Skip to content

Add signature malleability test and emit an event when incrementNonce is called #66

Add signature malleability test and emit an event when incrementNonce is called

Add signature malleability test and emit an event when incrementNonce is called #66

Workflow file for this run

name: CI
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
env:
FOUNDRY_PROFILE: ci
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Build contracts
run: |
forge --version
forge build --sizes
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Run tests
run: forge test
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.21.5
cache: False
- name: Install `jd` CLI
run: go install github.com/josephburnett/jd@latest
- name: Ensure correctness of the `IERC5564Announcer` interface
run: |
diff=$(jd -set <(jq '.abi' out/ERC5564Announcer.sol/ERC5564Announcer.json) <(jq '.abi' out/IERC5564Announcer.sol/IERC5564Announcer.json))
if [[ -n $diff ]]; then exit 1; fi
- name: Ensure correctness of the `IERC6538Registry` interface
run: |
echo $(jd -set <(jq '.abi' out/ERC6538Registry.sol/ERC6538Registry.json) <(jq '.abi' out/IERC6538Registry.sol/IERC6538Registry.json)) > diff.txt
echo "@ [[\"set\"],{}] - {\"inputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"}" > expected_diff.txt
diff=$(diff diff.txt expected_diff.txt)
if [[ -n $diff ]]; then exit 1; fi
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Run coverage
run: forge coverage --report summary --report lcov
# To ignore coverage for certain directories modify the paths in this step as needed. The
# below default ignores coverage results for the test and script directories. Alternatively,
# to include coverage in all directories, comment out this step. Note that because this
# filtering applies to the lcov file, the summary table generated in the previous step will
# still include all files and directories.
# The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov
# defaults to removing branch info.
- name: Filter directories
run: |
sudo apt update && sudo apt install -y lcov
lcov --remove lcov.info 'test/*' 'script/*' --output-file lcov.info --rc lcov_branch_coverage=1
# This step posts a detailed coverage report as a comment and deletes previous comments on
# each push. The below step is used to fail coverage if the specified coverage threshold is
# not met. The below step can post a comment (when it's `github-token` is specified) but it's
# not as useful, and this action cannot fail CI based on a minimum coverage threshold, which
# is why we use both in this way.
- name: Post coverage report
if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request.
uses: romeovs/[email protected]
with:
delete-old-comments: true
lcov-file: ./lcov.info
github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR.
- name: Verify minimum coverage
uses: zgosalvez/github-actions-report-lcov@v2
with:
coverage-files: ./lcov.info
minimum-coverage: 100 # Set coverage threshold.
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
- name: Install scopelint
uses: engineerd/[email protected]
with:
name: scopelint
repo: ScopeLift/scopelint
fromGitHubReleases: true
version: latest
pathInArchive: scopelint-x86_64-linux/scopelint
urlTemplate: https://github.com/ScopeLift/scopelint/releases/download/{{version}}/scopelint-x86_64-linux.tar.xz
token: ${{ secrets.GITHUB_TOKEN }}
- name: Check formatting
run: |
scopelint --version
scopelint check
slither-analyze:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v3
- name: Run Slither
uses: crytic/[email protected]
id: slither # Required to reference this step in the next step.
with:
fail-on: none # Required to avoid failing the CI run regardless of findings.
sarif: results.sarif
slither-args: --filter-paths "./lib|./test" --exclude naming-convention,solc-version
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ steps.slither.outputs.sarif }}