1.2.9 #466
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Release | |
on: | |
pull_request: | |
branches: | |
- 'master' | |
- 'release/**' | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
build: | |
name: Build release | |
if: startsWith(github.head_ref, 'release/') | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
env: | |
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}' | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile | |
- name: Compile contracts | |
run: yarn compile | |
- name: Save build artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: contract-artifacts | |
path: | | |
artifacts | |
cache/*.json | |
test: | |
name: Test release | |
if: startsWith(github.head_ref, 'release/') | |
runs-on: ubuntu-22.04 | |
# timeout-minutes: 20 | |
needs: build | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile | |
- name: Get build artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: contract-artifacts | |
- name: Run unit tests | |
run: yarn test --no-compile | |
coverage: | |
name: Code coverage | |
if: startsWith(github.head_ref, 'release/') | |
runs-on: ubuntu-22.04 | |
# needs: test | |
needs: build | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile | |
- run: yarn coverage | |
- uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
prepare: | |
name: Prepare release | |
if: startsWith(github.head_ref, 'release/') | |
runs-on: ubuntu-22.04 | |
# needs: coverage | |
needs: build | |
outputs: | |
release_version: ${{ steps.parse.outputs.release_version }} | |
release_path: ${{ steps.parse.outputs.release_path }} | |
release_network: ${{ steps.parse.outputs.release_network }} | |
release_title: ${{ steps.parse.outputs.release_title }} | |
release_description: ${{ steps.parse.outputs.release_description }} | |
release_multisig: ${{ steps.parse.outputs.release_multisig }} | |
release_audited: ${{ steps.parse.outputs.release_audited }} | |
release_deploy_cmd: ${{ steps.parse.outputs.release_deploy_cmd }} | |
release_verify_cmd: ${{ steps.parse.outputs.release_verify_cmd }} | |
release_finish_cmd: ${{ steps.parse.outputs.release_finish_cmd }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- name: Parse release info | |
id: parse | |
run: | | |
version=${BRANCH_NAME#release\/} | |
release_path=releases/$version | |
network=$(yq -r .network $release_path/index.yml) | |
path=$release_path/$network | |
echo "release_version=$version" >> $GITHUB_OUTPUT | |
echo "release_path=$path" >> $GITHUB_OUTPUT | |
echo "release_network=$network" >> $GITHUB_OUTPUT | |
echo "release_multisig=$(jq -r .$network releases/deployments/multisigs.json)" >> $GITHUB_OUTPUT | |
echo "release_deploy_cmd=$(yq -r '.deploy // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT | |
echo "release_verify_cmd=$(yq -r '.verify // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT | |
echo "release_finish_cmd=$(yq -r '.finish // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT | |
echo "release_audited=$(yq -r '.audited // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT | |
echo "release_title=$(yq -r '.title // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT | |
echo "release_description<<DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT | |
echo "$(yq -r '.description // ""' $release_path/index.yml)" >> $GITHUB_OUTPUT | |
echo "DESCRIPTION_DELIMITER" >> $GITHUB_OUTPUT | |
env: | |
BRANCH_NAME: ${{ github.head_ref }} | |
- name: Output summary | |
run: | | |
echo "## $TITLE" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "**Network:** $NETWORK" >> $GITHUB_STEP_SUMMARY | |
echo "**Commit:** [\`$COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$COMMIT)" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "$DESCRIPTION" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
env: | |
TITLE: ${{ steps.parse.outputs.release_title }} | |
DESCRIPTION: ${{ steps.parse.outputs.release_description }} | |
NETWORK: ${{ steps.parse.outputs.release_network }} | |
COMMIT: ${{ github.event.pull_request.head.sha }} | |
- name: Output audit info | |
if: "steps.parse.outputs.release_audited != ''" | |
run: | | |
echo "---" >> $GITHUB_STEP_SUMMARY | |
echo "### Audit" >> $GITHUB_STEP_SUMMARY | |
echo "Audited contracts at commit [\`$AUDIT_COMMIT\`]($GITHUB_SERVER_URL/$GITHUB_REPOSITORY/tree/$AUDIT_COMMIT) :detective:" >> $GITHUB_STEP_SUMMARY | |
audit_diff="$(git diff $AUDIT_COMMIT *.sol)" | |
if [[ -z $audit_diff ]]; then | |
echo "Contracts have not been modified since audit :heavy_check_mark:" >> $GITHUB_STEP_SUMMARY | |
else | |
echo "Contracts have been modified since audit :warning:" >> $GITHUB_STEP_SUMMARY | |
echo "" >> $GITHUB_STEP_SUMMARY | |
echo "\`\`\`diff" >> $GITHUB_STEP_SUMMARY | |
echo "$audit_diff" >> $GITHUB_STEP_SUMMARY | |
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
fi | |
env: | |
AUDIT_COMMIT: ${{ steps.parse.outputs.release_audited }} | |
deploy: | |
name: Deploy contracts | |
if: startsWith(github.head_ref, 'release/') | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 20 | |
needs: prepare | |
environment: production | |
outputs: | |
deploy_commit: ${{ steps.commit.outputs.commit_hash }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile | |
- name: Get build artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: contract-artifacts | |
- name: Deploy contracts | |
run: eval yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_deploy_cmd }} | |
env: | |
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}' | |
MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}' | |
MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}' | |
POLYGON_MNEMONIC: '${{ secrets.POLYGON_MNEMONIC }}' | |
POLYGON_NODE: '${{ secrets.POLYGON_NODE }}' | |
POLYGON_GAS_PRICE: 1200000000000 | |
DEBUG: '@openzeppelin:*' | |
# ETHERSCAN "${{ secrets.ETHERSCAN }}" | |
POLYSCAN: '${{ secrets.POLYSCAN }}' | |
RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}' | |
MULTISIG_ADDRESS: '${{ needs.prepare.outputs.release_multisig }}' | |
- name: Commit changes | |
uses: stefanzweifel/git-auto-commit-action@v4 | |
id: commit | |
if: always() | |
with: | |
commit_message: Update registries of deployed addresses | |
file_pattern: '.openzeppelin/ releases/' | |
skip_checkout: true | |
# tagging_message: '${{ needs.prepare.outputs.release_version }}' | |
verify: | |
name: Verify contracts | |
if: "startsWith(github.head_ref, 'release/') && needs.prepare.outputs.release_verify_cmd != ''" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 60 | |
needs: | |
- build | |
- prepare | |
- deploy | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile | |
- name: Get build artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: contract-artifacts | |
- name: Verify contracts | |
shell: bash | |
run: | | |
yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_verify_cmd }} ${{ needs.prepare.outputs.release_version }} | |
env: | |
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}' | |
MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}' | |
MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}' | |
POLYGON_MNEMONIC: '${{ secrets.POLYGON_MNEMONIC }}' | |
POLYGON_NODE: '${{ secrets.POLYGON_NODE }}' | |
# ETHERSCAN "${{ secrets.ETHERSCAN }}" | |
POLYSCAN: '${{ secrets.POLYSCAN }}' | |
RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}' | |
ARTIFACT_REFERENCE_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
finish-release: | |
name: Finish release | |
if: "startsWith(github.head_ref, 'release/')" | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 20 | |
environment: production | |
needs: | |
- prepare | |
# - deploy | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.deploy.outputs.deploy_commit || github.event.pull_request.head.sha }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
- run: yarn install --frozen-lockfile | |
- name: Get build artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: contract-artifacts | |
- name: Complete release | |
if: "needs.prepare.outputs.release_finish_cmd != ''" | |
shell: bash | |
run: | | |
yarn hardhat --network ${{ needs.prepare.outputs.release_network }} ${{ needs.prepare.outputs.release_finish_cmd }} ${{ needs.prepare.outputs.release_version }} "${{ needs.prepare.outputs.release_title }}" "${{ needs.prepare.outputs.release_description }}" | |
env: | |
INFURA_PROJECT_ID: '${{ secrets.INFURA_PROJECT_ID }}' | |
MUMBAI_MNEMONIC: '${{ secrets.MUMBAI_MNEMONIC }}' | |
MUMBAI_NODE: '${{ secrets.MUMBAI_NODE }}' | |
POLYGON_MNEMONIC: "${{ secrets.POLYGON_MNEMONIC }}" | |
POLYGON_NODE: "${{ secrets.POLYGON_NODE }}" | |
POLYGON_GAS_PRICE: 1200000000000 | |
DEBUG: '@openzeppelin:*' | |
# ETHERSCAN "${{ secrets.ETHERSCAN }}" | |
POLYSCAN: '${{ secrets.POLYSCAN }}' | |
DEFENDER_API_KEY: '${{ secrets.DEFENDER_API_KEY }}' | |
DEFENDER_API_SECRET: '${{ secrets.DEFENDER_API_SECRET }}' | |
RELEASE_PATH: '${{ needs.prepare.outputs.release_path }}' | |
MULTISIG_ADDRESS: '${{ needs.prepare.outputs.release_multisig }}' | |
- name: Link to run in PR | |
uses: actions/github-script@v6 | |
env: | |
RUN_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: `[**Deploy finished**](${process.env.RUN_URL})`, | |
}); |