Audit fixes #2349
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow runs our Foundry tests and contract checks on the smart contracts in both `synd-contracts/src`. | |
| # Whenever a change is made in those directories, this workflow makes sure everything still builds, passes tests, and that our Rust & Go bindings are up to date. | |
| # This workflow also checks that the TypeScript ABI & bytecode files in synd-cli are up to date. | |
| # Keeping the Rust bindings up to date makes sure your Rust code always knows how to talk to your smart contracts correctly. | |
| # https://github.com/foundry-rs/foundry | |
| name: Foundry Tests | |
| on: | |
| # Run workflow on every push to main. This ensures that cross-service PRs that | |
| # depend on synd-contracts are tested. | |
| push: | |
| branches: | |
| - main | |
| # Only run on PRs that touch shared contracts | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] # the first 3 are the defaults if you dont specify `types` | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| FOUNDRY_PROFILE: ci | |
| jobs: | |
| contracts-check: | |
| if: github.event.pull_request.draft == false | |
| name: synd-contracts Check | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: "synd-contracts" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: stable | |
| - name: Show Forge version | |
| run: | | |
| forge --version | |
| - name: Run Forge fmt | |
| run: | | |
| forge fmt --check | |
| id: fmt | |
| - name: Run Forge build | |
| run: | | |
| forge build | |
| id: build | |
| - name: Run Forge tests | |
| env: | |
| ETH_MAINNET_RPC_URL: ${{ secrets.ETH_MAINNET_RPC_URL }} | |
| run: | | |
| forge test -vvv | |
| id: test | |
| # GO and abigen are needed to generate the Go bindings for the withdrawal contract | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: "1.21" | |
| - name: Install abigen | |
| run: | | |
| go install github.com/ethereum/go-ethereum/cmd/abigen@latest | |
| - name: Check Rust & Go contract bindings for synd-contracts | |
| working-directory: "." | |
| run: | | |
| make -C shared create-contract-bindings | |
| git diff --quiet || (echo "Error: Rust contract bindings are out of date. Please run 'make -C shared create-contract-bindings' to update them." && exit 1) | |
| - name: Setup Bun | |
| uses: oven-sh/setup-bun@v2 | |
| with: | |
| bun-version: latest | |
| - name: Install synd-cli dependencies | |
| working-directory: "synd-cli" | |
| run: bun install | |
| - name: Check TypeScript ABI files for synd-cli | |
| working-directory: "." | |
| run: | | |
| make -C synd-cli generate-contract-abis | |
| git diff --exit-code synd-cli/src/abi/synd/ || ( | |
| echo "❌ Error: TypeScript ABI files are out of date." | |
| echo "" | |
| echo "The committed ABI files don't match the ones generated from the contracts." | |
| echo "Please run the following command to regenerate them:" | |
| echo "" | |
| echo " cd synd-cli && make generate-contract-abis" | |
| echo "" | |
| echo "Then commit the updated files." | |
| echo "" | |
| echo "Files that differ:" | |
| git diff --name-only synd-cli/src/abi/synd/ | |
| exit 1 | |
| ) | |
| # Needs to be the last job step | |
| - name: Notify Slack on Failure | |
| # Only notify for workflow_run failures on main branch (not PRs) | |
| if: failure() && github.ref_name == 'main' | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| SLACK_COLOR: "danger" | |
| SLACK_MESSAGE: ":x: `${{github.workflow}}` failed on `main` branch. View failure information here: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Workflow>" | |
| SLACK_TITLE: "*${{github.workflow}}* failed on `main` branch. Notify the author of the latest PR merged to `main`" |