fix: cp-13.16.0 Add missing environment variables in lavamoat workflows #36962
+29,811
−12,986
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… workflow (#36942) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> Declares environment variables in `builds.yml` that are required for the `validate-lavamoat-policies` workflow to run successfully. [](https://codespaces.new/MetaMask/metamask-extension/pull/36942?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds per-environment INFURA, Segment, Google, and Apple OAuth env vars to builds.yml for workflow compatibility. > > - **Build config (`builds.yml`)**: > - Add per-environment INFURA project IDs: `INFURA_PROD_PROJECT_ID`, `INFURA_BETA_PROJECT_ID`, `INFURA_FLASK_PROJECT_ID`, `INFURA_EXPERIMENTAL_PROJECT_ID`. > - Add per-environment Segment write keys: `SEGMENT_PROD_WRITE_KEY`, `SEGMENT_BETA_WRITE_KEY`, `SEGMENT_FLASK_WRITE_KEY`, `SEGMENT_EXPERIMENTAL_WRITE_KEY`. > - Add per-environment OAuth client IDs: > - Google: `GOOGLE_PROD_CLIENT_ID`, `GOOGLE_BETA_CLIENT_ID`, `GOOGLE_FLASK_CLIENT_ID`, `GOOGLE_EXPERIMENTAL_CLIENT_ID`. > - Apple: `APPLE_PROD_CLIENT_ID`, `APPLE_BETA_CLIENT_ID`, `APPLE_FLASK_CLIENT_ID`, `APPLE_EXPERIMENTAL_CLIENT_ID`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 707f704. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
…roment variables (#36945) <!-- Please submit this PR as a draft initially. Do not mark it as "Ready for review" until the template has been completely filled out, and PR status checks have passed at least once. --> ## **Description** <!-- Write a short description of the changes included in this pull request, also include relevant motivation and context. Have in mind the following questions: 1. What is the reason for the change? 2. What is the improvement/solution? --> [](https://codespaces.new/MetaMask/metamask-extension/pull/36945?quickstart=1) ## **Changelog** <!-- If this PR is not End-User-Facing and should not show up in the CHANGELOG, you can choose to either: 1. Write `CHANGELOG entry: null` 2. Label with `no-changelog` If this PR is End-User-Facing, please write a short User-Facing description in the past tense like: `CHANGELOG entry: Added a new tab for users to see their NFTs` `CHANGELOG entry: Fixed a bug that was causing some NFTs to flicker` (This helps the Release Engineer do their job more quickly and accurately) --> CHANGELOG entry: null ## **Related issues** Fixes: ## **Manual testing steps** 1. Go to this page... 2. 3. ## **Screenshots/Recordings** <!-- If applicable, add screenshots and/or recordings to visualize the before and after of your change. --> ### **Before** <!-- [screenshots/recordings] --> ### **After** <!-- [screenshots/recordings] --> ## **Pre-merge author checklist** - [ ] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [ ] I've completed the PR template to the best of my ability - [ ] I’ve included tests if applicable - [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [ ] I’ve applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Removes default empty-string values for Segment write keys and Google/Apple OAuth client IDs, declaring them as required env vars instead. > > - **Build config (`builds.yml`)**: > - **Env var declarations**: > - `SEGMENT_PROD_WRITE_KEY`, `SEGMENT_BETA_WRITE_KEY`, `SEGMENT_FLASK_WRITE_KEY`, `SEGMENT_EXPERIMENTAL_WRITE_KEY` changed from `''` defaults to declarations. > - `GOOGLE_PROD_CLIENT_ID`, `GOOGLE_BETA_CLIENT_ID`, `GOOGLE_FLASK_CLIENT_ID`, `GOOGLE_EXPERIMENTAL_CLIENT_ID` changed from `''` defaults to declarations. > - `APPLE_PROD_CLIENT_ID`, `APPLE_BETA_CLIENT_ID`, `APPLE_FLASK_CLIENT_ID`, `APPLE_EXPERIMENTAL_CLIENT_ID` changed from `''` defaults to declarations. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit f20db36. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
This PR updates the change log for 13.6.0. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Adds the 13.6.0 section to CHANGELOG with key additions/fixes and updates comparison links. > > - **CHANGELOG**: > - Add `13.6.0` release notes with highlights: > - Real-time balance updates via integrated WebSocket and account activity services (feature-flagged). > - Expanded Bitcoin support (feature flag, BIP44 accounts, Bridge support, BTC assets labeling; v1.3.0). > - Shield subscription enhancements (entry modal integration, new durations, error toasts, eligibility checks, coverage UI). > - UI/components: add funds modal, new toast, file upload, skeleton loaders; network and token logos. > - Localization: add Irish (Gaeilge). > - Various fixes and performance improvements (token duplication, ENS content hash resolution, Solana provider interactions, shield controller patching). > - Update links: set `[Unreleased]` to compare from `v13.6.0` and add `[13.6.0]` compare URL. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 193b781. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: metamaskbot <metamaskbot@users.noreply.github.com> Co-authored-by: Gauthier Petetin <gauthierpetetin@hotmail.com>
Contributor
|
CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes. |
MajorLift
force-pushed
the
jongsun/fix/251017-validate-lavamoat-policy-env-vars
branch
from
e52e5ad to
8f7d77b
Compare
Collaborator
📊 Page Load Benchmark ResultsCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Results generated automatically by MetaMask CI |
Collaborator
Builds ready [8f7d77b]
UI Startup Metrics (1323 ± 90 ms)
|
…ips, and popovers positioning cp-13.6.0 (#36973) - fix: Popper.js used for dropdowns, tooltips, and popovers positioning cp-13.6.0 (#36967) ## **Description** This PR fixes an issue where Popper.js(used for dropdowns, tooltips, and popovers) fails to access `window.devicePixelRatio` in production builds due to LavaMoat scuttling. The issue was introduced by a recent @popperjs/core update in [PR #36557](https://github.com/MetaMask/metamask-extension/pull/36557/files#diff-51e4f558fae534656963876761c95b83b6ef5da5103c4adef6768219ed76c2deR9408). The problem stems from [this upstream change in floating-ui](floating-ui/floating-ui#2229) which modified how Popper.js accesses the window object. - Popper.js now gets a reference to the real window via a DOM node rather than using the global window supplied to the LavaMoat compartment - LavaMoat's scuttling removes `devicePixelRatio` from the real global window object for security - The LavaMoat policy grants compartments access to specified globals, but Popper.js is trying to access them from the wrong window context - The upstream change was intended to handle iframe scenarios (pages with iframes where popovers from inside iframes render outside) Two approaches were considered: 1. **Patching Popper.js** - Would require ongoing maintenance with library updates 2. **Adding scuttling exception** - Simpler, more maintainable approach that follows existing patterns This solution was reached through collaborative investigation by @markstacey and @davidmurdoch, who identified the root cause, evaluated multiple approaches, and confirmed that the scuttling exception approach works effectively https://consensys.slack.com/archives/CTQAGKY5V/p1760559149075479 🙏 [](https://codespaces.new/MetaMask/metamask-extension/pull/36967?quickstart=1) ## **Changelog** CHANGELOG entry: null ## **Related issues** Fixes: #36951 Fixes: https://consensyssoftware.atlassian.net/browse/CEUX-468 ## **Manual testing steps** 1. Go to the latest build of the extension in this PR 2. Test UI components that use Popper.js: - Open dropdowns in the UI - Hover over elements that show tooltips - Test any popover menus 4. Verify that these components position correctly without console errors 5. Check browser developer tools for any `devicePixelRatio` related errors (should be none) ## **Screenshots/Recordings** ### **Before** Popper.js would fail to access devicePixelRatio in production builds causing positioning issues <img width="413" height="640" alt="Screenshot 2025-10-17 at 3 20 36 PM" src="https://github.com/user-attachments/assets/a04c16f2-7cdc-4b4b-b866-66917a2de87d" /> https://github.com/user-attachments/assets/91eb5594-1694-4718-804b-20613e6446bb ### **After** Popper.js components work correctly with proper positioning in all build types <img width="417" height="644" alt="Screenshot 2025-10-17 at 2 53 17 PM" src="https://github.com/user-attachments/assets/1bb75f03-a569-45f5-9da5-a6451fa33463" /> https://github.com/user-attachments/assets/2a2f13f1-a607-447b-bcf1-6631163f915c ## **Pre-merge author checklist** - [x] I've followed [MetaMask Contributor Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Extension Coding Standards](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/CODING_GUIDELINES.md). - [x] I've completed the PR template to the best of my ability - [x] I've included tests if applicable - [x] I've documented my code using [JSDoc](https://jsdoc.app/) format if applicable - [x] I've applied the right labels on the PR (see [labeling guidelines](https://github.com/MetaMask/metamask-extension/blob/main/.github/guidelines/LABELING_GUIDELINES.md)). Not required for external contributors. ## **Pre-merge reviewer checklist** - [ ] I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed). - [ ] I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Expose `devicePixelRatio` globally in LavaMoat scuttle exceptions (moved from test-only) to restore Popper-based positioning. > > - **Build/LavaMoat scuttling** (`development/build/index.js`): > - Add `devicePixelRatio` to global `scuttleGlobalThisExceptions` (for `@popperjs/core` and snap simple keyring site). > - Remove `devicePixelRatio` from test-only exceptions (`BUILD_TARGETS.TEST*`). > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 90342ac. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> [70832c2](70832c2) Co-authored-by: George Marshall <george.marshall@consensys.net>
MajorLift
force-pushed
the
jongsun/fix/251017-validate-lavamoat-policy-env-vars
branch
2 times, most recently
from
ff5a8d4 to
8818659
Compare
MajorLift
changed the title
Collaborator
📊 Page Load Benchmark ResultsCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Results generated automatically by MetaMask CI |
Collaborator
Builds ready [ff5a8d4]
UI Startup Metrics (1235 ± 79 ms)
|
MajorLift
force-pushed
the
jongsun/fix/251017-validate-lavamoat-policy-env-vars
branch
from
8818659 to
80ba6d5
Compare
Collaborator
📊 Page Load Benchmark ResultsCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Results generated automatically by MetaMask CI |
Collaborator
Builds ready [80ba6d5]
UI Startup Metrics (1215 ± 65 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Collaborator
|
❌ test-e2e-chrome-api-specs failed. View the html report here. |
Collaborator
📊 Page Load Benchmark ResultsCurrent Commit: 📄 Localhost MetaMask Test DappSamples: 100 Summary
📈 Detailed Results
Results generated automatically by MetaMask CI |
Collaborator
Builds ready [febe057]
UI Startup Metrics (1232 ± 64 ms)
Bundle size diffs [🚨 Warning! Bundle size has increased!]
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
](https://codespaces.new/MetaMask/metamask-extension/pull/36942?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/36945?quickstart=1){kind=link}
](https://codespaces.new/MetaMask/metamask-extension/pull/36967?quickstart=1){kind=link}
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fix this error:
Changelog
CHANGELOG entry: null
Related issues
Fixes:
Manual testing steps
Screenshots/Recordings
Before
After
Pre-merge author checklist
Pre-merge reviewer checklist