chore: workflow update, re-enable yarn hardened mode

.github/workflows/contracts-testing.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@v2.10.1
+      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
       with:
         disable-sudo: true
         egress-policy: block
@@ -68,9 +68,7 @@ jobs:
           ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-
 
     - name: Install contracts dependencies
-      run: |
-        # TODO: re-enable hardened mode once the kleros-app resolution is fixed
-        YARN_ENABLE_HARDENED_MODE=0 yarn workspace @kleros/kleros-v2-contracts install
+      run: yarn workspace @kleros/kleros-v2-contracts install
 
     - name: Install Foundry
       uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0

.github/workflows/sentry-release.yml

@@ -17,55 +17,62 @@ jobs:
       version: ${{ steps.set-version.outputs.version }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.5.0
+      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
       with:
         disable-sudo: true
         egress-policy: block
         allowed-endpoints: >
           binaries.soliditylang.org:443
+          classic.yarnpkg.com:443
           github.com:443
+          nightly.yarnpkg.com:443
           nodejs.org:443
+          objects.githubusercontent.com:443
           registry.yarnpkg.com:443
-          sentry.io:443
+          registry.npmjs.org:443
           54.185.253.63:443
+          sentry.io:443
 
-    - uses: actions/checkout@7739b9ba2efcda9dde65ad1e3c2dbe65b41dfba7
-
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        submodules: recursive
+
+    - name: Set up corepack (for yarn)
+      run: |
+        corepack enable
+        corepack prepare yarn@4.5.1 --activate
+        yarn set version 4.5.1
+
+    - name: Setup Node.js environment
+      uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+      with:
+        node-version: 20.x   
+        cache: yarn
+
     - name: Cache node modules
-      uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       env:
         cache-name: cache-node-modules
       with:
         path: | 
           ~/.npm
           **/node_modules
-        key: |
-          ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
+        key: ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}
         restore-keys: |
           ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-
-
-    - name: Set up Node.js
-      uses: actions/setup-node@2a017f350dbf6c4b6bb4508cc83809719115162e
-      with:
-        node-version: 16
-
-    - name: Install dependencies
-      run: |
-        yarn workspace @kleros/kleros-v2-contracts install
-        yarn workspace @kleros/kleros-v2-web install
 
-    - name: Build
+    - name: Install dependencies and build
       run: |
-        yarn workspace @kleros/kleros-v2-contracts build
-        yarn workspace @kleros/kleros-v2-web build
+        . web/.env.mainnet-neo.public
+        yarn build:web:ci
 
     - name: Set version
       id: set-version
       run: echo "version=v$(cat package.json | jq -r .version)-$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
       working-directory: web
 
     - name: Create Sentry release
-      uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7 # v1.4.1
+      uses: getsentry/action-release@v1
       env:
         SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
         SENTRY_ORG: ${{ secrets.SENTRY_ORG }}