Skip to content

Solidity

Solidity #2254

Workflow file for this run

name: Solidity
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
environment:
description: "Environment (network) for workflow execution, e.g. `sepolia`"
required: true
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"
jobs:
contracts-build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
- name: Install dependencies
run: yarn install
- name: Build contracts
run: yarn build
- name: Run tests
run: yarn test
- name: Run system tests
env:
FORKING_URL: ${{ secrets.MAINNET_ETH_HOSTNAME }}
run: yarn test:system
contracts-deployment-dry-run:
runs-on: ubuntu-latest
if: github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Deploy contracts
run: yarn deploy
contracts-deployment-testnet:
needs: [contracts-build-and-test]
if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
registry-url: "https://registry.npmjs.org"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Get upstream packages' versions
uses: keep-network/ci/actions/upstream-builds-query@v2
id: upstream-builds-query
with:
upstream-builds: ${{ github.event.inputs.upstream_builds }}
query: |
threshold-contracts-version = github.com/threshold-network/solidity-contracts#version
keep-core-contracts-version = github.com/keep-network/keep-core/solidity-v1#version
tbtc-contracts-version = github.com/keep-network/tbtc/solidity#version
- name: Resolve latest contracts
run: |
yarn upgrade \
@threshold-network/solidity-contracts@${{ steps.upstream-builds-query.outputs.threshold-contracts-version }} \
@keep-network/keep-core@${{ github.event.inputs.environment }} \
@keep-network/tbtc@${{ github.event.inputs.environment }}
- name: Deploy contracts
env:
# Using fake ternary expression to decide which credentials to use,
# depending on chosen environment. Note: if `GOERLI_ETH_HOSTNAME_HTTP`
# is empty, the expression will be evaluated to
# `SEPOLIA_ETH_HOSTNAME_HTTP`'s value.
CHAIN_API_URL: |
${{ inputs.github.event.inputs.environment == 'goerli'
&& secrets.GOERLI_ETH_HOSTNAME_HTTP
|| secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
ACCOUNTS_PRIVATE_KEYS: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
environment: ${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access=public --tag ${{ github.event.inputs.environment }} --network=${{ github.event.inputs.environment }}
- name: Notify CI about completion of the workflow
uses: keep-network/ci/actions/notify-workflow-completed@v2
env:
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
with:
module: "github.com/keep-network/coverage-pools"
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
environment: ${{ github.event.inputs.environment }}
upstream_builds: ${{ github.event.inputs.upstream_builds }}
upstream_ref: ${{ github.event.inputs.upstream_ref }}
version: ${{ steps.npm-version-bump.outputs.version }}
contracts-lint:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Lint
run: yarn lint
contracts-slither:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
- uses: actions/setup-python@v4
with:
python-version: 3.10.8
- name: Install Solidity
env:
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts
run: |
pip3 install solc-select
solc-select install $SOLC_VERSION
solc-select use $SOLC_VERSION
- name: Install Slither
env:
SLITHER_VERSION: 0.8.3
run: pip3 install slither-analyzer==$SLITHER_VERSION
- name: Install dependencies
run: yarn install
- name: Run Slither
run: slither .