Faucet kintoid (#293) #941
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
permissions: | |
issues: write | |
pull-requests: write | |
env: | |
FOUNDRY_PROFILE: ci | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: ["*", "**/*"] | |
jobs: | |
format: | |
name: Format | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Check formatting | |
run: forge fmt --check | |
build: | |
needs: format | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Build contracts | |
run: forge build --sizes | |
- name: Save forge compilation cache | |
uses: actions/cache/save@v3 | |
with: | |
path: | | |
cache | |
out | |
key: forge-${{ github.ref_name }} | |
test-local: | |
needs: build | |
name: Test Local | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Run tests | |
run: forge test -vvv | |
env: | |
# make fuzzing semi-deterministic to avoid noisy gas cost estimation | |
# due to non-deterministic fuzzing (but still use pseudo-random fuzzing seeds) | |
FOUNDRY_FUZZ_SEED: 0x${{ github.event.pull_request.base.sha || github.sha }} | |
- name: Compare gas reports | |
uses: Rubilmax/[email protected] | |
with: | |
summaryQuantile: 0.9 # only display the 10% most significant gas diffs in the summary (defaults to 20%) | |
sortCriteria: avg,max # sort diff rows by criteria | |
sortOrders: desc,asc # and directions | |
ignore: test-foundry/**/* # filter out gas reports from specific paths (test/ is included by default) | |
id: gas_diff | |
- name: Add gas diff to sticky comment | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
# delete the comment in case changes no longer impact gas costs | |
delete: ${{ !steps.gas_diff.outputs.markdown }} | |
message: ${{ steps.gas_diff.outputs.markdown }} | |
test-fork: | |
needs: test-local | |
name: Test Fork | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Run fork tests | |
run: forge test | |
env: | |
FOUNDRY_FUZZ_RUNS: 100 | |
FOUNDRY_PROFILE: fork | |
KINTO_RPC_URL: ${{ secrets.KINTO_RPC_URL }} | |
LEDGER_ADMIN: ${{ secrets.LEDGER_ADMIN }} | |
DEPLOYER_PUBLIC_KEY: ${{ secrets.DEPLOYER_PUBLIC_KEY }} | |
ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }} | |
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} | |
coverage: | |
needs: | |
- test-local | |
- test-fork | |
#- test-unit | |
#- test-internal | |
#- test-integration | |
#- test-invariant | |
# if: inputs.coverageThreshold != '' | |
name: Coverage | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Install LCOV | |
run: sudo apt-get install -y lcov | |
- name: Generate LCOV report | |
run: forge coverage --report lcov --allow-failure && mv lcov.info lcov-local.info && FOUNDRY_PROFILE=fork forge coverage --report lcov --allow-failure && mv lcov.info lcov-fork.info && lcov --add lcov-local.info --add lcov-fork.info -o lcov.info && rm lcov-local.info && rm lcov-fork.info && lcov --remove lcov.info -o lcov.info "test/*" "script/*" && genhtml lcov.info --branch-coverage --output-dir coverage | |
env: | |
FOUNDRY_FUZZ_RUNS: 100 | |
KINTO_RPC_URL: ${{ secrets.KINTO_RPC_URL }} | |
LEDGER_ADMIN: ${{ secrets.LEDGER_ADMIN }} | |
DEPLOYER_PUBLIC_KEY: ${{ secrets.DEPLOYER_PUBLIC_KEY }} | |
ETHEREUM_RPC_URL: ${{ secrets.ETHEREUM_RPC_URL }} | |
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} | |
- name: Upload report to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
directory: . | |
fail_ci_if_error: true | |
verbose: true | |
token: ${{ secrets.CODECOV_TOKEN }} | |
# - name: Check coverage threshold | |
# uses: terencetcf/github-actions-lcov-minimum-coverage-checker@v1 | |
# with: | |
# coverage-file: lcov.info | |
# minimum-coverage: 90 | |
slither: | |
needs: | |
- test-local | |
- test-fork | |
name: Slither | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Run Slither | |
uses: crytic/[email protected] | |
id: slither | |
continue-on-error: true | |
with: | |
fail-on: none | |
slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/ | |
- name: Slither PR Comment | |
uses: actions/github-script@v7 | |
if: github.event_name == 'pull_request' | |
env: | |
REPORT: ${{ steps.slither.outputs.stdout }} | |
with: | |
script: | | |
const script = require('.github/scripts/comment') | |
const header = '# Slither report' | |
const body = process.env.REPORT | |
await script({ github, context, header, body }) | |
certora: | |
needs: | |
- test-local | |
- test-fork | |
name: Certora | |
runs-on: ubuntu-latest | |
# Run Certora only on main | |
# if: github.ref == 'refs/heads/main' | |
strategy: | |
fail-fast: false | |
max-parallel: 16 | |
matrix: | |
contract: | |
- KintoID_SanctionsTraits.conf | |
- KintoID_Monitor1.conf | |
- KintoID_Monitor2.conf | |
- KintoWallet.conf | |
- KintoWalletFactory.conf | |
- SponsorPaymaster.conf | |
- SponsorPaymaster_additional.conf | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/install | |
- name: Run verification | |
uses: ./.github/actions/certora-verifier | |
with: | |
contractFile: ${{ matrix.contract }} | |
certoraKey: ${{ secrets.CERTORAKEY }} |