From bb866ce7f195f21893f53b4bec9315f88a70c689 Mon Sep 17 00:00:00 2001 From: zerosnacks Date: Tue, 16 Sep 2025 12:35:28 +0200 Subject: [PATCH 1/5] remove unused test_binaries bash script --- .github/scripts/install_test_binaries.sh | 89 ------------------------ .github/workflows/ci.yml | 5 +- .github/workflows/codeql.yml | 5 +- 3 files changed, 4 insertions(+), 95 deletions(-) delete mode 100755 .github/scripts/install_test_binaries.sh diff --git a/.github/scripts/install_test_binaries.sh b/.github/scripts/install_test_binaries.sh deleted file mode 100755 index 7806d0c55..000000000 --- a/.github/scripts/install_test_binaries.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env bash -# Installs Solc and Geth binaries -# Note: intended for use only with CI (x86_64 Ubuntu, MacOS or Windows) -set -e - -GETH_BUILD=${GETH_BUILD:-"1.11.2-73b01f40"} - -BIN_DIR=${BIN_DIR:-"$HOME/bin"} - -PLATFORM="$(uname -s | awk '{print tolower($0)}')" -if [ "$PLATFORM" != "linux" ] && [ "$PLATFORM" != "darwin" ]; then - EXT=".exe" -fi - -main() { - mkdir -p "$BIN_DIR" - cd "$BIN_DIR" - export PATH="$BIN_DIR:$PATH" - if [ "$GITHUB_PATH" ]; then - echo "$BIN_DIR" >> "$GITHUB_PATH" - fi - - install_geth & - g=$! - install_solc & - wait $g $! - - echo "" - echo "Installed Geth:" - geth version - echo "" - echo "Installed Solc:" - solc --version -} - -# Installs geth from https://geth.ethereum.org/downloads -install_geth() { - case "$PLATFORM" in - linux|darwin) - name="geth-$PLATFORM-amd64-$GETH_BUILD" - curl -s "https://gethstore.blob.core.windows.net/builds/$name.tar.gz" | tar -xzf - - mv -f "$name/geth" ./ - rm -rf "$name" - chmod +x geth - ;; - *) - name="geth-windows-amd64-$GETH_BUILD" - zip="$name.zip" - curl -so "$zip" "https://gethstore.blob.core.windows.net/builds/$zip" - unzip "$zip" - mv -f "$name/geth.exe" ./ - rm -rf "$name" "$zip" - ;; - esac -} - -# Installs solc from https://binaries.soliditylang.org (https://github.com/ethereum/solc-bin) -install_solc() { - bins_url="https://binaries.soliditylang.org" - case "$PLATFORM" in - linux) bins_url+="/linux-amd64";; - darwin) bins_url+="/macosx-amd64";; - *) bins_url+="/windows-amd64";; - esac - - list=$(curl -s "$bins_url/list.json") - # use latest version - if [ -z "$SOLC_VERSION" ]; then - SOLC_VERSION="$(echo "$list" | jq -r ".latestRelease")" - fi - bin=$(echo "$list" | jq -r ".releases[\"$SOLC_VERSION\"]") - - if [ "$bin" = "null" ]; then - echo "Invalid Solc version: $SOLC_VERSION" 1>&2 - exit 1 - fi - - # windows versions <= 0.7.1 use .zip - if [[ "$bin" = *.zip ]]; then - echo "Cannot install solc <= 0.7.1" 1>&2 - exit 1 - fi - - curl -so "$bin" "$bins_url/$bin" - mv -f "$bin" "solc$EXT" - chmod +x "solc$EXT" -} - -main \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 397a2ffe4..5c115ff33 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,12 +35,9 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@master + - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # master with: toolchain: ${{ matrix.rust }} - - name: Install test binaries - shell: bash - run: ./.github/scripts/install_test_binaries.sh - name: Install nextest uses: taiki-e/install-action@nextest - uses: Swatinem/rust-cache@v2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dd672fa3a..d2566ffd1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,5 +1,8 @@ name: CodeQL +permissions: + contents: read + on: push: branches: ["main"] @@ -19,9 +22,7 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - packages: read actions: read - contents: read strategy: fail-fast: false From c31358f435ff96421d0ad80bd8a7acf1195ca30d Mon Sep 17 00:00:00 2001 From: zerosnacks Date: Tue, 16 Sep 2025 12:38:37 +0200 Subject: [PATCH 2/5] pin deps --- .github/workflows/ci.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5c115ff33..ef839b799 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,8 +39,8 @@ jobs: with: toolchain: ${{ matrix.rust }} - name: Install nextest - uses: taiki-e/install-action@nextest - - uses: Swatinem/rust-cache@v2 + uses: taiki-e/install-action@de179ea33fa5f5c434a81563f0e8a1c4f7ab8fe2 # nextest + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - name: test @@ -54,8 +54,8 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@stable - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - run: cargo test --workspace --doc --all-features @@ -67,9 +67,9 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@stable - - uses: taiki-e/install-action@cargo-hack - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable + - uses: taiki-e/install-action@c9a06c0e5d38d182732372ae4390adb6ddbfd51b # cargo-hack + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - name: cargo hack @@ -82,8 +82,8 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@clippy - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@45949235481cda149033232bdf068b00ceb0b28d # clippy + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - run: cargo clippy --workspace --all-targets --all-features @@ -97,8 +97,8 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@nightly - - uses: Swatinem/rust-cache@v2 + - uses: dtolnay/rust-toolchain@55d80eb3c5a4228eec5390a083c092095115c6f1 # nightly + - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true - run: cargo doc --workspace --all-features --no-deps --document-private-items @@ -112,13 +112,13 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@nightly + - uses: dtolnay/rust-toolchain@55d80eb3c5a4228eec5390a083c092095115c6f1 # nightly with: components: rustfmt - run: cargo fmt --all --check deny: - uses: ithacaxyz/ci/.github/workflows/deny.yml@main + uses: ithacaxyz/ci/.github/workflows/deny.yml@9c8d0dc20e7ad02455d3fdab2378a05f29907630 # main ci-success: runs-on: ubuntu-latest @@ -135,6 +135,6 @@ jobs: timeout-minutes: 30 steps: - name: Decide whether the needed jobs succeeded or failed - uses: re-actors/alls-green@release/v1 + uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1 with: jobs: ${{ toJSON(needs) }} From 1504a65bedbf7439092eb26a220c0e3dc5d800df Mon Sep 17 00:00:00 2001 From: zerosnacks Date: Tue, 16 Sep 2025 13:41:26 +0200 Subject: [PATCH 3/5] adhere to policy stated in https://github.com/dtolnay/rust-toolchain?tab=readme-ov-file#choice-of-full-length-commit-sha --- .github/workflows/ci.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ef839b799..5d479695a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # master + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master with: toolchain: ${{ matrix.rust }} - name: Install nextest @@ -54,7 +54,9 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: stable - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true @@ -67,7 +69,9 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@5d458579430fc14a04a08a1e7d3694f545e91ce6 # stable + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: stable - uses: taiki-e/install-action@c9a06c0e5d38d182732372ae4390adb6ddbfd51b # cargo-hack - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: @@ -82,7 +86,10 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@45949235481cda149033232bdf068b00ceb0b28d # clippy + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: nightly + components: clippy - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true @@ -97,7 +104,9 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@55d80eb3c5a4228eec5390a083c092095115c6f1 # nightly + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master + with: + toolchain: nightly - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true @@ -112,8 +121,9 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: dtolnay/rust-toolchain@55d80eb3c5a4228eec5390a083c092095115c6f1 # nightly + - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master with: + toolchain: nightly components: rustfmt - run: cargo fmt --all --check From 461baf8079dfd27f98119f821f0be2472743a1e9 Mon Sep 17 00:00:00 2001 From: zerosnacks Date: Tue, 16 Sep 2025 13:49:05 +0200 Subject: [PATCH 4/5] pin taiki-e/install-action to master hash, use tool: to select branch --- .github/workflows/ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d479695a..5c30b5ca6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,9 @@ jobs: with: toolchain: ${{ matrix.rust }} - name: Install nextest - uses: taiki-e/install-action@de179ea33fa5f5c434a81563f0e8a1c4f7ab8fe2 # nextest + uses: taiki-e/install-action@e5f8d33e7166e0491b2ab4ff0567cc6cd6772737 # master + with: + tool: nextest - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true @@ -72,7 +74,9 @@ jobs: - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master with: toolchain: stable - - uses: taiki-e/install-action@c9a06c0e5d38d182732372ae4390adb6ddbfd51b # cargo-hack + - uses: taiki-e/install-action@e5f8d33e7166e0491b2ab4ff0567cc6cd6772737 # master + with: + tool: cargo-hack - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2 with: cache-on-failure: true From d004959adc67cf5071bda37c502c5e4f2d1991f5 Mon Sep 17 00:00:00 2001 From: zerosnacks Date: Tue, 16 Sep 2025 14:21:28 +0200 Subject: [PATCH 5/5] nit comment --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5c30b5ca6..7656fbbab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,7 +39,7 @@ jobs: with: toolchain: ${{ matrix.rust }} - name: Install nextest - uses: taiki-e/install-action@e5f8d33e7166e0491b2ab4ff0567cc6cd6772737 # master + uses: taiki-e/install-action@e5f8d33e7166e0491b2ab4ff0567cc6cd6772737 # v2 with: tool: nextest - uses: Swatinem/rust-cache@98c8021b550208e191a6a3145459bfc9fb29c4c0 # v2