Merge branch 'develop' into augustus.audit-pr

smartcontractkit · Nov 26, 2024 · af2e575 · af2e575
2 parents 8bbfcb0 + f597d93
commit af2e575
Show file tree

Hide file tree

Showing 68 changed files with 1,846 additions and 1,105 deletions.
diff --git a/.github/actions/build-test-image/action.yml b/.github/actions/build-test-image/action.yml
@@ -18,6 +18,9 @@ inputs:
   QA_AWS_ACCOUNT_NUMBER:
     description: The AWS region the ECR repository is located in, should only be needed for public ECR repositories, used in configuring docker/login-action
     required: true
+  GITHUB_TOKEN:
+    description: GATI Token used to pull private repositories
+    required: true
 
 runs:
   using: composite
@@ -34,6 +37,10 @@ runs:
         tag: ${{ inputs.tag }}
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
+    - name: Setup Go with private repo access
+      uses: ./.github/actions/setup-github-private-access
+      with:
+        gati_token: ${{ inputs.GITHUB_TOKEN }}
     - name: Build and Publish Test Runner
       if: steps.check-image.outputs.exists == 'false'
       uses: smartcontractkit/chainlink-github-actions/docker/build-push@fc3e0df622521019f50d772726d6bf8dc919dd38 # v2.3.19
@@ -44,6 +51,7 @@ runs:
         file: ./integration-tests/test.Dockerfile
         build-args: |
           SUITES="smoke soak"
+          GITHUB_TOKEN=${{ inputs.GITHUB_TOKEN }}
         AWS_REGION: ${{ inputs.QA_AWS_REGION }}
         AWS_ROLE_TO_ASSUME: ${{ inputs.QA_AWS_ROLE_TO_ASSUME }}
     - name: Print Image Built

diff --git a/.github/actions/setup-github-private-access/action.yml b/.github/actions/setup-github-private-access/action.yml
@@ -0,0 +1,16 @@
+name: Setup GitHub Private Repo Access
+description: Uses a GATI Token to be able to pull from private repos
+
+inputs:
+  gati_token:
+    description: 'GATI Token used to pull private repos'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Go with private repo access
+      shell: bash
+      run: |
+        git config --global url."https://x-access-token:${{ inputs.gati_token }}@github.com/".insteadOf "https://github.com/"
+        go env -w GOPRIVATE=github.com/smartcontractkit/*
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -51,10 +51,24 @@ jobs:
   golang_lint_ops:
     name: Golang Lint Ops
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     needs: [golangci-lint-version]
     steps:
       - name: Checkout sources
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup GitHub Token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
+        with:
+          aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
+          aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
+          aws-region: ${{ secrets.QA_AWS_REGION }}
+      - name: Setup Go with private repo access
+        uses: ./.github/actions/setup-github-private-access
+        with:
+          gati_token: ${{ steps.setup-github-token.outputs.access-token }}
       - name: Install Nix
         uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # nix:v2.24.6
         with:
@@ -74,10 +88,24 @@ jobs:
   golang_lint_integration_tests:
     name: Golang Lint Integration Tests
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     needs: [golangci-lint-version]
     steps:
       - name: Checkout sources
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup GitHub Token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
+        with:
+          aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
+          aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
+          aws-region: ${{ secrets.QA_AWS_REGION }}
+      - name: Setup Go with private repo access
+        uses: ./.github/actions/setup-github-private-access
+        with:
+          gati_token: ${{ steps.setup-github-token.outputs.access-token }}
       - name: Install Nix
         uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # nix:v2.24.6
         with:

diff --git a/.github/workflows/integration-tests-publish.yml b/.github/workflows/integration-tests-publish.yml
@@ -30,13 +30,21 @@ jobs:
         continue-on-error: true
       - name: Checkout the repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Setup GitHub Token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
+        with:
+          aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
+          aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
+          aws-region: ${{ secrets.QA_AWS_REGION }}
       - name: Build Image
         uses: ./.github/actions/build-test-image
         with:
           other_tags: ${{ env.ECR_TAG }}
           QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
           QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }}
           QA_AWS_ACCOUNT_NUMBER: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}
+          GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }}
       - name: Notify Slack
         # Only run this notification for merge to develop failures
         if: failure() && github.event_name != 'workflow_dispatch'

diff --git a/.github/workflows/integration-tests-smoke.yml b/.github/workflows/integration-tests-smoke.yml
@@ -109,6 +109,13 @@ jobs:
           hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
           this-job-name: Build Test Image
         continue-on-error: true
+      - name: Setup GitHub Token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
+        with:
+          aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
+          aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
+          aws-region: ${{ secrets.QA_AWS_REGION }}
       - name: Checkout the repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
@@ -119,6 +126,7 @@ jobs:
           QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
           QA_AWS_REGION: ${{ secrets.QA_AWS_REGION }}
           QA_AWS_ACCOUNT_NUMBER: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}
+          GITHUB_TOKEN: ${{ steps.setup-github-token.outputs.access-token }}
 
   run_tests:
     name: Run Smoke Tests ${{matrix.image.name}}
@@ -162,6 +170,13 @@ jobs:
           nix_path: nixpkgs=channel:nixos-unstable
       - name: Install Cairo
         uses: ./.github/actions/install-cairo
+      - name: Setup GitHub Token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
+        with:
+          aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
+          aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
+          aws-region: ${{ secrets.QA_AWS_REGION }}
       - name: Build contracts
         run: |
           cd contracts && scarb --profile release build
@@ -184,7 +199,7 @@ jobs:
           # shellcheck disable=SC2086
           echo "BASE64_CONFIG_OVERRIDE=$BASE64_CONFIG_OVERRIDE" >> $GITHUB_ENV
       - name: Run Tests ${{ matrix.image.name }}
-        uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/run-tests@00c164251be2a7c5b2b23a6e5f7014982f232c14 # v2.3.31
+        uses: smartcontractkit/.github/actions/ctf-run-tests@002596f65dc8eb807f5c8729dc1080921f7d0b24 # 0.2.1
         with:
           aws_registries: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}
           test_command_to_run: nix develop -c sh -c "make test=${{ matrix.image.test-name }} test-integration-smoke-ci"
@@ -197,6 +212,7 @@ jobs:
           QA_AWS_ROLE_TO_ASSUME: ${{ secrets.QA_AWS_ROLE_TO_ASSUME }}
           QA_KUBECONFIG: ${{ secrets.QA_KUBECONFIG }}
           artifacts_location: /home/runner/work/chainlink-starknet/chainlink-starknet/integration-tests/smoke/logs
+          gati_token: ${{ steps.setup-github-token.outputs.access-token }}
         env:
           KILLGRAVE_INTERNAL_IMAGE: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.QA_AWS_REGION }}.amazonaws.com/friendsofgo/killgrave
           CHAINLINK_IMAGE: ${{ env.CL_ECR }}

diff --git a/.github/workflows/integration-tests-soak.yml b/.github/workflows/integration-tests-soak.yml
@@ -68,7 +68,7 @@ jobs:
           echo "::add-mask::$BASE64_CONFIG_OVERRIDE"
           echo "BASE64_CONFIG_OVERRIDE=$BASE64_CONFIG_OVERRIDE" >> "$GITHUB_ENV"
       - name: Run Tests
-        uses: smartcontractkit/chainlink-github-actions/chainlink-testing-framework/run-tests@00c164251be2a7c5b2b23a6e5f7014982f232c14 # v2.3.31
+        uses: smartcontractkit/.github/actions/ctf-run-tests@002596f65dc8eb807f5c8729dc1080921f7d0b24 # 0.2.1
         with:
           aws_registries: ${{ secrets.QA_AWS_ACCOUNT_NUMBER }}
           test_command_to_run: cd ./integration-tests && go test -timeout 24h -count=1 -run TestOCRBasicSoak/embedded ./soak

diff --git a/.github/workflows/relayer.yml b/.github/workflows/relayer.yml
@@ -59,13 +59,27 @@ jobs:
 
   check-tidy:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Set up Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: "relayer/go.mod"
+      - name: Setup GitHub Token
+        id: setup-github-token
+        uses: smartcontractkit/.github/actions/setup-github-token@9e7cc0779934cae4a9028b8588c9adb64d8ce68c # [email protected]
+        with:
+          aws-role-arn: ${{ secrets.AWS_OIDC_GLOBAL_READ_ONLY_TOKEN_ISSUER_ROLE_ARN }}
+          aws-lambda-url: ${{ secrets.GATI_RELENG_LAMBDA_URL }}
+          aws-region: ${{ secrets.QA_AWS_REGION }}
+      - name: Setup Go with private repo access
+        uses: ./.github/actions/setup-github-private-access
+        with:
+          gati_token: ${{ steps.setup-github-token.outputs.access-token }}
       - name: Ensure "make gomodtidy" has been run
         run: |
           make gomodtidy

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,5 @@
 run:
-  timeout: 10m0s
+  timeout: 15m0s
 linters:
   enable:
     - exhaustive
@@ -147,4 +147,9 @@ issues:
     - path: test
       text: "^G404:"
       linters:
-        - gosec
+        - gosec
+    # TODO: re-add gpp op file once we integrate into workflows
+    - path: "common/gauntlet_plus_plus_common.go"
+      text: ".*"
+      linters:
+        - unused
diff --git a/.tool-versions b/.tool-versions
@@ -6,7 +6,7 @@ python 3.9.13
 
 # Tools
 mockery 2.22.1
-golangci-lint 1.55.0
+golangci-lint 1.61.0
 actionlint 1.6.12
 shellcheck 0.8.0
 scarb 2.8.2

diff --git a/CODEOWNERS b/CODEOWNERS
@@ -0,0 +1,15 @@
+# CODEOWNERS Best Practices
+# 1. Per Github docs: "Order is important; the last matching pattern takes the most precedence."
+# Please define less specific codeowner paths before more specific codeowner paths in order for the more specific rule to have priority
+
+# global ownership
+* @smartcontractkit/bix-build
+
+# e2e test ownership
+/integration-tests @smartcontractkit/qa @smartcontractkit/bix-build
+
+# monitoring ownership
+/monitoring @smartcontractkit/realtime @smartcontractkit/bix-build
+
+# CI/CD
+/.github/** @smartcontractkit/qa @smartcontractkit/releng @smartcontractkit/bix-build
diff --git a/Makefile b/Makefile
@@ -170,15 +170,15 @@ format-ts-check:
 
 .PHONY: lint-go-ops
 lint-go-ops:
-	cd ./ops && golangci-lint --color=always --out-format checkstyle:golangci-lint-ops-report.xml run
+	cd ./ops && golangci-lint --config ../.golangci.yml --color=always --out-format checkstyle:golangci-lint-ops-report.xml run
 
 .PHONY: lint-go-relayer
 lint-go-relayer:
-	cd ./relayer && golangci-lint --color=always --out-format checkstyle:golangci-lint-relayer-report.xml run
+	cd ./relayer && golangci-lint --config ../.golangci.yml --color=always --out-format checkstyle:golangci-lint-relayer-report.xml run
 
 .PHONY: lint-go-test
 lint-go-test:
-	cd ./integration-tests && golangci-lint --color=always --exclude=dot-imports --out-format checkstyle:golangci-lint-integration-tests-report.xml run
+	cd ./integration-tests && golangci-lint --config ../.golangci.yml  --color=always --exclude=dot-imports --out-format checkstyle:golangci-lint-integration-tests-report.xml run
 
 .PHONY: test-go
 test-go: test-unit-go test-unit-go-race test-integration-go

diff --git a/contracts/src/libraries/token.cairo b/contracts/src/libraries/token.cairo
@@ -1 +1,2 @@
-mod erc677;
+mod v1;
+mod v2;
diff --git a/contracts/src/libraries/token/v1.cairo b/contracts/src/libraries/token/v1.cairo
@@ -0,0 +1 @@
+mod erc677;
diff --git a/contracts/src/libraries/token/erc677.cairo → ...racts/src/libraries/token/v1/erc677.cairo b/contracts/src/libraries/token/erc677.cairo → ...racts/src/libraries/token/v1/erc677.cairo
diff --git a/contracts/src/libraries/token/v2.cairo b/contracts/src/libraries/token/v2.cairo
@@ -0,0 +1,2 @@
+mod erc677;
+mod erc677_receiver;
diff --git a/contracts/src/libraries/token/v2/erc677.cairo b/contracts/src/libraries/token/v2/erc677.cairo
@@ -0,0 +1,79 @@
+use starknet::ContractAddress;
+
+const IERC677_ID: felt252 = 0x3c4538abc63e0cdf912cef3d2e1389d0b2c3f24ee0c06b21736229f52ece6c8;
+
+#[starknet::interface]
+trait IERC677<TContractState> {
+    fn transfer_and_call(
+        ref self: TContractState, to: ContractAddress, value: u256, data: Array<felt252>
+    ) -> bool;
+}
+
+#[starknet::component]
+mod ERC677Component {
+    use starknet::ContractAddress;
+    use openzeppelin::token::erc20::interface::IERC20;
+    use openzeppelin::introspection::interface::{ISRC5, ISRC5Dispatcher, ISRC5DispatcherTrait};
+    use array::ArrayTrait;
+    use array::SpanTrait;
+    use clone::Clone;
+    use array::ArrayTCloneImpl;
+    use chainlink::libraries::token::v2::erc677_receiver::{
+        IERC677ReceiverDispatcher, IERC677ReceiverDispatcherTrait, IERC677_RECEIVER_ID
+    };
+
+    #[storage]
+    struct Storage {}
+
+    #[event]
+    #[derive(Drop, starknet::Event)]
+    enum Event {
+        TransferAndCall: TransferAndCall,
+    }
+
+    #[derive(Drop, starknet::Event)]
+    struct TransferAndCall {
+        #[key]
+        from: ContractAddress,
+        #[key]
+        to: ContractAddress,
+        value: u256,
+        data: Array<felt252>
+    }
+
+    #[embeddable_as(ERC677Impl)]
+    impl ERC677<
+        TContractState,
+        +HasComponent<TContractState>,
+        +IERC20<TContractState>,
+        +Drop<TContractState>,
+    > of super::IERC677<ComponentState<TContractState>> {
+        fn transfer_and_call(
+            ref self: ComponentState<TContractState>,
+            to: ContractAddress,
+            value: u256,
+            data: Array<felt252>
+        ) -> bool {
+            let sender = starknet::info::get_caller_address();
+
+            let mut contract = self.get_contract_mut();
+            contract.transfer(to, value);
+            self
+                .emit(
+                    Event::TransferAndCall(
+                        TransferAndCall { from: sender, to: to, value: value, data: data.clone(), }
+                    )
+                );
+
+            let receiver = ISRC5Dispatcher { contract_address: to };
+
+            let supports = receiver.supports_interface(IERC677_RECEIVER_ID);
+
+            if supports {
+                IERC677ReceiverDispatcher { contract_address: to }
+                    .on_token_transfer(sender, value, data);
+            }
+            true
+        }
+    }
+}