Solidity #142
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Solidity | |
on: | |
schedule: | |
- cron: "0 0 * * *" | |
push: | |
branches: | |
- main | |
pull_request: | |
# We intend to use `workflow dispatch` in two different situations/paths: | |
# 1. If a workflow will be manually dspatched from branch named | |
# `dapp-development`, workflow will deploy the contracts on the selected | |
# testnet and publish them to NPM registry with `dapp-dev-<environment>` | |
# suffix and `dapp-development-<environment>` tag. Such packages are meant | |
# to be used locally by the team developing Threshold Token dApp and may | |
# contain contracts that have different values from the ones used on | |
# mainnet. | |
# 2. If a workflow will be manually dspatched from a branch which name is not | |
# `dapp-development`, the workflow will deploy the contracts on the | |
# selected testnet and publish them to NPM registry with `<environment>` | |
# suffix and tag. Such packages will be used later to deploy public | |
# Threshold Token dApp on a testnet, with contracts resembling those used | |
# on mainnet. | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: "Environment (network) for workflow execution, e.g. `sepolia`" | |
required: true | |
upstream_builds: | |
description: "Upstream builds" | |
required: false | |
upstream_ref: | |
description: "Git reference to checkout (e.g. branch name)" | |
required: false | |
default: "main" | |
jobs: | |
contracts-detect-changes: | |
runs-on: ubuntu-latest | |
outputs: | |
system-tests: ${{ steps.filter.outputs.system-tests }} | |
steps: | |
- uses: actions/checkout@v3 | |
if: github.event_name == 'pull_request' | |
- uses: dorny/paths-filter@v2 | |
if: github.event_name == 'pull_request' | |
id: filter | |
with: | |
filters: | | |
system-tests: | |
- './contracts/staking/**' | |
- './test/system/**' | |
contracts-build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install | |
- name: Build contracts | |
run: yarn build | |
- name: Run tests | |
if: github.ref != 'refs/heads/dapp-development' | |
run: yarn test | |
contracts-system-tests: | |
needs: contracts-detect-changes | |
if: | | |
needs.contracts-detect-changes.outputs.system-tests == 'true' | |
&& github.ref != 'refs/heads/dapp-development' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install | |
- name: Build contracts | |
run: yarn build | |
- name: Run system tests | |
env: | |
FORKING_URL: ${{ secrets.MAINNET_ETH_HOSTNAME_HTTP }} | |
run: yarn test:system | |
contracts-deployment-dry-run: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install | |
- name: Deploy contracts | |
run: yarn deploy | |
contracts-deployment-testnet: | |
needs: [contracts-build-and-test] | |
if: | | |
github.event_name == 'workflow_dispatch' | |
&& github.ref != 'refs/heads/dapp-development' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
registry-url: "https://registry.npmjs.org" | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Resolve latest contracts | |
run: yarn upgrade @keep-network/keep-core@${{ github.event.inputs.environment }} | |
- name: Configure tenderly | |
env: | |
TENDERLY_TOKEN: ${{ secrets.TENDERLY_TOKEN }} | |
run: ./config_tenderly.sh | |
- name: Deploy contracts | |
env: | |
# Using fake ternary expressions to decide which credentials to use, | |
# depending on chosen environment. Note: if `GOERLI_ETH_HOSTNAME_HTTP` | |
# is empty, the expression will be evaluated to | |
# `SEPOLIA_ETH_HOSTNAME_HTTP`'s value. | |
CHAIN_API_URL: | | |
${{ inputs.github.event.inputs.environment == 'goerli' | |
&& secrets.GOERLI_ETH_HOSTNAME_HTTP | |
|| secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }} | |
KEEP_CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }} | |
run: yarn deploy --network ${{ github.event.inputs.environment }} | |
- name: Bump up package version | |
id: npm-version-bump | |
uses: keep-network/npm-version-bump@v2 | |
with: | |
environment: ${{ github.event.inputs.environment }} | |
branch: ${{ github.ref }} | |
commit: ${{ github.sha }} | |
- name: Publish to npm | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
run: npm publish --access=public --network=${{ github.event.inputs.environment }} --tag ${{ github.event.inputs.environment }} | |
- name: Notify CI about completion of the workflow | |
uses: keep-network/ci/actions/notify-workflow-completed@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} | |
with: | |
module: "github.com/threshold-network/solidity-contracts" | |
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
environment: ${{ github.event.inputs.environment }} | |
upstream_builds: ${{ github.event.inputs.upstream_builds }} | |
upstream_ref: ${{ github.event.inputs.upstream_ref }} | |
version: ${{ steps.npm-version-bump.outputs.version }} | |
- name: Upload files needed for etherscan verification | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Artifacts for etherscan verifcation | |
path: | | |
./deployments | |
./package.json | |
./yarn.lock | |
contracts-etherscan-verification: | |
needs: [contracts-deployment-testnet] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Download files needed for etherscan verification | |
uses: actions/download-artifact@v3 | |
with: | |
name: Artifacts for etherscan verifcation | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
- name: Install needed dependencies | |
run: yarn install --frozen-lockfile | |
# If we don't remove the `keep-core` contracts from `node-modules`, the | |
# `etherscan-verify` plugins tries to verify them, which is not desired. | |
- name: Prepare for verification on Etherscan | |
run: | | |
rm -rf ./node_modules/@keep-network/keep-core | |
rm -rf ./external/npm | |
- name: Verify contracts on Etherscan | |
env: | |
ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} | |
# Using fake ternary expressions to decide which credentials to use, | |
# depending on chosen environment. Note: if `GOERLI_ETH_HOSTNAME_HTTP` | |
# is empty, the expression will be evaluated to | |
# `SEPOLIA_ETH_HOSTNAME_HTTP`'s value. | |
CHAIN_API_URL: | | |
${{ inputs.github.event.inputs.environment == 'goerli' | |
&& secrets.GOERLI_ETH_HOSTNAME_HTTP | |
|| secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
run: | | |
yarn run hardhat --network ${{ github.event.inputs.environment }} \ | |
etherscan-verify --license GPL-3.0 --force-license | |
# This job is responsible for publishing packages from `dapp-development` | |
# branch, which are slightly modified to help with the process of testing some | |
# features on the Threshold Token dApp. The job starts only if workflow gets | |
# triggered by the `workflow_dispatch` event on the branch `dapp-development`. | |
contracts-dapp-development-deployment-testnet: | |
needs: [contracts-build-and-test] | |
if: | | |
github.event_name == 'workflow_dispatch' | |
&& github.ref == 'refs/heads/dapp-development' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
registry-url: "https://registry.npmjs.org" | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: Resolve latest contracts | |
run: yarn upgrade @keep-network/keep-core@${{ github.event.inputs.environment }} | |
- name: Deploy contracts | |
env: | |
# Using fake ternary expressions to decide which credentials to use, | |
# depending on chosen environment. Note: if `GOERLI_ETH_HOSTNAME_HTTP` | |
# is empty, the expression will be evaluated to | |
# `SEPOLIA_ETH_HOSTNAME_HTTP`'s value. | |
CHAIN_API_URL: | | |
${{ inputs.github.event.inputs.environment == 'goerli' | |
&& secrets.GOERLI_ETH_HOSTNAME_HTTP | |
|| secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.DAPP_DEV_TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }} | |
KEEP_CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }} | |
run: yarn deploy --network ${{ github.event.inputs.environment }} | |
- name: Bump up package version | |
id: npm-version-bump | |
uses: keep-network/npm-version-bump@v2 | |
with: | |
environment: dapp-dev-${{ github.event.inputs.environment }} | |
branch: ${{ github.ref }} | |
commit: ${{ github.sha }} | |
- name: Publish to npm | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
run: | | |
npm publish --access=public \ | |
--network=${{ github.event.inputs.environment }} \ | |
--tag dapp-development-${{ github.event.inputs.environment }} | |
- name: Notify CI about completion of the workflow | |
uses: keep-network/ci/actions/notify-workflow-completed@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} | |
with: | |
module: "github.com/threshold-network/solidity-contracts" | |
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
environment: ${{ github.event.inputs.environment }} | |
upstream_builds: ${{ github.event.inputs.upstream_builds }} | |
upstream_ref: dapp-development | |
version: ${{ steps.npm-version-bump.outputs.version }} | |
contracts-slither: | |
runs-on: ubuntu-latest | |
if: | | |
github.event_name != 'workflow_dispatch' | |
&& github.event_name != 'schedule' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
# Using fixed version, because 18.16 was sometimes causing issues with | |
# artifacts generation during `hardhat compile` - see | |
# https://github.com/NomicFoundation/hardhat/issues/3877 | |
node-version: "18.15.0" | |
cache: "yarn" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3.10.8 | |
- name: Install Solidity | |
env: | |
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts | |
run: | | |
pip3 install solc-select | |
solc-select install $SOLC_VERSION | |
solc-select use $SOLC_VERSION | |
- name: Install Slither | |
env: | |
SLITHER_VERSION: 0.8.0 | |
run: pip3 install slither-analyzer==$SLITHER_VERSION | |
- name: Install dependencies | |
run: yarn install | |
- name: Run Slither | |
run: slither . |