move oz v5 to src/lib (#3)

* move oz v5 to src/lib

* Build with select OZ files

* Require user to set ARBITRUM_ONE_RPC_URL

* Remove unused remapping

---------

Co-authored-by: garyghayrat <gary.ghayrat@pm.me>

Author: wildmolasses

.gitmodules

@@ -8,9 +8,3 @@
 [submodule "lib/solady"]
 	path = lib/solady
 	url = https://github.com/Vectorized/solady
-[submodule "lib/openzeppelin-contracts-v5"]
-	path = lib/openzeppelin-contracts-v5
-	url = https://github.com/openzeppelin/openzeppelin-contracts
-[submodule "lib/openzeppelin-contracts-upgradeable-v5"]
-	path = lib/openzeppelin-contracts-upgradeable-v5
-	url = https://github.com/openzeppelin/openzeppelin-contracts-upgradeable

lib/openzeppelin-contracts-upgradeable-v5

@@ -1,4 +1,3 @@
-lib/openzeppelin-contracts-upgradeable-v5/:@openzeppelin/contracts=lib/openzeppelin-contracts-v5/contracts
 forge-std/=lib/forge-std/src/
 solady/=lib/solady/src/
 @arbitrum/token-bridge-contracts/=node_modules/@arbitrum/token-bridge-contracts/
@@ -7,5 +6,6 @@ solady/=lib/solady/src/
 @openzeppelin/contracts/=node_modules/@openzeppelin/contracts/
 @gnosis.pm/safe-contracts/=node_modules/@gnosis.pm/safe-contracts/
 ds-test/=lib/forge-std/lib/ds-test/src/
-openzeppelin-v5/=lib/openzeppelin-contracts-v5/contracts
-openzeppelin-upgradeable-v5/=lib/openzeppelin-contracts-upgradeable-v5/contracts
+openzeppelin-v5/=src/lib/openzeppelin-contracts-v5/contracts
+openzeppelin-upgradeable-v5/=src/lib/openzeppelin-contracts-upgradeable-v5/contracts
+@openzeppelin-v5/=src/lib/openzeppelin-contracts-upgradeable-v5/lib/openzeppelin-contracts

lib/openzeppelin-contracts-v5

@@ -7,7 +7,7 @@ import {BaseDeployer} from "script/BaseDeployer.sol";
 import {SharedGovernorConstants} from "script/SharedGovernorConstants.sol";
 import {L2ArbitrumGovernorV2} from "src/L2ArbitrumGovernorV2.sol";
 import {TransparentUpgradeableProxy} from
-    "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
+    "openzeppelin-v5/proxy/transparent/TransparentUpgradeableProxy.sol";
 import {TimelockControllerUpgradeable} from
     "openzeppelin-upgradeable-v5/governance/TimelockControllerUpgradeable.sol";
 import {IVotes} from "openzeppelin-v5/governance/utils/IVotes.sol";

remappings.txt

@@ -6,7 +6,7 @@ import {GovernorUpgradeable} from "openzeppelin-upgradeable-v5/governance/Govern
 import {GovernorSettingsUpgradeable} from
     "openzeppelin-upgradeable-v5/governance/extensions/GovernorSettingsUpgradeable.sol";
 import {GovernorCountingFractionalUpgradeable} from
-    "src/lib/GovernorCountingFractionalUpgradeable.sol";
+    "openzeppelin-upgradeable-v5/governance/extensions/GovernorCountingFractionalUpgradeable.sol";
 import {GovernorTimelockControlUpgradeable} from
     "openzeppelin-upgradeable-v5/governance/extensions/GovernorTimelockControlUpgradeable.sol";
 import {GovernorVotesQuorumFractionUpgradeable} from

script/BaseGovernorDeployer.sol

@@ -0,0 +1,242 @@
+// SPDX-License-Identifier: MIT
+// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
+
+pragma solidity ^0.8.20;
+
+import {IAccessControl} from "@openzeppelin-v5/contracts/access/IAccessControl.sol";
+import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
+import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
+import {Initializable} from "../proxy/utils/Initializable.sol";
+
+/**
+ * @dev Contract module that allows children to implement role-based access
+ * control mechanisms. This is a lightweight version that doesn't allow enumerating role
+ * members except through off-chain means by accessing the contract event logs. Some
+ * applications may benefit from on-chain enumerability, for those cases see
+ * {AccessControlEnumerable}.
+ *
+ * Roles are referred to by their `bytes32` identifier. These should be exposed
+ * in the external API and be unique. The best way to achieve this is by
+ * using `public constant` hash digests:
+ *
+ * ```solidity
+ * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
+ * ```
+ *
+ * Roles can be used to represent a set of permissions. To restrict access to a
+ * function call, use {hasRole}:
+ *
+ * ```solidity
+ * function foo() public {
+ *     require(hasRole(MY_ROLE, msg.sender));
+ *     ...
+ * }
+ * ```
+ *
+ * Roles can be granted and revoked dynamically via the {grantRole} and
+ * {revokeRole} functions. Each role has an associated admin role, and only
+ * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
+ *
+ * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
+ * that only accounts with this role will be able to grant or revoke other
+ * roles. More complex role relationships can be created by using
+ * {_setRoleAdmin}.
+ *
+ * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
+ * grant and revoke this role. Extra precautions should be taken to secure
+ * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
+ * to enforce additional security measures for this role.
+ */
+abstract contract AccessControlUpgradeable is
+    Initializable,
+    ContextUpgradeable,
+    IAccessControl,
+    ERC165Upgradeable
+{
+    struct RoleData {
+        mapping(address account => bool) hasRole;
+        bytes32 adminRole;
+    }
+
+    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
+
+    /// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
+    struct AccessControlStorage {
+        mapping(bytes32 role => RoleData) _roles;
+    }
+
+    // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
+    bytes32 private constant AccessControlStorageLocation =
+        0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
+
+    function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
+        assembly {
+            $.slot := AccessControlStorageLocation
+        }
+    }
+
+    /**
+     * @dev Modifier that checks that an account has a specific role. Reverts
+     * with an {AccessControlUnauthorizedAccount} error including the required role.
+     */
+    modifier onlyRole(bytes32 role) {
+        _checkRole(role);
+        _;
+    }
+
+    function __AccessControl_init() internal onlyInitializing {}
+
+    function __AccessControl_init_unchained() internal onlyInitializing {}
+    /**
+     * @dev See {IERC165-supportsInterface}.
+     */
+
+    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
+        return
+            interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
+    }
+
+    /**
+     * @dev Returns `true` if `account` has been granted `role`.
+     */
+    function hasRole(bytes32 role, address account) public view virtual returns (bool) {
+        AccessControlStorage storage $ = _getAccessControlStorage();
+        return $._roles[role].hasRole[account];
+    }
+
+    /**
+     * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
+     * is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
+     */
+    function _checkRole(bytes32 role) internal view virtual {
+        _checkRole(role, _msgSender());
+    }
+
+    /**
+     * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
+     * is missing `role`.
+     */
+    function _checkRole(bytes32 role, address account) internal view virtual {
+        if (!hasRole(role, account)) {
+            revert AccessControlUnauthorizedAccount(account, role);
+        }
+    }
+
+    /**
+     * @dev Returns the admin role that controls `role`. See {grantRole} and
+     * {revokeRole}.
+     *
+     * To change a role's admin, use {_setRoleAdmin}.
+     */
+    function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
+        AccessControlStorage storage $ = _getAccessControlStorage();
+        return $._roles[role].adminRole;
+    }
+
+    /**
+     * @dev Grants `role` to `account`.
+     *
+     * If `account` had not been already granted `role`, emits a {RoleGranted}
+     * event.
+     *
+     * Requirements:
+     *
+     * - the caller must have ``role``'s admin role.
+     *
+     * May emit a {RoleGranted} event.
+     */
+    function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
+        _grantRole(role, account);
+    }
+
+    /**
+     * @dev Revokes `role` from `account`.
+     *
+     * If `account` had been granted `role`, emits a {RoleRevoked} event.
+     *
+     * Requirements:
+     *
+     * - the caller must have ``role``'s admin role.
+     *
+     * May emit a {RoleRevoked} event.
+     */
+    function revokeRole(bytes32 role, address account)
+        public
+        virtual
+        onlyRole(getRoleAdmin(role))
+    {
+        _revokeRole(role, account);
+    }
+
+    /**
+     * @dev Revokes `role` from the calling account.
+     *
+     * Roles are often managed via {grantRole} and {revokeRole}: this function's
+     * purpose is to provide a mechanism for accounts to lose their privileges
+     * if they are compromised (such as when a trusted device is misplaced).
+     *
+     * If the calling account had been revoked `role`, emits a {RoleRevoked}
+     * event.
+     *
+     * Requirements:
+     *
+     * - the caller must be `callerConfirmation`.
+     *
+     * May emit a {RoleRevoked} event.
+     */
+    function renounceRole(bytes32 role, address callerConfirmation) public virtual {
+        if (callerConfirmation != _msgSender()) {
+            revert AccessControlBadConfirmation();
+        }
+
+        _revokeRole(role, callerConfirmation);
+    }
+
+    /**
+     * @dev Sets `adminRole` as ``role``'s admin role.
+     *
+     * Emits a {RoleAdminChanged} event.
+     */
+    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
+        AccessControlStorage storage $ = _getAccessControlStorage();
+        bytes32 previousAdminRole = getRoleAdmin(role);
+        $._roles[role].adminRole = adminRole;
+        emit RoleAdminChanged(role, previousAdminRole, adminRole);
+    }
+
+    /**
+     * @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
+     *
+     * Internal function without access restriction.
+     *
+     * May emit a {RoleGranted} event.
+     */
+    function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
+        AccessControlStorage storage $ = _getAccessControlStorage();
+        if (!hasRole(role, account)) {
+            $._roles[role].hasRole[account] = true;
+            emit RoleGranted(role, account, _msgSender());
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+     * @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked.
+     *
+     * Internal function without access restriction.
+     *
+     * May emit a {RoleRevoked} event.
+     */
+    function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
+        AccessControlStorage storage $ = _getAccessControlStorage();
+        if (hasRole(role, account)) {
+            $._roles[role].hasRole[account] = false;
+            emit RoleRevoked(role, account, _msgSender());
+            return true;
+        } else {
+            return false;
+        }
+    }
+}