Skip to content

feat: implement comprehensive CI pipeline #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AnastasiiaVashchuk wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: implement comprehensive CI pipeline #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
13de874
feat: implement comprehensive CI pipeline with security scanning and …
AnastasiiaVashchuk Aug 1, 2025
77085a0
chore: change workflows
AnastasiiaVashchuk Aug 5, 2025
eeb296d
comment file
AnastasiiaVashchuk Aug 5, 2025
fee4c5c
fix hooks
AnastasiiaVashchuk Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
492 changes: 492 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop

Large diffs are not rendered by default.

58 changes: 58 additions & 0 deletions .github/workflows/compile-and-lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: Compile & Lint

on:
push:
branches: [main, develop]
pull_request:
branches: [main, develop]

env:
FORGE_PROFILE: default
FOUNDRY_PROFILE: default

jobs:
compile-and-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Install Solhint
run: pnpm add -g solhint
- name: Install Slither
run: |
pip3 install slither-analyzer
- name: Compile contracts (Hardhat)
run: pnpm compileh
- name: Compile contracts (Foundry)
run: pnpm compilef
- name: Lint TypeScript/JavaScript
run: pnpm lint:ts
- name: Lint Solidity
run: pnpm lint:sol
- name: Check contract sizes
run: pnpm size
61 changes: 61 additions & 0 deletions .github/workflows/coverage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Code Coverage

on:
workflow_run:
workflows: ["Unit Tests"]
types:
- completed

env:
FORGE_PROFILE: default
FOUNDRY_PROFILE: default

jobs:
coverage:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Run Hardhat coverage
run: pnpm coverageh
- name: Run Foundry coverage
run: pnpm coveragef
- name: Upload coverage reports
uses: codecov/codecov-action@v4
with:
file: ./coverage.json
flags: hardhat
name: hardhat-coverage
fail_ci_if_error: false
- name: Upload Foundry coverage
uses: codecov/codecov-action@v4
with:
file: ./lcov.info
flags: foundry
name: foundry-coverage
fail_ci_if_error: false
49 changes: 49 additions & 0 deletions .github/workflows/deployment-simulation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Deployment Simulation

on:
workflow_run:
workflows: ["Gas Usage Regression"]
types:
- completed

env:
FORGE_PROFILE: default
FOUNDRY_PROFILE: default

jobs:
deployment-simulation:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Compile contracts
run: pnpm compile
- name: Dry run deployment (Hardhat)
run: |
pnpm hardhat run --network hardhat scripts/deploy.ts || echo "No deployment script found, skipping dry run"
continue-on-error: true
55 changes: 55 additions & 0 deletions .github/workflows/gas-regression.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Gas Usage Regression

on:
workflow_run:
workflows: ["Code Coverage"]
types:
- completed

env:
FORGE_PROFILE: default
FOUNDRY_PROFILE: default

jobs:
gas-regression:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Run gas regression tests
run: pnpm testh:gas:json
env:
REPORT_GAS: true
SERIAL: true
RUN_OPTIMIZER: true
- name: Upload gas report
uses: actions/upload-artifact@v4
with:
name: gas-report
path: gas-report.json
50 changes: 50 additions & 0 deletions .github/workflows/integration-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Integration Tests

on:
workflow_run:
workflows: ["Security Analysis"]
types:
- completed

env:
FORGE_PROFILE: default
FOUNDRY_PROFILE: default

jobs:
integration-tests:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Compile contracts
run: pnpm compile
- name: Run integration tests
run: |
echo "Integration tests not yet implemented"
echo "TODO: Add integration test scripts"
continue-on-error: true
57 changes: 57 additions & 0 deletions .github/workflows/security-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Security Analysis

on:
workflow_run:
workflows: ["Deployment Simulation"]
types:
- completed

env:
FORGE_PROFILE: default
FOUNDRY_PROFILE: default

jobs:
security-analysis:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' || github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 8
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- name: Setup pnpm cache
uses: actions/cache@v4
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: nightly
- name: Compile contracts
run: pnpm compile
- name: Run Mythril analysis
run: |
pip3 install mythril || echo "Mythril installation failed, skipping"
find artifacts/contracts -name "*.json" -exec myth analyze {} \; || echo "Mythril analysis failed or no contracts found"
continue-on-error: true
- name: Run Echidna fuzzing (if contracts exist)
run: |
curl -L https://github.com/crytic/echidna/releases/download/v2.0.4/echidna-test-2.0.4-Ubuntu-18.04.tar.gz | tar -xz
sudo mv echidna-test /usr/local/bin/
find contracts -name "*.sol" -exec echo "Running Echidna on {}" \; -exec echidna-test {} --contract TestContract --config echidna.config.yml \; || echo "Echidna analysis failed or no contracts found"
continue-on-error: true
Loading
Loading