Fixes for the immunify bounty + instant exit #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
env: | |
FOUNDRY_PROFILE: "ci" | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- "main" | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install | |
- name: Run solhint | |
run: yarn lint:check | |
- name: "Add lint summary" | |
run: | | |
echo "## Lint result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Compile foundry | |
run: yarn compile --sizes | |
- name: "Cache the build so that it can be re-used by the other jobs" | |
uses: "actions/cache/save@v3" | |
with: | |
key: "build-${{ github.sha }}" | |
path: | | |
cache-forge | |
out | |
- name: "Add build summary" | |
run: | | |
echo "## Build result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
test-unit: | |
needs: ["build", "lint"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
key: "build-${{ github.sha }}" | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Run Foundry tests | |
run: yarn test:unit | |
env: | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Add Unit Test Summary" | |
run: | | |
echo "## Unit test result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
test-invariant: | |
needs: ["build", "lint"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
key: "build-${{ github.sha }}" | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Run Foundry tests | |
run: yarn test:invariant | |
env: | |
FOUNDRY_INVARIANT_RUNS: "8" | |
FOUNDRY_INVARIANT_DEPTH: "256" | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Add Invariant Test Summary" | |
run: | | |
echo "## Invariant test result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
test-fuzz: | |
needs: ["build", "lint"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
key: "build-${{ github.sha }}" | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Run Foundry tests | |
run: npm run test:fuzz | |
env: | |
FOUNDRY_FUZZ_RUNS: "5000" | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Add Fuzz Test Summary" | |
run: | | |
echo "## Fuzz test result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
coverage: | |
needs: ["build", "lint"] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- name: "Install Foundry" | |
uses: "foundry-rs/foundry-toolchain@v1" | |
- name: "Install lcov" | |
run: "sudo apt-get install lcov" | |
- name: "Generate the coverage report using the unit and the integration tests" | |
run: "yarn ci:coverage" | |
- name: "Upload coverage report to Codecov" | |
uses: "codecov/codecov-action@v3" | |
with: | |
files: "./lcov.info" | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: "Add coverage summary" | |
run: | | |
echo "## Coverage result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY | |
slither-analyze: | |
needs: ["build", "lint"] | |
runs-on: "ubuntu-latest" | |
permissions: | |
actions: "read" | |
contents: "read" | |
security-events: "write" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Compile foundry | |
run: forge build --build-info --force | |
- name: "Run Slither analysis" | |
uses: "crytic/[email protected]" | |
id: slither | |
with: | |
fail-on: "none" | |
sarif: "results.sarif" | |
ignore-compile: true | |
- name: "Upload SARIF file to GitHub code scanning" | |
uses: "github/codeql-action/upload-sarif@v2" | |
with: | |
sarif_file: ${{ steps.slither.outputs.sarif }} | |
- name: "Add Slither summary" | |
run: | | |
echo "## Slither result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY |