mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-10 05:09:22 +00:00
6603100c7e
This runs whenever the script is modified, or weekly to ensure the CI doesn't inadvertently decay (due to using the latest packages for a variety of shells). This runs with `sh` (presumably `dash`), `ksh`, `bash`, `dash` (explicitly), `zsh`, `ash` (Busybox), `hush` (Busybox), `mksh`, `yash`, and `brush`. While none of these guarantee this script is POSIX-compliant, as a fully and explicitly-only POSIX-compliant environment is not constructed, this does reasonably test the script itself to be POSIX-compliant. The tools called have been reviewed for being used to the POSIX standard (although not audited to that degree). The script itself is modified with the following changes for compliance with POSIX: 1) `hexdump` is replaced with `od` (`od` suggested by @PlasmaPower) 2) `printf \xFF` replaced with octal escapes, as `\x` is not part of POSIX 3) `head -c` is replaced with `cut`, as the `-c` option is not standardized under POSIX (despite it being present for `tail`). This was identified by @PlasmaPower. As we used `head -c-2` to truncate the last two characters of a string, we now use `wc -c` for a `strlen` to enable the necessary arithmetic to calculate what two bytes in from the end of the string is. This entire effort can be argued pointless, as we could simply run `monerod` on Debian. This script is useful, the journey down the rabbithole of POSIX compliance fascinating, and the methodology applicable to other potential futures though (whether running binaries on Alpine or testing other `sh` scripts for their portability). As part of this effort overall, our CI was extended with `shellcheck` for all `sh` scripts in-tree, including all of our existing `sh` scripts. That there is an actual, direct benefit past this specific effort.
215 lines
8.5 KiB
YAML
215 lines
8.5 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- develop
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
clippy:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-15-intel, macos-latest, windows-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Get nightly version to use
|
|
id: nightly
|
|
shell: bash
|
|
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build Dependencies
|
|
uses: ./.github/actions/build-dependencies
|
|
|
|
- name: Install nightly rust
|
|
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c clippy
|
|
|
|
- name: Run Clippy
|
|
run: cargo +${{ steps.nightly.outputs.version }} clippy --all-features --all-targets -- -D warnings -A clippy::items_after_test_module
|
|
|
|
# Also verify the lockfile isn't dirty
|
|
# This happens when someone edits a Cargo.toml yet doesn't do anything
|
|
# which causes the lockfile to be updated
|
|
# The above clippy run will cause it to be updated, so checking there's
|
|
# no differences present now performs the desired check
|
|
- name: Verify lockfile
|
|
shell: bash
|
|
run: git diff | wc -l | LC_ALL="en_US.utf8" grep -x -e "^[ ]*0"
|
|
|
|
deny:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Install cargo deny
|
|
run: cargo +1.91.1 install cargo-deny --version =0.18.8
|
|
|
|
- name: Run cargo deny
|
|
run: cargo deny -L error --all-features check --hide-inclusion-graph
|
|
|
|
fmt:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Get nightly version to use
|
|
id: nightly
|
|
shell: bash
|
|
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Install nightly rust
|
|
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -c rustfmt
|
|
|
|
- name: Run rustfmt
|
|
run: cargo +${{ steps.nightly.outputs.version }} fmt -- --check
|
|
|
|
- name: Install Foundry
|
|
uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # 1.5.0
|
|
with:
|
|
version: v1.5.0
|
|
cache: false
|
|
|
|
- name: Run forge fmt
|
|
run: FOUNDRY_FMT_SORT_INPUTS=false FOUNDRY_FMT_LINE_LENGTH=100 FOUNDRY_FMT_TAB_WIDTH=2 FOUNDRY_FMT_BRACKET_SPACING=true FOUNDRY_FMT_INT_TYPES=preserve forge fmt --check $(find . -iname "*.sol")
|
|
|
|
machete:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
- name: Verify all dependencies are in use
|
|
run: |
|
|
cargo +1.91.1 install cargo-machete --version =0.9.1
|
|
cargo +1.91.1 machete
|
|
|
|
msrv:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
- name: Verify claimed `rust-version`
|
|
shell: bash
|
|
run: |
|
|
cargo +1.91.1 install cargo-msrv --version =0.18.4
|
|
|
|
function check_msrv {
|
|
# We `cd` into the directory passed as the first argument, but will return to the
|
|
# directory called from.
|
|
return_to=$(pwd)
|
|
echo "Checking $1"
|
|
cd $1
|
|
|
|
# We then find the existing `rust-version` using `grep` (for the right line) and then a
|
|
# regex (to strip to just the major and minor version).
|
|
existing=$(cat ./Cargo.toml | grep "rust-version" | grep -Eo "[0-9]+\.[0-9]+")
|
|
|
|
# We then backup the `Cargo.toml`, allowing us to restore it after, saving time on future
|
|
# MSRV checks (as they'll benefit from immediately exiting if the queried version is less
|
|
# than the declared MSRV).
|
|
mv ./Cargo.toml ./Cargo.toml.bak
|
|
|
|
# We then use an inverted (`-v`) grep to remove the existing `rust-version` from the
|
|
# `Cargo.toml`, as required because else earlier versions of Rust won't even attempt to
|
|
# compile this crate.
|
|
cat ./Cargo.toml.bak | grep -v "rust-version" > Cargo.toml
|
|
|
|
# We then find the actual `rust-version` using `cargo-msrv` (again stripping to just the
|
|
# major and minor version).
|
|
actual=$(cargo msrv find --output-format minimal | grep -Eo "^[0-9]+\.[0-9]+")
|
|
|
|
# Finally, we compare the two.
|
|
echo "Declared rust-version: $existing"
|
|
echo "Actual rust-version: $actual"
|
|
[ $existing == $actual ]
|
|
result=$?
|
|
|
|
# Restore the original `Cargo.toml`.
|
|
rm Cargo.toml
|
|
mv ./Cargo.toml.bak ./Cargo.toml
|
|
|
|
# Return to the directory called from and return the result.
|
|
cd $return_to
|
|
return $result
|
|
}
|
|
|
|
# Check each member of the workspace
|
|
function check_workspace {
|
|
# Get the members array from the workspace's `Cargo.toml`
|
|
cargo_toml_lines=$(cat ./Cargo.toml | wc -l)
|
|
# Keep all lines after the start of the array, then keep all lines before the next "]"
|
|
members=$(cat Cargo.toml | grep "members\ \=\ \[" -m1 -A$cargo_toml_lines | grep "]" -m1 -B$cargo_toml_lines)
|
|
|
|
# Parse out any comments, whitespace, including comments post-fixed on the same line as an entry
|
|
# We accomplish the latter by pruning all characters after the entry's ","
|
|
members=$(echo "$members" | grep -Ev "^[[:space:]]*(#|$)" | awk -F',' '{print $1","}')
|
|
# Replace the first line, which was "members = [" and is now "members = [,", with "["
|
|
members=$(echo "$members" | sed "1s/.*/\[/")
|
|
# Correct the last line, which was malleated to "],"
|
|
members=$(echo "$members" | sed "$(echo "$members" | wc -l)s/\]\,/\]/")
|
|
|
|
# Don't check the following
|
|
# Most of these are binaries, with the exception of the Substrate runtime which has a
|
|
# bespoke build pipeline
|
|
members=$(echo "$members" | grep -v "networks/ethereum/relayer\"")
|
|
members=$(echo "$members" | grep -v "message-queue\"")
|
|
members=$(echo "$members" | grep -v "processor/bin\"")
|
|
members=$(echo "$members" | grep -v "processor/bitcoin\"")
|
|
members=$(echo "$members" | grep -v "processor/ethereum\"")
|
|
members=$(echo "$members" | grep -v "processor/monero\"")
|
|
members=$(echo "$members" | grep -v "coordinator\"")
|
|
members=$(echo "$members" | grep -v "substrate/runtime\"")
|
|
members=$(echo "$members" | grep -v "substrate/node\"")
|
|
members=$(echo "$members" | grep -v "orchestration\"")
|
|
|
|
# Don't check the tests
|
|
members=$(echo "$members" | grep -v "mini\"")
|
|
members=$(echo "$members" | grep -v "tests/")
|
|
|
|
# Remove the trailing comma by replacing the last line's "," with ""
|
|
members=$(echo "$members" | sed "$(($(echo "$members" | wc -l) - 1))s/\,//")
|
|
|
|
echo $members | jq -r ".[]" | while read -r member; do
|
|
check_msrv $member
|
|
correct=$?
|
|
if [ $correct -ne 0 ]; then
|
|
return $correct
|
|
fi
|
|
done
|
|
}
|
|
check_workspace
|
|
|
|
slither:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Build Dependencies
|
|
uses: ./.github/actions/build-dependencies
|
|
|
|
- name: Slither
|
|
run: |
|
|
python3 -m pip install slither-analyzer==0.11.3
|
|
|
|
slither ./networks/ethereum/schnorr/contracts/Schnorr.sol
|
|
slither --include-paths ./networks/ethereum/schnorr/contracts ./networks/ethereum/schnorr/contracts/tests/Schnorr.sol
|
|
slither processor/ethereum/deployer/contracts/Deployer.sol
|
|
slither processor/ethereum/erc20/contracts/IERC20.sol
|
|
|
|
cp networks/ethereum/schnorr/contracts/Schnorr.sol processor/ethereum/router/contracts/
|
|
cp processor/ethereum/erc20/contracts/IERC20.sol processor/ethereum/router/contracts/
|
|
cd processor/ethereum/router/contracts
|
|
slither Router.sol
|
|
|
|
shellcheck:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
- name: shellcheck
|
|
run: |
|
|
sudo apt install -y shellcheck
|
|
find . -iname "*.sh" | while read -r script; do
|
|
shellcheck --enable=all --shell=sh --severity=info $script
|
|
done
|