Solidity #2262
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Solidity | |
on: | |
schedule: | |
- cron: "0 0 * * *" | |
push: | |
branches: | |
- main | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: "Environment (network) for workflow execution, e.g. `sepolia`" | |
required: true | |
upstream_builds: | |
description: "Upstream builds" | |
required: false | |
upstream_ref: | |
description: "Git reference to checkout (e.g. branch name)" | |
required: false | |
default: "main" | |
jobs: | |
contracts-build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "14.x" | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install | |
- name: Build contracts | |
run: yarn build | |
- name: Run tests | |
run: yarn test | |
- name: Run system tests | |
env: | |
FORKING_URL: ${{ secrets.MAINNET_ETH_HOSTNAME }} | |
run: yarn test:system | |
contracts-deployment-dry-run: | |
runs-on: ubuntu-latest | |
if: github.event_name != 'schedule' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "14.x" | |
cache: "yarn" | |
# This step forces Git to download dependencies using `https://` protocol, | |
# even if `yarn.json` refers to some package via `git://`. Using `git://` | |
# is no longer supported by GH. One of the `coverage-pools` dependencies | |
# by default uses `git://` and we needed to manually remove it every time | |
# it re-appeares in the lock file. Now even if it does re-appear, the | |
# `yarn install --frozen-lockfile` will not fail. | |
- name: Configure git to don't use unauthenticated protocol | |
run: git config --global url."https://".insteadOf git:// | |
- name: Install dependencies | |
run: yarn install | |
- name: Deploy contracts | |
run: yarn deploy | |
contracts-deployment-testnet: | |
needs: [contracts-build-and-test] | |
if: github.event_name == 'workflow_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "14.x" | |
cache: "yarn" | |
registry-url: "https://registry.npmjs.org" | |
# This step forces Git to download dependencies using `https://` protocol, | |
# even if `yarn.json` refers to some package via `git://`. Using `git://` | |
# is no longer supported by GH. One of the `coverage-pools` dependencies | |
# by default uses `git://` and we needed to manually remove it every time | |
# it re-appeares in the lock file. Now even if it does re-appear, the | |
# `yarn install --frozen-lockfile` will not fail. | |
- name: Configure git to don't use unauthenticated protocol | |
run: git config --global url."https://".insteadOf git:// | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Get upstream packages' versions | |
uses: keep-network/ci/actions/upstream-builds-query@v2 | |
id: upstream-builds-query | |
with: | |
upstream-builds: ${{ github.event.inputs.upstream_builds }} | |
query: | | |
threshold-contracts-version = github.com/threshold-network/solidity-contracts#version | |
keep-core-contracts-version = github.com/keep-network/keep-core/solidity-v1#version | |
tbtc-contracts-version = github.com/keep-network/tbtc/solidity#version | |
- name: Resolve latest contracts | |
run: | | |
yarn upgrade \ | |
@threshold-network/solidity-contracts@${{ steps.upstream-builds-query.outputs.threshold-contracts-version }} \ | |
@keep-network/keep-core@${{ github.event.inputs.environment }} \ | |
@keep-network/tbtc@${{ github.event.inputs.environment }} | |
- name: Deploy contracts | |
env: | |
# Using fake ternary expression to decide which credentials to use, | |
# depending on chosen environment. Note: if `GOERLI_ETH_HOSTNAME_HTTP` | |
# is empty, the expression will be evaluated to | |
# `SEPOLIA_ETH_HOSTNAME_HTTP`'s value. | |
CHAIN_API_URL: | | |
${{ inputs.github.event.inputs.environment == 'goerli' | |
&& secrets.GOERLI_ETH_HOSTNAME_HTTP | |
|| secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
ACCOUNTS_PRIVATE_KEYS: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }} | |
run: yarn deploy --network ${{ github.event.inputs.environment }} | |
- name: Bump up package version | |
id: npm-version-bump | |
uses: keep-network/npm-version-bump@v2 | |
with: | |
environment: ${{ github.event.inputs.environment }} | |
branch: ${{ github.ref }} | |
commit: ${{ github.sha }} | |
- name: Publish to npm | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
run: npm publish --access=public --tag ${{ github.event.inputs.environment }} --network=${{ github.event.inputs.environment }} | |
- name: Notify CI about completion of the workflow | |
uses: keep-network/ci/actions/notify-workflow-completed@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} | |
with: | |
module: "github.com/keep-network/coverage-pools" | |
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
environment: ${{ github.event.inputs.environment }} | |
upstream_builds: ${{ github.event.inputs.upstream_builds }} | |
upstream_ref: ${{ github.event.inputs.upstream_ref }} | |
version: ${{ steps.npm-version-bump.outputs.version }} | |
contracts-lint: | |
runs-on: ubuntu-latest | |
if: | | |
github.event_name != 'workflow_dispatch' | |
&& github.event_name != 'schedule' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "14.x" | |
cache: "yarn" | |
# This step forces Git to download dependencies using `https://` protocol, | |
# even if `yarn.json` refers to some package via `git://`. Using `git://` | |
# is no longer supported by GH. One of the `coverage-pools` dependencies | |
# by default uses `git://` and we needed to manually remove it every time | |
# it re-appeares in the lock file. Now even if it does re-appear, the | |
# `yarn install --frozen-lockfile` will not fail. | |
- name: Configure git to don't use unauthenticated protocol | |
run: git config --global url."https://".insteadOf git:// | |
- name: Install dependencies | |
run: yarn install | |
- name: Lint | |
run: yarn lint | |
contracts-slither: | |
runs-on: ubuntu-latest | |
if: | | |
github.event_name != 'workflow_dispatch' | |
&& github.event_name != 'schedule' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "14.x" | |
cache: "yarn" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3.10.8 | |
- name: Install Solidity | |
env: | |
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts | |
run: | | |
pip3 install solc-select | |
solc-select install $SOLC_VERSION | |
solc-select use $SOLC_VERSION | |
- name: Install Slither | |
env: | |
SLITHER_VERSION: 0.8.3 | |
run: pip3 install slither-analyzer==$SLITHER_VERSION | |
- name: Install dependencies | |
run: yarn install | |
- name: Run Slither | |
run: slither . |