Remediations re 7739 update #952
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Unified CI Workflow | |
on: pull_request | |
permissions: write-all | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
cache-key: ${{ steps.cache-keys.outputs.cache-key }} | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22' # Specify the Node.js version you want to use | |
- name: Get cache key | |
id: cache-keys | |
run: echo "::set-output name=cache-key::$(echo ${{ runner.os }}-node-$(cat yarn.lock | sha256sum | cut -d' ' -f1))" | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ steps.cache-keys.outputs.cache-key }} | |
- name: Install dependencies | |
run: yarn cache clean && yarn install | |
lint: | |
name: Lint sources | |
runs-on: ubuntu-latest | |
needs: setup | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Install Foundry | |
uses: foundry-rs/[email protected] | |
with: | |
version: nightly | |
cache: true | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
cache: true | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
- name: Lint sources | |
run: yarn lint:sol | |
unit_test: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
needs: setup | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
- name: Install Foundry | |
uses: foundry-rs/[email protected] | |
with: | |
version: nightly | |
cache: true | |
- name: Install foundry dependencies | |
run: forge install | |
- name: Build Typechain and Foundry | |
run: yarn build | |
- name: Run Forge and Hardhat Tests | |
run: yarn test | |
env: | |
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} | |
BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }} | |
coverage: | |
needs: setup | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
- name: Install lcov (for genhtml) | |
run: sudo apt-get update && sudo apt-get install -y lcov | |
- name: Install Foundry | |
uses: foundry-rs/[email protected] | |
with: | |
version: nightly | |
cache: true | |
- name: Generate Hardhat & Foundry Coverage Report | |
run: yarn coverage:report | |
env: | |
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} | |
BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }} | |
- name: Upload Foundry Coverage Report to Codecov | |
uses: codecov/[email protected] | |
with: | |
directory: coverage/foundry | |
file: coverage/foundry/forge-pruned-lcov.info | |
flags: foundry | |
fail_ci_if_error: true | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- name: Upload Hardhat Coverage Report to Codecov | |
uses: codecov/[email protected] | |
with: | |
directory: coverage | |
file: lcov.info | |
flags: hardhat | |
fail_ci_if_error: true | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
analyze: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22' # Specify the Node.js version you want to use | |
- name: Run Slither | |
uses: crytic/[email protected] | |
id: slither | |
with: | |
slither-version: "0.10.1" | |
node-version: "22" | |
fail-on: "none" | |
slither-args: '--solc-args="--evm-version cancun" --exclude "assembly|solc-version|low-level-calls|naming-convention|controlled-delegatecall|write-after-write|divide-before-multiply|incorrect-shift" --exclude-informational --exclude-low --filter-paths "contracts/mock|node_modules" --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/contracts/' | |
- name: Check if Slither report is empty | |
id: check_report | |
run: | | |
if [ -z "${{ steps.slither.outputs.stdout }}" ]; then | |
echo "report_empty=true" >> $GITHUB_ENV | |
else | |
echo "report_empty=false" >> $GITHUB_ENV | |
fi | |
- name: Create/update checklist as PR comment | |
if: env.report_empty == 'false' | |
uses: actions/[email protected] | |
env: | |
REPORT: ${{ steps.slither.outputs.stdout }} | |
with: | |
script: | | |
const script = require('.github/scripts/comment') | |
const header = '# Slither report' | |
const body = process.env.REPORT.trim() | |
if (!body) { | |
console.log("Slither report is empty. No comment will be posted."); | |
return; | |
} | |
await script({ github, context, header, body }) |