Skip to content

[DO NOT MERGE]: Release v25 protocol defense #4370

[DO NOT MERGE]: Release v25 protocol defense

[DO NOT MERGE]: Release v25 protocol defense #4370

name: L1 contracts CI
on:
pull_request:
# We need this permissions for this CI to work with external contributions
permissions:
contents: read
pull-requests: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install foundry-zksync
run: |
mkdir ./foundry-zksync
curl -LO https://github.com/matter-labs/foundry-zksync/releases/download/nightly/foundry_nightly_linux_amd64.tar.gz
tar zxf foundry_nightly_linux_amd64.tar.gz -C ./foundry-zksync
chmod +x ./foundry-zksync/forge ./foundry-zksync/cast
echo "$PWD/foundry-zksync" >> $GITHUB_PATH
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Build l1 contracts
working-directory: l1-contracts
run: |
forge build
- name: Build l2 contracts
working-directory: l2-contracts
run: |
forge build --zksync --zk-enable-eravm-extensions
- name: Create cache
uses: actions/cache/save@v3
with:
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/cache-forge
l1-contracts/out
l2-contracts/cache-forge
l2-contracts/zkout
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Lint
run: yarn lint:check
test-foundry:
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install foundry-zksync
run: |
mkdir ./foundry-zksync
curl -LO https://github.com/matter-labs/foundry-zksync/releases/download/nightly/foundry_nightly_linux_amd64.tar.gz
tar zxf foundry_nightly_linux_amd64.tar.gz -C ./foundry-zksync
chmod +x ./foundry-zksync/forge ./foundry-zksync/cast
echo "$PWD/foundry-zksync" >> $GITHUB_PATH
- name: Install dependencies
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/cache
l1-contracts/typechain
- name: Run tests
run: yarn l1 test:foundry
test-hardhat:
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install dependencies
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/cache
l1-contracts/typechain
l2-contracts/artifacts-zk
l2-contracts/cache-zk
l2-contracts/typechain
- name: Run tests
run: yarn l1 test
check-verifier-generator:
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: 1.72.0
- name: Generate Verifier.sol
working-directory: tools
run: cargo run
- name: Compare
run: diff tools/data/Verifier.sol l1-contracts/contracts/state-transition/Verifier.sol
coverage:
defaults:
run:
working-directory: l1-contracts
needs: [build, lint]
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v4
with:
submodules: recursive
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 18.18.0
cache: yarn
- name: Install foundry-zksync
run: |
mkdir ./foundry-zksync
curl -LO https://github.com/matter-labs/foundry-zksync/releases/download/nightly/foundry_nightly_linux_amd64.tar.gz
tar zxf foundry_nightly_linux_amd64.tar.gz -C ./foundry-zksync
chmod +x ./foundry-zksync/forge ./foundry-zksync/cast
echo "$PWD/foundry-zksync" >> $GITHUB_PATH
- name: Install dependencies
run: yarn
- name: Restore artifacts cache
uses: actions/cache/restore@v3
with:
fail-on-cache-miss: true
key: artifacts-l1-${{ github.sha }}
path: |
l1-contracts/artifacts
l1-contracts/cache
l1-contracts/typechain
- name: Run coverage
run: FOUNDRY_PROFILE=default yarn test:foundry && FOUNDRY_PROFILE=default yarn coverage:foundry --report summary --report lcov
# To ignore coverage for certain directories modify the paths in this step as needed. The
# below default ignores coverage results for the test and script directories. Alternatively,
# to include coverage in all directories, comment out this step. Note that because this
# filtering applies to the lcov file, the summary table generated in the previous step will
# still include all files and directories.
# The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov
# defaults to removing branch info.
- name: Filter directories
run: |
sudo apt update && sudo apt install -y lcov
lcov --remove lcov.info 'test/*' 'contracts/dev-contracts/*' '../lib/forge-std/*' '../lib/murky/*' 'lib/*' '../lib/*' 'lib/' --output-file lcov.info --rc lcov_branch_coverage=1
# This step posts a detailed coverage report as a comment and deletes previous comments on
# each push. The below step is used to fail coverage if the specified coverage threshold is
# not met. The below step can post a comment (when it's `github-token` is specified) but it's
# not as useful, and this action cannot fail CI based on a minimum coverage threshold, which
# is why we use both in this way.
- name: Post coverage report
if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request.
uses: romeovs/lcov-reporter-action@v0.3.1
with:
delete-old-comments: true
lcov-file: ./l1-contracts/lcov.info
github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR.
- name: Verify minimum coverage
uses: zgosalvez/github-actions-report-lcov@v2
with:
coverage-files: ./l1-contracts/lcov.info
working-directory: l1-contracts
minimum-coverage: 85 # Set coverage threshold.