Specify foundry version by version, not hash
#1676
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint | |
| permissions: {} | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - next | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| clippy: | |
| name: cargo clippy | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-26-intel, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Get nightly version to use | |
| id: nightly | |
| shell: bash | |
| run: | | |
| # Ensure `nightly-version` only contains numbers and dashes | |
| [ $(grep -v "^[0-9-]*$" .github/nightly-version | wc -l || true) -eq 0 ] | |
| echo "NIGHTLY_VERSION=nightly-$(cat .github/nightly-version)" >> "$GITHUB_ENV" | |
| - name: Build Dependencies | |
| uses: ./.github/actions/build-dependencies | |
| - name: Install nightly rust | |
| shell: bash | |
| run: rustup toolchain install $NIGHTLY_VERSION --profile minimal --component clippy --component rust-src | |
| - name: Run Clippy | |
| shell: bash | |
| run: | | |
| # stable Rust | |
| cargo clippy --locked --all-features --all-targets -- -D warnings | |
| # Check a few variations of `serai-primitives`, `serai-abi` | |
| cargo clippy --locked --no-default-features --all-targets -p serai-primitives -- -D warnings | |
| cargo clippy --locked --all-targets -p serai-primitives -- -D warnings | |
| cargo clippy --locked --no-default-features --all-targets -p serai-abi -- -D warnings | |
| cargo clippy --locked --all-targets -p serai-abi -- -D warnings | |
| # nightly Rust | |
| cp ./Cargo.toml ./Cargo.toml.bak | |
| sed s/'# TODO: `-Zcargo-lints`: '//g ./Cargo.toml > ./Cargo.toml.cargo-lints | |
| mv ./Cargo.toml.cargo-lints ./Cargo.toml | |
| cargo +$NIGHTLY_VERSION clippy --locked -Zcargo-lints --all-features --all-targets -- -D warnings | |
| cargo +$NIGHTLY_VERSION clippy --locked -Zcargo-lints --no-default-features --all-targets -p serai-primitives -- -D warnings | |
| cargo +$NIGHTLY_VERSION clippy --locked -Zcargo-lints --all-targets -p serai-primitives -- -D warnings | |
| cargo +$NIGHTLY_VERSION clippy --locked -Zcargo-lints --no-default-features --all-targets -p serai-abi -- -D warnings | |
| cargo +$NIGHTLY_VERSION clippy --locked -Zcargo-lints --all-targets -p serai-abi -- -D warnings | |
| mv ./Cargo.toml.bak ./Cargo.toml | |
| - name: Verify `pallet::hooks` is unused | |
| shell: bash | |
| run: | | |
| FAILURES=$( | |
| find ./substrate -name "*.rs" | while IFS="\n" read -r file; do | |
| hooks=$(grep -F "pallet::hooks" "$file" | grep -v -F "serai-core-pallet: allow" | wc -l || true) | |
| if [ $hooks -ne 0 ]; then | |
| echo "\`pallet::hooks\` (without \`serai-core-pallet: allow\`) found in $file" | |
| fi | |
| done | |
| ) | |
| if [ ! "$FAILURES" = "" ]; then | |
| echo "$FAILURES" | |
| exit 1 | |
| fi | |
| # Check the Git index didn't change as a result of the build process | |
| - name: Check the Git index is unmodified | |
| shell: bash | |
| run: | | |
| # Add all files so any untracked files are also considered in the difference | |
| git add . | |
| # Check there's no difference | |
| [ $(git diff HEAD | wc -l) -eq 0 ] | |
| # Verify the documentation builds without erroring | |
| docs: | |
| name: cargo docs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Get nightly version to use | |
| id: nightly | |
| shell: bash | |
| run: | | |
| # Ensure `nightly-version` only contains numbers and dashes | |
| [ $(grep -v "^[0-9-]*$" .github/nightly-version | wc -l || true) -eq 0 ] | |
| echo "NIGHTLY_VERSION=nightly-$(cat .github/nightly-version)" >> "$GITHUB_ENV" | |
| - name: Build Dependencies | |
| uses: ./.github/actions/build-dependencies | |
| - name: Buld Rust docs | |
| shell: bash | |
| run: | | |
| cargo fetch | |
| # Handle https://github.com/rust-lang/rust/pull/138907 in dependencies which haven't updated | |
| sed -i -s s/"doc_auto_cfg"/"doc_cfg"/ $(find ~/.cargo -type f -name "*.rs") | |
| sed -i -s s/"doc_cfg, doc_cfg"/"doc_cfg"/g $(find ~/.cargo -type f -name "*.rs") | |
| sed -i -s s/"doc_cfg_hide"/"doc_cfg"/ $(find ~/.cargo -type f -name "*.rs") | |
| sed -i -s s/"doc_cfg, doc_cfg"/"doc_cfg"/g $(find ~/.cargo -type f -name "*.rs") | |
| rustup toolchain install $NIGHTLY_VERSION --profile minimal --component rust-src --component rust-docs | |
| RUSTDOCFLAGS="--cfg docsrs -Z unstable-options --document-hidden-items" cargo +$NIGHTLY_VERSION doc --workspace --all-features --document-private-items | |
| deny: | |
| name: cargo deny | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install cargo deny | |
| run: cargo +1.95.0 install --locked cargo-deny --version =0.19.4 | |
| - name: Run cargo deny | |
| run: cargo deny -L error --all-features check --hide-inclusion-graph | |
| fmt: | |
| name: cargo fmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Get nightly version to use | |
| id: nightly | |
| shell: bash | |
| run: | | |
| # Ensure `nightly-version` only contains numbers and dashes | |
| [ $(grep -v "^[0-9-]*$" .github/nightly-version | wc -l || true) -eq 0 ] | |
| echo "NIGHTLY_VERSION=nightly-$(cat .github/nightly-version)" >> "$GITHUB_ENV" | |
| - name: Install nightly rust | |
| shell: bash | |
| run: rustup toolchain install $NIGHTLY_VERSION --profile minimal --component rustfmt | |
| - name: Run rustfmt | |
| shell: bash | |
| run: cargo +$NIGHTLY_VERSION fmt -- --check | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d # 1.8.0 | |
| with: | |
| version: 1.7.0 # TODO f83bad912a9dba7bf0371def1e70bb1896048356 # 1.7.0 | |
| cache: false | |
| - name: Run forge fmt | |
| shell: bash | |
| run: | | |
| export FOUNDRY_FMT_SORT_INPUTS=false | |
| export FOUNDRY_FMT_LINE_LENGTH=100 | |
| export FOUNDRY_FMT_TAB_WIDTH=2 | |
| export FOUNDRY_FMT_BRACKET_SPACING=true | |
| export FOUNDRY_FMT_INT_TYPES=preserve | |
| forge fmt --check $(find . -name "*.sol") | |
| machete: | |
| name: cargo machete | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Verify all dependencies are in use | |
| run: | | |
| cargo +1.95.0 install --locked cargo-machete --version =0.9.2 | |
| cargo +1.95.0 machete | |
| msrv: | |
| name: cargo msrv | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Build Dependencies | |
| uses: ./.github/actions/build-dependencies | |
| - name: Verify claimed `rust-version` | |
| shell: bash | |
| run: | | |
| cargo +1.95.0 install --locked cargo-msrv --version =0.19.3 | |
| # Remove `patches/{home, getrandom}` as they force the entire workspace to Rust 1.85(+) | |
| echo "$(cat ./Cargo.toml | grep -v 'patches/home' | grep -v 'patches/getrandom')" > ./Cargo.toml | |
| function check_msrv { | |
| # We `cd` into the directory passed as the first argument, but will return to the | |
| # directory called from. | |
| return_to=$(pwd) | |
| echo "Checking $1" | |
| cd "$1" | |
| # If this is marked `publish = false`, check it doesn't declare a MSRV | |
| if [ $(grep "publish = false" ./Cargo.toml | wc -l || true) -ne 0 ]; then | |
| [ "$(grep 'rust-version' ./Cargo.toml || true)" = "" ] | |
| cd "$return_to" | |
| return | |
| fi | |
| # We then find the existing `rust-version` using `grep` (for the right line) and then a | |
| # regex (to strip to just the major and minor version). | |
| existing=$(cat ./Cargo.toml | grep "rust-version" | grep -Eo "[0-9]+\.[0-9]+") | |
| # We then backup the `Cargo.toml`, allowing us to restore it after, saving time on future | |
| # MSRV checks (as they'll benefit from immediately exiting if the queried version is less | |
| # than the declared MSRV). | |
| mv ./Cargo.toml ./Cargo.toml.bak | |
| # We then use an inverted (`-v`) grep to remove the existing `rust-version` from the | |
| # `Cargo.toml`, as required because else earlier versions of Rust won't even attempt to | |
| # compile this crate. | |
| cat ./Cargo.toml.bak | grep -v "rust-version" > Cargo.toml | |
| # We then find the actual `rust-version` using `cargo-msrv` (again stripping to just the | |
| # major and minor version). | |
| actual=$(cargo msrv find --output-format minimal | grep -Eo "^[0-9]+\.[0-9]+") | |
| # Finally, we compare the two. | |
| echo "Declared rust-version: $existing" | |
| echo "Actual rust-version: $actual" | |
| [ "$existing" == "$actual" ] | |
| result=$? | |
| # Restore the original `Cargo.toml`. | |
| rm Cargo.toml | |
| mv ./Cargo.toml.bak ./Cargo.toml | |
| # Return to the directory called from and return the result. | |
| cd "$return_to" | |
| return $result | |
| } | |
| # Check each member of the workspace | |
| function check_workspace { | |
| # Get the members array from the workspace's `Cargo.toml` | |
| cargo_toml_lines=$(cat ./Cargo.toml | wc -l) | |
| # Keep all lines after the start of the array, then keep all lines before the next "]" | |
| members=$(cat Cargo.toml | grep "members\ \=\ \[" -m1 -A$cargo_toml_lines | grep "]" -m1 -B$cargo_toml_lines) | |
| # Parse out any comments, whitespace, including comments post-fixed on the same line as an entry | |
| # We accomplish the latter by pruning all characters after the entry's "," | |
| members=$(echo "$members" | grep -Ev "^[[:space:]]*(#|$)" | awk -F',' '{print $1","}') | |
| # Replace the first line, which was "members = [" and is now "members = [,", with "[" | |
| members=$(echo "$members" | sed "1s/.*/\[/") | |
| # Correct the last line, which was malleated to "]," | |
| members=$(echo "$members" | sed "$(echo "$members" | wc -l)s/\]\,/\]/") | |
| # Remove the trailing comma by replacing the last line's "," with "" | |
| members=$(echo "$members" | sed "$(($(echo "$members" | wc -l) - 1))s/\,//") | |
| echo "$members" | jq -r ".[]" | while read -r member; do | |
| check_msrv $member | |
| correct=$? | |
| if [ $correct -ne 0 ]; then | |
| return $correct | |
| fi | |
| done | |
| } | |
| check_workspace | |
| vet: | |
| name: cargo vet | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Install cargo vet | |
| run: cargo +1.95.0 install --locked cargo-vet --git https://github.com/kayabaNerve/cargo-vet --rev d2fb27daaeb839e5fa4f6b28c5cdd4a9185542b5 | |
| - name: Run cargo vet | |
| run: | | |
| cargo vet --locked | |
| ./supply-chain/no-first-party.sh | |
| slither: | |
| name: slither | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Build Dependencies | |
| uses: ./.github/actions/build-dependencies | |
| - name: Slither | |
| shell: bash | |
| run: | | |
| sudo apt install -y python3-pip | |
| python3 -m pip install slither-analyzer==0.11.5 | |
| slither ./networks/ethereum/schnorr/contracts/Schnorr.sol | |
| slither --include-paths ./networks/ethereum/schnorr/contracts ./networks/ethereum/schnorr/contracts/tests/Schnorr.sol | |
| slither processor/ethereum/deployer/contracts/Deployer.sol | |
| slither processor/ethereum/erc20/contracts/IERC20.sol | |
| cp networks/ethereum/schnorr/contracts/Schnorr.sol processor/ethereum/router/contracts/ | |
| cp processor/ethereum/erc20/contracts/IERC20.sol processor/ethereum/router/contracts/ | |
| cd processor/ethereum/router/contracts | |
| slither Router.sol | |
| shellcheck: | |
| name: shellcheck | |
| runs-on: ubuntu-slim | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: shellcheck | |
| shell: bash | |
| run: | | |
| sudo apt install -y shellcheck | |
| find . -name "*.sh" | while read -r script; do | |
| shellcheck --enable=all --shell=sh --severity=info $script | |
| done | |
| # These are here as they should be minimal and accordingly immediate to run any/all tests on | |
| test-patches: | |
| name: Run the tests of the crates in `patches/` | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-26-intel, macos-latest, windows-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Run Tests | |
| shell: bash | |
| run: | | |
| find ./patches -name "Cargo.toml" | while IFS="\n" read -r manifest; do | |
| folder=$(echo "$manifest" | sed s/"\/[^\/]*$"//) | |
| if [ $(grep -r -F "#[test]" "$folder" | wc -l || true) -ne 0 ]; then | |
| cargo test --all-features --manifest-path "$manifest" | |
| fi | |
| done |