Github workflows for release

.github/CODEOWNERS

@@ -0,0 +1,5 @@
+# Lines starting with '#' are comments.
+# Each line is a file pattern followed by one or more owners.
+
+*                                    @MetaMask/engineering
+*                                    @MetaMask/delegation

.github/ISSUE_TEMPLATE/feature.md

@@ -0,0 +1,39 @@
+---
+name: Feature
+about: For new features
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+### **Description**
+
+Describe the task. What does this aim to implement?
+
+### **Technical Details**
+
+-   Implementation details
+-   Insight to what needs to be done
+-   Etc.
+
+### **Acceptance Criteria**
+
+-   Are metrics required?
+-   Are translations required?
+-   Cases to satisfy
+-   XYZ should work
+-   Etc.
+
+Scenario: xxxx
+- GIVEN a user is in x state
+- WHEN a user does x
+- AND a user does x
+- THEN x should occur
+
+### **References**
+
+-   References go here.
+-   Issue numbers. Links.
+-   Slack threads.
+-   Etc.

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'daily'
+      time: '06:00'
+    allow:
+      - dependency-name: '@metamask/*'
+    target-branch: 'main'
+    versioning-strategy: 'increase-if-necessary'
+    open-pull-requests-limit: 10

.github/issue_template.md

@@ -0,0 +1,30 @@
+### **Description**
+
+Describe the task. What does this aim to implement?
+
+### **Technical Details**
+
+-   Implementation details
+-   Insight to what needs to be done
+-   Etc.
+
+### **Acceptance Criteria**
+
+-   Are metrics required?
+-   Are translations required?
+-   Cases to satisfy
+-   XYZ should work
+-   Etc.
+
+Scenario: xxxx
+- GIVEN a user is in x state
+- WHEN a user does x
+- AND a user does x
+- THEN x should occur
+
+### **References**
+
+-   References go here.
+-   Issue numbers. Links.
+-   Slack threads.
+-   Etc.

.github/pull_request_template.md

@@ -0,0 +1,11 @@
+### **What?**
+
+- 
+
+### **Why?**
+
+- 
+
+### **How?**
+
+- 

.github/workflows/build-lint-test.yml

@@ -0,0 +1,53 @@
+name: Build, Lint, and Test
+
+on:
+  workflow_call:
+    inputs:
+      NPM_REGISTRY_NAME:
+        type: string
+        default: '@metamask'
+      NPM_REGISTRY_URL:
+        type: string
+        required: false
+        default: 'https://registry.npmjs.org'
+      NPM_CLIENT:
+        type: string
+        default: 'yarn'
+
+jobs:
+  pipeline:
+    name: Turbo Pipeline
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18.x, 22.x]
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: false
+          cache-node-modules: ${{ matrix.node-version == '22.x' }}
+          submodules: 'recursive'
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'yarn'
+
+      - name: Install npm dependencies
+        run: yarn install
+
+      - name: Run build
+        run: yarn build
+
+      - name: Run lint
+        run: yarn lint
+
+      - name: Require clean working directory
+        shell: bash
+        run: |
+          if ! git diff --exit-code; then
+            echo "Working tree dirty at end of job"
+            exit 1
+          fi

.github/workflows/main.yml

@@ -0,0 +1,91 @@
+name: Main
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+
+jobs:
+  check-workflows:
+    name: Check workflows
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: false
+      - name: Download actionlint
+        id: download-actionlint
+        run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash) 1.6.23
+        shell: bash
+      - name: Check workflow files
+        run: ${{ steps.download-actionlint.outputs.executable }} -color
+        shell: bash
+
+  analyse-code:
+    name: Code scanner
+    needs: check-workflows
+    uses: ./.github/workflows/security-code-scanner.yml
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    secrets:
+      SECURITY_SCAN_METRICS_TOKEN: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
+      APPSEC_BOT_SLACK_WEBHOOK: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}
+
+  build-lint-test:
+    name: Build, lint, and test
+    uses: ./.github/workflows/build-lint-test.yml
+
+  all-jobs-completed:
+    name: All jobs completed
+    runs-on: ubuntu-latest
+    needs:
+      - check-workflows
+      - analyse-code
+      - build-lint-test
+    outputs:
+      PASSED: ${{ steps.set-output.outputs.PASSED }}
+    steps:
+      - name: Set PASSED output
+        id: set-output
+        run: echo "PASSED=true" >> "$GITHUB_OUTPUT"
+
+  all-jobs-pass:
+    name: All jobs pass
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    needs: all-jobs-completed
+    steps:
+      - name: Check that all jobs have passed
+        run: |
+          passed="${{ needs.all-jobs-completed.outputs.PASSED }}"
+          if [[ $passed != "true" ]]; then
+            exit 1
+          fi
+
+  is-release:
+    name: Determine whether this is a release merge commit
+    needs: all-jobs-pass
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    outputs:
+      IS_RELEASE: ${{ steps.is-release.outputs.IS_RELEASE }}
+    steps:
+      - id: is-release
+        uses: MetaMask/action-is-release@v2
+        with:
+          commit-starts-with: 'Release [version],Release v[version],Release/[version],Release/v[version],Release `[version]`'
+
+
+  publish-release:
+    needs: is-release
+    if: needs.is-release.outputs.IS_RELEASE == 'true'
+    name: Publish release
+    permissions:
+      contents: write
+    uses: ./.github/workflows/publish-release.yml
+    secrets:
+      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/publish-release.yml

@@ -0,0 +1,75 @@
+name: Publish Release
+
+on:
+  workflow_call:
+    secrets:
+      NPM_TOKEN:
+        required: true
+      SLACK_WEBHOOK_URL:
+        required: true
+
+jobs:
+  publish-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: true
+      - run: yarn build:cli
+      - uses: MetaMask/action-publish-release@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: publish-release-artifacts-${{ github.sha }}
+          retention-days: 4
+          include-hidden-files: true
+          path: |
+            ./packages/**/dist
+
+  publish-npm-dry-run:
+    runs-on: ubuntu-latest
+    needs: publish-release
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: true
+      - name: Restore build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: publish-release-artifacts-${{ github.sha }}
+          path: ./packages
+      - name: Dry Run Publish
+        # omit npm-token token to perform dry run publish
+        uses: MetaMask/action-npm-publish@v5
+        with:
+          slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          subteam: S042S7RE4AE # @metamask-npm-publishers
+        env:
+          SKIP_PREPACK: true
+
+  publish-npm:
+    environment: npm-publish
+    runs-on: ubuntu-latest
+    needs: publish-npm-dry-run
+    steps:
+      - name: Checkout and setup environment
+        uses: MetaMask/action-checkout-and-setup@v1
+        with:
+          is-high-risk-environment: true
+      - name: Restore build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: publish-release-artifacts-${{ github.sha }}
+          path: ./packages
+      - name: Publish
+        uses: MetaMask/action-npm-publish@v5
+        with:
+          npm-token: ${{ secrets.NPM_TOKEN }}
+        env:
+          SKIP_PREPACK: true

.github/workflows/security-code-scanner.yml

@@ -0,0 +1,34 @@
+name: MetaMask Security Code Scanner
+
+on:
+  workflow_call:
+    secrets:
+      SECURITY_SCAN_METRICS_TOKEN:
+        required: false
+      APPSEC_BOT_SLACK_WEBHOOK:
+        required: false
+  workflow_dispatch:
+
+jobs:
+  run-security-scan:
+    name: Run security scan
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Analyse code
+        uses: MetaMask/action-security-code-scanner@v1
+        with:
+          repo: ${{ github.repository }}
+          paths_ignored: |
+            '**/jest.config.js'
+            '**/jest.environment.js'
+            '**/mocks/'
+            '**/test/'
+            'node_modules'
+            'packages/delegator-e2e'
+          rules_excluded: example
+          project_metrics_token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
+          slack_webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}

.nvmrc

@@ -0,0 +1 @@
+v22.12.0

.prettierignore

@@ -0,0 +1,5 @@
+node_modules
+dist
+lib
+cache
+.github

.prettierrc

@@ -0,0 +1,6 @@
+{
+  "quoteProps": "as-needed",
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "all"
+}