-
Notifications
You must be signed in to change notification settings - Fork 16
216 lines (182 loc) · 7.33 KB
/
contracts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
name: Solidity
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
environment:
description: "Environment (network) for workflow execution, e.g. `sepolia`"
required: true
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"
jobs:
contracts-build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
- name: Install dependencies
run: yarn install
- name: Build contracts
run: yarn build
- name: Run tests
run: yarn test
- name: Run system tests
env:
FORKING_URL: ${{ secrets.MAINNET_ETH_HOSTNAME }}
run: yarn test:system
contracts-deployment-dry-run:
runs-on: ubuntu-latest
if: github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Deploy contracts
run: yarn deploy
contracts-deployment-testnet:
needs: [contracts-build-and-test]
if: github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
registry-url: "https://registry.npmjs.org"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Get upstream packages' versions
uses: keep-network/ci/actions/upstream-builds-query@v2
id: upstream-builds-query
with:
upstream-builds: ${{ github.event.inputs.upstream_builds }}
query: |
threshold-contracts-version = github.com/threshold-network/solidity-contracts#version
keep-core-contracts-version = github.com/keep-network/keep-core/solidity-v1#version
tbtc-contracts-version = github.com/keep-network/tbtc/solidity#version
- name: Resolve latest contracts
run: |
yarn upgrade \
@threshold-network/solidity-contracts@${{ steps.upstream-builds-query.outputs.threshold-contracts-version }} \
@keep-network/keep-core@${{ github.event.inputs.environment }} \
@keep-network/tbtc@${{ github.event.inputs.environment }}
- name: Deploy contracts
env:
# Using fake ternary expression to decide which credentials to use,
# depending on chosen environment. Note: if `GOERLI_ETH_HOSTNAME_HTTP`
# is empty, the expression will be evaluated to
# `SEPOLIA_ETH_HOSTNAME_HTTP`'s value.
CHAIN_API_URL: |
${{ inputs.github.event.inputs.environment == 'goerli'
&& secrets.GOERLI_ETH_HOSTNAME_HTTP
|| secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
ACCOUNTS_PRIVATE_KEYS: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
environment: ${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access=public --tag ${{ github.event.inputs.environment }} --network=${{ github.event.inputs.environment }}
- name: Notify CI about completion of the workflow
uses: keep-network/ci/actions/notify-workflow-completed@v2
env:
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
with:
module: "github.com/keep-network/coverage-pools"
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
environment: ${{ github.event.inputs.environment }}
upstream_builds: ${{ github.event.inputs.upstream_builds }}
upstream_ref: ${{ github.event.inputs.upstream_ref }}
version: ${{ steps.npm-version-bump.outputs.version }}
contracts-lint:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `coverage-pools` dependencies
# by default uses `git://` and we needed to manually remove it every time
# it re-appeares in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Lint
run: yarn lint
contracts-slither:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
- uses: actions/setup-python@v4
with:
python-version: 3.10.8
- name: Install Solidity
env:
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts
run: |
pip3 install solc-select
solc-select install $SOLC_VERSION
solc-select use $SOLC_VERSION
- name: Install Slither
env:
SLITHER_VERSION: 0.8.3
run: pip3 install slither-analyzer==$SLITHER_VERSION
- name: Install dependencies
run: yarn install
- name: Run Slither
run: slither .