diff --git a/.github/actions/mobile-setup/action.yml b/.github/actions/mobile-setup/action.yml index 8af040ddf..c06757f13 100644 --- a/.github/actions/mobile-setup/action.yml +++ b/.github/actions/mobile-setup/action.yml @@ -62,7 +62,7 @@ runs: yarn set version 4.6.0 echo "📦 Installing JavaScript dependencies with strict lock file..." - if ! yarn install --immutable; then + if ! yarn install --immutable --inline-builds; then echo "" echo "❌ ERROR: yarn.lock is out of date!" echo "" diff --git a/.github/workflows/mobile-deploy.yml b/.github/workflows/mobile-deploy.yml index dca120497..4e56f1db3 100644 --- a/.github/workflows/mobile-deploy.yml +++ b/.github/workflows/mobile-deploy.yml @@ -162,19 +162,15 @@ jobs: echo "Xcode path:" xcode-select -p - - name: Cache Yarn dependencies + - name: Cache Yarn artifacts id: yarn-cache uses: ./.github/actions/cache-yarn with: path: | .yarn/cache - node_modules - ${{ env.APP_PATH }}/node_modules - key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}- - ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}- - ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}- + .yarn/install-state.gz + .yarn/unplugged + cache-version: ${{ env.GH_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-${{ hashFiles('.yarnrc.yml') }} - name: Cache Ruby gems id: gems-cache @@ -195,7 +191,7 @@ jobs: ${{ env.APP_PATH }}/ios/Pods ~/Library/Caches/CocoaPods lock-file: app/ios/Podfile.lock - cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.GH_PODS_CACHE_VERSION }}-${{ github.sha }} + cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.GH_PODS_CACHE_VERSION }} - name: Log cache status run: | @@ -204,6 +200,9 @@ jobs: echo "- Gems cache hit: ${{ steps.gems-cache.outputs.cache-hit }}" echo "- Pods cache hit: ${{ steps.pods-cache.outputs.cache-hit }}" + - name: Disable Yarn hardened mode + run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV + - name: Verify lock files are up to date run: | echo "🔍 Checking if lock files are in sync with dependency files..." @@ -702,19 +701,15 @@ jobs: echo "✅ Building from latest staging commit" fi - - name: Cache Yarn dependencies + - name: Cache Yarn artifacts id: yarn-cache uses: ./.github/actions/cache-yarn with: path: | .yarn/cache - node_modules - ${{ env.APP_PATH }}/node_modules - key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}- - ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}- - ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}- + .yarn/install-state.gz + .yarn/unplugged + cache-version: ${{ env.GH_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-${{ hashFiles('.yarnrc.yml') }} - name: Cache Ruby gems id: gems-cache @@ -731,14 +726,14 @@ jobs: id: gradle-cache uses: ./.github/actions/cache-gradle with: - cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.GH_GRADLE_CACHE_VERSION }}-${{ github.sha }} + cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.GH_GRADLE_CACHE_VERSION }} - name: Cache Android NDK id: ndk-cache uses: actions/cache@v4 with: path: ${{ env.ANDROID_SDK_ROOT }}/ndk/${{ env.ANDROID_NDK_VERSION }} - key: ${{ runner.os }}-ndk-${{ env.ANDROID_NDK_VERSION }}-${{ github.sha }} + key: ${{ runner.os }}-ndk-${{ env.ANDROID_NDK_VERSION }} - name: Log cache status run: | @@ -748,6 +743,9 @@ jobs: echo "- Gradle cache hit: ${{ steps.gradle-cache.outputs.cache-hit }}" echo "- NDK cache hit: ${{ steps.ndk-cache.outputs.cache-hit }}" + - name: Disable Yarn hardened mode + run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV + - name: Verify lock files are up to date run: | echo "🔍 Checking if lock files are in sync with dependency files..." diff --git a/.github/workflows/mobile-e2e.yml b/.github/workflows/mobile-e2e.yml index 364e5a90d..5dbadcab5 100644 --- a/.github/workflows/mobile-e2e.yml +++ b/.github/workflows/mobile-e2e.yml @@ -57,7 +57,14 @@ jobs: - name: Cache Yarn dependencies uses: ./.github/actions/cache-yarn with: - cache-version: ${{ env.GH_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }} + path: | + .yarn/cache + .yarn/install-state.gz + .yarn/unplugged + cache-version: ${{ env.GH_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-${{ hashFiles('.yarnrc.yml') }} + - name: Toggle Yarn hardened mode for trusted PRs + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false }} + run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV - run: yarn install --immutable --silent - name: Validate Maestro test file run: | @@ -162,7 +169,14 @@ jobs: - name: Cache Yarn dependencies uses: ./.github/actions/cache-yarn with: - cache-version: ${{ env.GH_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }} + path: | + .yarn/cache + .yarn/install-state.gz + .yarn/unplugged + cache-version: ${{ env.GH_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-${{ hashFiles('.yarnrc.yml') }} + - name: Toggle Yarn hardened mode for trusted PRs + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false }} + run: echo "YARN_ENABLE_HARDENED_MODE=0" >> $GITHUB_ENV - run: yarn install --immutable --silent - name: Validate Maestro test file run: | @@ -195,6 +209,12 @@ jobs: xcodebuild -version echo "Xcode path:" xcode-select -p + - name: Setup ccache + uses: hendrikmuhs/ccache-action@v1.2 + with: + key: ${{ github.job }}-${{ runner.os }} + - name: Add ccache to PATH + run: echo "/usr/local/opt/ccache/libexec" >> $GITHUB_PATH - name: Set up Ruby uses: ruby/setup-ruby@v1 with: @@ -212,10 +232,10 @@ jobs: uses: actions/cache@v4 with: path: app/ios/build - key: ${{ runner.os }}-derived-data-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock', 'app/ios/OpenPassport.xcworkspace/contents.xcworkspacedata', 'app/ios/Self.xcworkspace/contents.xcworkspacedata') }} + key: ${{ runner.os }}-derived-data-${{ env.GH_CACHE_VERSION }}-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock', 'yarn.lock') }} restore-keys: | - ${{ runner.os }}-derived-data-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock') }}- - ${{ runner.os }}-derived-data-${{ env.XCODE_VERSION }}- + ${{ runner.os }}-derived-data-${{ env.GH_CACHE_VERSION }}-${{ env.XCODE_VERSION }}- + ${{ runner.os }}-derived-data-${{ env.GH_CACHE_VERSION }}- - name: Verify iOS Runtime run: | echo "📱 Verifying iOS Runtime availability..."