NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into next-v5.0

Browse Source
This commit is contained in:
Francisco Giordano
2023-05-16 00:07:07 -03:00
parent 2d05db171a 1642b6639b
commit 8de6eba8a3
308 changed files with 21085 additions and 11515 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
.github/actions/storage-layout/action.yml vendored Normal file
View File

@ -0,0 +1,55 @@
name: Compare storage layouts
inputs:
token:
description: github token
required: true
buildinfo:
description: compilation artifacts
required: false
default: artifacts/build-info/*.json
layout:
description: extracted storage layout
required: false
default: HEAD.layout.json
out_layout:
description: storage layout to upload
required: false
default: ${{ github.ref_name }}.layout.json
ref_layout:
description: storage layout for the reference branch
required: false
default: ${{ github.base_ref }}.layout.json
runs:
using: composite
steps:
- name: Extract layout
run: |
node scripts/checks/extract-layout.js ${{ inputs.buildinfo }} > ${{ inputs.layout }}
shell: bash
- name: Download reference
if: github.event_name == 'pull_request'
run: |
RUN_ID=`gh run list --repo ${{ github.repository }} --branch ${{ github.base_ref }} --workflow ${{ github.workflow }} --limit 100 --json 'conclusion,databaseId,event' --jq 'map(select(.conclusion=="success" and .event!="pull_request"))[0].databaseId'`
gh run download ${RUN_ID} --repo ${{ github.repository }} -n layout
env:
GITHUB_TOKEN: ${{ inputs.token }}
shell: bash
continue-on-error: true
id: reference
- name: Compare layouts
if: steps.reference.outcome == 'success' && github.event_name == 'pull_request'
run: |
node scripts/checks/compare-layout.js --head ${{ inputs.layout }} --ref ${{ inputs.ref_layout }}
shell: bash
- name: Rename artifacts for upload
if: github.event_name != 'pull_request'
run: |
mv ${{ inputs.layout }} ${{ inputs.out_layout }}
shell: bash
- name: Save artifacts
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@v3
with:
name: layout
path: ${{ inputs.out_layout }}

41
.github/workflows/checks.yml vendored
View File

@ -15,7 +15,6 @@ concurrency:
jobs:
lint:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -27,6 +26,7 @@ jobs:
runs-on: ubuntu-latest
env:
FORCE_COLOR: 1
NODE_OPTIONS: --max_old_space_size=4096
GAS: true
steps:
- uses: actions/checkout@v3
@ -37,15 +37,36 @@ jobs:
- name: Check linearisation of the inheritance graph
run: npm run test:inheritance
- name: Check proceduraly generated contracts are up-to-date
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
run: npm run test:generation
- name: Compare gas costs
uses: ./.github/actions/gas-compare
with:
token: ${{ github.token }}
foundry-tests:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
tests-upgradeable:
runs-on: ubuntu-latest
env:
FORCE_COLOR: 1
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # Include history so patch conflicts are resolved automatically
- name: Set up environment
uses: ./.github/actions/setup
- name: Transpile to upgradeable
run: bash scripts/upgradeable/transpile.sh
- name: Run tests
run: npm run test
env:
NODE_OPTIONS: --max_old_space_size=4096
- name: Check linearisation of the inheritance graph
run: npm run test:inheritance
- name: Check storage layout
uses: ./.github/actions/storage-layout
with:
token: ${{ github.token }}
tests-foundry:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -59,7 +80,6 @@ jobs:
run: forge test -vv
coverage:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -69,24 +89,27 @@ jobs:
env:
NODE_OPTIONS: --max_old_space_size=4096
- uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
slither:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up environment
uses: ./.github/actions/setup
- run: rm foundry.toml
- uses: crytic/slither-action@v0.2.0
- uses: crytic/slither-action@v0.3.0
with:
node-version: 18.15
codespell:
if: github.repository != 'OpenZeppelin/openzeppelin-contracts-upgradeable'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run CodeSpell
uses: codespell-project/actions-codespell@v1.0
uses: codespell-project/actions-codespell@v2.0
with:
check_hidden: true
check_filenames: true
skip: package-lock.json,*.pdf

68
.github/workflows/formal-verification.yml vendored Normal file
View File

@ -0,0 +1,68 @@
name: formal verification
on:
pull_request:
types:
- opened
- reopened
- synchronize
- labeled
workflow_dispatch: {}
env:
PIP_VERSION: '3.10'
JAVA_VERSION: '11'
SOLC_VERSION: '0.8.19'
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
apply-diff:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Apply patches
run: make -C certora apply
verify:
runs-on: ubuntu-latest
if: github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'formal-verification')
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up environment
uses: ./.github/actions/setup
- name: identify specs that need to be run
id: arguments
run: |
if [[ ${{ github.event_name }} = 'pull_request' ]];
then
RESULT=$(git diff ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.base.sha }} --name-only certora/specs/*.spec | while IFS= read -r file; do [[ -f $file ]] && basename "${file%.spec}"; done | tr "\n" " ")
else
RESULT='--all'
fi
echo "result=$RESULT" >> "$GITHUB_OUTPUT"
- name: Install python
uses: actions/setup-python@v4
with:
python-version: ${{ env.PIP_VERSION }}
cache: 'pip'
- name: Install python packages
run: pip install -r requirements.txt
- name: Install java
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: ${{ env.JAVA_VERSION }}
- name: Install solc
run: |
wget https://github.com/ethereum/solidity/releases/download/v${{ env.SOLC_VERSION }}/solc-static-linux
sudo mv solc-static-linux /usr/local/bin/solc
chmod +x /usr/local/bin/solc
- name: Verify specification
run: |
make -C certora apply
node certora/run.js ${{ steps.arguments.outputs.result }} >> "$GITHUB_STEP_SUMMARY"
env:
CERTORAKEY: ${{ secrets.CERTORAKEY }}

37
.github/workflows/release-cycle.yml vendored
View File

@ -1,3 +1,15 @@
# D: Manual Dispatch
# M: Merge release PR
# C: Commit
# ┌───────────┐ ┌─────────────┐ ┌────────────────┐
# │Development├──D──►RC-Unreleased│ ┌──►Final-Unreleased│
# └───────────┘ └─┬─────────▲─┘ │ └─┬────────────▲─┘
# │ │ │ │ │
# M C D M C
# │ │ │ │ │
# ┌▼─────────┴┐ │ ┌▼────────────┴┐
# │RC-Released├───┘ │Final-Released│
# └───────────┘ └──────────────┘
name: Release Cycle
on:
@ -130,6 +142,11 @@ jobs:
run: bash scripts/release/workflow/pack.sh
env:
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
- name: Upload tarball artifact
uses: actions/upload-artifact@v3
with:
name: ${{ github.ref_name }}
path: ${{ steps.pack.outputs.tarball }}
- name: Tag
run: npx changeset tag
- name: Publish
@ -146,6 +163,26 @@ jobs:
PRERELEASE: ${{ needs.state.outputs.is_prerelease }}
with:
script: await require('./scripts/release/workflow/github-release.js')({ github, context })
outputs:
tarball_name: ${{ steps.pack.outputs.tarball_name }}
integrity_check:
needs: publish
name: Tarball Integrity Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download tarball artifact
id: artifact
# Replace with actions/upload-artifact@v3 when
# https://github.com/actions/download-artifact/pull/194 gets released
uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
with:
name: ${{ github.ref_name }}
- name: Check integrity
run: bash scripts/release/workflow/integrity-check.sh
env:
TARBALL: ${{ steps.artifact.outputs.download-path }}/${{ needs.publish.outputs.tarball_name }}
merge:
needs: state

31
.github/workflows/upgradeable.yml vendored
View File

@ -1,4 +1,4 @@
name: Upgradeable Trigger
name: transpile upgradeable
on:
push:
@ -7,17 +7,24 @@ on:
- release-v*
jobs:
trigger:
transpile:
environment: push-upgradeable
runs-on: ubuntu-latest
steps:
- id: app
uses: getsentry/action-github-app-token@v1
- uses: actions/checkout@v3
with:
app_id: ${{ secrets.UPGRADEABLE_APP_ID }}
private_key: ${{ secrets.UPGRADEABLE_APP_PK }}
- run: |
curl -X POST \
https://api.github.com/repos/OpenZeppelin/openzeppelin-contracts-upgradeable/dispatches \
-H 'Accept: application/vnd.github.v3+json' \
-H 'Authorization: token ${{ steps.app.outputs.token }}' \
-d '{ "event_type": "Update", "client_payload": { "ref": "${{ github.ref }}" } }'
repository: OpenZeppelin/openzeppelin-contracts-upgradeable
fetch-depth: 0
token: ${{ secrets.GH_TOKEN_UPGRADEABLE }}
- name: Fetch current non-upgradeable branch
run: |
git fetch "https://github.com/${{ github.repository }}.git" "$REF"
git checkout FETCH_HEAD
env:
REF: ${{ github.ref }}
- name: Set up environment
uses: ./.github/actions/setup
- run: bash scripts/git-user-config.sh
- name: Transpile to upgradeable
run: bash scripts/upgradeable/transpile-onto.sh ${{ github.ref_name }} origin/${{ github.ref_name }}
- run: git push origin ${{ github.ref_name }}