feat: OZ ZKChain: Governance Audit Fixes Combines (#1044) #4599
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: L1 contracts CI | |
on: | |
pull_request: | |
# We need this permissions for this CI to work with external contributions | |
permissions: | |
contents: read | |
pull-requests: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Install l2 deps | |
working-directory: ./l2-contracts | |
run: yarn | |
- name: Install l1 deps | |
working-directory: ./l1-contracts | |
run: yarn | |
- name: Build l2 artifacts | |
run: yarn l2 build | |
- name: Build l1 artifacts | |
run: yarn l1 build | |
- name: Create cache | |
uses: actions/cache/save@v3 | |
with: | |
key: artifacts-l1-${{ github.sha }} | |
path: | | |
l1-contracts/artifacts | |
l1-contracts/artifacts-zk | |
l1-contracts/cache | |
l1-contracts/typechain | |
l2-contracts/artifacts-zk | |
l2-contracts/cache-zk | |
l2-contracts/typechain | |
l1-contracts/lib | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Lint | |
run: yarn lint:check | |
test-foundry: | |
needs: [build, lint] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Restore artifacts cache | |
uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
key: artifacts-l1-${{ github.sha }} | |
path: | | |
l1-contracts/artifacts | |
l1-contracts/artifacts-zk | |
l1-contracts/cache | |
l1-contracts/typechain | |
l2-contracts/artifacts-zk | |
l2-contracts/cache-zk | |
l2-contracts/typechain | |
l1-contracts/lib | |
- name: Run tests | |
working-directory: ./l1-contracts | |
run: FOUNDRY_PROFILE=default yarn test:foundry | |
test-foundry-zksync: | |
needs: [build, lint] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Build system contract artifacts | |
run: yarn sc build | |
- name: Restore artifacts cache | |
uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
key: artifacts-l1-${{ github.sha }} | |
path: | | |
l1-contracts/artifacts | |
l1-contracts/artifacts-zk | |
l1-contracts/cache | |
l1-contracts/typechain | |
l2-contracts/artifacts-zk | |
l2-contracts/cache-zk | |
l2-contracts/typechain | |
l1-contracts/lib | |
- name: Install foundry zksync | |
run: | | |
wget https://github.com/matter-labs/foundry-zksync/releases/download/nightly-f908ce43834bc1ffb4de6576ea5600eaab49dddb/foundry_nightly_linux_amd64.tar.gz -O foundry-zksync.tar.gz | |
tar -xzf foundry-zksync.tar.gz | |
sudo mv forge /usr/local/bin/forge | |
sudo mv cast /usr/local/bin/cast | |
sudo chmod +x /usr/local/bin/forge | |
sudo chmod +x /usr/local/bin/cast | |
forge --version | |
- name: Run tests | |
working-directory: ./l1-contracts | |
run: FOUNDRY_PROFILE=default yarn test:zkfoundry | |
test-hardhat: | |
needs: [build, lint] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Install l1 deps | |
working-directory: ./l1-contracts | |
run: yarn | |
- name: Restore artifacts cache | |
uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
key: artifacts-l1-${{ github.sha }} | |
path: | | |
l1-contracts/artifacts | |
l1-contracts/artifacts-zk | |
l1-contracts/cache | |
l1-contracts/typechain | |
l2-contracts/artifacts-zk | |
l2-contracts/cache-zk | |
l2-contracts/typechain | |
l1-contracts/lib | |
- name: Build L2 contracts | |
run: yarn l2 build | |
- name: Run tests | |
run: yarn l1 test --no-compile | |
check-verifier-generator-l1: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
toolchain: 1.72.0 | |
- name: Generate Verifier.sol | |
working-directory: tools | |
run: cargo run | |
- name: Compare | |
run: diff tools/data/Verifier.sol l1-contracts/contracts/state-transition/Verifier.sol | |
coverage: | |
defaults: | |
run: | |
working-directory: l1-contracts | |
needs: [build, lint] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Restore artifacts cache | |
uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
key: artifacts-l1-${{ github.sha }} | |
path: | | |
l1-contracts/artifacts | |
l1-contracts/artifacts-zk | |
l1-contracts/cache | |
l1-contracts/typechain | |
l2-contracts/artifacts-zk | |
l2-contracts/cache-zk | |
l2-contracts/typechain | |
l1-contracts/lib | |
- name: Run coverage | |
run: FOUNDRY_PROFILE=default yarn test:foundry && FOUNDRY_PROFILE=default yarn coverage:foundry --report summary --report lcov | |
# To ignore coverage for certain directories modify the paths in this step as needed. The | |
# below default ignores coverage results for the test and script directories. Alternatively, | |
# to include coverage in all directories, comment out this step. Note that because this | |
# filtering applies to the lcov file, the summary table generated in the previous step will | |
# still include all files and directories. | |
# The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov | |
# defaults to removing branch info. | |
- name: Filter directories | |
run: | | |
sudo apt update && sudo apt install -y lcov | |
lcov --remove lcov.info 'test/*' 'contracts/bridge/asset-router/L1AssetRouter.sol' 'contracts/dev-contracts/*' '../lib/forge-std/*' '../lib/murky/*' 'lib/*' '../lib/*' 'lib/' --ignore-errors unused --output-file lcov.info --rc lcov_branch_coverage=1 | |
# This step posts a detailed coverage report as a comment and deletes previous comments on | |
# each push. The below step is used to fail coverage if the specified coverage threshold is | |
# not met. The below step can post a comment (when it's `github-token` is specified) but it's | |
# not as useful, and this action cannot fail CI based on a minimum coverage threshold, which | |
# is why we use both in this way. | |
- name: Post coverage report | |
if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request. | |
uses: romeovs/[email protected] | |
with: | |
delete-old-comments: true | |
lcov-file: ./l1-contracts/lcov.info | |
github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR. | |
- name: Verify minimum coverage | |
uses: zgosalvez/github-actions-report-lcov@v2 | |
with: | |
coverage-files: ./l1-contracts/lcov.info | |
working-directory: l1-contracts | |
minimum-coverage: 85 # Set coverage threshold. | |
gas-report: | |
needs: [build, lint] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.18.0 | |
cache: yarn | |
- name: Install dependencies | |
run: yarn | |
- name: Restore artifacts cache | |
uses: actions/cache/restore@v3 | |
with: | |
fail-on-cache-miss: true | |
key: artifacts-l1-${{ github.sha }} | |
path: | | |
l1-contracts/artifacts | |
l1-contracts/cache | |
l1-contracts/typechain | |
# Add any step generating a gas report to a temporary file named gasreport.ansi. For example: | |
- name: Run tests | |
run: yarn l1 test:foundry --gas-report | tee gasreport.ansi # <- this file name should be unique in your repository! | |
- name: Compare gas reports | |
uses: Rubilmax/[email protected] | |
with: | |
summaryQuantile: 0.0 # only display the 10% most significant gas diffs in the summary (defaults to 20%) | |
sortCriteria: avg,max # sort diff rows by criteria | |
sortOrders: desc,asc # and directions | |
ignore: test-foundry/**/*,l1-contracts/contracts/dev-contracts/**/*,l1-contracts/lib/**/*,l1-contracts/contracts/common/Dependencies.sol | |
id: gas_diff | |
- name: Add gas diff to sticky comment | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
# delete the comment in case changes no longer impact gas costs | |
delete: ${{ !steps.gas_diff.outputs.markdown }} | |
message: ${{ steps.gas_diff.outputs.markdown }} |