-
Notifications
You must be signed in to change notification settings - Fork 78
317 lines (266 loc) · 12.5 KB
/
lint.yml
File metadata and controls
317 lines (266 loc) · 12.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
name: Lint
on:
push:
branches:
- develop
- next
pull_request:
workflow_dispatch:
jobs:
clippy:
strategy:
matrix:
os: [ubuntu-latest, macos-26-intel, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Get nightly version to use
id: nightly
shell: bash
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
- name: Build Dependencies
uses: ./.github/actions/build-dependencies
- name: Install nightly rust
shell: bash
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal --component clippy --component rust-src
- name: Run Clippy
shell: bash
run: |
# stable Rust
cargo clippy --locked --all-features --all-targets -- -D warnings
# Check a few variations of `serai-primitives`, `serai-abi`
cargo clippy --locked --no-default-features --all-targets -p serai-primitives -- -D warnings
cargo clippy --locked --all-targets -p serai-primitives -- -D warnings
cargo clippy --locked --no-default-features --all-targets -p serai-abi -- -D warnings
cargo clippy --locked --all-targets -p serai-abi -- -D warnings
# nightly Rust
NIGHTLY="${{ steps.nightly.outputs.version }}"
cp ./Cargo.toml ./Cargo.toml.bak
sed s/'# TODO: `-Zcargo-lints`: '//g ./Cargo.toml > ./Cargo.toml.cargo-lints
mv ./Cargo.toml.cargo-lints ./Cargo.toml
cargo +$NIGHTLY clippy --locked -Zcargo-lints --all-features --all-targets -- -D warnings
cargo +$NIGHTLY clippy --locked -Zcargo-lints --no-default-features --all-targets -p serai-primitives -- -D warnings
cargo +$NIGHTLY clippy --locked -Zcargo-lints --all-targets -p serai-primitives -- -D warnings
cargo +$NIGHTLY clippy --locked -Zcargo-lints --no-default-features --all-targets -p serai-abi -- -D warnings
cargo +$NIGHTLY clippy --locked -Zcargo-lints --all-targets -p serai-abi -- -D warnings
mv ./Cargo.toml.bak ./Cargo.toml
- name: Verify `pallet::hooks` is unused
shell: bash
run: |
FAILURES=$(
find ./substrate -name "*.rs" | while IFS="\n" read -r file; do
hooks=$(grep -F "pallet::hooks" "$file" | grep -v -F "serai-core-pallet: allow" | wc -l || true)
if [ $hooks -ne 0 ]; then
echo "\`pallet::hooks\` (without \`serai-core-pallet: allow\`) found in $file"
fi
done
)
if [ ! "$FAILURES" = "" ]; then
echo "$FAILURES"
exit 1
fi
# Check the Git index didn't change as a result of the build process
- name: Check the Git index is unmodified
shell: bash
run: |
# Add all files so any untracked files are also considered in the difference
git add .
# Check there's no difference
[ $(git diff HEAD | wc -l) -eq 0 ]
# Verify the documentation builds without erroring
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Get nightly version to use
id: nightly
shell: bash
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
- name: Build Dependencies
uses: ./.github/actions/build-dependencies
- name: Buld Rust docs
shell: bash
run: |
cargo fetch
# Handle https://github.com/rust-lang/rust/pull/138907 in dependencies which haven't updated
sed -i -s s/"doc_auto_cfg"/"doc_cfg"/ $(find ~/.cargo -type f -name "*.rs")
sed -i -s s/"doc_cfg, doc_cfg"/"doc_cfg"/g $(find ~/.cargo -type f -name "*.rs")
sed -i -s s/"doc_cfg_hide"/"doc_cfg"/ $(find ~/.cargo -type f -name "*.rs")
sed -i -s s/"doc_cfg, doc_cfg"/"doc_cfg"/g $(find ~/.cargo -type f -name "*.rs")
rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal --component rust-src --component rust-docs
RUSTDOCFLAGS="--cfg docsrs -Z unstable-options --document-hidden-items" cargo +${{ steps.nightly.outputs.version }} doc --workspace --all-features --document-private-items
deny:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Install cargo deny
run: cargo +1.95.0 install --locked cargo-deny --version =0.19.4
- name: Run cargo deny
run: cargo deny -L error --all-features check --hide-inclusion-graph
fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Get nightly version to use
id: nightly
shell: bash
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
- name: Install nightly rust
shell: bash
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal --component rustfmt
- name: Run rustfmt
shell: bash
run: cargo +${{ steps.nightly.outputs.version }} fmt -- --check
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@8789b3e21e6c11b2697f5eb56eddae542f746c10 # 1.7.0
with:
version: v1.5.1
cache: false
- name: Run forge fmt
shell: bash
run: |
export FOUNDRY_FMT_SORT_INPUTS=false
export FOUNDRY_FMT_LINE_LENGTH=100
export FOUNDRY_FMT_TAB_WIDTH=2
export FOUNDRY_FMT_BRACKET_SPACING=true
export FOUNDRY_FMT_INT_TYPES=preserve
forge fmt --check $(find . -name "*.sol")
machete:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Verify all dependencies are in use
run: |
cargo +1.95.0 install --locked cargo-machete --version =0.9.2
cargo +1.95.0 machete
msrv:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Build Dependencies
uses: ./.github/actions/build-dependencies
- name: Verify claimed `rust-version`
shell: bash
run: |
cargo +1.95.0 install --locked cargo-msrv --version =0.19.3
# Remove `patches/{home, getrandom}` as they force the entire workspace to Rust 1.85(+)
echo "$(cat ./Cargo.toml | grep -v 'patches/home' | grep -v 'patches/getrandom')" > ./Cargo.toml
function check_msrv {
# We `cd` into the directory passed as the first argument, but will return to the
# directory called from.
return_to=$(pwd)
echo "Checking $1"
cd "$1"
# If this is marked `publish = false`, check it doesn't declare a MSRV
if [ $(grep "publish = false" ./Cargo.toml | wc -l || true) -ne 0 ]; then
[ "$(grep 'rust-version' ./Cargo.toml || true)" = "" ]
cd "$return_to"
return
fi
# We then find the existing `rust-version` using `grep` (for the right line) and then a
# regex (to strip to just the major and minor version).
existing=$(cat ./Cargo.toml | grep "rust-version" | grep -Eo "[0-9]+\.[0-9]+")
# We then backup the `Cargo.toml`, allowing us to restore it after, saving time on future
# MSRV checks (as they'll benefit from immediately exiting if the queried version is less
# than the declared MSRV).
mv ./Cargo.toml ./Cargo.toml.bak
# We then use an inverted (`-v`) grep to remove the existing `rust-version` from the
# `Cargo.toml`, as required because else earlier versions of Rust won't even attempt to
# compile this crate.
cat ./Cargo.toml.bak | grep -v "rust-version" > Cargo.toml
# We then find the actual `rust-version` using `cargo-msrv` (again stripping to just the
# major and minor version).
actual=$(cargo msrv find --output-format minimal | grep -Eo "^[0-9]+\.[0-9]+")
# Finally, we compare the two.
echo "Declared rust-version: $existing"
echo "Actual rust-version: $actual"
[ $existing == $actual ]
result=$?
# Restore the original `Cargo.toml`.
rm Cargo.toml
mv ./Cargo.toml.bak ./Cargo.toml
# Return to the directory called from and return the result.
cd "$return_to"
return $result
}
# Check each member of the workspace
function check_workspace {
# Get the members array from the workspace's `Cargo.toml`
cargo_toml_lines=$(cat ./Cargo.toml | wc -l)
# Keep all lines after the start of the array, then keep all lines before the next "]"
members=$(cat Cargo.toml | grep "members\ \=\ \[" -m1 -A$cargo_toml_lines | grep "]" -m1 -B$cargo_toml_lines)
# Parse out any comments, whitespace, including comments post-fixed on the same line as an entry
# We accomplish the latter by pruning all characters after the entry's ","
members=$(echo "$members" | grep -Ev "^[[:space:]]*(#|$)" | awk -F',' '{print $1","}')
# Replace the first line, which was "members = [" and is now "members = [,", with "["
members=$(echo "$members" | sed "1s/.*/\[/")
# Correct the last line, which was malleated to "],"
members=$(echo "$members" | sed "$(echo "$members" | wc -l)s/\]\,/\]/")
# Remove the trailing comma by replacing the last line's "," with ""
members=$(echo "$members" | sed "$(($(echo "$members" | wc -l) - 1))s/\,//")
echo $members | jq -r ".[]" | while read -r member; do
check_msrv $member
correct=$?
if [ $correct -ne 0 ]; then
return $correct
fi
done
}
check_workspace
vet:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Install cargo vet
run: cargo +1.95.0 install --locked cargo-vet --git https://github.com/kayabaNerve/cargo-vet --rev d2fb27daaeb839e5fa4f6b28c5cdd4a9185542b5
- name: Run cargo vet
run: |
cargo vet --locked
./supply-chain/no-first-party.sh
slither:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Build Dependencies
uses: ./.github/actions/build-dependencies
- name: Slither
shell: bash
run: |
sudo apt install -y python3-pip
python3 -m pip install slither-analyzer==0.11.5
slither ./networks/ethereum/schnorr/contracts/Schnorr.sol
slither --include-paths ./networks/ethereum/schnorr/contracts ./networks/ethereum/schnorr/contracts/tests/Schnorr.sol
slither processor/ethereum/deployer/contracts/Deployer.sol
slither processor/ethereum/erc20/contracts/IERC20.sol
cp networks/ethereum/schnorr/contracts/Schnorr.sol processor/ethereum/router/contracts/
cp processor/ethereum/erc20/contracts/IERC20.sol processor/ethereum/router/contracts/
cd processor/ethereum/router/contracts
slither Router.sol
shellcheck:
runs-on: ubuntu-slim
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: shellcheck
shell: bash
run: |
sudo apt install -y shellcheck
find . -name "*.sh" | while read -r script; do
shellcheck --enable=all --shell=sh --severity=info $script
done
# These are here as they should be minimal and accordingly immediate to run any/all tests on
test-patches:
strategy:
matrix:
os: [ubuntu-latest, macos-26-intel, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
- name: Run Tests
shell: bash
run: |
find ./patches -name "Cargo.toml" | while IFS="\n" read -r manifest; do
folder=$(echo "$manifest" | sed s/"\/[^\/]*$"//)
if [ $(grep -r -F "#[test]" "$folder" | wc -l || true) -ne 0 ]; then
cargo test --all-features --manifest-path "$manifest"
fi
done