Skip to content

Solidity

Solidity #475

Workflow file for this run

name: Solidity
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
pull_request:
# We intend to use `workflow dispatch` in two different situations/paths:
# 1. If a workflow will be manually dspatched from branch named
# `dapp-development`, workflow will deploy the contracts on the selected
# testnet and publish them to NPM registry with `dapp-dev-<environment>`
# suffix and `dapp-development-<environment>` tag. Such packages are meant
# to be used locally by the team developing Threshold Token dApp and may
# contain contracts that have different values from the ones used on
# mainnet.
# 2. If a workflow will be manually dspatched from a branch which name is not
# `dapp-development`, the workflow will deploy the contracts on the
# selected testnet and publish them to NPM registry with `<environment>`
# suffix and tag. Such packages will be used later to deploy public
# Threshold Token dApp on a testnet, with contracts resembling those used
# on mainnet.
workflow_dispatch:
inputs:
environment:
description: "Environment (network) for workflow execution, e.g. `sepolia`"
required: true
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"
jobs:
contracts-detect-changes:
runs-on: ubuntu-latest
outputs:
system-tests: ${{ steps.filter.outputs.system-tests }}
steps:
- uses: actions/checkout@v3
if: github.event_name == 'pull_request'
- uses: dorny/paths-filter@v2
if: github.event_name == 'pull_request'
id: filter
with:
filters: |
system-tests:
- './contracts/staking/**'
- './test/system/**'
contracts-build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# Using fixed version, because 18.16 was sometimes causing issues with
# artifacts generation during `hardhat compile` - see
# https://github.com/NomicFoundation/hardhat/issues/3877
node-version: "18.15.0"
cache: "yarn"
- name: Install dependencies
run: yarn install
- name: Build contracts
run: yarn build
- name: Run tests
if: github.ref != 'refs/heads/dapp-development'
run: yarn test
contracts-deployment-dry-run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# Using fixed version, because 18.16 was sometimes causing issues with
# artifacts generation during `hardhat compile` - see
# https://github.com/NomicFoundation/hardhat/issues/3877
node-version: "18.15.0"
cache: "yarn"
- name: Install dependencies
run: yarn install
- name: Deploy contracts
run: yarn deploy
contracts-deployment-testnet:
needs: [contracts-build-and-test]
if: |
github.event_name == 'workflow_dispatch'
&& github.ref != 'refs/heads/dapp-development'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# Using fixed version, because 18.16 was sometimes causing issues with
# artifacts generation during `hardhat compile` - see
# https://github.com/NomicFoundation/hardhat/issues/3877
node-version: "18.15.0"
cache: "yarn"
registry-url: "https://registry.npmjs.org"
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Resolve latest contracts
run: yarn upgrade @keep-network/keep-core@${{ github.event.inputs.environment }}
- name: Configure tenderly
env:
TENDERLY_TOKEN: ${{ secrets.TENDERLY_TOKEN }}
run: ./config_tenderly.sh
- name: Deploy contracts
env:
CHAIN_API_URL: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
KEEP_CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
environment: ${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access=public --network=${{ github.event.inputs.environment }} --tag ${{ github.event.inputs.environment }}
- name: Notify CI about completion of the workflow
uses: keep-network/ci/actions/notify-workflow-completed@v2
env:
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
with:
module: "github.com/threshold-network/solidity-contracts"
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
environment: ${{ github.event.inputs.environment }}
upstream_builds: ${{ github.event.inputs.upstream_builds }}
upstream_ref: ${{ github.event.inputs.upstream_ref }}
version: ${{ steps.npm-version-bump.outputs.version }}
- name: Upload files needed for etherscan verification
uses: actions/upload-artifact@v3
with:
name: Artifacts for etherscan verifcation
path: |
./deployments
./package.json
./yarn.lock
contracts-etherscan-verification:
needs: [contracts-deployment-testnet]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Download files needed for etherscan verification
uses: actions/download-artifact@v3
with:
name: Artifacts for etherscan verifcation
- uses: actions/setup-node@v3
with:
# Using fixed version, because 18.16 was sometimes causing issues with
# artifacts generation during `hardhat compile` - see
# https://github.com/NomicFoundation/hardhat/issues/3877
node-version: "18.15.0"
cache: "yarn"
- name: Install needed dependencies
run: yarn install --frozen-lockfile
# If we don't remove the `keep-core` contracts from `node-modules`, the
# `etherscan-verify` plugins tries to verify them, which is not desired.
- name: Prepare for verification on Etherscan
run: |
rm -rf ./node_modules/@keep-network/keep-core
rm -rf ./external/npm
- name: Verify contracts on Etherscan
env:
ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
CHAIN_API_URL: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
run: |
yarn run hardhat --network ${{ github.event.inputs.environment }} \
etherscan-verify --license GPL-3.0 --force-license
# This job is responsible for publishing packages from `dapp-development`
# branch, which are slightly modified to help with the process of testing some
# features on the Threshold Token dApp. The job starts only if workflow gets
# triggered by the `workflow_dispatch` event on the branch `dapp-development`.
contracts-dapp-development-deployment-testnet:
needs: [contracts-build-and-test]
if: |
github.event_name == 'workflow_dispatch'
&& github.ref == 'refs/heads/dapp-development'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# Using fixed version, because 18.16 was sometimes causing issues with
# artifacts generation during `hardhat compile` - see
# https://github.com/NomicFoundation/hardhat/issues/3877
node-version: "18.15.0"
cache: "yarn"
registry-url: "https://registry.npmjs.org"
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Resolve latest contracts
run: yarn upgrade @keep-network/keep-core@${{ github.event.inputs.environment }}
- name: Deploy contracts
env:
CHAIN_API_URL: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.DAPP_DEV_TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
KEEP_CONTRACT_OWNER_ACCOUNT_PRIVATE_KEY: ${{ secrets.TESTNET_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
environment: dapp-dev-${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: |
npm publish --access=public \
--network=${{ github.event.inputs.environment }} \
--tag dapp-development-${{ github.event.inputs.environment }}
- name: Notify CI about completion of the workflow
uses: keep-network/ci/actions/notify-workflow-completed@v2
env:
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
with:
module: "github.com/threshold-network/solidity-contracts"
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
environment: ${{ github.event.inputs.environment }}
upstream_builds: ${{ github.event.inputs.upstream_builds }}
upstream_ref: dapp-development
version: ${{ steps.npm-version-bump.outputs.version }}
contracts-slither:
runs-on: ubuntu-latest
if: |
github.event_name != 'workflow_dispatch'
&& github.event_name != 'schedule'
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# Using fixed version, because 18.16 was sometimes causing issues with
# artifacts generation during `hardhat compile` - see
# https://github.com/NomicFoundation/hardhat/issues/3877
node-version: "18.15.0"
cache: "yarn"
- uses: actions/setup-python@v4
with:
python-version: 3.10.8
- name: Install Solidity
env:
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts
run: |
pip3 install solc-select
solc-select install $SOLC_VERSION
solc-select use $SOLC_VERSION
- name: Install Slither
env:
SLITHER_VERSION: 0.8.0
run: pip3 install slither-analyzer==$SLITHER_VERSION
- name: Install dependencies
run: yarn install
- name: Run Slither
run: slither .