ci: add ci for slither-analyze, storage-layout-check, unit-test and r…

…ework githook
ronin-chain · Oct 24, 2024 · 3cfb932 · 3cfb932
1 parent 8589a5b
commit 3cfb932
Show file tree

Hide file tree

Showing 9 changed files with 202 additions and 55 deletions.
diff --git a/.github/scripts/comment.js b/.github/scripts/comment.js
@@ -0,0 +1,24 @@
+module.exports = async ({ github, context, header, body }) => {
+	const comment = [header, body].join("\n");
+
+	const { data: comments } = await github.rest.issues.listComments({
+		owner: context.repo.owner,
+		repo: context.repo.repo,
+		issue_number: context.payload.number,
+	});
+
+	const botComment = comments.find(
+		(comment) =>
+			// github-actions bot user
+			comment.user.id === 41898282 && comment.body.startsWith(header)
+	);
+
+	const commentFn = botComment ? "updateComment" : "createComment";
+
+	await github.rest.issues[commentFn]({
+		owner: context.repo.owner,
+		repo: context.repo.repo,
+		body: comment,
+		...(botComment ? { comment_id: botComment.id } : { issue_number: context.payload.number }),
+	});
+};
diff --git a/.github/workflows/compare-storage-layout.yml b/.github/workflows/compare-storage-layout.yml
@@ -0,0 +1,116 @@
+name: Check Storage Layout Changes
+
+on:
+  pull_request:
+    branches:
+      - mainnet
+      - testnet
+      - "release/*"
+      - "feature/*"
+      - "features/*"
+
+env:
+  FOUNDRY_PROFILE: ci
+
+jobs:
+  check-storage-layout:
+    strategy:
+      fail-fast: true
+
+    name: Check storage layout changes
+    runs-on: [self-hosted, dockerize]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: "Setup Node"
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 #v3.4.1
+        with:
+          node-version: v16.16.0
+
+      - name: Install package with soldeer
+        run: |
+          forge soldeer install
+
+      - name: Run Forge build
+        run: |
+          forge --version
+          forge build
+        id: build
+
+      - name: Install Dependencies
+        id: install-deps
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y wget
+          sudo apt-get install bc
+          sudo wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 -O /usr/bin/yq
+          sudo chmod +x /usr/bin/yq
+
+      - name: Run Storage Layout Check
+        id: storage-layout-check
+        run: |
+          git fetch --unshallow || git fetch --all
+
+          dependencies/storage-delta-0.3.2/run.sh \
+            --omit new \
+            --dst-commit ${{ github.event.pull_request.base.sha }} \
+            --src-commit ${{ github.event.pull_request.head.sha }} \
+            --github-root ${{ github.server_url }}/${{ github.repository }}/blob/
+
+      - name: Check for storage_delta folder
+        id: check-folder
+        run: |
+          if [ -d "storage_delta" ]; then
+              # Query all the subdirectories in the storage_delta folder to check any `.diff` files
+              # Echo the contents of the `.diff` files to the output with wrapped ```diff {content} ```
+              find storage_delta -type f -name "*.diff"
+              for file in $(find storage_delta -type f -name "*.diff"); do
+                  clean_path=$(echo "$file" | sed -e 's|storage_delta/diffs/||' -e 's|https:/|https://|' -e 's|\.diff$||')
+                  echo "## Layout Changes for [$(basename "${clean_path%.*}")]($clean_path)" >>storage_delta_report.md
+                  echo '```diff' >>storage_delta_report.md    
+                  # Remove \ No newline at end of file from the diff file
+                  grep -v '\\ No newline at end of file' $file >>storage_delta_report.md
+                  echo '```' >>storage_delta_report.md
+              done
+              # Check if .removed files exist, if yes, add header `Removed Storage Layouts` and append the contents of the file to storage_delta_report.md
+              if [ -f "storage_delta/.removed" ]; then
+                  echo "## Removed Components" >>storage_delta_report.md
+                  cat storage_delta/.removed >>storage_delta_report.md
+              fi
+
+              # Check if the storage_delta_report.md file exists
+              if [ -f "storage_delta_report.md" ]; then
+                  # Output the contents of the storage_delta_report.md file to the output
+                  cat storage_delta_report.md 
+                  echo "storage_delta_exists=true" >>$GITHUB_OUTPUT
+              else
+                  echo "No storage layout changes detected."
+              fi
+          fi
+        env:
+          GITHUB_OUTPUT: ${{ steps.check-folder.outputs.storage_delta_exists }}
+        shell: bash
+
+      - name: Set storage delta report output
+        if: ${{ steps.check-folder.outputs.storage_delta_exists == 'true' }}
+        id: set-report
+        run: |
+          REPORT=$(cat storage_delta_report.md)
+          echo "REPORT<<EOF" >> $GITHUB_ENV
+          echo "$REPORT" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
+      - name: Create/update checklist as PR comment
+        uses: actions/github-script@v7
+        if: github.event_name == 'pull_request' && steps.check-folder.outputs.storage_delta_exists == 'true'
+        with:
+          script: |
+            const script = require('.github/scripts/comment');
+            const header = '# Storage Layout Change Report';
+            const body = process.env.REPORT;
+            await script({ github, context, header, body });
diff --git a/.github/workflows/slither-analyze.yml b/.github/workflows/slither-analyze.yml
@@ -1,14 +1,6 @@
 name: Slither Analyze
 
 on:
-  push:
-    branches:
-      - mainnet
-      - testnet
-      - "feature/*"
-      - "features/*"
-      - "feat/*"
-      - "feats/*"
   pull_request:
     branches:
       - mainnet
@@ -23,11 +15,11 @@ env:
   FOUNDRY_PROFILE: ci
 
 jobs:
-  check:
+  check-slither:
     strategy:
       fail-fast: true
 
-    name: Foundry project
+    name: Slither Analyze
     runs-on: [self-hosted, dockerize]
 
     env:
@@ -39,30 +31,28 @@ jobs:
         with:
           submodules: recursive
 
-      - name: Set up Go 1.19
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.19"
-
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
 
       - name: Install package with soldeer
         run: forge soldeer install
 
-      - name: Setup repo
-        run: |
-          chmod +x ./install.sh
-          ./install.sh
-        id: setup-repo
-
-      - name: Install Slither for security analysis
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y python3-pip
-          python3 -m pip install slither-analyzer
-
-      - name: Run Slither analysis
-        run: |
-          slither ./ --exclude-optimization --exclude-low --exclude-medium --exclude-informational --exclude-dependencies --filter-paths "dependencies/|script/|test/foundry/"
+      - name: Run Slither
+        uses: crytic/[email protected]
         id: slither
+        with:
+          node-version: 18
+          fail-on: none
+          slither-args: --exclude-optimization --exclude-low --exclude-medium --exclude-informational --exclude-dependencies --filter-paths "dependencies/|script/|test/foundry/" --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
+
+      - name: Create/update checklist as PR comment
+        uses: actions/github-script@v7
+        if: github.event_name == 'pull_request'
+        env:
+          REPORT: ${{ steps.slither.outputs.stdout }}
+        with:
+          script: |
+            const script = require('.github/scripts/comment')
+            const header = '# Slither report'
+            const body = process.env.REPORT
+            await script({ github, context, header, body })
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,11 +20,11 @@ env:
   FOUNDRY_PROFILE: ci
 
 jobs:
-  check:
+  check-unit-test:
     strategy:
       fail-fast: true
 
-    name: Foundry project
+    name: Unit test
     runs-on: [self-hosted, dockerize]
     steps:
       - uses: actions/checkout@v3
@@ -36,19 +36,12 @@ jobs:
         with:
           go-version: "1.19"
 
-      - name: Install jq
-        run: sudo apt-get install -y jq
-
-      - name: Update apt-get and Install GCC
+      - name: Setup external packages
         run: |
           sudo apt-get update
+          sudo apt-get install -y jq
           sudo apt-get install -y gcc
-
-      - name: Install wget
-        run: sudo apt-get install -y wget
-
-      - name: Install yq
-        run: |
+          sudo apt-get install -y wget
           sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
           sudo chmod +x /usr/local/bin/yq
 

diff --git a/.husky/post-commit b/.husky/post-commit
@@ -1,5 +1,14 @@
 #!/bin/bash
 echo "Running post-commit hook"
+
+HAS_PENDING_CHANGES=false
+# If there are any changes in the working directory, stash them
+if [[ $(git status -s) ]]; then
+    HAS_PENDING_CHANGES=true
+    echo "\033[33m[post-commit] Stashing pending changes\033[0m"
+    git stash push -m "post-commit: Stash changes"
+fi
+
 GIT_BLAME_IGNORE_REVS_FILE=".git-blame-ignore-revs"
 
 # If `.git-blame-ignore-revs` does not exist, create it
@@ -34,4 +43,10 @@ if [[ $(git status -s $GIT_BLAME_IGNORE_REVS_FILE) ]]; then
     echo "\033[33m[post-commit] .git-blame-ignore-revs changes detected\033[0m"
     git add $GIT_BLAME_IGNORE_REVS_FILE
     HUSKY=0 git commit -m "chore(automated): post-commit update .git-blame-ignore-revs" -n
-fi
+fi
+
+# If there were any pending changes, unstash them
+if [ "$HAS_PENDING_CHANGES" = true ]; then
+    echo "\033[33m[post-commit] Unstashing pending changes\033[0m"
+    git stash pop
+fi
diff --git a/foundry.toml b/foundry.toml
@@ -43,9 +43,10 @@ ronin-mainnet-shadow = "${RONIN_MAINNET_SHADOW}"
 "openzeppelin-v4" = { version = "4.7.3", url = "https://github.com/OpenZeppelin/openzeppelin-contracts/archive/refs/tags/v4.7.3.zip" }
 "openzeppelin-v5" = { version = "5.0.2", url = "https://github.com/OpenZeppelin/openzeppelin-contracts/archive/refs/tags/v5.0.2.zip" }
 "chainlink" = { version = "1.6.0", url = "https://github.com/smartcontractkit/chainlink/archive/refs/tags/v1.6.0.zip" }
-"safe-smart-account" = { version = "1.4.1", url = "https://github.com/safe-global/safe-smart-account/archive/refs/tags/v1.4.1.zip" }
+"safe" = { version = "1.4.1", url = "https://github.com/safe-global/safe-smart-account/archive/refs/tags/v1.4.1.zip" }
 "prb-test" = { version = "0.6.4", url = "https://github.com/PaulRBerg/prb-test/archive/refs/tags/v0.6.4.zip" }
 "prb-math" = { version = "4.0.1", url = "https://github.com/PaulRBerg/prb-math/archive/refs/tags/v4.0.1.zip" }
+storage-delta = { version = "0.3.2", url = "https://github.com/TuDo1403/storage-delta/archive/refs/tags/0.3.2.zip" }
 
 [soldeer]
 # whether soldeer manages remappings

diff --git a/install.sh b/install.sh
@@ -15,36 +15,37 @@ fi
 # Check if jq is installed
 if ! command -v jq &>/dev/null; then
     # Install jq
-    sudo apt-get install jq
+    brew install jq
 fi
 
 # Check if yq is installed
 if ! command -v yq &>/dev/null; then
-    curl -L https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -o /usr/bin/yq &&
-        sudo chmod +x /usr/bin/yq
+    brew install -y wget
+    sudo wget https://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64 -O /usr/local/bin/yq
+    sudo chmod +x /usr/local/bin/yq
 fi
 
 # Check if gvm is installed
-if ! command -v go &>/dev/null; then
+if ! command -v gvm &>/dev/null; then
     # Install bison
-    sudo apt-get install bison
+    brew install bison
     # Install gvm
     bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
     # Source gvm script
     source $HOME/.gvm/scripts/gvm
-    sudo apt-get install bsdmainutils
+    brew install bsdmainutils
 
     # Install go1.19
     gvm install go1.19 -B
 fi
 
-rm -rf temp && mkdir temp && cd temp
-
-git clone https://github.com/ronin-chain/ronin-random-beacon.git && cd ronin-random-beacon
+rm -rf temp && mkdir temp && cd temp && git clone https://github.com/ronin-chain/ronin-random-beacon.git && cd ronin-random-beacon
 
 # Check if installed gvm
 if ! command -v gvm &>/dev/null; then
     gvm use go1.19
 fi
 
 go build -o ronin-random-beacon && cp ronin-random-beacon ../../bin/ && cd ../../ && rm -rf temp
+
+echo "Installed successfully!"
diff --git a/remappings.txt b/remappings.txt
@@ -4,4 +4,4 @@ forge-std/=dependencies/fdk-0.3.5-beta/dependencies/forge-std-1.9.3/src/
 @solady/=dependencies/fdk-0.3.5-beta/dependencies/solady-0.0.228/src/
 @fdk/=dependencies/fdk-0.3.5-beta/script/
 @chainlink/contracts/=dependencies/chainlink-1.6.0/contracts/
-@safe/contracts/=dependencies/safe-smart-account-1.4.1/contracts/
+@safe/contracts/=dependencies/safe-1.4.1/contracts/
diff --git a/soldeer.lock b/soldeer.lock
@@ -41,8 +41,15 @@ checksum = "1458dc3760d4fa5ad2ecd778d04d61143785d0a10c1674aed29a69210ac4e072"
 integrity = "e61d2d4974d6461b650445295fa55b8065a802878c80672214762630339e2bac"
 
 [[dependencies]]
-name = "safe-smart-account"
+name = "safe"
 version = "1.4.1"
 url = "https://github.com/safe-global/safe-smart-account/archive/refs/tags/v1.4.1.zip"
 checksum = "84348d4a1cf975f5d013cf8bdb74b8713bcccb40fceb5a1e7fc9debd27489e99"
 integrity = "65ed08a525b96c6b4d8316f827fcd799ff831e1a3b4e56bc55fbf200d27c372d"
+
+[[dependencies]]
+name = "storage-delta"
+version = "0.3.2"
+url = "https://github.com/TuDo1403/storage-delta/archive/refs/tags/0.3.2.zip"
+checksum = "bd0183461714b86b32c5a99e086a4f6459533963cdd3cda40e3aa46e01df35aa"
+integrity = "d03f887cb1960d7ccc1d67fbc573b15bf032a42e055bbc1d824c4cf6a4547969"