-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: add ci for slither-analyze, storage-layout-check, unit-test and r…
…ework git hook
- Loading branch information
Showing
10 changed files
with
210 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
module.exports = async ({ github, context, header, body }) => { | ||
const comment = [header, body].join("\n"); | ||
|
||
const { data: comments } = await github.rest.issues.listComments({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
issue_number: context.payload.number, | ||
}); | ||
|
||
const botComment = comments.find( | ||
(comment) => | ||
// github-actions bot user | ||
comment.user.id === 41898282 && comment.body.startsWith(header) | ||
); | ||
|
||
const commentFn = botComment ? "updateComment" : "createComment"; | ||
|
||
await github.rest.issues[commentFn]({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: comment, | ||
...(botComment ? { comment_id: botComment.id } : { issue_number: context.payload.number }), | ||
}); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
name: storage-layout-check | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
- mainnet | ||
- testnet | ||
- "release/*" | ||
- "feature/*" | ||
- "features/*" | ||
|
||
env: | ||
FOUNDRY_PROFILE: ci | ||
|
||
jobs: | ||
check: | ||
strategy: | ||
fail-fast: true | ||
|
||
name: Foundry project | ||
runs-on: [self-hosted, dockerize] | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
|
||
- name: Install Foundry | ||
uses: foundry-rs/foundry-toolchain@v1 | ||
|
||
- name: Install package with soldeer | ||
run: forge soldeer install | ||
|
||
- name: "Setup Node" | ||
uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 #v3.4.1 | ||
with: | ||
node-version: v16.16.0 | ||
|
||
- name: Run Forge build | ||
run: | | ||
forge --version | ||
forge build | ||
id: build | ||
|
||
- name: Run Storage Layout Check | ||
id: storage-layout-check | ||
run: | | ||
sudo apt-get update | ||
sudo apt-get install -y wget | ||
sudo apt-get install bc | ||
sudo wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 -O /usr/bin/yq | ||
sudo chmod +x /usr/bin/yq | ||
src_root='src' | ||
dst_root='src' | ||
echo "Current directory: $(pwd)" | ||
echo "ls: $(ls)" | ||
src_root=$(yq eval '.profile.default.src' ./foundry.toml) | ||
echo "Contract source root: $src_root" | ||
git fetch --unshallow || git fetch --all | ||
# Checkout to the base branch | ||
git checkout ${{ github.event.pull_request.base.sha }} | ||
dst_root=$(yq eval '.profile.default.src' ./foundry.toml) | ||
echo "Destination contract source root: $dst_root" | ||
# Return to the current branch | ||
git checkout ${{ github.sha }} | ||
echo "Checking storage layout..." | ||
echo "Current branch: ${{ github.head_ref || github.ref_name }}" | ||
echo "BASE_BRANCH: ${{ github.event.pull_request.base.ref }}" | ||
echo "CURRENT_COMMIT_HASH: ${{ github.sha }}" | ||
dependencies/storage-delta-0.3.2/run.sh ${{ github.event.pull_request.base.sha }} --omit new --dst-root $dst_root --src-root $src_root | ||
- name: Check for storage_delta folder | ||
id: check-folder | ||
run: | | ||
if [ -d "storage_delta" ]; then | ||
# Query all the subdirectories in the storage_delta folder to check any `.diff` files | ||
# Echo the contents of the `.diff` files to the output with wrapped ```diff {content} ``` | ||
find storage_delta -type f -name "*.diff" | ||
for file in $(find storage_delta -type f -name "*.diff"); do | ||
echo "## Layout Changes for $(basename $file)" >>storage_delta_report.md | ||
echo '```diff' >>storage_delta_report.md | ||
cat $file >>storage_delta_report.md | ||
echo '```' >>storage_delta_report.md | ||
done | ||
# Check if .removed files exist, if yes, add header `Removed Storage Layouts` and append the contents of the file to storage_delta_report.md | ||
if [ -f "storage_delta/.removed" ]; then | ||
echo "## Removed Storage Layouts" >>storage_delta_report.md | ||
echo '```' >>storage_delta_report.md | ||
cat storage_delta/.removed >>storage_delta_report.md | ||
echo '```' >>storage_delta_report.md | ||
fi | ||
# Check if the storage_delta_report.md file exists | ||
if [ -f "storage_delta_report.md" ]; then | ||
# Output the contents of the storage_delta_report.md file to the output | ||
cat storage_delta_report.md | ||
echo "storage_delta_exists=true" >>$GITHUB_OUTPUT | ||
else | ||
echo "No storage layout changes detected." | ||
fi | ||
fi | ||
env: | ||
GITHUB_OUTPUT: ${{ steps.check-folder.outputs.storage_delta_exists }} | ||
shell: bash | ||
|
||
- name: Set storage delta report output | ||
if: ${{ steps.check-folder.outputs.storage_delta_exists == 'true' }} | ||
id: set-report | ||
run: | | ||
REPORT=$(cat storage_delta_report.md) | ||
echo "REPORT<<EOF" >> $GITHUB_ENV | ||
echo "$REPORT" >> $GITHUB_ENV | ||
echo "EOF" >> $GITHUB_ENV | ||
- name: Create/update checklist as PR comment | ||
uses: actions/github-script@v7 | ||
if: github.event_name == 'pull_request' && steps.check-folder.outputs.storage_delta_exists == 'true' | ||
with: | ||
script: | | ||
const script = require('.github/scripts/comment'); | ||
const header = '# Storage Layout Change Report'; | ||
const body = process.env.REPORT; | ||
await script({ github, context, header, body }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,6 @@ | ||
name: Slither Analyze | ||
|
||
on: | ||
push: | ||
branches: | ||
- mainnet | ||
- testnet | ||
- "feature/*" | ||
- "features/*" | ||
- "feat/*" | ||
- "feats/*" | ||
pull_request: | ||
branches: | ||
- mainnet | ||
|
@@ -39,30 +31,28 @@ jobs: | |
with: | ||
submodules: recursive | ||
|
||
- name: Set up Go 1.19 | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: "1.19" | ||
|
||
- name: Install Foundry | ||
uses: foundry-rs/foundry-toolchain@v1 | ||
|
||
- name: Install package with soldeer | ||
run: forge soldeer install | ||
|
||
- name: Setup repo | ||
run: | | ||
chmod +x ./install.sh | ||
./install.sh | ||
id: setup-repo | ||
|
||
- name: Install Slither for security analysis | ||
run: | | ||
sudo apt-get update | ||
sudo apt-get install -y python3-pip | ||
python3 -m pip install slither-analyzer | ||
- name: Run Slither analysis | ||
run: | | ||
slither ./ --exclude-optimization --exclude-low --exclude-medium --exclude-informational --exclude-dependencies --filter-paths "dependencies/|script/|test/foundry/" | ||
- name: Run Slither | ||
uses: crytic/[email protected] | ||
id: slither | ||
with: | ||
node-version: 18 | ||
fail-on: none | ||
slither-args: --exclude-optimization --exclude-low --exclude-medium --exclude-informational --exclude-dependencies --filter-paths "dependencies/|script/|test/foundry/" --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/ | ||
|
||
- name: Create/update checklist as PR comment | ||
uses: actions/github-script@v7 | ||
if: github.event_name == 'pull_request' | ||
env: | ||
REPORT: ${{ steps.slither.outputs.stdout }} | ||
with: | ||
script: | | ||
const script = require('.github/scripts/comment') | ||
const header = '# Slither report' | ||
const body = process.env.REPORT | ||
await script({ github, context, header, body }) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters