chore!: Checkout action using action_ref

.github/actions/changelog-check/action.yml

@@ -0,0 +1,102 @@
+name: Check Changelog
+
+inputs:
+  base-branch:
+    description: 'The base branch to compare against'
+    required: false
+    default: 'main'
+  head-ref:
+    description: 'The head ref to check out'
+    required: true
+  labels:
+    description: 'JSON string of PR labels'
+    required: true
+  pr-number:
+    description: 'The pull request number'
+    required: true
+  repo:
+    description: 'The repository to check'
+    required: true
+  github-tools-repository:
+    description: 'The GitHub repository containing the GitHub tools'
+    required: false
+    default: ${{ github.action_repository }}
+  github-tools-ref:
+    description: 'The SHA of the action to use'
+    required: false
+    default: ${{ github.action_ref }}
+
+runs:
+  using: composite
+  steps:
+    - name: Check PR Labels
+      id: label-check
+      env:
+        PR_LABELS: ${{ inputs.labels }}
+      run: |
+        if echo "$PR_LABELS" | jq -e '.[] | select(.name == "no-changelog")' > /dev/null; then
+          echo "no-changelog label found, skipping changelog check."
+          echo "skip_check=true" >> "$GITHUB_OUTPUT"
+        else
+          echo "No no-changelog label found, proceeding with check."
+          echo "skip_check=false" >> "$GITHUB_OUTPUT"
+        fi
+      shell: bash
+
+    - name: Check out target repository
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.repo }}
+        ref: ${{ inputs.head-ref }}
+        path: target-repo
+        fetch-depth: 0
+
+    - name: Debug log
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      env:
+        ACTION_REPOSITORY: ${{ inputs.github-tools-repository }}
+        ACTION_REF: ${{ inputs.github-tools-ref }}
+      run: |
+          echo "ACTION_REPOSITORY: $ACTION_REPOSITORY"
+          echo "ACTION_REF: $ACTION_REF"
+      shell: bash
+
+    - name: Checkout GitHub tools repository
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      uses: actions/checkout@v5
+      with:
+        repository: ${{ inputs.github-tools-repository }}
+        ref: ${{ inputs.github-tools-ref }}
+        path: ./.github-tools
+
+    - name: Enable Corepack
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      run: corepack enable
+      shell: bash
+      working-directory: ./.github-tools
+
+    - name: Set up Node.js
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      uses: actions/setup-node@v4
+      with:
+        node-version-file: ./.github-tools/.nvmrc
+        cache-dependency-path: ./.github-tools/yarn.lock
+        cache: yarn
+
+    - name: Install dependencies
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      run: yarn --immutable
+      shell: bash
+      working-directory: ./.github-tools
+
+    - name: Check Changelog
+      if: ${{ steps.label-check.outputs.skip_check != 'true' }}
+      id: changelog-check
+      shell: bash
+      working-directory: ./.github-tools
+      env:
+        BASE_BRANCH: ${{ inputs.base-branch }}
+        PR_NUMBER: ${{ inputs.pr-number }}
+      run: |
+        yarn run changelog:check ../target-repo "$BASE_BRANCH" "$PR_NUMBER"

.github/actions/setup-e2e-env/action.yml

@@ -89,6 +89,13 @@ runs:
     - run: echo "Setup E2E Environment started"
       shell: bash
 
+    - name: Checkout GitHub tools repository
+      uses: actions/checkout@v5
+      with:
+        repository: ${{ github.action_repository }}
+        ref: ${{ github.action_ref }}
+        path: ./.github-tools
+
     ## Android Setup (early for fail-fast) ##
 
     # Set Android environment variables (self-hosted runner has SDK pre-installed)
@@ -101,7 +108,7 @@ runs:
 
     - name: Configure Android Signing Certificates
       if: ${{ inputs.platform == 'android' && inputs.configure-keystores == 'true' }}
-      uses: MetaMask/github-tools/.github/actions/configure-keystore@0259e8a920318b02a8860e178d79796eaa08de02
+      uses: ./.github-tools/.github/actions/configure-keystore
       with:
         aws-role-to-assume: ${{ inputs.keystore-role-to-assume }}
         aws-region: 'us-east-2'
@@ -178,7 +185,7 @@ runs:
 
     - name: Configure iOS Signing Certificates
       if: ${{ inputs.platform == 'ios' && inputs.configure-keystores == 'true' }}
-      uses: MetaMask/github-tools/.github/actions/configure-keystore@0259e8a920318b02a8860e178d79796eaa08de02
+      uses: ./.github-tools/.github/actions/configure-keystore
       with:
         aws-role-to-assume: ${{ inputs.keystore-role-to-assume }}
         aws-region: 'us-east-2'

.github/scripts/create-platform-release-pr.sh

@@ -239,7 +239,7 @@ create_release_pr() {
 
     # Version Updates
     echo "Running version update scripts.."
-    ./github-tools/.github/scripts/set-semvar-version.sh "${new_version}" "${platform}"
+    ./.github-tools/.github/scripts/set-semvar-version.sh "${new_version}" "${platform}"
 
     # Commit Changes
     local changed_files
@@ -273,42 +273,42 @@ create_release_pr() {
     # Prepare release PR body with team sign-off checklist
     local release_body="# 🚀 v${new_version} Testing & Release Quality Process
 
-Hi Team,  
+Hi Team,
 As part of our new **MetaMask Release Quality Process**, here’s a quick overview of the key processes, testing strategies, and milestones to ensure a smooth and high-quality deployment.
 
 ---
 
 ## 📋 Key Processes
 
 ### Testing Strategy
-- **Developer Teams:**  
-  Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows.  
-- **QA Team:**  
-  Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing.  
-- **Customer Success Team:**  
+- **Developer Teams:**
+  Conduct regression and exploratory testing for your functional areas, including automated and manual tests for critical workflows.
+- **QA Team:**
+  Focus on exploratory testing across the wallet, prioritize high-impact areas, and triage any Sentry errors found during testing.
+- **Customer Success Team:**
   Validate new functionalities and provide feedback to support release monitoring.
 
 ### GitHub Signoff
-- Each team must **sign off on the Release Candidate (RC)** via GitHub by the end of the validation timeline (**Tuesday EOD PT**).  
+- Each team must **sign off on the Release Candidate (RC)** via GitHub by the end of the validation timeline (**Tuesday EOD PT**).
 - Ensure all tests outlined in the Testing Plan are executed, and any identified issues are addressed.
 
 ### Issue Resolution
-- **Resolve all Release Blockers** (Sev0 and Sev1) by **Tuesday EOD PT**.  
+- **Resolve all Release Blockers** (Sev0 and Sev1) by **Tuesday EOD PT**.
 - For unresolved blockers, PRs may be reverted, or feature flags disabled to maintain release quality and timelines.
 
 ### Cherry-Picking Criteria
-- Only **critical fixes** meeting outlined criteria will be cherry-picked.  
+- Only **critical fixes** meeting outlined criteria will be cherry-picked.
 - Developers must ensure these fixes are thoroughly reviewed, tested, and merged by **Tuesday EOD PT**.
 
 ---
 
 ## 🗓️ Timeline and Milestones
 
-1. **Today (Friday):** Begin Release Candidate validation.  
-2. **Tuesday EOD PT:** Finalize RC with all fixes and cherry-picks.  
-3. **Wednesday:** Buffer day for final checks.  
-4. **Thursday:** Submit release to app stores and begin rollout to 1% of users.  
-5. **Monday:** Scale deployment to 10%.  
+1. **Today (Friday):** Begin Release Candidate validation.
+2. **Tuesday EOD PT:** Finalize RC with all fixes and cherry-picks.
+3. **Wednesday:** Buffer day for final checks.
+4. **Thursday:** Submit release to app stores and begin rollout to 1% of users.
+5. **Monday:** Scale deployment to 10%.
 6. **Tuesday:** Full rollout to 100%.
 
 ---
@@ -320,9 +320,9 @@ Each team is responsible for signing off via GitHub. Use the checkbox below to t
 # Team sign-off checklist
 - [ ] ${platform_team_name}
 
-This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀  
+This process is a major step forward in ensuring release stability and quality. Let’s stay aligned and make this release a success! 🚀
 
-Feel free to reach out if you have questions or need clarification. 
+Feel free to reach out if you have questions or need clarification.
 
 Many thanks in advance
 
@@ -381,8 +381,8 @@ create_changelog_pr() {
         echo "Previous version is not a recognized release branch pattern. Treating as tag or SHA: ${previous_version_ref}"
       fi
 
-      # Switch to github-tools directory
-      cd ./github-tools/
+      # Switch to .github-tools directory
+      cd ./.github-tools/
       ls -ltra
       corepack prepare yarn@4.5.1 --activate
       # This can't be done from the actions context layer due to the upstream repository having it's own context set with yarn
@@ -401,7 +401,7 @@ create_changelog_pr() {
     #   # Create a new Release Sheet Page for the new version with our commits.csv content
     #   yarn run update-release-sheet "${platform}" "${new_version}" "${GOOGLE_DOCUMENT_ID}" "./commits.csv" "${PROJECT_GIT_DIR}" "${MOBILE_TEMPLATE_SHEET_ID}" "${EXTENSION_TEMPLATE_SHEET_ID}"
     # fi
-    # Note: Only change directories when we actually entered ./github-tools/
+    # Note: Only change directories when we actually entered ./.github-tools/
 
     # Commit and Push Changelog Changes (exclude commits.csv)
     echo "Adding and committing changes.."
@@ -441,7 +441,7 @@ create_version_bump_pr() {
 
     # Update version files on main branch
     echo "Running version update scripts for ${main_branch} branch.."
-    ./github-tools/.github/scripts/set-semvar-version.sh "${next_version}" "${platform}"
+    ./.github-tools/.github/scripts/set-semvar-version.sh "${next_version}" "${platform}"
 
     # Commit version bump changes
     echo "Committing version bump changes.."

.github/scripts/tests/test-create-platform-release-pr-full.sh

@@ -81,12 +81,12 @@ ls() { echo "MOCK: ls $*"; return 0; }
 pwd() { echo "/mock/directory"; return 0; }
 
 # Create mock version script
-mkdir -p ./github-tools/.github/scripts/
-cat > ./github-tools/.github/scripts/set-semvar-version.sh << 'EOF'
+mkdir -p ./.github-tools/.github/scripts/
+cat > ./.github-tools/.github/scripts/set-semvar-version.sh << 'EOF'
 #!/usr/bin/env bash
 echo "MOCK: Version script - Setting $2 to version $1"
 EOF
-chmod +x ./github-tools/.github/scripts/set-semvar-version.sh
+chmod +x ./.github-tools/.github/scripts/set-semvar-version.sh
 
 # Export all mocks
 export -f git gh npx yarn corepack cd ls pwd
@@ -176,7 +176,7 @@ echo "Test version bump: $(get_version_bump_branch_name "2.1.0")"
 echo ""
 echo "5️⃣  CLEANUP"
 echo "==========="
-rm -rf ./github-tools/
+rm -rf ./.github-tools/
 echo "✅ Cleaned up mock files"
 
 echo ""

.github/workflows/changelog-check.yml

@@ -56,13 +56,13 @@ jobs:
           path: target-repo
           fetch-depth: 0
 
-      - name: Checkout github-tools repository
+      - name: Checkout GitHub tools repository
         if: ${{ steps.label-check.outputs.skip_check != 'true' }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
-          repository: MetaMask/github-tools
-          ref: ${{ inputs.action-sha }}
-          path: github-tools
+          repository: ${{ github.action_repository }}
+          ref: ${{ github.action_ref }}
+          path: ./.github-tools
 
       - name: Enable Corepack
         if: ${{ steps.label-check.outputs.skip_check != 'true' }}
@@ -73,21 +73,21 @@ jobs:
         if: ${{ steps.label-check.outputs.skip_check != 'true' }}
         uses: actions/setup-node@v4
         with:
-          node-version-file: ./github-tools/.nvmrc
-          cache-dependency-path: ./github-tools/yarn.lock
+          node-version-file: ./.github-tools/.nvmrc
+          cache-dependency-path: ./.github-tools/yarn.lock
           cache: yarn
 
       - name: Install dependencies
         if: ${{ steps.label-check.outputs.skip_check != 'true' }}
         run: yarn --immutable
         shell: bash
-        working-directory: ./github-tools
+        working-directory: ./.github-tools
 
       - name: Check Changelog
         if: ${{ steps.label-check.outputs.skip_check != 'true' }}
         id: changelog-check
         shell: bash
-        working-directory: ./github-tools
+        working-directory: ./.github-tools
         env:
           BASE_BRANCH: ${{ inputs.base-branch || 'main' }}
           PR_NUMBER: ${{ inputs.pr-number }}

.github/workflows/create-release-pr.yml

@@ -49,10 +49,6 @@ on:
         required: true
         type: string
         description: 'The platform for which the release PR is being created.'
-      github-tools-version:
-        type: string
-        description: 'The version of github-tools to use. Defaults to main.'
-        default: 'main'
       git-user-name:
         type: string
         description: 'Git user name for commits. Defaults to metamaskbot.'
@@ -86,16 +82,16 @@ jobs:
           token: ${{ secrets.github-token }}
 
       # Step 2: Checkout github-tools repository
-      - name: Checkout github-tools repository
-        uses: actions/checkout@v4
+      - name: Checkout GitHub tools repository
+        uses: actions/checkout@v5
         with:
-          repository: MetaMask/github-tools
-          ref: ${{ inputs.github-tools-version }}
-          path: github-tools
+          repository: ${{ github.action_repository }}
+          ref: ${{ github.action_ref }}
+          path: ./.github-tools
 
       # Step 3: Setup environment from github-tools
       - name: Checkout and setup environment
-        uses: ./github-tools/.github/actions/checkout-and-setup
+        uses: ./.github-tools/.github/actions/checkout-and-setup
         with:
           is-high-risk-environment: true
 
@@ -112,7 +108,6 @@ jobs:
           MOBILE_TEMPLATE_SHEET_ID: ${{ inputs.mobile-template-sheet-id }}
           EXTENSION_TEMPLATE_SHEET_ID: ${{ inputs.extension-template-sheet-id }}
           RELEASE_SHEET_GOOGLE_DOCUMENT_ID: ${{ inputs.release-sheet-google-document-id }}
-          GITHUB_TOOLS_VERSION: ${{ inputs.github-tools-version }}
           GIT_USER_NAME: ${{ inputs.git-user-name }}
           GIT_USER_EMAIL: ${{ inputs.git-user-email }}
         run: |
@@ -130,7 +125,6 @@ jobs:
           echo "Mobile Template Sheet ID: $MOBILE_TEMPLATE_SHEET_ID"
           echo "Extension Template Sheet ID: $EXTENSION_TEMPLATE_SHEET_ID"
           echo "Release Sheet Google Document ID: $RELEASE_SHEET_GOOGLE_DOCUMENT_ID"
-          echo "GitHub Tools Version: $GITHUB_TOOLS_VERSION"
           echo "Git User Name: $GIT_USER_NAME"
           echo "Git User Email: $GIT_USER_EMAIL"
           echo "-------------"
@@ -158,7 +152,7 @@ jobs:
         working-directory: ${{ github.workspace }}
         run: |
           # Execute the script from github-tools
-          ./github-tools/.github/scripts/create-platform-release-pr.sh \
+          ./.github-tools/.github/scripts/create-platform-release-pr.sh \
             "$PLATFORM" \
             "$PREVIOUS_VERSION_REF" \
             "$SEMVER_VERSION" \