debug kup install with prereq nix #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push] | |
jobs: | |
foundry-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
version: nightly | |
- name: Install forge-std | |
run: | | |
forge install foundry-rs/forge-std --no-commit | |
forge remappings > remappings.txt | |
- name: Run non-Kontrol tests | |
run: | | |
forge test --no-match-path "src/test/kontrol/*" -vvv | |
- name: Run snapshot without Kontrol tests | |
run: forge snapshot --no-match-path "src/test/kontrol/*" | |
formal-verification: | |
runs-on: ubuntu-latest | |
needs: foundry-test | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- name: Install System Dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y curl gcc git g++ cmake maven openjdk-11-jdk flex \ | |
z3 libz3-dev libsecp256k1-dev python3 python3-pip build-essential | |
# Install Nix | |
- uses: DeterminateSystems/nix-installer-action@main | |
with: | |
extra-conf: | | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= k-framework.cachix.org-1:jeyMXB2h28gpNRjuVkehg+zLj62ma1RnyyopA/20yFE= k-framework-binary.cachix.org-1:pJedQ8iG19BW3v/DMMmiRVtwRBGO3fyMv2Ws0OpBADs= | |
substituters = https://cache.nixos.org https://k-framework.cachix.org | |
# Install Cachix | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: k-framework | |
extraPullNames: k-framework-binary | |
- name: Install KUP and Kontrol | |
env: | |
REPOSITORY_TOKEN: ${{ secrets.REPOSITORY_TOKEN }} | |
run: | | |
# Configure git for private repository access | |
git config --global url."https://${REPOSITORY_TOKEN}:[email protected]/".insteadOf "https://github.com/" | |
echo "Installing kup..." | |
GC_DONT_GC=1 nix profile install github:runtimeverification/kup#kup \ | |
--option extra-substituters 'https://k-framework.cachix.org' \ | |
--option extra-trusted-public-keys 'k-framework.cachix.org-1:jeyMXB2h28gpNRjuVkehg+zLj62ma1RnyyopA/20yFE=' \ | |
--experimental-features 'nix-command flakes' | |
# Add kup to PATH | |
export PATH=$PATH:$HOME/.nix-profile/bin | |
echo "$HOME/.nix-profile/bin" >> $GITHUB_PATH | |
echo "Installing Kontrol..." | |
GITHUB_TOKEN=$REPOSITORY_TOKEN kup install kontrol | |
echo "Verifying installations..." | |
kontrol version | |
- name: Run Formal Verification with Kontrol | |
run: | | |
mkdir -p verification-results | |
verified_count=0 | |
for spec in src/test/kontrol/*.k; do | |
if [ -f "$spec" ]; then | |
echo "Verifying $(basename "$spec")..." | |
if kontrol prove "$spec" \ | |
--contract-dir ./src/contracts \ | |
--output-dir ./verification-results \ | |
--verbose; then | |
echo "✓ Verification successful for $spec" | |
((verified_count++)) | |
else | |
echo "✗ Verification failed for $spec" | |
cat "./verification-results/$(basename "$spec" .k).out" 2>/dev/null || echo "No output file found" | |
exit 1 | |
fi | |
fi | |
done | |
if [ $verified_count -eq 0 ]; then | |
echo "No specification files found to verify" | |
exit 1 | |
else | |
echo "Successfully verified $verified_count specification(s)" | |
fi | |
- name: Upload Verification Results | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: kontrol-verification-results | |
path: verification-results/ | |
retention-days: 5 |