-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
250 lines (220 loc) · 8.48 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/github-action.json
name: Certora Run Action
description: |-
Certora Run Action submits prover jobs to Certora Cloud for verification and returns a
report with aggregated results.
branding:
color: blue
icon: cloud-lightning
inputs:
certora-key:
required: true
description: |-
The Certora key to use for the `certoraRun` command.
cli-version:
required: false
description: |-
The version of the `certora-cli` to use. If not specified, the latest version
will be used.
Example:
```yaml
cli-version: 7.0.0
```
configurations:
required: true
description: |-
List of paths to configuration files to use for the `certoraRun` command.
Example:
```yaml
configurations: |-
certConfigs/config1.conf
certConfigs/config2.conf
certConfigs/config3.conf
```
solc-versions:
required: true
description: |-
List of Solidity versions to use for the `certoraRun` command.
Example:
```yaml
solc-versions: |-
0.5.16
0.6.12
0.7.6
```
solc-remove-version-prefix:
required: false
description: |-
The prefix to remove from the Solidity version when saving binaries.
server:
default: production
description: |-
The server to run the tests on. Default is `production`.
Options: `production`, `staging`, or `vaas-dev`.
use-alpha:
default: "false"
description: |-
Whether to use the alpha version of the `certora-cli`.
use-beta:
default: "false"
description: |-
Whether to use the beta version of the `certora-cli`.
job-name:
default: ${{ github.job }}
description: |-
The name of the job. Default is the name of the job that called this workflow.
install-java:
default: "true"
description: |-
Whether to install Java for type checking. Default is `true`.
compilation-steps-only:
default: "false"
description: |-
Whether to only run the compilation steps. Default is `false`.
runs:
using: "composite"
steps:
- name: Fetch Relevant Commit SHA for the Event
shell: bash
run: |
COMMIT_SHA=""
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
COMMIT_SHA="${{ github.event.pull_request.head.sha }}"
elif [[ "${{ github.event_name }}" == "push" ]]; then
COMMIT_SHA="${{ github.sha }}"
elif [[ "${{ github.event_name }}" == "workflow_run" ]]; then
COMMIT_SHA="${{ github.event.workflow_run.head_commit.id }}"
elif [[ "${{ github.event_name }}" == "commit_comment" ]]; then
COMMIT_SHA="${{ github.event.comment.commit_id }}"
elif [[ "${{ github.event_name }}" == "issue_comment" ]]; then
COMMIT_SHA="${{ github.event.comment.commit_id }}"
elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
COMMIT_SHA="${{ github.event.review.commit_id }}"
elif [[ "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
COMMIT_SHA="${{ github.event.comment.commit_id }}"
else
COMMIT_SHA="$(git rev-parse HEAD)"
fi
echo "COMMIT_SHA=${COMMIT_SHA}" >> "$GITHUB_ENV"
echo "SHORT_COMMIT_SHA=${COMMIT_SHA:0:12}" >> "$GITHUB_ENV"
- name: Setup ENV & Variables
shell: bash
id: setup-env
run: |
CERTORA_LOG_DIR="/tmp/certora-logs/"
mkdir -p "$CERTORA_LOG_DIR"
echo "CERTORA_LOG_DIR=$CERTORA_LOG_DIR" >> "$GITHUB_ENV"
echo "MESSAGE_SUFFIX=GH:${{ github.repository }}/${SHORT_COMMIT_SHA}" >> "$GITHUB_ENV"
echo "short_sha=${SHORT_COMMIT_SHA}" >> "$GITHUB_OUTPUT"
GROUP_ID="$(cat /proc/sys/kernel/random/uuid)"
echo "GROUP_ID=$GROUP_ID" >> $GITHUB_ENV
echo "group_id=$GROUP_ID" >> $GITHUB_OUTPUT
mkdir -p /opt/solc-bin
echo "/opt/solc-bin/" >> $GITHUB_PATH
echo "${{ inputs.cli-version }}-${{ inputs.use-alpha }}-${{ inputs.use-beta }}" > .certora-cache-key
CERTORA_REPORT_FILE="/tmp/certora-logs/REPORT-${GROUP_ID}.md"
echo "CERTORA_REPORT_FILE=$CERTORA_REPORT_FILE" >> "$GITHUB_ENV"
echo "report_file=$CERTORA_REPORT_FILE" >> "$GITHUB_OUTPUT"
CERTORA_SUBDOMAIN="prover"
if [[ "${{ inputs.server }}" == "vaas-dev" || "${{ inputs.server }}" == "development" ]]; then
CERTORA_SUBDOMAIN="vaas-dev"
elif [[ "${{ inputs.server }}" == "staging" || "${{ inputs.server }}" == "vaas-stg" ]]; then
CERTORA_SUBDOMAIN="vaas-stg"
fi
echo "CERTORA_SUBDOMAIN=$CERTORA_SUBDOMAIN" >> "$GITHUB_ENV"
echo "certora_subdomain=$CERTORA_SUBDOMAIN" >> "$GITHUB_OUTPUT"
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
cache-dependency-glob: .certora-cache-key
- name: Install certora-cli
shell: bash
run: |
CERT_CLI_PACKAGE="certora-cli"
if [ '${{ inputs.use_alpha }}' == 'true' ]; then
CERT_CLI_PACKAGE="certora-cli-alpha"
elif [ '${{ inputs.use_beta }}' == 'true' ]; then
CERT_CLI_PACKAGE="certora-cli-beta"
fi
CERT_CLI_PACKAGE="${CERT_CLI_PACKAGE}${CERT_CLI_VERSION:+==$CERT_CLI_VERSION}"
echo "CERT_CLI_PACKAGE=$CERT_CLI_PACKAGE" >> $GITHUB_ENV
uv tool install "$CERT_CLI_PACKAGE"
env:
CERT_CLI_VERSION: ${{ inputs.cli_version }}
- name: Cache Solidity Binaries
id: solc-cache
uses: actions/cache@v4
with:
path: /opt/solc-bin
key: solc-bin
- name: Download Solidity Binaries
shell: bash
run: |
bash ${{ github.action_path }}/scripts/solc-download.sh \
"${{ inputs.solc-remove-version-prefix }}" \
"${{ inputs.solc-versions }}"
- name: Download Json Comment Remover
shell: bash
run: |
if [[ ! -f "/opt/solc-bin/json-strip-comments" ]]; then
curl -L \
-H "Accept: application/octet-stream" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-o "/opt/solc-bin/json-strip-comments" \
"https://api.github.com/repos/jc21/json-strip-comments/releases/assets/63648796"
chmod +x /opt/solc-bin/json-strip-comments
fi
- name: Install Java
if: ${{ inputs.install-java == 'true' }}
uses: actions/setup-java@v4
with:
java-version: "21"
java-package: jre
distribution: zulu
- name: Certora Run
id: certora-run
shell: bash
run: bash ${{ github.action_path }}/scripts/run-certora.sh
env:
CERTORA_CONFIGURATIONS: "${{ inputs.configurations }}"
CERTORA_SERVER: "${{ inputs.server }}"
CERTORAKEY: "${{ inputs.certora-key }}"
CERTORA_JOB_NAME: "${{ inputs.job-name }}"
CERTORA_COMPILATION_STEPS_ONLY: "${{ inputs.compilation-steps-only }}"
- name: Add GH Status
if: always()
shell: bash
run: |
if [[ ${{ steps.certora-run.outputs.total_jobs }} -ne 0 ]]; then
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/statuses/$COMMIT_SHA \
-d '{
"state":"pending",
"target_url":"https://${{ steps.setup-env.outputs.certora_subdomain }}.certora.com/?text=${{ steps.setup-env.outputs.short_sha }}&allUsers=true&groupIds=${{ steps.setup-env.outputs.group_id }}",
"description":"0/${{ steps.certora-run.outputs.total_jobs }} jobs finished.",
"context":"certora-run/${{ steps.setup-env.outputs.group_id }}"
}'
fi
- name: Upload Logs
uses: actions/upload-artifact@v4
id: upload-logs
if: always()
with:
name: certora-run-logs-${{ steps.setup-env.outputs.group_id }}-${{ github.run_id }}
path: /tmp/certora-logs/*
- name: Add Summary To Report
shell: bash
if: always()
run: |
echo "[Download Logs](${{ steps.upload-logs.outputs.artifact-url }})" >> "${{ steps.setup-env.outputs.report_file }}"
- name: Add report comment
if: always()
uses: mshick/add-pr-comment@v2
with:
message-id: ${{ steps.setup-env.outputs.group_id }}
message-path: ${{ steps.setup-env.outputs.report_file }}