NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs

Browse Source
This commit is contained in:
github-actions
2023-05-09 19:56:30 +00:00
parent 47e38c7bda
commit 6ae39c4dc1
579 changed files with 30453 additions and 21485 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/actionlint.yml vendored Normal file
View File

@ -0,0 +1,18 @@
name: lint workflows
on:
pull_request:
paths:
- '.github/**/*.ya?ml'
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Add problem matchers
run: |
# https://github.com/rhysd/actionlint/blob/3a2f2c7/docs/usage.md#problem-matchers
curl -LO https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
echo "::add-matcher::actionlint-matcher.json"
- uses: docker://rhysd/actionlint:latest

28
.github/workflows/changelog.yml vendored
View File

@ -1,28 +0,0 @@
name: changelog
on:
pull_request:
types:
- opened
- synchronize
- labeled
- unlabeled
concurrency:
group: changelog-${{ github.ref }}
cancel-in-progress: true
jobs:
check:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ignore-changelog') }}
steps:
- uses: actions/checkout@v3
- name: Check diff
run: |
git fetch origin ${{ github.base_ref }} --depth=1
if git diff --exit-code origin/${{ github.base_ref }} -- CHANGELOG.md ; then
echo 'Missing changelog entry'
exit 1
fi

28
.github/workflows/changeset.yml vendored Normal file
View File

@ -0,0 +1,28 @@
name: changeset
on:
pull_request:
branches:
- master
types:
- opened
- synchronize
- labeled
- unlabeled
concurrency:
group: changeset-${{ github.ref }}
cancel-in-progress: true
jobs:
check:
runs-on: ubuntu-latest
if: ${{ !contains(github.event.pull_request.labels.*.name, 'ignore-changeset') }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Include history so Changesets finds merge-base
- name: Set up environment
uses: ./.github/actions/setup
- name: Check changeset
run: npx changeset status --since=origin/${{ github.base_ref }}

41
.github/workflows/checks.yml vendored
View File

@ -14,7 +14,6 @@ concurrency:
jobs:
lint:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -26,6 +25,7 @@ jobs:
runs-on: ubuntu-latest
env:
FORCE_COLOR: 1
NODE_OPTIONS: --max_old_space_size=4096
GAS: true
steps:
- uses: actions/checkout@v3
@ -36,15 +36,36 @@ jobs:
- name: Check linearisation of the inheritance graph
run: npm run test:inheritance
- name: Check proceduraly generated contracts are up-to-date
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
run: npm run test:generation
- name: Compare gas costs
uses: ./.github/actions/gas-compare
with:
token: ${{ github.token }}
foundry-tests:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
tests-upgradeable:
runs-on: ubuntu-latest
env:
FORCE_COLOR: 1
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Include history so patch conflicts are resolved automatically
- name: Set up environment
uses: ./.github/actions/setup
- name: Transpile to upgradeable
run: bash scripts/upgradeable/transpile.sh
- name: Run tests
run: npm run test
env:
NODE_OPTIONS: --max_old_space_size=4096
- name: Check linearisation of the inheritance graph
run: npm run test:inheritance
- name: Check storage layout
uses: ./.github/actions/storage-layout
with:
token: ${{ github.token }}
tests-foundry:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -58,7 +79,6 @@ jobs:
run: forge test -vv
coverage:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -68,18 +88,21 @@ jobs:
env:
NODE_OPTIONS: --max_old_space_size=4096
- uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
slither:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up environment
uses: ./.github/actions/setup
- uses: crytic/slither-action@v0.2.0
- run: rm foundry.toml
- uses: crytic/slither-action@v0.3.0
with:
node-version: 18.15
codespell:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -87,4 +110,4 @@ jobs:
uses: codespell-project/actions-codespell@v1.0
with:
check_filenames: true
skip: package-lock.json
skip: package-lock.json,*.pdf

68
.github/workflows/formal-verification.yml vendored Normal file
View File

@ -0,0 +1,68 @@
name: formal verification
on:
pull_request:
types:
- opened
- reopened
- synchronize
- labeled
workflow_dispatch: {}
env:
PIP_VERSION: '3.10'
JAVA_VERSION: '11'
SOLC_VERSION: '0.8.19'
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
apply-diff:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Apply patches
run: make -C certora apply
verify:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'formal-verification')
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up environment
uses: ./.github/actions/setup
- name: identify specs that need to be run
id: arguments
run: |
if [[ ${{ github.event_name }} = 'pull_request' ]];
then
RESULT=$(git diff ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} --name-only certora/specs/*.spec | while IFS= read -r file; do [[ -f $file ]] && basename "${file%.spec}"; done | tr "\n" " ")
else
RESULT='--all'
fi
echo "result=$RESULT" >> "$GITHUB_OUTPUT"
- name: Install python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PIP_VERSION }}
cache: 'pip'
- name: Install python packages
run: pip install -r requirements.txt
- name: Install java
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: ${{ env.JAVA_VERSION }}
- name: Install solc
run: |
wget https://github.com/ethereum/solidity/releases/download/v${{ env.SOLC_VERSION }}/solc-static-linux
sudo mv solc-static-linux /usr/local/bin/solc
chmod +x /usr/local/bin/solc
- name: Verify specification
run: |
make -C certora apply
node certora/run.js ${{ steps.arguments.outputs.result }} >> "$GITHUB_STEP_SUMMARY"
env:
CERTORAKEY: ${{ secrets.CERTORAKEY }}

214
.github/workflows/release-cycle.yml vendored Normal file
View File

@ -0,0 +1,214 @@
# D: Manual Dispatch
# M: Merge release PR
# C: Commit
# ┌───────────┐ ┌─────────────┐ ┌────────────────┐
# │Development├──D──►RC-Unreleased│ ┌──►Final-Unreleased│
# └───────────┘ └─┬─────────▲─┘ │ └─┬────────────▲─┘
# │ │ │ │ │
# M C D M C
# │ │ │ │ │
# ┌▼─────────┴┐ │ ┌▼────────────┴┐
# │RC-Released├───┘ │Final-Released│
# └───────────┘ └──────────────┘
name: Release Cycle
on:
push:
branches:
- release-v*
workflow_dispatch: {}
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
state:
name: Check state
permissions:
pull-requests: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up environment
uses: ./.github/actions/setup
- id: state
name: Get state
uses: actions/github-script@v6
env:
TRIGGERING_ACTOR: ${{ github.triggering_actor }}
with:
result-encoding: string
script: await require('./scripts/release/workflow/state.js')({ github, context, core })
outputs:
# Job Flags
start: ${{ steps.state.outputs.start }}
changesets: ${{ steps.state.outputs.changesets }}
promote: ${{ steps.state.outputs.promote }}
publish: ${{ steps.state.outputs.publish }}
merge: ${{ steps.state.outputs.merge }}
# Global variables
is_prerelease: ${{ steps.state.outputs.is_prerelease }}
start:
needs: state
name: Start new release candidate
permissions:
contents: write
actions: write
if: needs.state.outputs.start == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up environment
uses: ./.github/actions/setup
- run: bash scripts/git-user-config.sh
- id: start
name: Create branch with release candidate
run: bash scripts/release/workflow/start.sh
- name: Re-run workflow
uses: actions/github-script@v6
env:
REF: ${{ steps.start.outputs.branch }}
with:
script: await require('./scripts/release/workflow/rerun.js')({ github, context })
promote:
needs: state
name: Promote to final release
permissions:
contents: write
actions: write
if: needs.state.outputs.promote == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up environment
uses: ./.github/actions/setup
- run: bash scripts/git-user-config.sh
- name: Exit prerelease state
if: needs.state.outputs.is_prerelease == 'true'
run: bash scripts/release/workflow/exit-prerelease.sh
- name: Re-run workflow
uses: actions/github-script@v6
with:
script: await require('./scripts/release/workflow/rerun.js')({ github, context })
changesets:
needs: state
name: Update PR to release
permissions:
contents: write
pull-requests: write
if: needs.state.outputs.changesets == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # To get all tags
- name: Set up environment
uses: ./.github/actions/setup
- name: Set release title
uses: actions/github-script@v6
with:
result-encoding: string
script: await require('./scripts/release/workflow/set-changesets-pr-title.js')({ core })
- name: Create PR
uses: changesets/action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
with:
version: npm run version
title: ${{ env.TITLE }}
commit: ${{ env.TITLE }}
body: | # Wait for support on this https://github.com/changesets/action/pull/250
This is an automated PR for releasing ${{ github.repository }}
Check [CHANGELOG.md](${{ github.repository }}/CHANGELOG.md)
publish:
needs: state
name: Publish to npm
environment: npm
permissions:
contents: write
if: needs.state.outputs.publish == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up environment
uses: ./.github/actions/setup
- id: pack
name: Pack
run: bash scripts/release/workflow/pack.sh
env:
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
- name: Upload tarball artifact
uses: actions/upload-artifact@v3
with:
name: ${{ github.ref_name }}
path: ${{ steps.pack.outputs.tarball }}
- name: Tag
run: npx changeset tag
- name: Publish
run: bash scripts/release/workflow/publish.sh
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
TARBALL: ${{ steps.pack.outputs.tarball }}
TAG: ${{ steps.pack.outputs.tag }}
- name: Push tags
run: git push --tags
- name: Create Github Release
uses: actions/github-script@v6
env:
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
with:
script: await require('./scripts/release/workflow/github-release.js')({ github, context })
outputs:
tarball_name: ${{ steps.pack.outputs.tarball_name }}
integrity_check:
needs: publish
name: Tarball Integrity Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download tarball artifact
id: artifact
# Replace with actions/upload-artifact@v3 when
# https://github.com/actions/download-artifact/pull/194 gets released
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: ${{ github.ref_name }}
- name: Check integrity
run: bash scripts/release/workflow/integrity-check.sh
env:
TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}
merge:
needs: state
name: Create PR back to master
permissions:
contents: write
pull-requests: write
if: needs.state.outputs.merge == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # All branches
- name: Set up environment
uses: ./.github/actions/setup
- run: bash scripts/git-user-config.sh
- name: Create branch to merge
run: bash scripts/release/workflow/prepare-release-merge.sh
- name: Create PR back to master
uses: actions/github-script@v6
with:
script: |
await github.rest.pulls.create({
owner: context.repo.owner,
repo: context.repo.repo,
head: 'merge/${{ github.ref_name }}',
base: 'master',
title: '${{ format('Merge {0} branch', github.ref_name) }}'
});

31
.github/workflows/upgradeable.yml vendored
View File

@ -1,4 +1,4 @@
name: Upgradeable Trigger
name: transpile upgradeable
on:
push:
@ -7,17 +7,24 @@ on:
- release-v*
jobs:
trigger:
transpile:
environment: push-upgradeable
runs-on: ubuntu-latest
steps:
- id: app
uses: getsentry/action-github-app-token@v1
- uses: actions/checkout@v3
with:
app_id: ${{ secrets.UPGRADEABLE_APP_ID }}
private_key: ${{ secrets.UPGRADEABLE_APP_PK }}
- run: |
curl -X POST \
https://api.github.com/repos/OpenZeppelin/openzeppelin-contracts-upgradeable/dispatches \
-H 'Accept: application/vnd.github.v3+json' \
-H 'Authorization: token ${{ steps.app.outputs.token }}' \
-d '{ "event_type": "Update", "client_payload": { "ref": "${{ github.ref }}" } }'
repository: OpenZeppelin/openzeppelin-contracts-upgradeable
fetch-depth: 0
token: ${{ secrets.GH_TOKEN_UPGRADEABLE }}
- name: Fetch current non-upgradeable branch
run: |
git fetch "https://github.com/${{ github.repository }}.git" "$REF"
git checkout FETCH_HEAD
env:
REF: ${{ github.ref }}
- name: Set up environment
uses: ./.github/actions/setup
- run: bash scripts/git-user-config.sh
- name: Transpile to upgradeable
run: bash scripts/upgradeable/transpile-onto.sh ${{ github.ref_name }} origin/${{ github.ref_name }}
- run: git push origin ${{ github.ref_name }}