Disallow zero address signers + pin Solidity version #40454

Workflow file for this run

.github/workflows/solidity-foundry.yml at 86b19ce

	name: Solidity Foundry
	on: [pull_request]

	env:
	FOUNDRY_PROFILE: ci
	# Has to match the `make foundry` version in `contracts/GNUmakefile`
	FOUNDRY_VERSION: nightly-de33b6af53005037b463318d2628b5cfcaf39916

	jobs:
	changes:
	name: Detect changes
	runs-on: ubuntu-latest
	outputs:
	changes: ${{ steps.changes.outputs.src }}
	steps:
	- name: Checkout the repo
	uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
	- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
	id: changes
	with:
	filters: \|
	src:
	- 'contracts/src/v0.8/*/'
	- '.github/workflows/solidity-foundry.yml'
	- 'contracts/foundry.toml'
	- 'contracts/gas-snapshots/*.gas-snapshot'

	tests:
	strategy:
	fail-fast: false
	matrix:
	product: [automation, ccip, functions, keystone, l2ep, liquiditymanager, llo-feeds, operatorforwarder, shared, vrf]
	needs: [changes]
	name: Foundry Tests ${{ matrix.product }}
	# See https://github.com/foundry-rs/foundry/issues/3827
	runs-on: ubuntu-22.04

	# The if statements for steps after checkout repo is workaround for
	# passing required check for PRs that don't have filtered changes.
	steps:
	- name: Checkout the repo
	uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
	with:
	submodules: recursive

	# Only needed because we use the NPM versions of packages
	# and not native Foundry. This is to make sure the dependencies
	# stay in sync.
	- name: Setup NodeJS
	if: needs.changes.outputs.changes == 'true'
	uses: ./.github/actions/setup-nodejs

	- name: Install Foundry
	if: needs.changes.outputs.changes == 'true'
	uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0
	with:
	version: ${{ env.FOUNDRY_VERSION }}

	- name: Run Forge build
	if: needs.changes.outputs.changes == 'true'
	run: \|
	forge --version
	forge build
	id: build
	working-directory: contracts
	env:
	FOUNDRY_PROFILE: ${{ matrix.product }}

	- name: Run Forge tests
	if: needs.changes.outputs.changes == 'true'
	run: \|
	forge test -vvv
	id: test
	working-directory: contracts
	env:
	FOUNDRY_PROFILE: ${{ matrix.product }}

	- name: Run Forge snapshot
	if: ${{ !contains(fromJson('["vrf"]'), matrix.product) && !contains(fromJson('["automation"]'), matrix.product) && !contains(fromJson('["keystone"]'), matrix.product) && needs.changes.outputs.changes == 'true' }}
	run: \|
	forge snapshot --nmt "test_?Fuzz_\w{1,}?" --check gas-snapshots/${{ matrix.product }}.gas-snapshot
	id: snapshot
	working-directory: contracts
	env:
	FOUNDRY_PROFILE: ${{ matrix.product }}

	- name: Run coverage
	if: ${{ contains(fromJson('["ccip"]'), matrix.product) && needs.changes.outputs.changes == 'true' }}
	working-directory: contracts
	run: forge coverage --report lcov
	env:
	FOUNDRY_PROFILE: ${{ matrix.product }}

	- name: Prune report
	if: ${{ contains(fromJson('["ccip"]'), matrix.product) && needs.changes.outputs.changes == 'true' }}
	run: \|
	sudo apt-get install lcov
	./contracts/scripts/ccip_lcov_prune ./contracts/lcov.info ./lcov.info.pruned

	- name: Report code coverage
	if: ${{ contains(fromJson('["ccip"]'), matrix.product) && needs.changes.outputs.changes == 'true' }}
	uses: zgosalvez/github-actions-report-lcov@a546f89a65a0cdcd82a92ae8d65e74d450ff3fbc # v4.1.4
	with:
	update-comment: true
	coverage-files: lcov.info.pruned
	minimum-coverage: 98.5
	artifact-name: code-coverage-report
	working-directory: ./contracts
	github-token: ${{ secrets.GITHUB_TOKEN }}

	- name: Collect Metrics
	if: needs.changes.outputs.changes == 'true'
	id: collect-gha-metrics
	uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
	with:
	id: solidity-foundry
	org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
	basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
	hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
	this-job-name: Foundry Tests ${{ matrix.product }}
	continue-on-error: true

	solidity-forge-fmt:
	strategy:
	fail-fast: false
	matrix:
	product: [ ccip ]
	needs: [ changes ]
	name: Forge fmt ${{ matrix.product }}
	# See https://github.com/foundry-rs/foundry/issues/3827
	runs-on: ubuntu-22.04

	# The if statements for steps after checkout repo is workaround for
	# passing required check for PRs that don't have filtered changes.
	steps:
	- name: Checkout the repo
	uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
	with:
	submodules: recursive

	# Only needed because we use the NPM versions of packages
	# and not native Foundry. This is to make sure the dependencies
	# stay in sync.
	- name: Setup NodeJS
	if: needs.changes.outputs.changes == 'true'
	uses: ./.github/actions/setup-nodejs

	- name: Install Foundry
	if: needs.changes.outputs.changes == 'true'
	uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0
	with:
	version: ${{ env.FOUNDRY_VERSION }}

	- name: Run Forge fmt
	if: needs.changes.outputs.changes == 'true'
	run: \|
	forge fmt --check
	id: fmt
	working-directory: contracts
	env:
	FOUNDRY_PROFILE: ${{ matrix.product }}

	- name: Collect Metrics
	if: needs.changes.outputs.changes == 'true'
	id: collect-gha-metrics
	uses: smartcontractkit/push-gha-metrics-action@dea9b546553cb4ca936607c2267a09c004e4ab3f # v3.0.0
	with:
	id: solidity-forge-fmt
	org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
	basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
	hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
	this-job-name: Foundry Tests ${{ matrix.product }}
	continue-on-error: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disallow zero address signers + pin Solidity version #40454

Workflow file

Disallow zero address signers + pin Solidity version #40454

Jobs

Run details

Workflow file for this run