diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..03f5d5b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,136 @@ +name: "CI" + +on: + pull_request: + push: + branches: + - main + +env: + FOUNDRY_PROFILE: ci + +jobs: + test-unit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Run tests + run: forge test --no-match-path "test/invariant/**/*.sol" + env: + FOUNDRY_PROFILE: ci + FORK_TESTS: false + + test-invariant: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Run tests + run: forge test --match-path "test/invariant/**/*.sol" + env: + FOUNDRY_PROFILE: ci + FORK_TESTS: false + + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Build contracts + run: | + forge --version + forge build --sizes + + - name: Check formatting + run: forge fmt --check + env: + FOUNDRY_PROFILE: ci + + coverage: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + steps: + - uses: actions/checkout@v3 + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Run coverage + run: forge coverage --report summary --report lcov + env: + FORK_TESTS: false + + # To ignore coverage for certain directories modify the paths in this step as needed. The + # below default ignores coverage results for the test and script directories. Alternatively, + # to include coverage in all directories, comment out this step. Note that because this + # filtering applies to the lcov file, the summary table generated in the previous step will + # still include all files and directories. + # The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov + # defaults to removing branch info. + - name: Filter directories + run: | + sudo apt update && sudo apt install -y lcov + lcov --remove lcov.info 'test/*' 'script/*' 'src/libraries/*' --output-file lcov.info --rc lcov_branch_coverage=1 + + # This step posts a detailed coverage report as a comment and deletes previous comments on + # each push. The below step is used to fail coverage if the specified coverage threshold is + # not met. The below step can post a comment (when it's `github-token` is specified) but it's + # not as useful, and this action cannot fail CI based on a minimum coverage threshold, which + # is why we use both in this way. + - name: Post coverage report + if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request. + uses: romeovs/lcov-reporter-action@v0.3.1 + with: + delete-old-comments: true + lcov-file: ./lcov.info + github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR. + + - name: Verify minimum coverage + if: github.event_name == 'pull_request' + uses: zgosalvez/github-actions-report-lcov@v2 + with: + coverage-files: ./lcov.info + minimum-coverage: 60 # Set coverage threshold. + + # slither-analyze: + # runs-on: "ubuntu-latest" + # permissions: + # actions: "read" + # contents: "read" + # security-events: "write" + # steps: + # - name: "Check out the repo" + # uses: "actions/checkout@v3" + # with: + # submodules: "recursive" + + # - name: "Run Slither analysis" + # uses: "crytic/slither-action@v0.3.0" + # id: "slither" + # with: + # fail-on: "none" + # sarif: "results.sarif" + # solc-version: "0.8.21" + # target: "src/" + + # - name: Upload SARIF file + # uses: github/codeql-action/upload-sarif@v2 + # with: + # sarif_file: ${{ steps.slither.outputs.sarif }} + + # - name: "Add Slither summary" + # run: | + # echo "## Slither result" >> $GITHUB_STEP_SUMMARY + # echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY \ No newline at end of file