Skip to content

feat: OZ ZKChain: Governance Audit Fixes Combines (#1044) #4599

feat: OZ ZKChain: Governance Audit Fixes Combines (#1044)

feat: OZ ZKChain: Governance Audit Fixes Combines (#1044) #4599

name: L1 contracts CI
on:
pull_request:
# We need this permissions for this CI to work with external contributions
permissions:
contents: read
pull-requests: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Install l2 deps
working-directory: ./l2-contracts
run: yarn
- name: Install l1 deps
working-directory: ./l1-contracts
run: yarn
- name: Build l2 artifacts
run: yarn l2 build
- name: Build l1 artifacts
run: yarn l1 build
- name: Create cache
uses: actions/cache/save@v3
with:
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/artifacts-zk
l1-contracts/cache
l1-contracts/typechain
l2-contracts/artifacts-zk
l2-contracts/cache-zk
l2-contracts/typechain
l1-contracts/lib
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Lint
run: yarn lint:check
test-foundry:
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Use Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/artifacts-zk
l1-contracts/cache
l1-contracts/typechain
l2-contracts/artifacts-zk
l2-contracts/cache-zk
l2-contracts/typechain
l1-contracts/lib
- name: Run tests
working-directory: ./l1-contracts
run: FOUNDRY_PROFILE=default yarn test:foundry
test-foundry-zksync:
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Build system contract artifacts
run: yarn sc build
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/artifacts-zk
l1-contracts/cache
l1-contracts/typechain
l2-contracts/artifacts-zk
l2-contracts/cache-zk
l2-contracts/typechain
l1-contracts/lib
- name: Install foundry zksync
run: |
wget https://github.com/matter-labs/foundry-zksync/releases/download/nightly-f908ce43834bc1ffb4de6576ea5600eaab49dddb/foundry_nightly_linux_amd64.tar.gz -O foundry-zksync.tar.gz
tar -xzf foundry-zksync.tar.gz
sudo mv forge /usr/local/bin/forge
sudo mv cast /usr/local/bin/cast
sudo chmod +x /usr/local/bin/forge
sudo chmod +x /usr/local/bin/cast
forge --version
- name: Run tests
working-directory: ./l1-contracts
run: FOUNDRY_PROFILE=default yarn test:zkfoundry
test-hardhat:
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Install l1 deps
working-directory: ./l1-contracts
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/artifacts-zk
l1-contracts/cache
l1-contracts/typechain
l2-contracts/artifacts-zk
l2-contracts/cache-zk
l2-contracts/typechain
l1-contracts/lib
- name: Build L2 contracts
run: yarn l2 build
- name: Run tests
run: yarn l1 test --no-compile
check-verifier-generator-l1:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: 1.72.0
- name: Generate Verifier.sol
working-directory: tools
run: cargo run
- name: Compare
run: diff tools/data/Verifier.sol l1-contracts/contracts/state-transition/Verifier.sol
coverage:
defaults:
run:
working-directory: l1-contracts
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Use Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/artifacts-zk
l1-contracts/cache
l1-contracts/typechain
l2-contracts/artifacts-zk
l2-contracts/cache-zk
l2-contracts/typechain
l1-contracts/lib
- name: Run coverage
run: FOUNDRY_PROFILE=default yarn test:foundry && FOUNDRY_PROFILE=default yarn coverage:foundry --report summary --report lcov
# To ignore coverage for certain directories modify the paths in this step as needed. The
# below default ignores coverage results for the test and script directories. Alternatively,
# to include coverage in all directories, comment out this step. Note that because this
# filtering applies to the lcov file, the summary table generated in the previous step will
# still include all files and directories.
# The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov
# defaults to removing branch info.
- name: Filter directories
run: |
sudo apt update && sudo apt install -y lcov
lcov --remove lcov.info 'test/*' 'contracts/bridge/asset-router/L1AssetRouter.sol' 'contracts/dev-contracts/*' '../lib/forge-std/*' '../lib/murky/*' 'lib/*' '../lib/*' 'lib/' --ignore-errors unused --output-file lcov.info --rc lcov_branch_coverage=1
# This step posts a detailed coverage report as a comment and deletes previous comments on
# each push. The below step is used to fail coverage if the specified coverage threshold is
# not met. The below step can post a comment (when it's `github-token` is specified) but it's
# not as useful, and this action cannot fail CI based on a minimum coverage threshold, which
# is why we use both in this way.
- name: Post coverage report
if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request.
uses: romeovs/[email protected]
with:
delete-old-comments: true
lcov-file: ./l1-contracts/lcov.info
github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR.
- name: Verify minimum coverage
uses: zgosalvez/github-actions-report-lcov@v2
with:
coverage-files: ./l1-contracts/lcov.info
working-directory: l1-contracts
minimum-coverage: 85 # Set coverage threshold.
gas-report:
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Use Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/cache
l1-contracts/typechain
# Add any step generating a gas report to a temporary file named gasreport.ansi. For example:
- name: Run tests
run: yarn l1 test:foundry --gas-report | tee gasreport.ansi # <- this file name should be unique in your repository!
- name: Compare gas reports
uses: Rubilmax/[email protected]
with:
summaryQuantile: 0.0 # only display the 10% most significant gas diffs in the summary (defaults to 20%)
sortCriteria: avg,max # sort diff rows by criteria
sortOrders: desc,asc # and directions
ignore: test-foundry/**/*,l1-contracts/contracts/dev-contracts/**/*,l1-contracts/lib/**/*,l1-contracts/contracts/common/Dependencies.sol
id: gas_diff
- name: Add gas diff to sticky comment
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
uses: marocchino/sticky-pull-request-comment@v2
with:
# delete the comment in case changes no longer impact gas costs
delete: ${{ !steps.gas_diff.outputs.markdown }}
message: ${{ steps.gas_diff.outputs.markdown }}