ci: fix targets & add tempo check (#72)

* CI test

* Hack1

* fixes

* Take 2

* Temp dir

* Test access

* Fix

* Cache

* disable codeql

* Bump tempo

* fix: cargo deny (#73)

fix deny

* success doesn't need docs for now

* Display clien

* Move to secrets

---------

Co-authored-by: zerosnacks <95942363+zerosnacks@users.noreply.github.com>

Author: grandizzy

.github/scripts/tempo-check.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+echo -e "\n=== TEMPO VERSION ==="
+cast client --rpc-url $TEMPO_RPC_URL
+tmp_dir=$(mktemp -d)
+cd "$tmp_dir"
+echo -e "\n=== INIT TEMPO PROJECT ==="
+forge init -n tempo tempo-check
+cd tempo-check
+echo -e "\n=== FORGE TEST ==="
+forge test
+echo -e "\n=== FORGE SCRIPT ==="
+forge script script/Mail.s.sol
+echo -e "\n=== CREATE AND FUND ADDRESS ==="
+read ADDR PK < <(cast wallet new --json | jq -r '.[0] | "\(.address) \(.private_key)"'); cast rpc tempo_fundAddress "$ADDR" --rpc-url "$TEMPO_RPC_URL"; printf "\naddress: %s\nprivate_key: %s\n" "$ADDR" "$PK"
+echo -e "\n=== FORGE SCRIPT DEPLOY AND VERIFY ==="
+forge script script/Mail.s.sol --private-key $PK --broadcast --verify
+echo -e "\n=== FORGE CREATE DEPLOY AND VERIFY ==="
+forge create src/Mail.sol:Mail --rpc-url $TEMPO_RPC_URL --private-key $PK --broadcast --verify --constructor-args 0x20c0000000000000000000000000000000000000

.github/workflows/ci.yml

@@ -24,13 +24,13 @@ jobs:
       profile: default
     secrets: inherit
 
-  docs:
-    uses: ./.github/workflows/docs.yml
-    permissions:
-      contents: read
-      pages: write
-      id-token: write
-    secrets: inherit
+#  docs:
+#    uses: ./.github/workflows/docs.yml
+#    permissions:
+#      contents: read
+#      pages: write
+#      id-token: write
+#    secrets: inherit
 
   doctest:
     runs-on: depot-ubuntu-latest
@@ -44,6 +44,14 @@ jobs:
       - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
         with:
           toolchain: stable
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
       - uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
       - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
@@ -73,6 +81,14 @@ jobs:
         with:
           toolchain: nightly
           components: clippy
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
       - uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
       - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
@@ -107,6 +123,14 @@ jobs:
       - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
         with:
           toolchain: stable
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
       - uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
       - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
@@ -126,6 +150,14 @@ jobs:
       - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
         with:
           toolchain: stable
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
       - uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2
         with:
@@ -135,53 +167,42 @@ jobs:
       - run: cargo hack check
 
   deny:
-    uses: ithacaxyz/ci/.github/workflows/deny.yml@9c8d0dc20e7ad02455d3fdab2378a05f29907630 # main
-    permissions:
-      contents: read
-
-  codeql:
-    name: analyze (${{ matrix.language }})
-    runs-on: ubuntu-latest
+    runs-on: depot-ubuntu-latest
     permissions:
-      security-events: write
-      actions: read
       contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - language: actions
-            build-mode: none
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
+      - uses: actions/checkout@v5
         with:
           persist-credentials: false
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
-        with:
-          languages: ${{ matrix.language }}
-          build-mode: ${{ matrix.build-mode }}
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4
+      - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
         with:
-          category: "/language:${{matrix.language}}"
+          toolchain: nightly
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
+      - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad #
+      - uses: taiki-e/install-action@cargo-deny
+      - run: cargo deny --all-features check all
 
   ci-success:
     runs-on: ubuntu-latest
     if: always()
     permissions: {}
     needs:
       - test
-      - docs
+#      - docs
       - doctest
       - typos
       - clippy
       - rustfmt
       - forge-fmt
       - crate-checks
       - deny
-      - codeql
     timeout-minutes: 30
     steps:
       - name: Decide whether the needed jobs succeeded or failed

.github/workflows/tempo-check.yml

@@ -0,0 +1,53 @@
+name: CI Tempo
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+  RUSTC_WRAPPER: "sccache"
+
+permissions:
+  contents: write   # This is the key step
+
+jobs:
+  sanity-check:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the repository
+      - uses: actions/checkout@v5
+        with:
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: stable
+
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
+
+      - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9
+      - uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2
+
+      # Build and install forge and cast
+      - name: Build and install Forge and Cast
+        run: |
+          cargo install --path ./crates/forge --profile dev --force --locked
+          cargo install --path ./crates/cast --profile dev --force --locked
+
+      - name: Run Tempo check
+        env:
+          TEMPO_RPC_URL: ${{ secrets.TEMPO_RPC_URL }}
+          VERIFIER_URL: ${{ secrets.VERIFIER_URL }}
+          TEMPO_TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        run: |
+          chmod +x ./.github/scripts/tempo-check.sh
+          ./.github/scripts/tempo-check.sh

.github/workflows/test.yml

@@ -64,6 +64,14 @@ jobs:
         with:
           toolchain: stable
           target: ${{ matrix.target }}
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
       - uses: rui314/setup-mold@725a8794d15fc7563f59595bd9556495c0564878 # v1
       - uses: taiki-e/install-action@537c30d2b45cc3aa3fb35e2bbcfb61ef93fd6f02 # v2
         with:
@@ -75,6 +83,14 @@ jobs:
         uses: actions/setup-node@v6
         with:
           node-version: 24
+      - name: Configure Git to use GITHUB_TOKEN for GitHub
+        env:
+          TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        shell: bash
+        run: |
+          authenticated_url="https://${GITHUB_ACTOR}:${TOKEN}@github.com/"
+          echo "$authenticated_url"
+          git config --global url."$authenticated_url".insteadOf "ssh://git@github.com/"
       - name: Install Bun
         if: contains(matrix.name, 'external')
         uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2
@@ -114,4 +130,5 @@ jobs:
           WS_ARCHIVE_URLS: ${{ secrets.WS_ARCHIVE_URLS }}
           ETHERSCAN_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
           ARBITRUM_RPC: ${{ secrets.ARBITRUM_RPC }}
-        run: cargo nextest run ${{ matrix.flags }}
+          TEMPO_TOKEN: ${{ secrets.FOUNDRY_TEMPO_RELEASE_PAT }}
+        run: cargo nextest run -p forge -p cast ${{ matrix.flags }}