Skip to content

isContractCallAllowedFromEOA add calldata and value #938

isContractCallAllowedFromEOA add calldata and value

isContractCallAllowedFromEOA add calldata and value #938

Workflow file for this run

name: CI
permissions:
issues: write
pull-requests: write
env:
FOUNDRY_PROFILE: ci
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches:
- main
pull_request:
branches: ["*", "**/*"]
jobs:
format:
name: Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Check formatting
run: forge fmt --check
build:
needs: format
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Build contracts
run: forge build --sizes
- name: Save forge compilation cache
uses: actions/cache/save@v3
with:
path: |
cache
out
key: forge-${{ github.ref_name }}
test-local:
needs: build
name: Test Local
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Run tests
run: forge test -vvv
env:
# make fuzzing semi-deterministic to avoid noisy gas cost estimation
# due to non-deterministic fuzzing (but still use pseudo-random fuzzing seeds)
FOUNDRY_FUZZ_SEED: 0x${{ github.event.pull_request.base.sha || github.sha }}
- name: Compare gas reports
uses: Rubilmax/[email protected]
with:
summaryQuantile: 0.9 # only display the 10% most significant gas diffs in the summary (defaults to 20%)
sortCriteria: avg,max # sort diff rows by criteria
sortOrders: desc,asc # and directions
ignore: test-foundry/**/* # filter out gas reports from specific paths (test/ is included by default)
id: gas_diff
- name: Add gas diff to sticky comment
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
uses: marocchino/sticky-pull-request-comment@v2
with:
# delete the comment in case changes no longer impact gas costs
delete: ${{ !steps.gas_diff.outputs.markdown }}
message: ${{ steps.gas_diff.outputs.markdown }}
test-fork:
needs: test-local
name: Test Fork
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Run fork tests
run: forge test
env:
FOUNDRY_FUZZ_RUNS: 100
FOUNDRY_PROFILE: fork
KINTO_RPC_URL: ${{ secrets.KINTO_RPC_URL }}
LEDGER_ADMIN: ${{ secrets.LEDGER_ADMIN }}
DEPLOYER_PUBLIC_KEY: ${{ secrets.DEPLOYER_PUBLIC_KEY }}
ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }}
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }}
coverage:
needs:
- test-local
- test-fork
#- test-unit
#- test-internal
#- test-integration
#- test-invariant
# if: inputs.coverageThreshold != ''
name: Coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Install LCOV
run: sudo apt-get install -y lcov
- name: Generate LCOV report
run: forge coverage --report lcov --allow-failure && mv lcov.info lcov-local.info && FOUNDRY_PROFILE=fork forge coverage --report lcov --allow-failure && mv lcov.info lcov-fork.info && lcov --add lcov-local.info --add lcov-fork.info -o lcov.info && rm lcov-local.info && rm lcov-fork.info && lcov --remove lcov.info -o lcov.info "test/*" "script/*" && genhtml lcov.info --branch-coverage --output-dir coverage
env:
FOUNDRY_FUZZ_RUNS: 100
KINTO_RPC_URL: ${{ secrets.KINTO_RPC_URL }}
LEDGER_ADMIN: ${{ secrets.LEDGER_ADMIN }}
DEPLOYER_PUBLIC_KEY: ${{ secrets.DEPLOYER_PUBLIC_KEY }}
ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }}
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }}
- name: Upload report to Codecov
uses: codecov/codecov-action@v4
with:
directory: .
fail_ci_if_error: true
verbose: true
token: ${{ secrets.CODECOV_TOKEN }}
# - name: Check coverage threshold
# uses: terencetcf/github-actions-lcov-minimum-coverage-checker@v1
# with:
# coverage-file: lcov.info
# minimum-coverage: 90
slither:
needs:
- test-local
- test-fork
name: Slither
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Run Slither
uses: crytic/[email protected]
id: slither
continue-on-error: true
with:
fail-on: none
slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
- name: Slither PR Comment
uses: actions/github-script@v7
if: github.event_name == 'pull_request'
env:
REPORT: ${{ steps.slither.outputs.stdout }}
with:
script: |
const script = require('.github/scripts/comment')
const header = '# Slither report'
const body = process.env.REPORT
await script({ github, context, header, body })
certora:
needs:
- test-local
- test-fork
name: Certora
runs-on: ubuntu-latest
# Run Certora only on main
# if: github.ref == 'refs/heads/main'
strategy:
fail-fast: false
max-parallel: 16
matrix:
contract:
- KintoID_SanctionsTraits.conf
- KintoID_Monitor1.conf
- KintoID_Monitor2.conf
- KintoWallet.conf
- KintoWalletFactory.conf
- SponsorPaymaster.conf
- SponsorPaymaster_additional.conf
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/install
- name: Run verification
uses: ./.github/actions/certora-verifier
with:
contractFile: ${{ matrix.contract }}
certoraKey: ${{ secrets.CERTORAKEY }}