-
Notifications
You must be signed in to change notification settings - Fork 0
158 lines (133 loc) · 5.76 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: CI
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
env:
FOUNDRY_PROFILE: ci
MAINNET_RPC_URL: ${{ secrets.MAINNET_RPC_URL }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Build contracts
run: |
forge --version
forge build --sizes
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
# https://twitter.com/PaulRBerg/status/1611116650664796166
- name: Generate fuzz seed with 1 day TTL
run: >
echo "FOUNDRY_FUZZ_SEED=$(
echo $(($EPOCHSECONDS - $EPOCHSECONDS % 86400))
)" >> $GITHUB_ENV
- name: Run tests
run: forge test
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
# https://twitter.com/PaulRBerg/status/1611116650664796166
- name: Generate fuzz seed with 1 day TTL
run: >
echo "FOUNDRY_FUZZ_SEED=$(
echo $(($EPOCHSECONDS - $EPOCHSECONDS % 86400))
)" >> $GITHUB_ENV
- name: Run coverage
run: forge coverage --report summary --report lcov
# To ignore coverage for certain directories modify the paths in this step as needed. The
# below default ignores coverage results for the test and script directories. Alternatively,
# to include coverage in all directories, comment out this step. Note that because this
# filtering applies to the lcov file, the summary table generated in the previous step will
# still include all files and directories.
# The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov
# defaults to removing branch info.
- name: Filter directories
run: |
sudo apt update && sudo apt install -y lcov
lcov --remove lcov.info 'test/*' 'script/*' --output-file lcov.info --rc lcov_branch_coverage=1
# This step posts a detailed coverage report as a comment and deletes previous comments on
# each push. The below step is used to fail coverage if the specified coverage threshold is
# not met. The below step can post a comment (when it's `github-token` is specified) but it's
# not as useful, and this action cannot fail CI based on a minimum coverage threshold, which
# is why we use both in this way.
- name: Post coverage report
if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request.
uses: romeovs/[email protected]
with:
delete-old-comments: true
lcov-file: ./lcov.info
github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR.
- name: Verify minimum coverage
uses: zgosalvez/github-actions-report-lcov@v2
with:
coverage-files: ./lcov.info
minimum-coverage: 100
lint:
runs-on: ubuntu-latest
steps:
- name: "Check out the repo"
uses: actions/checkout@v3
with:
submodules: recursive
- name: "Install Node.js"
uses: actions/setup-node@v3
with:
node-version: lts/*
- name: "Install the Node.js dependencies"
run: npm install
- name: Run linter and check for errors
id: lint
run: |
LINT_OUTCOME=$(npm run lint 2>&1 || true) # Prevent the step from failing immediately
echo "$LINT_OUTCOME"
echo "LINT_OUTCOME<<EOF" >> $GITHUB_ENV
echo "$LINT_OUTCOME" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
if echo "$LINT_OUTCOME" | grep -q " error "; then
echo "## Lint result" >> $GITHUB_STEP_SUMMARY
echo "❌ Failed due to errors" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo "## Lint result" >> $GITHUB_STEP_SUMMARY
echo "✅ Passed or warnings found" >> $GITHUB_STEP_SUMMARY
fi
slither-analyze:
runs-on: "ubuntu-latest"
permissions:
actions: "read"
contents: "read"
security-events: "write"
steps:
- name: "Check out the repo"
uses: "actions/checkout@v4"
- name: "Install Bun"
uses: "oven-sh/setup-bun@v1"
- name: "Install the Node.js dependencies"
run: "bun install"
- name: "Run Slither analysis"
uses: "crytic/[email protected]"
id: "slither"
with:
fail-on: "none"
sarif: "results.sarif"
- name: "Upload SARIF file to GitHub code scanning"
uses: "github/codeql-action/upload-sarif@v2"
with:
sarif_file: ${{ steps.slither.outputs.sarif }}
- name: "Add summary"
run: |
echo "## Slither result" >> $GITHUB_STEP_SUMMARY
echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY