fix: checkRoles #235
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
env: | |
FOUNDRY_PROFILE: "ci" | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- "main" | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
cache: "yarn" | |
- name: Setup repo | |
uses: ./.github/actions/setup-repo | |
with: | |
registry-token: ${{ secrets.GH_REGISTRY_ACCESS_TOKEN }} | |
- name: Install dependencies | |
run: yarn install | |
- name: Run solhint | |
run: yarn lint:check | |
- name: "Add lint summary" | |
run: | | |
echo "## Lint result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' # caching pip dependencies | |
- name: Install viper | |
shell: bash | |
run: pip install vyper==0.3.10 | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Setup repo | |
uses: ./.github/actions/setup-repo | |
with: | |
registry-token: ${{ secrets.GH_REGISTRY_ACCESS_TOKEN }} | |
- name: Compile foundry | |
run: yarn compile --sizes | |
- name: "Cache the build so that it can be re-used by the other jobs" | |
uses: "actions/cache/save@v3" | |
with: | |
key: "build-${{ github.sha }}" | |
path: | | |
cache-forge | |
out | |
node_modules | |
- name: "Add build summary" | |
run: | | |
echo "## Build result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
test-unit: | |
needs: ["build", "lint"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
node_modules | |
key: "build-${{ github.sha }}" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' # caching pip dependencies | |
- name: Install viper | |
shell: bash | |
run: pip install vyper==0.3.10 | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Run Foundry tests | |
run: yarn test:unit | |
env: | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Add Unit Test Summary" | |
run: | | |
echo "## Unit test result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
test-invariant: | |
needs: ["build", "lint"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
node_modules | |
key: "build-${{ github.sha }}" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' # caching pip dependencies | |
- name: Install viper | |
shell: bash | |
run: pip install vyper==0.3.10 | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Run Foundry tests | |
run: yarn test:invariant | |
env: | |
FOUNDRY_INVARIANT_RUNS: "8" | |
FOUNDRY_INVARIANT_DEPTH: "256" | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Add Invariant Test Summary" | |
run: | | |
echo "## Invariant test result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
test-fuzz: | |
needs: ["build", "lint"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
node_modules | |
key: "build-${{ github.sha }}" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' # caching pip dependencies | |
- name: Install viper | |
shell: bash | |
run: pip install vyper==0.3.10 | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Run Foundry tests | |
run: yarn test:fuzz | |
env: | |
FOUNDRY_FUZZ_RUNS: "5000" | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Add Fuzz Test Summary" | |
run: | | |
echo "## Fuzz test result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Passed" >> $GITHUB_STEP_SUMMARY | |
coverage: | |
needs: ["build", "lint"] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' # caching pip dependencies | |
- name: Install viper | |
shell: bash | |
run: pip install vyper==0.3.10 | |
- name: "Install Foundry" | |
uses: "foundry-rs/foundry-toolchain@v1" | |
- name: "Install lcov" | |
run: "sudo apt-get install lcov" | |
- uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
path: | | |
cache-forge | |
out | |
node_modules | |
key: "build-${{ github.sha }}" | |
- name: "Generate the coverage report using the unit and the integration tests" | |
run: "yarn ci:coverage" | |
env: | |
ETH_NODE_URI_POLYGON: ${{ secrets.ETH_NODE_URI_POLYGON }} | |
ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }} | |
ETH_NODE_URI_OPTIMISM: ${{ secrets.ETH_NODE_URI_OPTIMISM }} | |
ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }} | |
- name: "Upload coverage report to Codecov" | |
uses: "codecov/codecov-action@v3" | |
with: | |
files: "./lcov.info" | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: "Add coverage summary" | |
run: | | |
echo "## Coverage result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY | |
slither-analyze: | |
needs: ["build", "lint"] | |
runs-on: "ubuntu-latest" | |
permissions: | |
actions: "read" | |
contents: "read" | |
security-events: "write" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: "recursive" | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' # caching pip dependencies | |
- name: Install viper | |
shell: bash | |
run: pip install vyper==0.3.10 | |
- name: Compile foundry | |
run: forge build --build-info --skip */test/** */scripts/** --force | |
- name: "Run Slither analysis" | |
uses: "crytic/[email protected]" | |
id: slither | |
with: | |
fail-on: "none" | |
sarif: "results.sarif" | |
ignore-compile: true | |
slither-version: "0.10.1" | |
- name: "Upload SARIF file to GitHub code scanning" | |
uses: "github/codeql-action/upload-sarif@v2" | |
with: | |
sarif_file: ${{ steps.slither.outputs.sarif }} | |
- name: "Add Slither summary" | |
run: | | |
echo "## Slither result" >> $GITHUB_STEP_SUMMARY | |
echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY |