forked from mangrovedao/mangrove-core
-
Notifications
You must be signed in to change notification settings - Fork 0
207 lines (176 loc) · 7.19 KB
/
node.js.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
name: CI
on:
workflow_dispatch:
push:
branches:
- master
- 'run-ci/**'
pull_request_target:
branches: [ master, test-pr ]
types: [opened, synchronize, reopened, labeled]
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
NODE_ENV: test
# Ternary-esque expression hack: The first line is the condition,
# the 2nd line is the value if `true`, the 3rd line is the value if `false`.
GIT_REF_TO_TEST: >
${{ ( github.event_name != 'pull_request_target'
&& github.ref )
|| format('refs/pull/{0}/merge', github.event.number) }}
NOTIFY_SLACK_FOR_THIS_WORKFLOW_RUN: ${{ github.ref_name == 'master' && github.event_name != 'pull_request_target' }}
jobs:
# ==== Job: Security guard ====
# The security guard job only allows workflows triggered by external PR's to continue
# if they are labelled 'safe to test'.
security-guard:
runs-on: ubuntu-latest
steps:
- name: Comment external PR's with first time (before being labelled 'external PR')
if: >
!( github.event_name != 'pull_request_target'
|| github.event.pull_request.head.repo.full_name == github.repository
|| contains(github.event.pull_request.labels.*.name, 'external PR') )
uses: peter-evans/create-or-update-comment@v2
with:
issue-number: ${{ github.event.pull_request.number }}
body: >
Pull requests from forks must be reviewed before build and tests are run.
A maintainer will review and add the 'safe to test' label if everything looks good.
- name: Label external PR's with 'external PR'
if: >
!( github.event_name != 'pull_request_target'
|| github.event.pull_request.head.repo.full_name == github.repository
|| contains(github.event.pull_request.labels.*.name, 'external PR') )
uses: actions-ecosystem/action-add-labels@v1
with:
labels: external PR
# ==== End job: Security guard ====
file-guard:
needs: [security-guard]
runs-on: ubuntu-latest
steps:
# == Git checkout ==
- name: Checkout
uses: actions/checkout@v3
# Workaround for https://github.com/npm/cli/issues/2610
with:
persist-credentials: false
ref: ${{ env.GIT_REF_TO_TEST }}
submodules: recursive
- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
addresses:
- 'addresses/deployed/*.json'
- name: Fail if addresses changed unless PR has 'update address' label
if: >
( github.event_name == 'pull_request_target'
&& !contains(github.event.pull_request.labels.*.name,'update address')
&& steps.changes.outputs.addresses == 'true')
uses: actions/github-script@v6
with:
script: core.setFailed('You have changed an address in mangrove-core (deployed/*.json). PR must be marked \'update address\' for CI to run')
# ==== Job: Build and test mangrove-core
mangrove-core:
needs: [security-guard]
runs-on: ubuntu-latest
steps:
# == Git checkout ==
- name: Checkout
uses: actions/checkout@v3
# Workaround for https://github.com/npm/cli/issues/2610
with:
persist-credentials: false
ref: ${{ env.GIT_REF_TO_TEST }}
submodules: recursive
- name: Reconfigure git to use HTTP authentication
# Workaround for https://github.com/npm/cli/issues/2610
run: >
git config --global url."https://github.com/".insteadOf
ssh://[email protected]/
# == yarn setup ==
- name: Yarn setup (caching yarn dependencies)
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- run: yarn install --immutable
working-directory: . # Yarn must run in root to ensure monorepo setup
- name: Foundry Setup
uses: ./.github/actions/foundry-setup
# == build ==
- name: Solidity Compile
run: yarn run build
- name: Save status of build
# So we can fail-fast and drop the X Test Report steps, if build fails
# A tiny bit hacky, but it's simple and works
run: echo "mangrove_built=true" >> $GITHUB_ENV
# Run local Solidity tests
- name: Mangrove Solidity Tests
run: yarn run test
env:
POLYGON_NODE_URL: ${{ secrets.POLYGON_NODE_URL }}
MUMBAI_NODE_URL: ${{ secrets.MUMBAI_NODE_URL }}
# For push runs we also create a coverage report
- name: Create coverage report for mangrove-solidity
if: github.event_name != 'pull_request_target'
run: forge coverage --report lcov
working-directory: . # coverage cannot find contracts if executed inside mangrove-solidity
env:
POLYGON_NODE_URL: ${{ secrets.POLYGON_NODE_URL }}
MUMBAI_NODE_URL: ${{ secrets.MUMBAI_NODE_URL }}
# == Send coverage report to Coveralls ==
# Coverallsapp by default uses GITHUB_SHA but that does not necessarily correspond
# to HEAD because a branch is checked out. We here find the actual SHA for HEAD.
- name: Set Coveralls vars
id: coveralls_vars
if: github.event_name != 'pull_request_target'
run: echo "::set-output name=sha_for_head::$(git rev-parse HEAD)"
- name: Upload to Coveralls for mangrove-solidity
uses: coverallsapp/github-action@master
if: github.event_name != 'pull_request_target'
with:
git-commit: ${{ steps.coveralls_vars.outputs.sha_for_head }}
github-token: ${{ secrets.GITHUB_TOKEN }}
path-to-lcov: lcov.info
base-path : .
flag-name: solidity
# NOTE: uncomment once you can manage forge test
# outputs in gh actions
# - name: Mangrove Solidity Test Report
# uses: dorny/test-reporter@v1
# if: ${{ env.mangrove_built && (success() || failure()) }}
# with:
# name: Solidity Tests # Name of the check run which will be created
# path: ${{env.working-directory}}/solidity-mocha-test-report.json # Path to test results
# reporter: mocha-json # Format of test results
# == check docs can be created ==
- run: yarn run doc
- name: Report Failure to Slack
if: ${{ failure() && fromJSON(env.NOTIFY_SLACK_FOR_THIS_WORKFLOW_RUN) }}
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}@{branch}> on <{commit_url}|{commit_sha}> at {job}'
footer: '<{run_url}|View Run>'
env:
SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }}
# ==== End job mangrove-core ====
# ==== final "check" job, using alls-green to have one single job to check for green workflow ====
# see https://github.com/re-actors/alls-green
check:
if: always()
needs:
- security-guard
- file-guard
- mangrove-core
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
allowed-skips: security-guard, file-guard, mangrove-core
jobs: ${{ toJSON(needs) }}