Skip to content

Increase robustness of confirm safe tx script #773

Increase robustness of confirm safe tx script

Increase robustness of confirm safe tx script #773

Workflow file for this run

# - Github Version Control Checker
# - Watches changes on version-controlled contracts and makes sure that versions are bumped in case of relevant changes:
# - Relevant changes == anything except for changes of license identifier, solidity pragma of pure comment changes
# - watched paths: src/*
# - will check all modified or new contracts in watched paths
# - will fail if a new contract was added to watched paths without contract version
# - will fail if an existing contract was modified but version was not updated
# - will update the PR title to contain all contract names and their new versions (watched paths only)
name: Version Control Checker
on:
pull_request:
types: [opened, edited, synchronize, review_requested, ready_for_review]
jobs:
check-version:
# will only run once the PR is in "Ready for Review" state
if: ${{ github.event.pull_request.draft == false }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 ##### Fetch all history for all branches
- name: Get list of modified files by this PR
id: modified_files
run: |
BASE_REF="${{ github.event.pull_request.base.ref }}"
##### get all files modified by this PR
FILES=$(git diff --name-only origin/${BASE_REF} HEAD)
##### make sure that there are modified files
if [[ -z $FILES ]]; then
echo -e "\033[31mNo files found. This should not happen. Please check the code of the Github action\033[0m"
exit 1
fi
##### Initialize empty variables
CONTRACTS=""
##### go through all file paths and identify all files in src/ folder (version control is only active in this folder)
while IFS= read -r FILE; do
if echo "$FILE" | grep -E '^src/.*\.sol$'; then
CONTRACTS="${CONTRACTS}${FILE}"$'\n'
fi
done <<< "$FILES"
##### if none found, exit here as there is nothing to do
if [[ -z "$CONTRACTS" ]]; then
echo -e "\033[32mNo version-controlled contracts found in files modified/added by this PR.\033[0m"
echo -e "\033[32mNo further checks are required.\033[0m"
# set action output to false
echo "CONTINUE=false" >> $GITHUB_ENV
exit 0
else
# set action output to true
echo "CONTINUE=true" >> $GITHUB_ENV
fi
##### Write filenames to temporary files (using variables here was causing issues due to the file names)
echo -e "$CONTRACTS" > modified_contracts.txt
- name: Verify version updates on modified contracts
id: verify_version_changes
if: env.CONTINUE == 'true'
run: |
##### Read tmp file into variable
CONTRACTS=$(cat modified_contracts.txt)
##### Initialize variables
MISSING_VERSION_TAG=()
MISSING_VERSION_UPDATE=()
UPDATED_CONTRACTS=()
echo "--------------------"
##### Process each file separately
while IFS= read -r FILE; do
echo "Now checking contract: $FILE"
VERSION_TAG=$(grep -E '^/// @custom:version' "$FILE" || true)
VERSION=$(echo "$VERSION_TAG" | sed -E 's/^\/\/\/ @custom:version ([0-9]+\.[0-9]+\.[0-9]+).*$/\1/' || true)
##### Extract the filename without extension
FILENAME=$(basename "$FILE" .sol)
##### Check if a version tag exists in the contract file
if [[ -z "$VERSION_TAG" ]]; then
echo -e "\033[31mFile does not contain a version tag\033[0m"
MISSING_VERSION_TAG+=("$FILE")
else
echo -e "\033[32mFile contains a custom:version tag\033[0m"
##### get all changes of the current file/contract
DIFF_OUTPUT=$(git diff origin/${{ github.event.pull_request.base.ref }} HEAD "$FILE")
##### Check if the version was updated in this PR
if echo "$DIFF_OUTPUT" | grep -qE '^\+/// @custom:version'; then
echo -e "\033[32mFile version was updated in this PR to version $VERSION\033[0m"
NEW_VERSION=$(echo "$VERSION_TAG" | awk '{print $NF}')
TARGET_STRING="${FILENAME} v${NEW_VERSION}"
UPDATED_CONTRACTS+=("$TARGET_STRING")
else
##### Check if changes are relevant (ignore comments, formatting, pragma, license changes)
if echo "$DIFF_OUTPUT" | grep -qE '^\+\/\/\/|^\+pragma|^\+// SPDX-License-Identifier:'; then
echo -e "\033[32mChange is non-relevant (comments/formatting/pragma/license). No version update required.\033[0m"
else
##### add to files with missing version updates
echo -e "\033[31mThe file changed but the file version was not updated\033[0m"
MISSING_VERSION_UPDATE+=("$FILE")
fi
fi
fi
echo "--------------------"
done <<< "$CONTRACTS"
##### If any contract files are missing a version tag, this must be corrected before continuing
if [[ ${#MISSING_VERSION_TAG[@]} -ne 0 ]]; then
echo "--------------------"
echo ">>>>>>"
echo -e "\033[31mThe following files are missing a custom:version tag in their code:\033[0m"
echo "${MISSING_VERSION_TAG[*]}"
echo -e "\033[31mEvery version-controlled contract needs to have a custom:version tag in its code.\033[0m"
echo -e "\033[31mThis Github action cannot complete until these issues are solved.\033[0m"
exit 1
fi
##### if the version was not updated in any of the changed contracts, store the list of affected files in a tmp file
if [[ ${#MISSING_VERSION_UPDATE[@]} -ne 0 ]]; then
echo "--------------------"
echo ">>>>>>"
echo -e "\033[31mThe following contract(s) have been modified but their version tags were not updated:\033[0m"
echo "${MISSING_VERSION_UPDATE[*]}"
echo -e "\033[31mPlease make sure to update a contract's version whenever there are changes in the file.\033[0m"
echo -e "\033[31mThis Github action cannot complete until these issues are solved.\033[0m"
echo ""
exit 1
fi
##### store any contracts that were correctly updated in a tmp file so we can check the PR title after for each of those
if [[ ${#UPDATED_CONTRACTS[@]} -ne 0 ]]; then
##### create a string from the array with all contracts
UPDATED_CONTRACTS_STR=$(IFS=,; echo "${UPDATED_CONTRACTS[*]}")
echo "UPDATED_CONTRACTS=$UPDATED_CONTRACTS_STR" >> $GITHUB_ENV
echo -e "${UPDATED_CONTRACTS_STR[*]}" > updated_contracts.txt
else
echo -e "\033[32mDid not find any contracts for which version control is activated.\033[0m"
echo -e "\033[32mNo further checks are required.\033[0m"
echo "CONTINUE=false" >> $GITHUB_ENV
exit 0
fi
- name: Compose updated PR title
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
##### Read tmp files into variables
if [ -f updated_contracts.txt ]; then
UPDATED_CONTRACTS=$(cat updated_contracts.txt)
else
UPDATED_CONTRACTS=""
fi
echo "UPDATED CONTRACTS: $UPDATED_CONTRACTS"
##### Step 1: Remove everything in and including brackets from the current title
BASE_TITLE=$(echo "$PR_TITLE" | sed 's/\s*\[.*$//')
echo "BASE_TITLE: $BASE_TITLE"
##### Step 2: Trim whitespace from the base title
BASE_TITLE="$(echo -e "${BASE_TITLE}" | sed 's/[[:space:]]*$//')"
##### Step 3: Construct the new title if there are updated contracts
if [[ -n "$UPDATED_CONTRACTS" ]]; then
# Create new title with updated contracts
PR_TITLE_UPDATED="${BASE_TITLE} [${UPDATED_CONTRACTS}]"
else
# If no updated contracts, keep the title as the base title
PR_TITLE_UPDATED="$BASE_TITLE"
fi
##### Step 4: Trim whitespace from the updated title
PR_TITLE_UPDATED="$(echo -e "${PR_TITLE_UPDATED}" | sed 's/[[:space:]]*$//')"
##### Step 5: Log current and new titles and check if an update is needed
echo "Current PR Title: '$PR_TITLE'"
echo "New PR Title: '$PR_TITLE_UPDATED'"
if [[ "$PR_TITLE" != "$PR_TITLE_UPDATED" ]]; then
echo "Updating PR title from '$PR_TITLE' to '$PR_TITLE_UPDATED'."
echo "PR_TITLE_UPDATED=$PR_TITLE_UPDATED" >> $GITHUB_ENV
echo "CONTINUE=true" >> $GITHUB_ENV
else
echo -e "\033[32mNo PR title updates are required. This Github action will end here.\033[0m"
echo "CONTINUE=false" >> $GITHUB_ENV
exit 0
fi
- name: Update the PR title on GitHub
if: env.CONTINUE == 'true'
env:
GH_PAT: ${{ secrets.GIT_ACTIONS_BOT_PAT_CLASSIC }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_TITLE_UPDATED: ${{ env.PR_TITLE_UPDATED }}
run: |
##### unset the default git token (does not have sufficient rights to perform the update)
unset GITHUB_TOKEN
##### use the Personal Access Token to log into git CLI
echo $GH_PAT | gh auth login --with-token
if ! echo $GH_PAT | gh auth login --with-token; then
echo -e "\033[31mFailed to authenticate with GitHub. Git action cannot continue\033[0m"
exit 1
fi
##### update the PR title
if ! gh pr edit ${{ github.event.pull_request.number }} --title "${{ env.PR_TITLE_UPDATED }}"; then
echo "::error::Failed to update PR title"
echo -e "\033[31mFailed to update PR title. Git action cannot continue\033[0m"
exit 1
fi