-
Notifications
You must be signed in to change notification settings - Fork 6
193 lines (172 loc) · 6.69 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
name: main
on:
push:
branches: [main]
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
deps:
runs-on: ubuntu-latest
outputs:
cache-key: ${{ steps.cache-env.outputs.cache-key }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- name: Output cache key
id: cache-env
run: echo "cache-key=${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}" >> $GITHUB_OUTPUT
- uses: actions/cache@v4
id: cache
with:
path: node_modules
key: ${{ steps.cache-env.outputs.cache-key }}
restore-keys: ${{ runner.os }}-node_modules-
- if: steps.cache.outputs.cache-hit != 'true'
run: yarn
changed-files:
runs-on: ubuntu-latest
outputs:
any_changed: ${{ steps.changed-files.outputs.any_changed }}
modified_files: ${{ steps.changed-files.outputs.modified_files }}
steps:
- uses: actions/checkout@v4
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
with:
files: packages/**/*.{sol,json,ts}
compile:
if: needs.changed-files.outputs.any_changed == 'true'
needs: [changed-files, deps]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}
# TODO: right now forge and node tooling coexist, eventually keep only forge action
- uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- run: yarn compile
- name: Upload compilation results (hardhat)
uses: actions/upload-artifact@v4
with:
name: all-artifacts
path: packages/**/artifacts/**
- name: Upload compilation results (forge)
uses: actions/upload-artifact@v4
with:
name: all-artifacts-forge
path: packages/**/out/**
style:
needs: deps
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}
- run: yarn format
tests:
if: needs.changed-files.outputs.any_changed == 'true'
needs: [changed-files, set-matrix, deps, compile]
runs-on: ubuntu-latest
strategy:
matrix:
dir: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
# TODO: right now forge and node tooling coexist, eventually keep only forge action
- uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}
- uses: actions/download-artifact@v4
with:
name: all-artifacts
path: packages/
- uses: actions/download-artifact@v4
with:
name: all-artifacts-forge
path: packages/
- if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
name: Test
run: |
workspace=$(jq -r '.name' packages/${{ matrix.dir }}/package.json)
yarn workspace "$workspace" run test:coverage
- if: contains(needs.changed-files.outputs.modified_files, matrix.dir) && github.event_name == 'push' && github.ref == 'refs/heads/main'
name: Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
parallel: true
flag-name: run ${{ join(matrix.*, '-') }}
set-matrix:
if: needs.changed-files.outputs.any_changed == 'true'
needs: changed-files
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- name: Set matrix
id: set-matrix
run: |
matrix=$(ls -1 packages | jq -Rsc 'split("\n") | map(select(length > 0))')
echo "matrix=$matrix" >> $GITHUB_OUTPUT
slither:
if: contains(needs.changed-files.outputs.modified_files, 'lean-imt')
needs: [changed-files, compile]
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: all-artifacts-forge
path: packages/
- name: Run slither
uses: crytic/slither-action@v0.4.0
id: slither
with:
ignore-compile: true
fail-on: none
sarif: results.sarif
slither-args: --filter-paths "test" --exclude-dependencies --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
target: packages/${{ matrix.dir }}
- name: Upload SARIF files
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.slither.outputs.sarif }}
- name: Create/update checklist as PR comment
uses: actions/github-script@v7
if: github.even_name == 'pull_request'
env:
REPORT: ${{ steps.slither.stdout }}
with:
script: |
const script = require('.github/scripts/slither-comment')
const header = '# Slither report'
const body = process.env.REPORT
await script({ github, context, header, body })