From 73dc3c0573412648794755dc3123a688d6611f39 Mon Sep 17 00:00:00 2001 From: Lev Akhnazarov Date: Thu, 11 Dec 2025 23:27:13 +0000 Subject: [PATCH 1/2] Enhance GitHub workflows for Solidity contracts - Added permissions for read access to contents and pull requests in both `contracts-ecdsa.yml` and `contracts-random-beacon.yml`. - Updated checkout step to use `fetch-depth: 0` for full history retrieval during pull request events. - Introduced a default path-filter step for non-PR events in `contracts-random-beacon.yml` to streamline CI processes. --- .github/workflows/contracts-ecdsa.yml | 6 ++++++ .github/workflows/contracts-random-beacon.yml | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/.github/workflows/contracts-ecdsa.yml b/.github/workflows/contracts-ecdsa.yml index fbb1c1194f..6341047d04 100644 --- a/.github/workflows/contracts-ecdsa.yml +++ b/.github/workflows/contracts-ecdsa.yml @@ -1,5 +1,9 @@ name: Solidity ECDSA +permissions: + contents: read + pull-requests: read + on: schedule: - cron: "0 0 * * *" @@ -45,6 +49,8 @@ jobs: steps: - uses: actions/checkout@v3 if: github.event_name == 'pull_request' + with: + fetch-depth: 0 - uses: dorny/paths-filter@v2 if: github.event_name == 'pull_request' diff --git a/.github/workflows/contracts-random-beacon.yml b/.github/workflows/contracts-random-beacon.yml index 3bd3a8147d..89df644f34 100644 --- a/.github/workflows/contracts-random-beacon.yml +++ b/.github/workflows/contracts-random-beacon.yml @@ -1,5 +1,9 @@ name: Solidity Random Beacon +permissions: + contents: read + pull-requests: read + on: schedule: - cron: "0 0 * * *" @@ -45,6 +49,8 @@ jobs: steps: - uses: actions/checkout@v3 if: github.event_name == 'pull_request' + with: + fetch-depth: 0 - uses: dorny/paths-filter@v2 if: github.event_name == 'pull_request' @@ -55,6 +61,11 @@ jobs: - './solidity/random-beacon/**' - './.github/workflows/contracts-random-beacon.yml' + - name: Set default path-filter for non-PR events + if: github.event_name != 'pull_request' + id: filter + run: echo "path-filter=true" >> $GITHUB_OUTPUT + contracts-lint: needs: contracts-detect-changes if: | From 2c3f4441ced4f1745c89f103768dd9ca13e5d2da Mon Sep 17 00:00:00 2001 From: Lev Akhnazarov Date: Fri, 12 Dec 2025 00:06:31 +0000 Subject: [PATCH 2/2] Refactor GitHub workflows for contract change detection --- .github/workflows/contracts-ecdsa.yml | 25 +++++++++++++++-- .github/workflows/contracts-random-beacon.yml | 28 ++++++++++++++----- 2 files changed, 43 insertions(+), 10 deletions(-) diff --git a/.github/workflows/contracts-ecdsa.yml b/.github/workflows/contracts-ecdsa.yml index 6341047d04..28ff0660dd 100644 --- a/.github/workflows/contracts-ecdsa.yml +++ b/.github/workflows/contracts-ecdsa.yml @@ -45,22 +45,41 @@ jobs: contracts-detect-changes: runs-on: ubuntu-latest outputs: - path-filter: ${{ steps.filter.outputs.path-filter }} + path-filter: ${{ steps.set-output.outputs.path-filter }} steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 if: github.event_name == 'pull_request' with: fetch-depth: 0 - - uses: dorny/paths-filter@v2 + - name: Detect path changes + uses: dorny/paths-filter@v2 if: github.event_name == 'pull_request' id: filter + continue-on-error: true with: filters: | path-filter: - './solidity/ecdsa/**' - './.github/workflows/contracts-ecdsa.yml' + - name: Set path-filter output + id: set-output + run: | + if [ "${{ github.event_name }}" != "pull_request" ]; then + # For non-PR events, always set to true + echo "path-filter=true" >> $GITHUB_OUTPUT + else + # For PRs, try to use filter output, default to false if not available + FILTER_OUTPUT="${{ steps.filter.outputs.path-filter }}" + if [ -n "$FILTER_OUTPUT" ] && [ "$FILTER_OUTPUT" != "" ] && [ "$FILTER_OUTPUT" != "null" ]; then + echo "path-filter=$FILTER_OUTPUT" >> $GITHUB_OUTPUT + else + echo "path-filter=false" >> $GITHUB_OUTPUT + fi + fi + contracts-lint: needs: contracts-detect-changes if: | diff --git a/.github/workflows/contracts-random-beacon.yml b/.github/workflows/contracts-random-beacon.yml index 89df644f34..2af59c34f0 100644 --- a/.github/workflows/contracts-random-beacon.yml +++ b/.github/workflows/contracts-random-beacon.yml @@ -45,26 +45,40 @@ jobs: contracts-detect-changes: runs-on: ubuntu-latest outputs: - path-filter: ${{ steps.filter.outputs.path-filter }} + path-filter: ${{ steps.set-output.outputs.path-filter }} steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 if: github.event_name == 'pull_request' with: fetch-depth: 0 - - uses: dorny/paths-filter@v2 + - name: Detect path changes + uses: dorny/paths-filter@v2 if: github.event_name == 'pull_request' id: filter + continue-on-error: true with: filters: | path-filter: - './solidity/random-beacon/**' - './.github/workflows/contracts-random-beacon.yml' - - name: Set default path-filter for non-PR events - if: github.event_name != 'pull_request' - id: filter - run: echo "path-filter=true" >> $GITHUB_OUTPUT + - name: Set path-filter output + id: set-output + run: | + if [ "${{ github.event_name }}" != "pull_request" ]; then + # For non-PR events, always set to true + echo "path-filter=true" >> $GITHUB_OUTPUT + else + # For PRs, try to use filter output, default to false if not available + FILTER_OUTPUT="${{ steps.filter.outputs.path-filter }}" + if [ -n "$FILTER_OUTPUT" ] && [ "$FILTER_OUTPUT" != "" ] && [ "$FILTER_OUTPUT" != "null" ]; then + echo "path-filter=$FILTER_OUTPUT" >> $GITHUB_OUTPUT + else + echo "path-filter=false" >> $GITHUB_OUTPUT + fi + fi contracts-lint: needs: contracts-detect-changes