Audit fixes #632
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "synd-withdrawals/synd-enclave/**" | |
| - "synd-withdrawals/synd-proposer/**" | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] # the first 3 are the defaults if you dont specify `types` | |
| paths: | |
| - "synd-withdrawals/synd-enclave/**" | |
| - "synd-withdrawals/synd-proposer/**" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| env: | |
| GITHUB_REGISTRY: ghcr.io | |
| jobs: | |
| enclave-build: | |
| if: github.event.pull_request.draft == false | |
| name: build enclave | |
| runs-on: shared-large-01 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24" | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build enclave image | |
| run: | | |
| cd synd-withdrawals | |
| docker build --target eif-bin . | |
| proposer-test: | |
| if: github.event.pull_request.draft == false | |
| name: test synd-proposer | |
| runs-on: shared-large-01 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GITHUB_REGISTRY }} | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Test synd-proposer via docker buildx | |
| run: | | |
| docker buildx build \ | |
| --target synd-proposer-test \ | |
| --tag synd-proposer-test \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| --platform linux/amd64 \ | |
| . | |
| # Needs to be the last job step | |
| - name: Notify Slack on Failure | |
| # Only notify for workflow_run failures on main branch (not PRs) | |
| if: failure() && github.ref_name == 'main' | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| SLACK_COLOR: "danger" | |
| SLACK_MESSAGE: ":x: `${{github.workflow}}` failed on `main` branch. View failure information here: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Workflow>" | |
| SLACK_TITLE: "*${{github.workflow}}* failed on `main` branch. Notify the author of the latest PR merged to `main`" |