sha=$GITHUB_SHA

.github/workflows/update_appveyor_image.yml

@@ -0,0 +1,73 @@
+name: Update AppVeyor Image
+
+# Run chron daily Mon-Fri
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 8 * * 1-5' # runs 8:00 every business day (see https://crontab.guru)
+
+permissions: {}
+
+jobs:
+  bake-appveyor-image:
+    name: Bake AppVeyor Image
+    runs-on: ubuntu-latest
+    steps:
+    - name: Generate GitHub App token
+      uses: electron/github-app-auth-action@384fd19694fe7b6dcc9a684746c6976ad78228ae # v1.1.1
+      id: generate-token
+      with:
+        creds: ${{ secrets.APPVEYOR_UPDATER_GH_APP_CREDS }}
+    - name: Checkout
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      with:
+        fetch-depth: 0
+        token: ${{ steps.generate-token.outputs.token }}
+    - name: Yarn install
+      run: |
+        node script/yarn.js install --frozen-lockfile
+    - name: Set Repo for Commit
+      run: git config --global --add safe.directory $GITHUB_WORKSPACE
+    - name: Check AppVeyor Image
+      env:
+        APPVEYOR_TOKEN: ${{ secrets.APPVEYOR_TOKEN }}
+      run: |
+        node ./script/prepare-appveyor
+        if [ -f ./image_version.txt ]; then
+          echo "APPVEYOR_IMAGE_VERSION="$(cat image_version.txt)"" >> $GITHUB_ENV
+          rm image_version.txt
+        fi
+    - name: (Optionally) Update Appveyor Image
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      uses: mikefarah/yq@f15500b20a1c991c8729870ba60a4dc3524b6a94 # v4.44.2
+      with:
+        cmd: |
+          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor.yml" > "appveyor2.yml"
+          yq '.image = "${{ env.APPVEYOR_IMAGE_VERSION }}"' "appveyor-woa.yml" > "appveyor-woa2.yml"
+    - name: (Optionally) Generate Commit Diff
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        diff -w -B appveyor.yml appveyor2.yml > appveyor.diff || true
+        patch -f appveyor.yml < appveyor.diff
+        rm appveyor2.yml appveyor.diff
+        git add appveyor.yml
+    - name: (Optionally) Generate Commit Diff for WOA
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        diff -w -B appveyor-woa.yml appveyor-woa2.yml > appveyor-woa.diff || true
+        patch -f appveyor-woa.yml < appveyor-woa.diff
+        rm appveyor-woa2.yml appveyor-woa.diff
+        git add appveyor-woa.yml
+    - name: (Optionally) Commit to Branch
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      uses: dsanders11/github-app-commit-action@48d2ff8c1a855eb15d16afa97ae12616456d7cbc # v1.4.0
+      with:
+        message: 'build: update appveyor image to latest version'
+        ref: bump-appveyor-image
+        token: ${{ steps.generate-token.outputs.token }}
+    - name: (Optionally) Create Pull Request
+      if: ${{ env.APPVEYOR_IMAGE_VERSION }}
+      run: |
+        printf "This PR updates appveyor.yml to the latest baked image, ${{ env.APPVEYOR_IMAGE_VERSION }}.\n\nNotes: none" | gh pr create --head bump-appveyor-image --label no-backport --label semver/none --title 'build: update appveyor image to latest version' --body-file=-
+      env:
+        GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

.github/workflows/windows-publish.yml

@@ -1,116 +0,0 @@
-name: Publish Windows
-
-on:
-  workflow_dispatch:
-    inputs:
-      build-image-sha:
-        type: string
-        description: 'SHA for electron/build image'
-        default: 'a82b87d7a4f5ff0cab61405f8151ac4cf4942aeb'
-        required: true
-      upload-to-storage:
-        description: 'Uploads to Azure storage'
-        required: false
-        default: '1'
-        type: string
-      run-windows-publish:
-        description: 'Run the publish jobs vs just the build jobs'
-        type: boolean
-        default: false
-
-permissions: {}
-
-jobs:
-  checkout-windows:
-    runs-on: electron-arc-centralus-linux-amd64-32core
-    permissions:
-      contents: read
-    container:
-      image: ghcr.io/electron/build:${{ inputs.build-image-sha }}
-      options: --user root --device /dev/fuse --cap-add SYS_ADMIN
-      volumes:
-        - /mnt/win-cache:/mnt/win-cache
-        - /var/run/sas:/var/run/sas
-    env:
-      CHROMIUM_GIT_COOKIE_WINDOWS_STRING: ${{ secrets.CHROMIUM_GIT_COOKIE_WINDOWS_STRING }}
-      GCLIENT_EXTRA_ARGS: '--custom-var=checkout_win=True'
-      TARGET_OS: 'win'
-      ELECTRON_DEPOT_TOOLS_WIN_TOOLCHAIN: '1'
-    outputs:
-      build-image-sha: ${{ inputs.build-image-sha }}
-    steps:
-    - name: Checkout Electron
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      with:
-        path: src/electron
-        fetch-depth: 0
-    - name: Checkout & Sync & Save
-      uses: ./src/electron/.github/actions/checkout
-      with:
-        generate-sas-token: 'true'
-        target-platform: win
-
-  # Build the patched siso binary in parallel with checkout-windows; the
-  # publish-*-win jobs consume it via SISO_PATH.
-  build-siso-windows:
-    if: github.repository == 'electron/electron'
-    uses: ./.github/workflows/pipeline-segment-build-siso-windows.yml
-    permissions:
-      contents: read
-
-  publish-x64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: [checkout-windows, build-siso-windows]
-    with:
-      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      target-platform: win
-      target-arch: x64
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-arm64-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: [checkout-windows, build-siso-windows]
-    with:
-      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      target-platform: win
-      target-arch: arm64
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit
-
-  publish-x86-win:
-    uses: ./.github/workflows/pipeline-segment-electron-publish.yml
-    permissions:
-      artifact-metadata: write
-      attestations: write
-      contents: read
-      id-token: write
-    needs: [checkout-windows, build-siso-windows]
-    with:
-      environment: production-release
-      build-runs-on: electron-arc-centralus-windows-amd64-16core
-      target-platform: win
-      target-arch: x86
-      is-release: true
-      gn-build-type: release
-      generate-symbols: true
-      upload-to-storage: ${{ inputs.upload-to-storage }}
-    secrets: inherit

.gitignore

@@ -42,17 +42,15 @@ spec/.hash
 
 # Generated native addon files
 /spec/fixtures/native-addon/echo/build/
-/spec/fixtures/native-addon/dialog-helper/build/
 
 # If someone runs tsc this is where stuff will end up
 ts-gen
 
 # Used to accelerate CI builds
 .depshash
+.depshash-target
 
 # Used to accelerate builds after sync
 patches/mtime-cache.json
 
 spec/fixtures/logo.png
-
-.yarn/install-state.gz