kontrol wiuth foundry #52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push] | |
| jobs: | |
| foundry-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: nightly | |
| - name: Install forge-std | |
| run: | | |
| forge install foundry-rs/forge-std --no-commit | |
| forge remappings > remappings.txt | |
| - name: Run non-Kontrol tests | |
| run: | | |
| forge test --no-match-path "src/test/kontrol/*" -vvv | |
| - name: Run snapshot without Kontrol tests | |
| run: forge snapshot --no-match-path "src/test/kontrol/*" | |
| formal-verification: | |
| runs-on: ubuntu-latest | |
| needs: foundry-test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| # Install Foundry first | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: nightly | |
| - name: Install forge-std and build | |
| run: | | |
| forge install foundry-rs/forge-std --no-commit | |
| forge build --build-info --force | |
| forge remappings > remappings.txt | |
| - name: Install System Dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y curl gcc git g++ cmake maven openjdk-11-jdk flex \ | |
| z3 libz3-dev libsecp256k1-dev python3 python3-pip build-essential | |
| # Install Nix | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= k-framework.cachix.org-1:jeyMXB2h28gpNRjuVkehg+zLj62ma1RnyyopA/20yFE= k-framework-binary.cachix.org-1:pJedQ8iG19BW3v/DMMmiRVtwRBGO3fyMv2Ws0OpBADs= | |
| substituters = https://cache.nixos.org https://k-framework.cachix.org | |
| # Install Cachix | |
| - uses: cachix/cachix-action@v12 | |
| with: | |
| name: k-framework | |
| extraPullNames: k-framework-binary | |
| - name: Install KUP and Kontrol | |
| env: | |
| REPOSITORY_TOKEN: ${{ secrets.REPOSITORY_TOKEN }} | |
| run: | | |
| # Configure git for private repository access | |
| git config --global url."https://${REPOSITORY_TOKEN}:[email protected]/".insteadOf "https://github.com/" | |
| echo "Installing kup..." | |
| GC_DONT_GC=1 nix profile install github:runtimeverification/kup#kup \ | |
| --option extra-substituters 'https://k-framework.cachix.org' \ | |
| --option extra-trusted-public-keys 'k-framework.cachix.org-1:jeyMXB2h28gpNRjuVkehg+zLj62ma1RnyyopA/20yFE=' \ | |
| --experimental-features 'nix-command flakes' | |
| # Add kup to PATH | |
| export PATH=$PATH:$HOME/.nix-profile/bin | |
| echo "$HOME/.nix-profile/bin" >> $GITHUB_PATH | |
| echo "Verifying kup installation..." | |
| which kup || { echo "kup not found in PATH"; exit 1; } | |
| kup list || { echo "kup not working properly"; exit 1; } | |
| echo "Installing Kontrol..." | |
| GITHUB_TOKEN=$REPOSITORY_TOKEN kup install kontrol | |
| echo "Verifying Kontrol installation..." | |
| which kontrol || { echo "kontrol not found in PATH"; exit 1; } | |
| echo "Kontrol version:" | |
| kontrol version || { echo "kontrol not working properly"; exit 1; } | |
| - name: Check Kontrol Configuration | |
| run: | | |
| echo "Checking Kontrol configuration..." | |
| # Check for config file | |
| if [ -f "./kontrol.toml" ]; then | |
| echo "Found kontrol.toml:" | |
| cat ./kontrol.toml | |
| else | |
| echo "kontrol.toml not found, checking for kontrol.json..." | |
| if [ -f "./kontrol.json" ]; then | |
| echo "Found kontrol.json:" | |
| cat ./kontrol.json | |
| else | |
| echo "No Kontrol configuration file found" | |
| echo "Creating default configuration..." | |
| kontrol init | |
| fi | |
| fi | |
| # Verify forge is available | |
| echo "Verifying forge installation:" | |
| forge --version | |
| # Show available profiles | |
| echo "Available configuration profiles:" | |
| kontrol prove --list-profiles || echo "No profiles configured" | |
| - name: Run Formal Verification with Kontrol | |
| run: | | |
| mkdir -p verification-results | |
| # Debug: Show working directory and files | |
| echo "Current directory: $(pwd)" | |
| echo "Contracts directory content:" | |
| ls -R ./src/contracts | |
| echo "Specification directory content:" | |
| ls -R ./src/test/kontrol | |
| # Verify forge is in PATH | |
| echo "Verifying forge is available:" | |
| which forge | |
| forge --version | |
| # Step 1: Build Kontrol project | |
| echo "Building Kontrol project..." | |
| kontrol build || { | |
| echo "Failed to build Kontrol project" | |
| exit 1 | |
| } | |
| # Step 2: Run setup profile | |
| echo "Running setup profile..." | |
| kontrol prove --config-profile setup || { | |
| echo "Setup profile verification failed" | |
| kontrol list | |
| exit 1 | |
| } | |
| # Step 3: Run tests profile | |
| echo "Running tests profile..." | |
| kontrol prove --config-profile tests || { | |
| echo "Tests profile verification failed" | |
| kontrol list | |
| exit 1 | |
| } | |
| # Step 4: Show verification results | |
| echo "Listing all verification results..." | |
| kontrol list | tee verification-results/final-results.txt | |
| # Check if any verifications failed | |
| if ! grep -q "Status: proved" verification-results/final-results.txt; then | |
| echo "Some verifications failed. Check the results above." | |
| exit 1 | |
| fi | |
| - name: Upload Verification Results | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: kontrol-verification-results | |
| path: | | |
| verification-results/ | |
| .build/ | |
| .kontrol/ | |
| out/ | |
| retention-days: 5 |