feat: make ci ✅ with 💚 and 🥑s (#371)

### Description - Split jobs for better readability - Make storage checks run only on push to develop (i.e. not for each commit of a work in progress branch) in an attempt to not hit rate limits. - removed the slither.db.json and inlined ignores - it's important to actually review these and see if we want to actually fix any of them - made slither ignore contracts/common and contracts/legacy . Common will be moved to @celo/contracts npm dependency anyway. - fixed echidna compilation issue, yey! ### Other changes - Moved `SortedOracles.sol` to `common` because moving forward that contract will be owned by `clabs` and we will need to deploy it through their pipeline. So everything in `common` will move to `@celo/contracts`, including SortedOracles.
mento-protocol · Feb 19, 2024 · c443a13 · c443a13
1 parent 9ff0cfc
commit c443a13
Show file tree

Hide file tree

Showing 26 changed files with 274 additions and 182 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/.github/workflows/echidna.yaml b/.github/workflows/echidna.yaml
@@ -0,0 +1,50 @@
+name: "Echidna"
+
+env:
+  FOUNDRY_PROFILE: "ci"
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - "main"
+      - "develop"
+
+jobs:
+  get_echidna_test_names:
+    name: Get Echidna test names
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Generate matrix with all test names from the test/echidna directory
+        id: set-matrix
+        run: |
+          echo "::set-output name=matrix::$(ls test/echidna | sed 's/.sol//' | jq -R -s -c 'split("\n")[:-1]')"
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+
+  run_echidna_tests:
+    needs: get_echidna_test_names
+    name: Run echidna tests
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        contract: ${{ fromJson(needs.get_echidna_test_names.outputs.matrix) }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+      - name: "Build for echidna"
+        run: forge build --build-info --skip */test/**/*.t.sol */script/**
+      - name: "Run Echidna"
+        uses: crytic/echidna-action@v2
+        with:
+          files: .
+          solc-version: 0.5.17
+          contract: ${{ matrix.contract }}
+          config: echidna.yaml
+          test-mode: assertion
diff --git a/.github/workflows/lint_test.yaml b/.github/workflows/lint_test.yaml
@@ -0,0 +1,57 @@
+name: "CI"
+
+env:
+  FOUNDRY_PROFILE: "ci"
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - "main"
+      - "develop"
+
+jobs:
+  lint_and_test:
+    name: Lint & Test
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@v3"
+        with:
+          submodules: "recursive"
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: "Install Node.js"
+        uses: "actions/setup-node@v3"
+        with:
+          cache: "yarn"
+          node-version: "20"
+
+      - name: "Install the Node.js dependencies"
+        run: "yarn install --immutable"
+
+      - name: "Lint the contracts"
+        run: "yarn lint:check"
+
+      - name: "Add lint summary"
+        run: |
+          echo "## Lint" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Passed" >> $GITHUB_STEP_SUMMARY
+
+      - name: "Show the Foundry config"
+        run: "forge config"
+
+      - name: "Run the tests"
+        run: "forge test"
+
+      - name: "Build the contracts"
+        run: |
+          forge --version
+          forge build --sizes
+
+      - name: "Add test summary"
+        run: |
+          echo "## Tests" >> $GITHUB_STEP_SUMMARY
diff --git a/.github/workflows/slither.yaml b/.github/workflows/slither.yaml
@@ -0,0 +1,41 @@
+name: "Slither"
+
+env:
+  FOUNDRY_PROFILE: "ci"
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - "main"
+      - "develop"
+
+jobs:
+  slither:
+    name: Slither
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@v3"
+        with:
+          submodules: "recursive"
+      - name: Run Slither
+        uses: crytic/[email protected]
+        id: slither
+        with:
+          sarif: results.sarif
+        # continue-on-error: true
+        # -----------------------
+        # Ideally, we'd like to continue on error to allow uploading the SARIF file here.
+        # But we're often running into GitHub's API Rate Limit when uploading the SARIF file
+        # which would lead to lots of failed pipelines even if slither works fine:
+        # https://github.com/mento-protocol/mento-core/actions/runs/7167865576/job/19514794782
+        #
+        # So for now it's better to just let the slither task fail directly so we at least
+        # know it failed.
+        # -----------------------
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.slither.outputs.sarif }}
diff --git a/.github/workflows/storage-layout.yaml b/.github/workflows/storage-layout.yaml
@@ -0,0 +1,38 @@
+name: "Storage Layout"
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "develop"
+
+jobs:
+  check_storage_layout:
+    name: Check storage layout
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        contract:
+          - contracts/legacy/ReserveSpenderMultiSig.sol:ReserveSpenderMultiSig
+          - contracts/legacy/StableToken.sol:StableToken
+          - contracts/legacy/Exchange.sol:Exchange
+          - contracts/legacy/GrandaMento.sol:GrandaMento
+          - contracts/swap/Broker.sol:Broker
+          - contracts/swap/BiPoolManager.sol:BiPoolManager
+          - contracts/swap/Reserve.sol:Reserve
+          - contracts/oracles/BreakerBox.sol:BreakerBox
+          - contracts/oracles/SortedOracles.sol:SortedOracles
+          - contracts/tokens/StableTokenV2.sol:StableTokenV2
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: Install Foundry
+        uses: onbjerg/foundry-toolchain@v1
+        with:
+          version: "nightly"
+      - name: Check storage layout
+        uses: Rubilmax/[email protected]
+        with:
+          contract: ${{ matrix.contract }}
diff --git a/contracts/oracles/SortedOracles.sol → contracts/common/SortedOracles.sol b/contracts/oracles/SortedOracles.sol → contracts/common/SortedOracles.sol
diff --git a/contracts/governance/Airgrab.sol b/contracts/governance/Airgrab.sol
@@ -156,7 +156,6 @@ contract Airgrab is ReentrancyGuard {
   ) {
     require(root_ != bytes32(0), "Airgrab: invalid root");
     require(fractalSigner_ != address(0), "Airgrab: invalid fractal issuer");
-    // slither-disable-next-line timestamp
     require(endTimestamp_ > block.timestamp, "Airgrab: invalid end timestamp");
     require(cliffPeriod_ <= MAX_CLIFF_PERIOD, "Airgrab: cliff period too large");
     require(slopePeriod_ <= MAX_SLOPE_PERIOD, "Airgrab: slope period too large");
@@ -219,7 +218,6 @@ contract Airgrab is ReentrancyGuard {
    *  tokens other than the airgrab token.
    */
   function drain(address tokenToDrain) external nonReentrant {
-    // slither-disable-next-line timestamp
     require(block.timestamp > endTimestamp, "Airgrab: not finished");
     uint256 balance = IERC20(tokenToDrain).balanceOf(address(this));
     require(balance > 0, "Airgrab: nothing to drain");