AA-466 // Prevent initcode front-running #991
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Unified CI Workflow | |
on: pull_request | |
permissions: write-all | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
cache-key: ${{ steps.cache-keys.outputs.cache-key }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.6 | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22' # Specify the Node.js version you want to use | |
- name: Get cache key | |
id: cache-keys | |
run: echo "::set-output name=cache-key::$(echo ${{ runner.os }}-node-$(cat yarn.lock | sha256sum | cut -d' ' -f1))" | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ steps.cache-keys.outputs.cache-key }} | |
- name: Install dependencies | |
run: yarn cache clean && yarn install | |
lint: | |
name: Lint sources | |
runs-on: ubuntu-latest | |
needs: setup | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.6 | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1.2.0 | |
with: | |
version: nightly | |
cache: true | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
cache: true | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
- name: Lint sources | |
run: yarn lint:sol | |
unit_test: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
needs: setup | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4.1.6 | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1.2.0 | |
with: | |
version: nightly | |
cache: true | |
- name: Install foundry dependencies | |
run: forge install | |
- name: Build Typechain and Foundry | |
run: yarn build | |
- name: Run Forge and Hardhat Tests | |
run: yarn test | |
env: | |
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} | |
BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }} | |
coverage: | |
needs: setup | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.6 | |
- name: Cache node modules | |
uses: actions/cache@v4 | |
with: | |
path: | | |
**/node_modules | |
key: ${{ needs.setup.outputs.cache-key }} | |
- name: Install lcov (for genhtml) | |
run: sudo apt-get update && sudo apt-get install -y lcov | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1.2.0 | |
with: | |
version: nightly | |
cache: true | |
- name: Generate Hardhat & Foundry Coverage Report | |
run: yarn coverage:report | |
env: | |
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }} | |
BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }} | |
- name: Upload Foundry Coverage Report to Codecov | |
uses: codecov/codecov-action@v4.4.1 | |
with: | |
directory: coverage/foundry | |
file: coverage/foundry/forge-pruned-lcov.info | |
flags: foundry | |
fail_ci_if_error: true | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
- name: Upload Hardhat Coverage Report to Codecov | |
uses: codecov/codecov-action@v4.4.1 | |
with: | |
directory: coverage | |
file: lcov.info | |
flags: hardhat | |
fail_ci_if_error: true | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
analyze: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '22' # Specify the Node.js version you want to use | |
- name: Run Slither | |
uses: crytic/slither-action@v0.4.0 | |
id: slither | |
with: | |
slither-version: "0.10.1" | |
node-version: "22" | |
fail-on: "none" | |
slither-args: '--solc-args="--evm-version cancun" --exclude "assembly|solc-version|low-level-calls|naming-convention|controlled-delegatecall|write-after-write|divide-before-multiply|incorrect-shift" --exclude-informational --exclude-low --filter-paths "contracts/mock|node_modules" --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/contracts/' | |
- name: Check if Slither report is empty | |
id: check_report | |
run: | | |
if [ -z "${{ steps.slither.outputs.stdout }}" ]; then | |
echo "report_empty=true" >> $GITHUB_ENV | |
else | |
echo "report_empty=false" >> $GITHUB_ENV | |
fi | |
- name: Create/update checklist as PR comment | |
if: env.report_empty == 'false' | |
uses: actions/github-script@v7.0.1 | |
env: | |
REPORT: ${{ steps.slither.outputs.stdout }} | |
with: | |
script: | | |
const script = require('.github/scripts/comment') | |
const header = '# Slither report' | |
const body = process.env.REPORT.trim() | |
if (!body) { | |
console.log("Slither report is empty. No comment will be posted."); | |
return; | |
} | |
await script({ github, context, header, body }) |