Merge branch 'main' into implement-glacis-LF-11761

lifinance · Feb 19, 2025 · a3af8ce · a3af8ce
2 parents c41a0da + f1b3f53
commit a3af8ce
Show file tree

Hide file tree

Showing 76 changed files with 4,821 additions and 3,520 deletions.
diff --git a/.env.example b/.env.example
@@ -7,6 +7,7 @@ ETH_NODE_URI_ARBITRUM=https://1rpc.io/arb #[pre-commit-checker: not a secret]
 ETH_NODE_URI_AURORA=https://1rpc.io/aurora #[pre-commit-checker: not a secret]
 ETH_NODE_URI_AVALANCHE=https://1rpc.io/avax/c #[pre-commit-checker: not a secret]
 ETH_NODE_URI_BASE=https://mainnet.base.org #[pre-commit-checker: not a secret]
+ETH_NODE_URI_BERACHAIN=https://rpc.berachain.com #[pre-commit-checker: not a secret]
 ETH_NODE_URI_BLAST=https://rpc.blast.io #[pre-commit-checker: not a secret]
 ETH_NODE_URI_BOBA=https://mainnet.boba.network #[pre-commit-checker: not a secret]
 ETH_NODE_URI_BSC=https://1rpc.io/bnb #[pre-commit-checker: not a secret]
@@ -31,7 +32,9 @@ ETH_NODE_URI_POLYGONZKEVM=https://zkevm-rpc.com #[pre-commit-checker: not a secr
 ETH_NODE_URI_ROOTSTOCK=https://rootstock.drpc.org #[pre-commit-checker: not a secret]
 ETH_NODE_URI_SEI=https://evm-rpc.sei-apis.com #[pre-commit-checker: not a secret]
 ETH_NODE_URI_SCROLL=https://1rpc.io/scroll #[pre-commit-checker: not a secret]
+ETH_NODE_URI_SONEIUM=https://rpc.soneium.org #[pre-commit-checker: not a secret]
 ETH_NODE_URI_TAIKO=https://rpc.taiko.tools #[pre-commit-checker: not a secret]
+ETH_NODE_URI_UNICHAIN=https://mainnet.unichain.org #[pre-commit-checker: not a secret]
 ETH_NODE_URI_WORLDCHAIN=https://worldchain-mainnet.g.alchemy.com/public #[pre-commit-checker: not a secret]
 ETH_NODE_URI_XLAYER=https://rpc.xlayer.tech #[pre-commit-checker: not a secret]
 ETH_NODE_URI_ZKSYNC=https://zksync2-mainnet.zksync #[pre-commit-checker: not a secret]
@@ -60,6 +63,7 @@ MODE_ETHERSCAN_API_KEY=
 OPBNB_ETHERSCAN_API_KEY=
 ROOTSTOCK_ETHERSCAN_API_KEY=
 SEI_ETHERSCAN_API_KEY=
+UNICHAIN_ETHERSCAN_API_KEY=
 XLAYER_ETHERSCAN_API_KEY=
 ZKSYNC_ETHERSCAN_API_KEY=
 

diff --git a/.github/workflows/diamondEmergencyPause.yml b/.github/workflows/diamondEmergencyPause.yml
@@ -55,6 +55,7 @@ jobs:
           ETH_NODE_URI_AURORA: ${{ secrets.ETH_NODE_URI_AURORA }}
           ETH_NODE_URI_AVALANCHE: ${{ secrets.ETH_NODE_URI_AVALANCHE }}
           ETH_NODE_URI_BASE: ${{ secrets.ETH_NODE_URI_BASE }}
+          ETH_NODE_URI_BERACHAIN: ${{ secrets.ETH_NODE_URI_BERACHAIN }}
           ETH_NODE_URI_BLAST: ${{ secrets.ETH_NODE_URI_BLAST }}
           ETH_NODE_URI_BOBA: ${{ secrets.ETH_NODE_URI_BOBA }}
           ETH_NODE_URI_BSC: ${{ secrets.ETH_NODE_URI_BSC }}
@@ -80,8 +81,10 @@ jobs:
           ETH_NODE_URI_ROOTSTOCK: ${{ secrets.ETH_NODE_URI_ROOTSTOCK }}
           ETH_NODE_URI_SCROLL: ${{ secrets.ETH_NODE_URI_SCROLL }}
           ETH_NODE_URI_SEI: ${{ secrets.ETH_NODE_URI_SEI }}
+          ETH_NODE_URI_SONEIUM: ${{ secrets.ETH_NODE_URI_SONEIUM }}
           ETH_NODE_URI_SONIC: ${{ secrets.ETH_NODE_URI_SONIC }}
           ETH_NODE_URI_TAIKO: ${{ secrets.ETH_NODE_URI_TAIKO }}
+          ETH_NODE_URI_UNICHAIN: ${{ secrets.ETH_NODE_URI_UNICHAIN }}
           ETH_NODE_URI_WORLDCHAIN: ${{ secrets.ETH_NODE_URI_WORLDCHAIN }}
           ETH_NODE_URI_XLAYER: ${{ secrets.ETH_NODE_URI_XLAYER }}
           ETH_NODE_URI_ZKSYNC: ${{ secrets.ETH_NODE_URI_ZKSYNC }}

diff --git a/.github/workflows/enforceTestCoverage.yml b/.github/workflows/enforceTestCoverage.yml
@@ -29,22 +29,40 @@ jobs:
       MIN_TEST_COVERAGE: ${{ secrets.MIN_TEST_COVERAGE }}
     steps:
       - uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+
+      - name: Check for Solidity file changes
+        id: check_files
+        run: |
+          git fetch origin ${{ github.base_ref }} --depth=1
+          CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -E '^src/.*\.sol|^test/.*\.sol' || true)
+          if [[ -n "$CHANGED_FILES" ]]; then
+            echo "solidity_changed=true" >> "$GITHUB_ENV"
+          else
+            echo "solidity_changed=false" >> "$GITHUB_ENV"
+          fi
 
       - name: Set up Node.js
         uses: actions/[email protected]
         with:
           node-version: '20'
+        if: env.solidity_changed == 'true'
 
       - name: Install dev dependencies
         run: yarn install
+        if: env.solidity_changed == 'true'
 
       - name: Install Foundry
         uses: foundry-rs/[email protected]
+        if: env.solidity_changed == 'true'
 
       - name: Install Dependencies
         run: forge install
+        if: env.solidity_changed == 'true'
 
       - name: Generate Coverage Report
+        if: env.solidity_changed == 'true'
         run: |
           forge coverage --report lcov --force --evm-version 'shanghai' --ir-minimum
 
@@ -55,6 +73,7 @@ jobs:
           echo "Coverage report successfully filtered"
 
       - name: Generate Coverage Summary
+        if: env.solidity_changed == 'true'
         run: |
 
 
@@ -133,6 +152,7 @@ jobs:
           } >> "$GITHUB_ENV"
 
       - name: Comment with Coverage Summary in PR
+        if: env.solidity_changed == 'true'
         uses: mshick/[email protected]
         with:
           repo-token: ${{ secrets.GIT_ACTIONS_BOT_PAT_CLASSIC }}
@@ -142,3 +162,8 @@ jobs:
             ${{ env.FUNCTION_COVERAGE_REPORT }}
             ${{ env.BRANCH_COVERAGE_REPORT }}
             ${{ env.RESULT_COVERAGE_REPORT }}
+
+
+      - name: Skip Tests (No Solidity Changes)
+        if: env.solidity_changed == 'false'
+        run: echo "No Solidity files changed. Skipping test coverage check."
diff --git a/.github/workflows/olympixStaticAnalysis.yml b/.github/workflows/olympixStaticAnalysis.yml
@@ -0,0 +1,55 @@
+name: Olympix Static Analysis
+
+# - runs the olympix static analyzer on newly added or modified solidity contracts inside the src/ folder in a pull request
+# - detects potential security vulnerabilities and uploads the results to github code scanning
+# - only scans diff (added, renamed, modified) solidity files in src/ instead of the whole repository
+# - ensures security issues are identified before merging, allowing the team to review and discuss findings within the PR
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+    paths:
+      - 'src/**/*.sol'
+
+jobs:
+  static-analysis:
+    name: Static Analysis Security Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Get added, renamed, modified Solidity Files
+        id: changed-files
+        uses: tj-actions/changed-files@v45
+        with:
+          files: |
+            src/**/*.sol
+
+      - name: Convert Changed Files to Args
+        if: steps.changed-files.outputs.any_changed == 'true'
+        id: format-args
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
+        run: |
+          args=$(echo $ALL_CHANGED_FILES | xargs -n 1 -I {} printf -- "-p %s " "{}")
+          echo "ARGS=$args" >> $GITHUB_ENV
+
+      - name: Run Olympix Integrated Security
+        if: steps.changed-files.outputs.any_changed == 'true'
+        uses: olympix/integrated-security@main
+        env:
+          OLYMPIX_API_TOKEN: ${{ secrets.OLYMPIX_API_TOKEN }}
+        with:
+          args: --output-format sarif --output-path ./ ${{ env.ARGS }}
+
+      - name: Upload Result to GitHub Code Scanning
+        if: steps.changed-files.outputs.any_changed == 'true'
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: olympix.sarif