mirror of
https://github.com/serai-dex/serai.git
synced 2025-12-09 04:39:24 +00:00
9a75f92864
For hash-pinned dependencies, adds comments documenting the associated versions. Adds a pin to `slither-analyzer` which was prior missing. Updates to Monero 0.18.4.4. `mimalloc` now has the correct option set when building for `musl`. A C++ compiler is no longer required in its Docker image. The runtime's `Dockerfile` now symlinks a `libc.so` already present on the image instead of creating one itself. It also builds the runtime within the image to ensure it only happens once. The test to ensure the methodology is reproducible has been updated to not simply create containers from the image, yet rebuild the image entirely, accordingly. This also is more robust and arguably should have already been done. The pin to the exact hash of the `patch-polkadot-sdk` repo in every `Cargo.toml` has been removed. The lockfile already serves that role, simplifying updating in the future. The latest Rust nightly is adopted as well (superseding https://github.com/serai-dex/serai/pull/697). The `librocksdb-sys` patch is replaced with a `kvdb-rocksdb` patch, removing a git dependency, thanks to https://github.com/paritytech/parity-common/pull/950.
204 lines
8.2 KiB
YAML
204 lines
8.2 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- develop
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
clippy:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-15-intel, macos-latest, windows-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Get nightly version to use
|
|
id: nightly
|
|
shell: bash
|
|
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build Dependencies
|
|
uses: ./.github/actions/build-dependencies
|
|
|
|
- name: Install nightly rust
|
|
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -t wasm32v1-none -c clippy
|
|
|
|
- name: Run Clippy
|
|
run: cargo +${{ steps.nightly.outputs.version }} clippy --all-features --all-targets -- -D warnings -A clippy::items_after_test_module
|
|
|
|
# Also verify the lockfile isn't dirty
|
|
# This happens when someone edits a Cargo.toml yet doesn't do anything
|
|
# which causes the lockfile to be updated
|
|
# The above clippy run will cause it to be updated, so checking there's
|
|
# no differences present now performs the desired check
|
|
- name: Verify lockfile
|
|
shell: bash
|
|
run: git diff | wc -l | LC_ALL="en_US.utf8" grep -x -e "^[ ]*0"
|
|
|
|
deny:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Install cargo deny
|
|
run: cargo +1.91.1 install cargo-deny --version =0.18.6
|
|
|
|
- name: Run cargo deny
|
|
run: cargo deny -L error --all-features check --hide-inclusion-graph
|
|
|
|
fmt:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Get nightly version to use
|
|
id: nightly
|
|
shell: bash
|
|
run: echo "version=$(cat .github/nightly-version)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Install nightly rust
|
|
run: rustup toolchain install ${{ steps.nightly.outputs.version }} --profile minimal -c rustfmt
|
|
|
|
- name: Run rustfmt
|
|
run: cargo +${{ steps.nightly.outputs.version }} fmt -- --check
|
|
|
|
- name: Install Foundry
|
|
uses: foundry-rs/foundry-toolchain@50d5a8956f2e319df19e6b57539d7e2acb9f8c1e # 1.5.0
|
|
with:
|
|
version: v1.5.0
|
|
cache: false
|
|
|
|
- name: Run forge fmt
|
|
run: FOUNDRY_FMT_SORT_INPUTS=false FOUNDRY_FMT_LINE_LENGTH=100 FOUNDRY_FMT_TAB_WIDTH=2 FOUNDRY_FMT_BRACKET_SPACING=true FOUNDRY_FMT_INT_TYPES=preserve forge fmt --check $(find . -iname "*.sol")
|
|
|
|
machete:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
- name: Verify all dependencies are in use
|
|
run: |
|
|
cargo +1.91.1 install cargo-machete --version =0.9.1
|
|
cargo +1.91.1 machete
|
|
|
|
msrv:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
- name: Verify claimed `rust-version`
|
|
shell: bash
|
|
run: |
|
|
cargo +1.91.1 install cargo-msrv --version =0.18.4
|
|
|
|
function check_msrv {
|
|
# We `cd` into the directory passed as the first argument, but will return to the
|
|
# directory called from.
|
|
return_to=$(pwd)
|
|
echo "Checking $1"
|
|
cd $1
|
|
|
|
# We then find the existing `rust-version` using `grep` (for the right line) and then a
|
|
# regex (to strip to just the major and minor version).
|
|
existing=$(cat ./Cargo.toml | grep "rust-version" | grep -Eo "[0-9]+\.[0-9]+")
|
|
|
|
# We then backup the `Cargo.toml`, allowing us to restore it after, saving time on future
|
|
# MSRV checks (as they'll benefit from immediately exiting if the queried version is less
|
|
# than the declared MSRV).
|
|
mv ./Cargo.toml ./Cargo.toml.bak
|
|
|
|
# We then use an inverted (`-v`) grep to remove the existing `rust-version` from the
|
|
# `Cargo.toml`, as required because else earlier versions of Rust won't even attempt to
|
|
# compile this crate.
|
|
cat ./Cargo.toml.bak | grep -v "rust-version" > Cargo.toml
|
|
|
|
# We then find the actual `rust-version` using `cargo-msrv` (again stripping to just the
|
|
# major and minor version).
|
|
actual=$(cargo msrv find --output-format minimal | grep -Eo "^[0-9]+\.[0-9]+")
|
|
|
|
# Finally, we compare the two.
|
|
echo "Declared rust-version: $existing"
|
|
echo "Actual rust-version: $actual"
|
|
[ $existing == $actual ]
|
|
result=$?
|
|
|
|
# Restore the original `Cargo.toml`.
|
|
rm Cargo.toml
|
|
mv ./Cargo.toml.bak ./Cargo.toml
|
|
|
|
# Return to the directory called from and return the result.
|
|
cd $return_to
|
|
return $result
|
|
}
|
|
|
|
# Check each member of the workspace
|
|
function check_workspace {
|
|
# Get the members array from the workspace's `Cargo.toml`
|
|
cargo_toml_lines=$(cat ./Cargo.toml | wc -l)
|
|
# Keep all lines after the start of the array, then keep all lines before the next "]"
|
|
members=$(cat Cargo.toml | grep "members\ \=\ \[" -m1 -A$cargo_toml_lines | grep "]" -m1 -B$cargo_toml_lines)
|
|
|
|
# Parse out any comments, whitespace, including comments post-fixed on the same line as an entry
|
|
# We accomplish the latter by pruning all characters after the entry's ","
|
|
members=$(echo "$members" | grep -Ev "^[[:space:]]*(#|$)" | awk -F',' '{print $1","}')
|
|
# Replace the first line, which was "members = [" and is now "members = [,", with "["
|
|
members=$(echo "$members" | sed "1s/.*/\[/")
|
|
# Correct the last line, which was malleated to "],"
|
|
members=$(echo "$members" | sed "$(echo "$members" | wc -l)s/\]\,/\]/")
|
|
|
|
# Don't check the following
|
|
# Most of these are binaries, with the exception of the Substrate runtime which has a
|
|
# bespoke build pipeline
|
|
members=$(echo "$members" | grep -v "networks/ethereum/relayer\"")
|
|
members=$(echo "$members" | grep -v "message-queue\"")
|
|
members=$(echo "$members" | grep -v "processor/bin\"")
|
|
members=$(echo "$members" | grep -v "processor/bitcoin\"")
|
|
members=$(echo "$members" | grep -v "processor/ethereum\"")
|
|
members=$(echo "$members" | grep -v "processor/monero\"")
|
|
members=$(echo "$members" | grep -v "coordinator\"")
|
|
members=$(echo "$members" | grep -v "substrate/runtime\"")
|
|
members=$(echo "$members" | grep -v "substrate/node\"")
|
|
members=$(echo "$members" | grep -v "orchestration\"")
|
|
|
|
# Don't check the tests
|
|
members=$(echo "$members" | grep -v "mini\"")
|
|
members=$(echo "$members" | grep -v "tests/")
|
|
|
|
# Remove the trailing comma by replacing the last line's "," with ""
|
|
members=$(echo "$members" | sed "$(($(echo "$members" | wc -l) - 1))s/\,//")
|
|
|
|
echo $members | jq -r ".[]" | while read -r member; do
|
|
check_msrv $member
|
|
correct=$?
|
|
if [ $correct -ne 0 ]; then
|
|
return $correct
|
|
fi
|
|
done
|
|
}
|
|
check_workspace
|
|
|
|
slither:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # 6.0.0
|
|
|
|
- name: Build Dependencies
|
|
uses: ./.github/actions/build-dependencies
|
|
|
|
- name: Slither
|
|
run: |
|
|
python3 -m pip install slither-analyzer==0.11.3
|
|
|
|
slither ./networks/ethereum/schnorr/contracts/Schnorr.sol
|
|
slither --include-paths ./networks/ethereum/schnorr/contracts ./networks/ethereum/schnorr/contracts/tests/Schnorr.sol
|
|
slither processor/ethereum/deployer/contracts/Deployer.sol
|
|
slither processor/ethereum/erc20/contracts/IERC20.sol
|
|
|
|
cp networks/ethereum/schnorr/contracts/Schnorr.sol processor/ethereum/router/contracts/
|
|
cp processor/ethereum/erc20/contracts/IERC20.sol processor/ethereum/router/contracts/
|
|
cd processor/ethereum/router/contracts
|
|
slither Router.sol
|