Merge branch 'main' into implement-glacis-LF-11761

.env.example

@@ -2,6 +2,7 @@ PRIVATE_KEY=<your private key>
 
 # Mainnet RPCs (the 'pre-commit-checker' comment after the URL is only for our internal tool and not required in your .env file)
 ETH_NODE_URI_MAINNET=https://1rpc.io/eth #[pre-commit-checker: not a secret]
+ETH_NODE_URI_ABSTRACT=https://api.mainnet.abs.xyz #[pre-commit-checker: not a secret]
 ETH_NODE_URI_ARBITRUM=https://1rpc.io/arb #[pre-commit-checker: not a secret]
 ETH_NODE_URI_AURORA=https://1rpc.io/aurora #[pre-commit-checker: not a secret]
 ETH_NODE_URI_AVALANCHE=https://1rpc.io/avax/c #[pre-commit-checker: not a secret]
@@ -45,6 +46,7 @@ ETH_NODE_URI_ZKSYNC_GOERLI=https://zksync2-testnet.zksync.dev #[pre-commit-check
 
 # Mainnet Explorer API Keys
 MAINNET_ETHERSCAN_API_KEY=
+ABSTRACT_ETHERSCAN_API_KEY=
 AURORA_ETHERSCAN_API_KEY=
 BOBA_ETHERSCAN_API_KEY=
 FUSE_ETHERSCAN_API_KEY=

.github/workflows/diamondEmergencyPause.yml

@@ -49,6 +49,7 @@ jobs:
           ./script/utils/diamondEMERGENCYPauseGitHub.sh
         env:
           ETH_NODE_URI_MAINNET: ${{ secrets.ETH_NODE_URI_MAINNET }}
+          ETH_NODE_URI_ABSTRACT: ${{ secrets.ETH_NODE_URI_ABSTRACT }}
           ETH_NODE_URI_APECHAIN: ${{ secrets.ETH_NODE_URI_APECHAIN }}
           ETH_NODE_URI_ARBITRUM: ${{ secrets.ETH_NODE_URI_ARBITRUM }}
           ETH_NODE_URI_AURORA: ${{ secrets.ETH_NODE_URI_AURORA }}
@@ -86,10 +87,10 @@ jobs:
           ETH_NODE_URI_ZKSYNC: ${{ secrets.ETH_NODE_URI_ZKSYNC }}
           PRIVATE_KEY_PAUSER_WALLET: ${{ secrets.PRIV_KEY_PAUSER_WALLET }}
 
-      - name: Send Discord message
-        uses: Ilshidur/[email protected]
+      - name: Send Reminder to Slack SC-general Channel
+        uses: slackapi/[email protected]
         with:
-          args: |
-            :warning: 'ATTENTION - the emergency diamond pause action was just executed by ${{ github.actor }}'
-        env:
-          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_DEV_SMARTCONTRACTS }}
+          webhook: ${{ secrets.SLACK_WEBHOOK_SC_GENERAL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: 'ATTENTION - the emergency diamond pause action was just executed by ${{ github.actor }}'

.github/workflows/enforceTestCoverage.yml

@@ -39,9 +39,7 @@ jobs:
         run: yarn install
 
       - name: Install Foundry
-        uses: foundry-rs/[email protected]
-        with:
-          version: nightly
+        uses: foundry-rs/[email protected]
 
       - name: Install Dependencies
         run: forge install

.github/workflows/ensureSCCoreDevApproval.yml

@@ -44,19 +44,17 @@ jobs:
           #### check if any members were returned
           if [[ -z $MEMBERS ]]; then
             echo -e "\033[31mERROR: Could not retrieve team members of group $TEAM_SLUG\033[0m"
-            echo "CONTINUE=false" >> "$GITHUB_ENV"
             exit 1
           fi
 
           echo "The following Github users are members of team smart-contract-core: "
           echo "$MEMBERS"
 
           echo -e "$MEMBERS" > sc_core_dev_members.txt
-          echo "CONTINUE=true" >> "$GITHUB_ENV"
 
       - name: Check if PR is approved by at least one SC core dev
         id: check-core-dev-approval
-        if: env.CONTINUE == 'true'
+        if: success()
         uses: actions/github-script@v7
         env:
           PR_NUMBER: ${{ github.event.pull_request.number || github.event.review.pull_request.number }}
@@ -82,11 +80,12 @@ jobs:
               return;
             }
 
-            // get all reviewers that have approved this PR
+            // Fetch only the latest 100 reviews
             const { data: reviews } = await github.rest.pulls.listReviews({
               owner: context.repo.owner,
               repo: context.repo.repo,
               pull_number: pullNumber,
+              per_page: 100, // makes sure that only the LATEST 100 items are fetched (without this flag it gets all, starting with the first items)
             });
 
             // make sure that reviews are available

.github/workflows/forge.yml

@@ -39,9 +39,7 @@ jobs:
         run: yarn install
 
       - name: Install Foundry
-        uses: foundry-rs/[email protected]
-        with:
-          version: nightly
+        uses: foundry-rs/[email protected]
 
       - name: Install Dependencies
         run: forge install

.github/workflows/networkSecretsChecker.yml

@@ -56,12 +56,11 @@ jobs:
             echo -e "\033[32mFound a RPC URL for each active network. Check passed.\033[0m"
           fi
 
-      - name: Send Discord message
+      - name: Send Reminder to Slack SC-general Channel
         if: env.MISSING_SECRETS != ''
-        uses: Ilshidur/[email protected]
+        uses: slackapi/[email protected]
         with:
-          args: |
-            :warning: Missing GitHub Secrets for Networks:
-            ${{ env.MISSING_SECRETS }}
-        env:
-          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_DEV_SMARTCONTRACTS }}
+          webhook: ${{ secrets.SLACK_WEBHOOK_SC_GENERAL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: "Missing GitHub Secrets for Network(s): ${{ env.MISSING_SECRETS }}"

.github/workflows/protectAuditLabels.yml

@@ -15,6 +15,8 @@ on:
 jobs:
   protect_audit_labels:
     runs-on: ubuntu-latest
+    env:
+      CONTINUE: false # makes sure that variable is correctly initialized in all cases
 
     steps:
       - name: Checkout repository
@@ -46,7 +48,6 @@ jobs:
             echo "CONTINUE=false" >> $GITHUB_ENV
             exit 0
           fi
-          echo "CONTINUE=true" >> $GITHUB_ENV
           echo "This action was triggered by: ${{ github.actor }}"
 
       - name: Protect Audit Labels

.github/workflows/protectSecurityRelevantCode.yml

@@ -13,6 +13,8 @@ jobs:
   protect-critical-code:
     if: ${{ github.event.pull_request.draft == false }}
     runs-on: ubuntu-latest
+    env:
+      CONTINUE: false # makes sure that variable is correctly initialized in all cases
     permissions:
       pull-requests: write
     steps:
@@ -136,6 +138,7 @@ jobs:
               owner: context.repo.owner,
               repo: context.repo.repo,
               pull_number: pullNumber,
+              per_page: 100, // makes sure that only the LATEST 100 items are fetched (without this flag it gets all, starting with the first items)
             });
 
             // make sure that reviews are available

.github/workflows/unreviewedPRReminder.yml

@@ -72,10 +72,10 @@ jobs:
           echo -e "$OLD_PRS"
           echo "old_prs=$OLD_PRS" >> $GITHUB_ENV
 
-      - name: Send Discord message
-        if: env.old_prs != ''
-        uses: Ilshidur/[email protected]
+      - name: Send Reminder to Slack PR Review Channel
+        uses: slackapi/[email protected]
         with:
-          args: 'Hey team, please check out the following PRs that are not yet reviewed/merged: ${{ env.old_prs }}'
-        env:
-          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
+          webhook: ${{ secrets.SLACK_WEBHOOK_SC_REVIEW }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: "Hey team, please check out the following PRs that are not yet reviewed/merged: ${{ env.old_prs }}"

.github/workflows/updateScriptConfigReminder.yml

@@ -12,9 +12,10 @@ jobs:
   notify:
     runs-on: ubuntu-latest
     steps:
-      - name: Send Discord message
-        uses: Ilshidur/[email protected]
+      - name: Send Reminder to Slack SC-general Channel
+        uses: slackapi/[email protected]
         with:
-          args: "Hey team, please update your scripts/config.sh file (see config.example.sh for latest changes)"
-        env:
-          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_DEV_SMARTCONTRACTS }}
+          webhook: ${{ secrets.SLACK_WEBHOOK_SC_GENERAL }}
+          webhook-type: incoming-webhook
+          payload: |
+            text: "Hey team, please update your scripts/config.sh file (see config.example.sh for latest changes)"