Merge pull request #286 from Abuchtela/copilot/fix-ed5c280b-c390-4bb0-b7e2-57cedbd508b9

Author: Abuchtela

.github/workflows/snyk-security.yml

@@ -0,0 +1,77 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# A sample workflow which sets up Snyk to analyze the full Snyk platform (Snyk Open Source, Snyk Code,
+# Snyk Container and Snyk Infrastructure as Code)
+# The setup installs the Snyk CLI - for more details on the possible commands
+# check https://docs.snyk.io/snyk-cli/cli-reference
+# The results of Snyk Code are then uploaded to GitHub Security Code Scanning
+#
+# In order to use the Snyk Action you will need to have a Snyk API token.
+# More details in https://github.com/snyk/actions#getting-your-snyk-token
+# or you can signup for free at https://snyk.io/login
+#
+# For more examples, including how to limit scans to only high-severity issues
+# and fail PR checks, see https://github.com/snyk/actions/
+
+name: Snyk Security
+
+on:
+  push:
+    branches: ["develop" ]
+  pull_request:
+    branches: ["develop"]
+
+permissions:
+  contents: read
+
+jobs:
+  snyk:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+      - name: Set up Snyk CLI to check for security issues
+        # Snyk can be used to break the build when it detects security issues.
+        # In this case we want to upload the SAST issues to GitHub Code Scanning
+        uses: snyk/actions/setup@806182742461562b67788a64410098c9d9b96adb
+        env:
+          # This is where you will need to introduce the Snyk API token created with your Snyk account
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+        # Runs Snyk Code (SAST) analysis and uploads result into GitHub.
+        # Use || true to not fail the pipeline
+      - name: Snyk Code test
+        run: snyk code test --sarif > snyk-code.sarif # || true
+
+        # Runs Snyk Open Source (SCA) analysis and uploads result to Snyk.
+      - name: Snyk Open Source monitor
+        run: snyk monitor --all-projects
+
+        # Runs Snyk Infrastructure as Code (IaC) analysis and uploads result to Snyk.
+        # Use || true to not fail the pipeline.
+      - name: Snyk IaC test and report
+        run: snyk iac test --report # || true
+
+        # Build the docker image for testing
+      - name: Build a Docker image
+        run: docker build -t optimism/op-batcher:latest -f ./op-batcher/Dockerfile .
+        # Runs Snyk Container (Container and SCA) analysis and uploads result to Snyk.
+      - name: Snyk Container monitor
+        run: snyk container monitor optimism/op-batcher:latest --file=./op-batcher/Dockerfile
+
+        # Push the Snyk Code results into GitHub Code Scanning tab
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk-code.sarif

op-batcher/Dockerfile

@@ -0,0 +1,11 @@
+ARG OP_STACK_GO_BUILDER=us-docker.pkg.dev/oplabs-tools-artifacts/images/op-stack-go:latest
+FROM $OP_STACK_GO_BUILDER as builder
+# See "make golang-docker" and /ops/docker/op-stack-go
+
+FROM alpine:3.20
+
+COPY --from=builder /usr/local/bin/op-batcher /usr/local/bin/op-batcher
+
+EXPOSE 8545 8546 7300 6060 9090
+
+CMD ["op-batcher"]

package.json

@@ -0,0 +1,61 @@
+{
+  "name": "optimism",
+  "version": "1.0.0",
+  "description": "Optimism is Ethereum, scaled.",
+  "main": "index.js",
+  "scripts": {
+    "clean": "pnpm clean:workspaces && pnpm clean:node_modules",
+    "clean:workspaces": "pnpm --filter \"./packages/**\" clean",
+    "clean:node_modules": "rm -rf node_modules/",
+    "build": "pnpm build:packages",
+    "build:packages": "pnpm --filter \"./packages/**\" build",
+    "build:fresh": "pnpm clean && pnpm install && pnpm build",
+    "start": "pnpm --filter \"./packages/**\" start",
+    "test": "pnpm --filter \"./packages/**\" test",
+    "test:coverage": "pnpm --filter \"./packages/**\" test:coverage",
+    "lint": "pnpm lint:packages",
+    "lint:packages": "pnpm --filter \"./packages/**\" lint",
+    "lint:fix": "pnpm --filter \"./packages/**\" lint:fix",
+    "changeset": "changeset",
+    "changeset:version": "changeset version && pnpm install --lockfile-only",
+    "changeset:publish": "pnpm build && changeset publish"
+  },
+  "workspaces": [
+    "packages/*"
+  ],
+  "devDependencies": {
+    "@babel/eslint-parser": "^7.23.3",
+    "@changesets/changelog-github": "^0.4.8",
+    "@changesets/cli": "^2.26.2",
+    "@types/chai": "^4.3.6",
+    "@types/mocha": "^10.0.2",
+    "@types/node": "^20.10.4",
+    "@typescript-eslint/eslint-plugin": "^6.13.2",
+    "@typescript-eslint/parser": "^6.13.2",
+    "chai": "^4.3.10",
+    "depcheck": "^1.4.7",
+    "doctoc": "^2.2.0",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-standard": "^16.0.3",
+    "eslint-plugin-import": "^2.29.0",
+    "eslint-plugin-jsdoc": "^35.1.2",
+    "eslint-plugin-node": "^11.1.0",
+    "eslint-plugin-prefer-arrow": "^1.2.3",
+    "eslint-plugin-prettier": "^4.0.0",
+    "eslint-plugin-promise": "^5.1.0",
+    "eslint-plugin-react": "^7.24.0",
+    "eslint-plugin-unicorn": "^49.0.0",
+    "husky": "^8.0.3",
+    "mocha": "^10.2.0",
+    "prettier": "^2.8.8",
+    "solhint": "^3.4.1",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.3.3"
+  },
+  "engines": {
+    "node": ">=16.0.0",
+    "pnpm": ">=8.0.0"
+  },
+  "packageManager": "pnpm@8.15.1"
+}

packages/contracts-bedrock/package.json

@@ -0,0 +1,64 @@
+{
+  "name": "@eth-optimism/contracts-bedrock",
+  "version": "0.17.2",
+  "description": "Optimism Bedrock smart contracts",
+  "main": "forge-artifacts",
+  "scripts": {
+    "build": "pnpm compile",
+    "build:forge": "forge build",
+    "build:go-ffi": "cd ./scripts/go-ffi && go build",
+    "clean": "rm -rf ./artifacts ./forge-artifacts ./cache ./scripts/go-ffi/go-ffi ./deployments/hardhat/*",
+    "pre-pr": "pnpm clean && pnpm build && pnpm autogen:invariant-docs && pnpm test && pnpm lint:check",
+    "compile": "forge build",
+    "test": "forge test",
+    "test:coverage": "forge coverage",
+    "test:fuzz": "forge test --fuzz-runs 512",
+    "deploy": "forge script",
+    "deploy:devnetL1": "forge script scripts/Deploy.s.sol:Deploy --sig 'deployL1()' --rpc-url http://localhost:8545 --broadcast --private-key 0xdbda1821b80551c9d65939329250298aa3472ba22feea921c0cf5d620ea67b97",
+    "slither": "./scripts/slither.sh",
+    "clean:slither": "rm -rf crytic-export/",
+    "storage-snapshot": "./scripts/storage-snapshot.sh",
+    "storage-snapshot:check": "./scripts/storage-snapshot.sh --check",
+    "validate:codegen": "./scripts/validate-codegen.sh",
+    "validate:deploy": "./scripts/validate-deploy.sh",
+    "gas-snapshot": "forge snapshot --no-storage-caching --isolate --optimize --optimizer-runs 999999",
+    "gas-snapshot:check": "forge snapshot --no-storage-caching --isolate --optimize --optimizer-runs 999999 --check",
+    "autogen:invariant-docs": "ts-node scripts/autogen/generate-invariant-docs.ts",
+    "semver-lock": "forge script scripts/SemverLock.s.sol",
+    "validate:spacers": "forge build && go run ./scripts/checks/spacers",
+    "validate:deploy-configs": "./scripts/checks/check-deploy-configs.sh",
+    "lint:ts:check": "eslint . --max-warnings=0",
+    "lint:contracts:check": "forge fmt --check",
+    "lint:check": "pnpm lint:contracts:check && pnpm lint:ts:check",
+    "lint:ts:fix": "eslint --fix .",
+    "lint:contracts:fix": "forge fmt",
+    "lint:fix": "pnpm lint:contracts:fix && pnpm lint:ts:fix",
+    "lint": "pnpm lint:fix && pnpm lint:check",
+    "typechain": "typechain --target ethers-v5 --out-dir dist/types --glob 'artifacts/!(build-info)/**/+([a-zA-Z0-9_]).json'",
+    "echidna:aliasing": "echidna-test --contract EchidnaFuzzAddressAliasing --config ./echidna.yaml .",
+    "echidna:burn:gas": "echidna-test --contract EchidnaFuzzBurnGas --config ./echidna.yaml .",
+    "echidna:burn:eth": "echidna-test --contract EchidnaFuzzBurnEth --config ./echidna.yaml .",
+    "echidna:encoding": "echidna-test --contract EchidnaFuzzEncoding --config ./echidna.yaml .",
+    "echidna:portal": "echidna-test --contract EchidnaFuzzOptimismPortal --config ./echidna.yaml .",
+    "echidna:hashing": "echidna-test --contract EchidnaFuzzHashing --config ./echidna.yaml .",
+    "echidna:metering": "echidna-test --contract EchidnaFuzzResourceMetering --config ./echidna.yaml ."
+  },
+  "dependencies": {
+    "@eth-optimism/core-utils": "^0.12.0",
+    "@openzeppelin/contracts": "4.7.3",
+    "@openzeppelin/contracts-upgradeable": "4.7.3",
+    "ethers": "^5.7.0",
+    "hardhat": "^2.9.8"
+  },
+  "devDependencies": {
+    "@typescript-eslint/eslint-plugin": "^6.13.2",
+    "@typescript-eslint/parser": "^6.13.2",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-plugin-import": "^2.29.0",
+    "eslint-plugin-prettier": "^4.0.0",
+    "prettier": "^2.8.8",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.3.3"
+  }
+}