Skip to content

Sig malleability protection for erc1271 only #951

Sig malleability protection for erc1271 only

Sig malleability protection for erc1271 only #951

Workflow file for this run

name: Unified CI Workflow
on: pull_request
permissions: write-all
jobs:
setup:
runs-on: ubuntu-latest
outputs:
cache-key: ${{ steps.cache-keys.outputs.cache-key }}
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '22' # Specify the Node.js version you want to use
- name: Get cache key
id: cache-keys
run: echo "::set-output name=cache-key::$(echo ${{ runner.os }}-node-$(cat yarn.lock | sha256sum | cut -d' ' -f1))"
- name: Cache node modules
uses: actions/cache@v4
with:
path: |
**/node_modules
key: ${{ steps.cache-keys.outputs.cache-key }}
- name: Install dependencies
run: yarn cache clean && yarn install
lint:
name: Lint sources
runs-on: ubuntu-latest
needs: setup
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1.2.0
with:
version: nightly
cache: true
- name: Cache node modules
uses: actions/cache@v4
with:
path: |
**/node_modules
key: ${{ needs.setup.outputs.cache-key }}
cache: true
- name: Cache node modules
uses: actions/cache@v4
with:
path: |
**/node_modules
key: ${{ needs.setup.outputs.cache-key }}
- name: Lint sources
run: yarn lint:sol
unit_test:
name: Unit tests
runs-on: ubuntu-latest
needs: setup
steps:
- name: Checkout
uses: actions/checkout@v4.1.6
- name: Cache node modules
uses: actions/cache@v4
with:
path: |
**/node_modules
key: ${{ needs.setup.outputs.cache-key }}
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1.2.0
with:
version: nightly
cache: true
- name: Install foundry dependencies
run: forge install
- name: Build Typechain and Foundry
run: yarn build
- name: Run Forge and Hardhat Tests
run: yarn test
env:
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }}
BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }}
coverage:
needs: setup
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.1.6
- name: Cache node modules
uses: actions/cache@v4
with:
path: |
**/node_modules
key: ${{ needs.setup.outputs.cache-key }}
- name: Install lcov (for genhtml)
run: sudo apt-get update && sudo apt-get install -y lcov
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1.2.0
with:
version: nightly
cache: true
- name: Generate Hardhat & Foundry Coverage Report
run: yarn coverage:report
env:
ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }}
BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }}
- name: Upload Foundry Coverage Report to Codecov
uses: codecov/codecov-action@v4.4.1
with:
directory: coverage/foundry
file: coverage/foundry/forge-pruned-lcov.info
flags: foundry
fail_ci_if_error: true
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: Upload Hardhat Coverage Report to Codecov
uses: codecov/codecov-action@v4.4.1
with:
directory: coverage
file: lcov.info
flags: hardhat
fail_ci_if_error: true
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
analyze:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '22' # Specify the Node.js version you want to use
- name: Run Slither
uses: crytic/slither-action@v0.4.0
id: slither
with:
slither-version: "0.10.1"
node-version: "22"
fail-on: "none"
slither-args: '--solc-args="--evm-version cancun" --exclude "assembly|solc-version|low-level-calls|naming-convention|controlled-delegatecall|write-after-write|divide-before-multiply|incorrect-shift" --exclude-informational --exclude-low --filter-paths "contracts/mock|node_modules" --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/contracts/'
- name: Check if Slither report is empty
id: check_report
run: |
if [ -z "${{ steps.slither.outputs.stdout }}" ]; then
echo "report_empty=true" >> $GITHUB_ENV
else
echo "report_empty=false" >> $GITHUB_ENV
fi
- name: Create/update checklist as PR comment
if: env.report_empty == 'false'
uses: actions/github-script@v7.0.1
env:
REPORT: ${{ steps.slither.outputs.stdout }}
with:
script: |
const script = require('.github/scripts/comment')
const header = '# Slither report'
const body = process.env.REPORT.trim()
if (!body) {
console.log("Slither report is empty. No comment will be posted.");
return;
}
await script({ github, context, header, body })