|
1 | 1 | name: Certora |
2 | 2 |
|
3 | 3 | on: |
4 | | - # Run when PRs from feat/* branches are merged into dev |
5 | 4 | pull_request: |
6 | | - types: [closed] |
7 | 5 | branches: |
8 | | - - main |
9 | | - |
10 | | - # Run on any pushes to certora/* branches |
11 | | - push: |
12 | | - branches: |
13 | | - - 'certora/**' |
14 | | - |
15 | | - # Biweekly schedule (1st and 15th of each month at midnight UTC) |
16 | | - schedule: |
17 | | - - cron: '0 0 1,15 * *' |
18 | | - |
19 | | - # Manual trigger |
| 6 | + - certora/distro |
20 | 7 | workflow_dispatch: |
21 | 8 |
|
22 | 9 | jobs: |
23 | | - # First job: Compile the contracts for Certora verification |
24 | | - compile: |
25 | | - name: Compile |
26 | | - # Run if it meets one of these conditions: |
27 | | - # 1. It's a merged PR from a feat/* branch to dev |
28 | | - # 2. It's a push to a certora/* branch |
29 | | - # 3. It's a scheduled run |
30 | | - # 4. It's a manually triggered run |
31 | | - if: > |
32 | | - (github.event_name == 'pull_request' && |
33 | | - github.event.pull_request.merged == true && |
34 | | - startsWith(github.head_ref, 'feat/')) || |
35 | | - (github.event_name == 'push' && |
36 | | - startsWith(github.ref, 'refs/heads/certora/')) || |
37 | | - github.event_name == 'schedule' || |
38 | | - github.event_name == 'workflow_dispatch' |
39 | | - runs-on: protocol-x64-16core |
40 | | - steps: |
41 | | - # Checkout the repository with submodules |
42 | | - - uses: actions/checkout@v4 |
43 | | - with: |
44 | | - submodules: recursive |
45 | | - # Use dev branch for scheduled runs, otherwise use the branch that triggered the workflow |
46 | | - ref: ${{ github.event_name == 'schedule' && 'dev' || github.ref }} |
47 | | - |
48 | | - # Install the Foundry toolchain |
49 | | - - name: Install Foundry |
50 | | - uses: foundry-rs/foundry-toolchain@v1 |
51 | | - with: |
52 | | - version: stable |
53 | | - |
54 | | - # Install dependencies using Forge |
55 | | - - name: Install forge dependencies |
56 | | - run: forge install |
57 | | - |
58 | | - # Run Certora compilation step only |
59 | | - - uses: Certora/certora-run-action@v1 |
60 | | - with: |
61 | | - # List of configuration files for different contracts to verify |
62 | | - configurations: |- |
63 | | - certora/confs/core/AllocationManager.conf |
64 | | - certora/confs/core/AllocationManagerSanity.conf |
65 | | - certora/confs/core/DelegationManager.conf |
66 | | - certora/confs/core/DelegationManagerValidState.conf |
67 | | - certora/confs/core/StrategyManager.conf |
68 | | - certora/confs/permissions/Pausable.conf |
69 | | - certora/confs/pods/EigenPodManagerRules.conf |
70 | | - certora/confs/strategies/StrategyBase.conf |
71 | | - use-beta: true |
72 | | - solc-versions: 0.8.27 |
73 | | - solc-remove-version-prefix: "0." |
74 | | - job-name: "Eigenlayer Contracts" |
75 | | - certora-key: ${{ secrets.CERTORAKEY }} |
76 | | - # Only compile, don't run verification yet |
77 | | - compilation-steps-only: true |
78 | | - env: |
79 | | - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
80 | | - |
81 | | - # Second job: Run the actual verification after compilation succeeds |
82 | | - verify: |
83 | | - name: Verify |
84 | | - runs-on: protocol-x64-16core |
85 | | - # This job depends on the compile job |
86 | | - needs: compile |
87 | | - # Same conditions as the compile job |
88 | | - if: > |
89 | | - (github.event_name == 'pull_request' && |
90 | | - github.event.pull_request.merged == true && |
91 | | - startsWith(github.head_ref, 'feat/')) || |
92 | | - (github.event_name == 'push' && |
93 | | - startsWith(github.ref, 'refs/heads/certora/')) || |
94 | | - github.event_name == 'schedule' || |
95 | | - github.event_name == 'workflow_dispatch' |
| 10 | + certora_run: |
| 11 | + runs-on: ubuntu-latest |
| 12 | + permissions: |
| 13 | + contents: read |
| 14 | + statuses: write |
| 15 | + pull-requests: write |
96 | 16 | steps: |
97 | | - # Checkout the repository with submodules |
98 | | - - uses: actions/checkout@v4 |
| 17 | + - name: Checkout repository |
| 18 | + uses: actions/checkout@v4 |
99 | 19 | with: |
100 | 20 | submodules: recursive |
101 | | - # Use dev branch for scheduled runs, otherwise use the branch that triggered the workflow |
102 | | - ref: ${{ github.event_name == 'schedule' && 'dev' || github.ref }} |
103 | | - |
104 | | - # Install the Foundry toolchain. |
105 | 21 | - name: Install Foundry |
106 | 22 | uses: foundry-rs/foundry-toolchain@v1 |
107 | 23 | with: |
108 | 24 | version: stable |
109 | | - |
110 | | - # Install dependencies using Forge |
111 | 25 | - name: Install forge dependencies |
112 | 26 | run: forge install |
113 | | - |
114 | | - # Run Certora verification with the same configurations |
115 | | - - uses: Certora/certora-run-action@v1 |
| 27 | + - name: Run Certora pipeline |
| 28 | + uses: Certora/certora-run-action@v1 |
116 | 29 | with: |
117 | | - # List of configuration files for different contracts to verify |
118 | 30 | configurations: |- |
119 | 31 | certora/confs/core/AllocationManager.conf |
| 32 | + certora/confs/core/AllocationManagerValidState.conf |
120 | 33 | certora/confs/core/AllocationManagerSanity.conf |
121 | 34 | certora/confs/core/DelegationManager.conf |
122 | 35 | certora/confs/core/DelegationManagerValidState.conf |
|
126 | 39 | certora/confs/strategies/StrategyBase.conf |
127 | 40 | use-beta: true |
128 | 41 | solc-versions: 0.8.27 |
129 | | - solc-remove-version-prefix: "0." |
130 | 42 | job-name: "Eigenlayer Contracts" |
131 | 43 | certora-key: ${{ secrets.CERTORAKEY }} |
132 | 44 | env: |
|
0 commit comments