diff --git a/.github/workflows/certora.yml b/.github/workflows/certora.yml new file mode 100644 index 00000000..d0d49528 --- /dev/null +++ b/.github/workflows/certora.yml @@ -0,0 +1,72 @@ +name: certora + +on: + pull_request: + branches: + - certora + - main + push: + branches: + - main + + workflow_dispatch: + +jobs: + verify: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: Check key + env: + CERTORAKEY: ${{ secrets.CERTORAKEY }} + run: echo "key length" ${#CERTORAKEY} + + - name: Install python + uses: actions/setup-python@v2 + with: { python-version: 3.9 } + + - name: Install java + uses: actions/setup-java@v1 + with: { java-version: '11', java-package: jre } + + - name: Install certora cli + run: pip install certora-cli + + - name: Install solc + run: | + wget https://github.com/ethereum/solidity/releases/download/v0.8.19/solc-static-linux + chmod +x solc-static-linux + sudo mv solc-static-linux /usr/local/bin/solc8.19 + + - name: Verify rule ${{ matrix.rule }} + run: | + cd certora + touch applyHarness.patch + make munged + cd .. + echo "key length" ${#CERTORAKEY} + certoraRun certora/conf/${{ matrix.rule }} --wait_for_results + env: + CERTORAKEY: ${{ secrets.CERTORAKEY }} + + strategy: + fail-fast: false + max-parallel: 16 + matrix: + rule: + - AToken.conf + - ReserveConfiguration.conf + - UserConfiguration.conf + - VariableDebtToken.conf + - NEW-pool-no-summarizations.conf + - NEW-pool-simple-properties.conf --rule cannotDepositInInactiveReserve --msg "cannotDepositInInactiveReserve" + - NEW-pool-simple-properties.conf --rule cannotDepositInFrozenReserve --msg "cannotDepositInFrozenReserve" + - NEW-pool-simple-properties.conf --rule cannotDepositZeroAmount --msg "cannotDepositZeroAmount" + - NEW-pool-simple-properties.conf --rule cannotWithdrawZeroAmount --msg "cannotWithdrawZeroAmount" + - NEW-pool-simple-properties.conf --rule cannotWithdrawFromInactiveReserve --msg "cannotWithdrawFromInactiveReserve" + - NEW-pool-simple-properties.conf --rule cannotBorrowZeroAmount --msg "cannotBorrowZeroAmount" + - NEW-pool-simple-properties.conf --rule cannotBorrowOnInactiveReserve --msg "cannotBorrowOnInactiveReserve" + - NEW-pool-simple-properties.conf --rule cannotBorrowOnReserveDisabledForBorrowing --msg "cannotBorrowOnReserveDisabledForBorrowing" + - NEW-pool-simple-properties.conf --rule cannotBorrowOnFrozenReserve --msg "cannotBorrowOnFrozenReserve" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..e5d28e3d --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,111 @@ +name: foundry-test + +on: + pull_request: + push: + branches: + - main + workflow_call: + inputs: + testCommand: + default: forge test -vv + description: the command responsible for running the test + type: string + required: false + secrets: + RPC_MAINNET: + required: false + RPC_POLYGON: + required: false + RPC_AVALANCHE: + required: false + RPC_OPTIMISM: + required: false + RPC_ARBITRUM: + required: false + COMMENT_PAT: + required: false + +jobs: + test: + name: Foundry build n test + runs-on: ubuntu-latest + env: + FOUNDRY_PROFILE: ci + steps: + - uses: actions/checkout@v3 + with: + submodules: recursive + + - name: Setup env + run: | + if [[ "${{ secrets.RPC_MAINNET }}" != "" ]] ; then echo "RPC_MAINNET=${{ secrets.RPC_MAINNET }}" >> $GITHUB_ENV ; fi + if [[ "${{ secrets.RPC_POLYGON }}" != "" ]] ; then echo "RPC_POLYGON=${{ secrets.RPC_POLYGON }}" >> $GITHUB_ENV ; fi + if [[ "${{ secrets.RPC_AVALANCHE }}" != "" ]] ; then echo "RPC_AVALANCHE=${{ secrets.RPC_AVALANCHE }}" >> $GITHUB_ENV ; fi + if [[ "${{ secrets.RPC_OPTIMISM }}" != "" ]] ; then echo "RPC_OPTIMISM=${{ secrets.RPC_OPTIMISM }}" >> $GITHUB_ENV ; fi + if [[ "${{ secrets.RPC_ARBITRUM }}" != "" ]] ; then echo "RPC_ARBITRUM=${{ secrets.RPC_ARBITRUM }}" >> $GITHUB_ENV ; fi + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + with: + version: nightly + + - name: Copy .env + run: | + cp .env.example .env 2> /dev/null || : + + - uses: actions/setup-node@v3 + with: + node-version: 18 + registry-url: "https://registry.npmjs.org" + cache: "yarn" + + - name: Install dependencies + run: yarn install --frozen-lockfile + + - name: Run Forge build + run: | + forge --version | sed -r 's/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g' | tee /tmp/foundry_version ; test ${PIPESTATUS[0]} -eq 0 + forge cache ls + forge build | sed -r 's/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g' | tee /tmp/foundry_build ; test ${PIPESTATUS[0]} -eq 0 + id: build + + - name: Run Forge tests + run: | + forge test -vv | sed -r 's/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g' | tee /tmp/foundry_test + echo "testStatus=${PIPESTATUS[0]}" >> $GITHUB_ENV + id: test + + - name: Create comment body + id: get-comment-body + run: | + printf "Foundry report\n\n" > /tmp/template.md + printf "\`\`\`shell\n$(cat /tmp/foundry_version)\n\`\`\`\n\n" >> /tmp/template.md + printf "
Build log\n\n\`\`\`shell\n$(cat /tmp/foundry_build)\n\`\`\`\n
\n\n" >> /tmp/template.md + printf "
Test ${{ env.testStatus == 0 && 'success :rainbow:' || 'error :finnadie::x:'}}\n\n\`\`\`shell\n$(cat /tmp/foundry_test)\n\`\`\`\n
\n\n" >> /tmp/template.md + + - uses: actions/upload-artifact@v3 + with: + name: ${{ github.event.pull_request.head.sha || github.sha }} + path: /tmp/template.md + + - name: Save PR number + if: github.event_name == 'pull_request' + env: + PR_NUMBER: ${{ github.event.number }} + run: | + mkdir -p ./pr + echo $PR_NUMBER > ./pr/pr_number.txt + + - uses: actions/upload-artifact@v3 + if: github.event_name == 'pull_request' + with: + name: pr_number + path: pr/pr_number.txt + + # we let failing tests pass so we can log them in the comment, still we want the ci to fail + - name: Post test + if: ${{ env.testStatus != 0 }} + run: | + echo "tests failed" + exit 1