Solidity #1827
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Solidity | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Environment for workflow execution" | |
| required: false | |
| default: "dev" | |
| upstream_builds: | |
| description: "Upstream builds" | |
| required: false | |
| upstream_ref: | |
| description: "Git reference to checkout (e.g. branch name)" | |
| required: false | |
| default: "main" | |
| jobs: | |
| contracts-build-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "14.x" | |
| cache: "yarn" | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Build contracts | |
| run: yarn build | |
| - name: Run tests | |
| run: yarn test | |
| - name: Run system tests | |
| env: | |
| FORKING_URL: ${{ secrets.MAINNET_ETH_HOSTNAME }} | |
| run: yarn test:system | |
| contracts-deployment-dry-run: | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'schedule' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "14.x" | |
| cache: "yarn" | |
| # This step forces Git to download dependencies using `https://` protocol, | |
| # even if `yarn.json` refers to some package via `git://`. Using `git://` | |
| # is no longer supported by GH. One of the `coverage-pools` dependencies | |
| # by default uses `git://` and we needed to manually remove it every time | |
| # it re-appeares in the lock file. Now even if it does re-appear, the | |
| # `yarn install --frozen-lockfile` will not fail. | |
| - name: Configure git to don't use unauthenticated protocol | |
| run: git config --global url."https://".insteadOf git:// | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Deploy contracts | |
| run: yarn deploy | |
| contracts-deployment-testnet: | |
| needs: [contracts-build-and-test] | |
| if: github.event_name == 'workflow_dispatch' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "14.x" | |
| cache: "yarn" | |
| registry-url: "https://registry.npmjs.org" | |
| # This step forces Git to download dependencies using `https://` protocol, | |
| # even if `yarn.json` refers to some package via `git://`. Using `git://` | |
| # is no longer supported by GH. One of the `coverage-pools` dependencies | |
| # by default uses `git://` and we needed to manually remove it every time | |
| # it re-appeares in the lock file. Now even if it does re-appear, the | |
| # `yarn install --frozen-lockfile` will not fail. | |
| - name: Configure git to don't use unauthenticated protocol | |
| run: git config --global url."https://".insteadOf git:// | |
| - name: Install dependencies | |
| run: yarn install --frozen-lockfile | |
| - name: Get upstream packages' versions | |
| uses: keep-network/ci/actions/upstream-builds-query@v1 | |
| id: upstream-builds-query | |
| with: | |
| upstream-builds: ${{ github.event.inputs.upstream_builds }} | |
| query: | | |
| keep-core-contracts-version = github.com/keep-network/keep-core/solidity-v1#version | |
| tbtc-contracts-version = github.com/keep-network/tbtc/solidity#version | |
| - name: Resolve latest contracts | |
| run: | | |
| yarn upgrade \ | |
| @keep-network/keep-core@${{ steps.upstream-builds-query.outputs.keep-core-contracts-version }} \ | |
| @keep-network/tbtc@${{ steps.upstream-builds-query.outputs.tbtc-contracts-version }} | |
| - name: Configure tenderly | |
| if: github.event.inputs.environment == 'ropsten' | |
| env: | |
| TENDERLY_TOKEN: ${{ secrets.TENDERLY_TOKEN }} | |
| run: ./config_tenderly.sh | |
| - name: Deploy contracts | |
| env: | |
| CHAIN_API_URL: ${{ secrets.KEEP_TEST_ETH_HOSTNAME_HTTP }} | |
| CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.KEEP_TEST_ETH_CONTRACT_OWNER_PRIVATE_KEY }} | |
| run: yarn deploy --network ${{ github.event.inputs.environment }} | |
| - name: Bump up package version | |
| id: npm-version-bump | |
| uses: keep-network/npm-version-bump@v2 | |
| with: | |
| environment: ${{ github.event.inputs.environment }} | |
| branch: ${{ github.ref }} | |
| commit: ${{ github.sha }} | |
| - name: Publish to npm | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| run: npm publish --access=public --network=${{ github.event.inputs.environment }} --tag ${{ github.event.inputs.environment }} | |
| - name: Notify CI about completion of the workflow | |
| uses: keep-network/ci/actions/notify-workflow-completed@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} | |
| with: | |
| module: "github.com/keep-network/coverage-pools" | |
| url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| environment: ${{ github.event.inputs.environment }} | |
| upstream_builds: ${{ github.event.inputs.upstream_builds }} | |
| upstream_ref: ${{ github.event.inputs.upstream_ref }} | |
| version: ${{ steps.npm-version-bump.outputs.version }} | |
| - name: Upload files needed for etherscan verification | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: Artifacts for etherscan verifcation | |
| path: | | |
| ./deployments | |
| ./package.json | |
| ./yarn.lock | |
| contracts-etherscan-verification: | |
| needs: [contracts-deployment-testnet] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Download files needed for etherscan verification | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: Artifacts for etherscan verifcation | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "14.x" | |
| cache: "yarn" | |
| # This step forces Git to download dependencies using `https://` protocol, | |
| # even if `yarn.json` refers to some package via `git://`. Using `git://` | |
| # is no longer supported by GH. One of the `coverage-pools` dependencies | |
| # by default uses `git://` and we needed to manually remove it every time | |
| # it re-appeares in the lock file. Now even if it does re-appear, the | |
| # `yarn install --frozen-lockfile` will not fail. | |
| - name: Configure git to don't use unauthenticated protocol | |
| run: git config --global url."https://".insteadOf git:// | |
| - name: Install needed dependencies | |
| run: yarn install --frozen-lockfile | |
| # If we don't remove the dependencies' contracts from `node-modules`, the | |
| # `etherscan-verify` plugins tries to verify them, which is not desired. | |
| - name: Prepare for verification on Etherscan | |
| run: | | |
| rm -rf ./node_modules/@keep-network/keep-core | |
| rm -rf ./node_modules/@keep-network/tbtc | |
| rm -rf ./node_modules/@threshold-network/solidity-contracts | |
| - name: Verify contracts on Etherscan | |
| env: | |
| ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} | |
| CHAIN_API_URL: ${{ secrets.KEEP_TEST_ETH_HOSTNAME_HTTP }} | |
| run: yarn run hardhat --network ${{ github.event.inputs.environment }} etherscan-verify --license MIT | |
| contracts-lint: | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event_name != 'workflow_dispatch' | |
| && github.event_name != 'schedule' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "14.x" | |
| cache: "yarn" | |
| # This step forces Git to download dependencies using `https://` protocol, | |
| # even if `yarn.json` refers to some package via `git://`. Using `git://` | |
| # is no longer supported by GH. One of the `coverage-pools` dependencies | |
| # by default uses `git://` and we needed to manually remove it every time | |
| # it re-appeares in the lock file. Now even if it does re-appear, the | |
| # `yarn install --frozen-lockfile` will not fail. | |
| - name: Configure git to don't use unauthenticated protocol | |
| run: git config --global url."https://".insteadOf git:// | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Lint | |
| run: yarn lint | |
| contracts-slither: | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.event_name != 'workflow_dispatch' | |
| && github.event_name != 'schedule' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "14.x" | |
| cache: "yarn" | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.10.8 | |
| - name: Install Solidity | |
| env: | |
| SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts | |
| run: | | |
| pip3 install solc-select | |
| solc-select install $SOLC_VERSION | |
| solc-select use $SOLC_VERSION | |
| - name: Install Slither | |
| env: | |
| SLITHER_VERSION: 0.8.3 | |
| run: pip3 install slither-analyzer==$SLITHER_VERSION | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Run Slither | |
| run: slither . |