Skip to content

Solidity

Solidity #1841

Workflow file for this run

name: Solidity
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
environment:
description: "Environment for workflow execution"
required: false
default: "dev"
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"
jobs:
contracts-build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: "14.x"
cache: "yarn"
- name: Install dependencies
run: yarn install
- name: Build contracts
run: yarn build
- name: Run tests
run: yarn test
- name: Run system tests
env:
FORKING_URL: ${{ secrets.MAINNET_ETH_HOSTNAME }}
run: yarn test:system
contracts-deployment-dry-run:
runs-on: ubuntu-latest
if: github.event_name != 'schedule'
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Deploy contracts
run: yarn deploy
contracts-deployment-testnet:
needs: [contracts-build-and-test]
if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: "14.x"
cache: "yarn"
registry-url: "https://registry.npmjs.org"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Get upstream packages' versions
uses: keep-network/ci/actions/upstream-builds-query@v1
id: upstream-builds-query
with:
upstream-builds: ${{ github.event.inputs.upstream_builds }}
query: |
keep-core-contracts-version = github.com/keep-network/keep-core/solidity-v1#version
tbtc-contracts-version = github.com/keep-network/tbtc/solidity#version
- name: Resolve latest contracts
run: |
yarn upgrade \
@keep-network/keep-core@${{ steps.upstream-builds-query.outputs.keep-core-contracts-version }} \
@keep-network/tbtc@${{ steps.upstream-builds-query.outputs.tbtc-contracts-version }}
- name: Configure tenderly
if: github.event.inputs.environment == 'ropsten'
env:
TENDERLY_TOKEN: ${{ secrets.TENDERLY_TOKEN }}
run: ./config_tenderly.sh
- name: Deploy contracts
env:
CHAIN_API_URL: ${{ secrets.KEEP_TEST_ETH_HOSTNAME_HTTP }}
CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.KEEP_TEST_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
environment: ${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access=public --network=${{ github.event.inputs.environment }} --tag ${{ github.event.inputs.environment }}
- name: Notify CI about completion of the workflow
uses: keep-network/ci/actions/notify-workflow-completed@v1
env:
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
with:
module: "github.com/keep-network/coverage-pools"
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
environment: ${{ github.event.inputs.environment }}
upstream_builds: ${{ github.event.inputs.upstream_builds }}
upstream_ref: ${{ github.event.inputs.upstream_ref }}
version: ${{ steps.npm-version-bump.outputs.version }}
- name: Upload files needed for etherscan verification
uses: actions/upload-artifact@v2
with:
name: Artifacts for etherscan verifcation
path: |
./deployments
./package.json
./yarn.lock
contracts-etherscan-verification:
needs: [contracts-deployment-testnet]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Download files needed for etherscan verification
uses: actions/download-artifact@v2
with:
name: Artifacts for etherscan verifcation
- uses: actions/setup-node@v2
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install needed dependencies
run: yarn install --frozen-lockfile
# If we don't remove the dependencies' contracts from `node-modules`, the
# `etherscan-verify` plugins tries to verify them, which is not desired.
- name: Prepare for verification on Etherscan
run: |
rm -rf ./node_modules/@keep-network/keep-core
rm -rf ./node_modules/@keep-network/tbtc
rm -rf ./node_modules/@threshold-network/solidity-contracts
- name: Verify contracts on Etherscan
env:
ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
CHAIN_API_URL: ${{ secrets.KEEP_TEST_ETH_HOSTNAME_HTTP }}
run: yarn run hardhat --network ${{ github.event.inputs.environment }} etherscan-verify --license MIT
contracts-lint:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Lint
run: yarn lint
contracts-slither:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v2
with:
node-version: "14.x"
cache: "yarn"
- uses: actions/setup-python@v2
with:
python-version: 3.10.8
- name: Install Solidity
env:
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts
run: |
pip3 install solc-select
solc-select install $SOLC_VERSION
solc-select use $SOLC_VERSION
- name: Install Slither
env:
SLITHER_VERSION: 0.8.3
run: pip3 install slither-analyzer==$SLITHER_VERSION
- name: Install dependencies
run: yarn install
- name: Run Slither
run: slither .