Skip to content

Create release to grant Core Dev SCANNER_BETA_VERSION_ROLE #440

Create release to grant Core Dev SCANNER_BETA_VERSION_ROLE

Create release to grant Core Dev SCANNER_BETA_VERSION_ROLE #440

Workflow file for this run

---
name: Release
on:
pull_request:
branches:
- 'master'
- 'release/**'
defaults:
run:
shell: bash
jobs:
build:
name: Build release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
timeout-minutes: 10
env:
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile
- name: Compile contracts
run: yarn compile
- name: Save build artifacts
uses: actions/upload-artifact@v3
with:
name: contract-artifacts
path: |
artifacts
cache/*.json
test:
name: Test release
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
# timeout-minutes: 20
needs: build
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile
- name: Get build artifacts
uses: actions/download-artifact@v3
with:
name: contract-artifacts
- name: Run unit tests
run: yarn test --no-compile
coverage:
name: Code coverage
if: startsWith(github.head_ref, 'release/')
runs-on: ubuntu-22.04
# needs: test
needs: build
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
- run: yarn install --frozen-lockfile
- run: yarn coverage
- uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
# prepare:
# name: Prepare release
# if: startsWith(github.head_ref, 'release/')
# runs-on: ubuntu-22.04
# needs: test
# outputs:
# release_version: ${{ steps.parse.outputs.release_version }}
# release_path: ${{ steps.parse.outputs.release_path }}
# release_network: ${{ steps.parse.outputs.release_network }}
# release_title: ${{ steps.parse.outputs.release_title }}
# release_description: ${{ steps.parse.outputs.release_description }}
# release_multisig: ${{ steps.parse.outputs.release_multisig }}
# release_audited: ${{ steps.parse.outputs.release_audited }}
# release_deploy_cmd: ${{ steps.parse.outputs.release_deploy_cmd }}
# release_verify_cmd: ${{ steps.parse.outputs.release_verify_cmd }}
# release_finish_cmd: ${{ steps.parse.outputs.release_finish_cmd }}
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.event.pull_request.head.sha }}
# fetch-depth: 0
# - name: Parse release info
# id: parse
# run: |
# version=${BRANCH_NAME#release\/}
# release_path=releases/$version
# network=$(yq -r .network $release_path/index.yml)
# path=$release_path/$network
# echo "release_version=$version" >> $GITHUB_OUTPUT
# echo "release_path=$path" >> $GITHUB_OUTPUT
# echo "release_network=$network" >> $GITHUB_OUTPUT
# echo "release_multisig=$(jq -r .$network releases/deployments/multisigs.json)" >> $GITHUB_OUTPUT
# echo "release_deploy_cmd=$(yq -r '.deploy // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
# echo "release_verify_cmd=$(yq -r '.verify // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
# echo "release_finish_cmd=$(yq -r '.finish // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
# echo "release_audited=$(yq -r '.audited // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
# echo "release_title=$(yq -r '.title // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
# echo "release_description<<DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT
# echo "$(yq -r '.description // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT
# echo "DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT
# env:
# BRANCH_NAME: ${{ github.head_ref }}
# - name: Output summary
# run: |
# echo "## $TITLE" >> $GITHUB_STEP_SUMMARY
# echo "" >> $GITHUB_STEP_SUMMARY
# echo "**Network:** $NETWORK" >> $GITHUB_STEP_SUMMARY
# echo "**Commit:** [\`$COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$COMMIT)" >> $GITHUB_STEP_SUMMARY
# echo "" >> $GITHUB_STEP_SUMMARY
# echo "$DESCRIPTION" >> $GITHUB_STEP_SUMMARY
# echo "" >> $GITHUB_STEP_SUMMARY
# env:
# TITLE: ${{ steps.parse.outputs.release_title }}
# DESCRIPTION: ${{ steps.parse.outputs.release_description }}
# NETWORK: ${{ steps.parse.outputs.release_network }}
# COMMIT: ${{ github.event.pull_request.head.sha }}
# - name: Output audit info
# if: "steps.parse.outputs.release_audited != ''"
# run: |
# echo "---" >> $GITHUB_STEP_SUMMARY
# echo "### Audit" >> $GITHUB_STEP_SUMMARY
# echo "Audited contracts at commit [\`$AUDIT_COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$AUDIT_COMMIT) :detective:" >> $GITHUB_STEP_SUMMARY
# audit_diff="$(git diff $AUDIT_COMMIT *.sol)"
# if [[ -z $audit_diff ]]; then
# echo "Contracts have not been modified since audit :heavy_check_mark:" >> $GITHUB_STEP_SUMMARY
# else
# echo "Contracts have been modified since audit :warning:" >> $GITHUB_STEP_SUMMARY
# echo "" >> $GITHUB_STEP_SUMMARY
# echo "\`\`\`diff" >> $GITHUB_STEP_SUMMARY
# echo "$audit_diff" >> $GITHUB_STEP_SUMMARY
# echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
# fi
# env:
# AUDIT_COMMIT: ${{ steps.parse.outputs.release_audited }}
# deploy:
# name: Deploy contracts
# if: startsWith(github.head_ref, 'release/')
# runs-on: ubuntu-22.04
# timeout-minutes: 20
# needs: prepare
# environment: production
# outputs:
# deploy_commit: ${{ steps.commit.outputs.commit_hash }}
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.event.pull_request.head.sha }}
# - uses: actions/setup-node@v3
# with:
# node-version: '14'
# cache: 'yarn'
# - run: yarn install --frozen-lockfile
# - name: Get build artifacts
# uses: actions/download-artifact@v3
# with:
# name: contract-artifacts
# - name: Deploy contracts
# run: eval yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_deploy_cmd }}
# env:
# INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
# MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}'
# MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}'
# POLYGON_MNEMONIC: '${{ secrets.POLYGON_MNEMONIC }}'
# POLYGON_NODE: '${{ secrets.POLYGON_NODE }}'
# POLYGON_GAS_PRICE: 1200000000000
# DEBUG: '@openzeppelin:*'
# # ETHERSCAN "${{ secrets.ETHERSCAN }}"
# POLYSCAN: '${{ secrets.POLYSCAN }}'
# RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}'
# MULTISIG_ADDRESS: '${{ needs.prepare.outputs.release_multisig }}'
# - name: Commit changes
# uses: stefanzweifel/git-auto-commit-action@v4
# id: commit
# if: always()
# with:
# commit_message: Update registries of deployed addresses
# file_pattern: '.openzeppelin/ releases/'
# skip_checkout: true
# # tagging_message: '${{ needs.prepare.outputs.release_version }}'
# verify:
# name: Verify contracts
# if: "startsWith(github.head_ref, 'release/') && needs.prepare.outputs.release_verify_cmd != ''"
# runs-on: ubuntu-22.04
# timeout-minutes: 60
# needs:
# - build
# - prepare
# - deploy
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }}
# - uses: actions/setup-node@v3
# with:
# node-version: '14'
# cache: 'yarn'
# - run: yarn install --frozen-lockfile
# - name: Get build artifacts
# uses: actions/download-artifact@v3
# with:
# name: contract-artifacts
# - name: Verify contracts
# shell: bash
# run: |
# yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_verify_cmd }} ${{ needs.prepare.outputs.release_version }}
# env:
# INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
# MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}'
# MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}'
# POLYGON_MNEMONIC: '${{ secrets.POLYGON_MNEMONIC }}'
# POLYGON_NODE: '${{ secrets.POLYGON_NODE }}'
# # ETHERSCAN "${{ secrets.ETHERSCAN }}"
# POLYSCAN: '${{ secrets.POLYSCAN }}'
# RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}'
# ARTIFACT_REFERENCE_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
# finish-release:
# name: Finish release
# if: "startsWith(github.head_ref, 'release/')"
# runs-on: ubuntu-22.04
# timeout-minutes: 20
# environment: production
# needs:
# - prepare
# # - deploy
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }}
# - uses: actions/setup-node@v3
# with:
# node-version: '14'
# cache: 'yarn'
# - run: yarn install --frozen-lockfile
# - name: Get build artifacts
# uses: actions/download-artifact@v3
# with:
# name: contract-artifacts
# - name: Complete release
# if: "needs.prepare.outputs.release_finish_cmd != ''"
# shell: bash
# run: |
# yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_finish_cmd }} ${{ needs.prepare.outputs.release_version }} "${{ needs.prepare.outputs.release_title }}" "${{ needs.prepare.outputs.release_description }}"
# env:
# INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}'
# MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}'
# MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}'
# POLYGON_MNEMONIC: "${{ secrets.POLYGON_MNEMONIC }}"
# POLYGON_NODE: "${{ secrets.POLYGON_NODE }}"
# POLYGON_GAS_PRICE: 1200000000000
# DEBUG: '@openzeppelin:*'
# # ETHERSCAN "${{ secrets.ETHERSCAN }}"
# POLYSCAN: '${{ secrets.POLYSCAN }}'
# DEFENDER_API_KEY: '${{ secrets.DEFENDER_API_KEY }}'
# DEFENDER_API_SECRET: '${{ secrets.DEFENDER_API_SECRET }}'
# RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}'
# MULTISIG_ADDRESS: '${{ needs.prepare.outputs.release_multisig }}'
# - name: Link to run in PR
# uses: actions/github-script@v6
# env:
# RUN_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
# with:
# script: |
# github.rest.issues.createComment({
# issue_number: context.issue.number,
# owner: context.repo.owner,
# repo: context.repo.repo,
# body: `[**Deploy finished**](${process.env.RUN_URL})`,
# });