Skip to content

Commit 080afd4

Browse files
authored
ci: fix TOB-SCREUC-7, pin 3rd-party actions (#1138)
* fix(ci): disable cache-binary option * ci: pin 3rd-party actions
1 parent 2f0adcf commit 080afd4

File tree

4 files changed

+45
-9
lines changed

4 files changed

+45
-9
lines changed

.github/dependabot.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
schedule:
6+
interval: "weekly"

.github/workflows/docker-arm64.yaml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,22 +19,25 @@ jobs:
1919
steps:
2020
- name: Checkout code
2121
uses: actions/checkout@v2
22+
2223
- name: Set up QEMU
2324
run: |
2425
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
2526
docker buildx create --name multiarch --driver docker-container --use
27+
2628
- name: Set up Docker Buildx
2729
id: buildx
28-
uses: docker/setup-buildx-action@v2
30+
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
2931
with:
3032
cache-binary: false
3133
- name: Login to Docker Hub
32-
uses: docker/login-action@v2
34+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
3335
with:
3436
username: ${{ secrets.DOCKERHUB_USERNAME }}
3537
password: ${{ secrets.DOCKERHUB_TOKEN }}
38+
3639
- name: Build docker image
37-
uses: docker/build-push-action@v2
40+
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
3841
with:
3942
platforms: linux/arm64
4043
context: .

.github/workflows/docker.yaml

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,29 +13,33 @@ jobs:
1313
steps:
1414
- name: Checkout code
1515
uses: actions/checkout@v2
16+
1617
- name: Set up QEMU
17-
uses: docker/setup-qemu-action@v2
18+
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
19+
1820
- name: Set up Docker Buildx
19-
uses: docker/setup-buildx-action@v2
21+
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
2022
with:
2123
cache-binary: false
2224
- name: Extract docker metadata
2325
id: meta
24-
uses: docker/metadata-action@v3
26+
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
2527
with:
2628
images: scrolltech/l2geth
2729
tags: |
2830
type=ref,event=tag,enable=${{ github.event_name == 'push' }}
2931
type=raw,value=latest,enable=${{ github.event_name == 'release' }}
3032
flavor: |
3133
latest=false
34+
3235
- name: Login to Docker Hub
33-
uses: docker/login-action@v2
36+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 #v3.3.0
3437
with:
3538
username: ${{ secrets.DOCKERHUB_USERNAME }}
3639
password: ${{ secrets.DOCKERHUB_TOKEN }}
40+
3741
- name: Build docker image
38-
uses: docker/build-push-action@v2
42+
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
3943
with:
4044
context: .
4145
file: Dockerfile

.github/workflows/l2geth_ci.yml

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ on:
1313
- ready_for_review
1414
name: CI
1515
jobs:
16+
1617
build-mock-ccc-geth: # build geth with mock circuit capacity checker
1718
if: github.event.pull_request.draft == false
1819
runs-on: ubuntu-latest
@@ -21,11 +22,14 @@ jobs:
2122
uses: actions/setup-go@v2
2223
with:
2324
go-version: 1.21.x
25+
2426
- name: Checkout code
2527
uses: actions/checkout@v2
28+
2629
- name: Build
2730
run: |
2831
make nccc_geth
32+
2933
build-geth: # build geth with circuit capacity checker
3034
if: github.event_name == 'push' # will only be triggered when pushing to main & staging & develop & alpha
3135
runs-on: ubuntu-latest
@@ -34,19 +38,23 @@ jobs:
3438
uses: actions/setup-go@v2
3539
with:
3640
go-version: 1.21.x
41+
3742
- name: Install rust
38-
uses: actions-rs/toolchain@v1
43+
uses: actions-rust-lang/setup-rust-toolchain@9399c7bb15d4c7d47b27263d024f0a4978346ba4 # v1.11.0
3944
with:
4045
toolchain: nightly-2023-12-03
4146
override: true
4247
components: rustfmt, clippy
48+
4349
- name: Checkout code
4450
uses: actions/checkout@v2
51+
4552
- name: Build
4653
run: |
4754
make libzkp
4855
sudo cp ./rollup/ccc/libzkp/libzkp.so /usr/local/lib/
4956
make geth
57+
5058
check:
5159
if: github.event.pull_request.draft == false
5260
runs-on: ubuntu-latest
@@ -55,12 +63,15 @@ jobs:
5563
uses: actions/setup-go@v2
5664
with:
5765
go-version: 1.21.x
66+
5867
- name: Checkout code
5968
uses: actions/checkout@v2
69+
6070
- name: Lint
6171
run: |
6272
rm -rf $HOME/.cache/golangci-lint
6373
make lint
74+
6475
goimports-lint:
6576
if: github.event.pull_request.draft == false
6677
runs-on: ubuntu-latest
@@ -69,17 +80,22 @@ jobs:
6980
uses: actions/setup-go@v2
7081
with:
7182
go-version: 1.18.x
83+
7284
- name: Install goimports
7385
run: go install golang.org/x/tools/cmd/[email protected]
86+
7487
- name: Checkout code
7588
uses: actions/checkout@v2
89+
7690
- run: goimports -local github.com/scroll-tech/go-ethereum/ -w .
91+
7792
# If there are any diffs from goimports, fail.
7893
- name: Verify no changes from goimports
7994
run: |
8095
if [ -n "$(git status --porcelain)" ]; then
8196
exit 1
8297
fi
98+
8399
go-mod-tidy-lint:
84100
if: github.event.pull_request.draft == false
85101
runs-on: ubuntu-latest
@@ -88,15 +104,19 @@ jobs:
88104
uses: actions/setup-go@v2
89105
with:
90106
go-version: 1.21.x
107+
91108
- name: Checkout code
92109
uses: actions/checkout@v2
110+
93111
- run: go mod tidy
112+
94113
# If there are any diffs from go mod tidy, fail.
95114
- name: Verify no changes from go mod tidy
96115
run: |
97116
if [ -n "$(git status --porcelain)" ]; then
98117
exit 1
99118
fi
119+
100120
test:
101121
if: github.event.pull_request.draft == false
102122
runs-on: ubuntu-latest
@@ -105,10 +125,13 @@ jobs:
105125
uses: actions/setup-go@v2
106126
with:
107127
go-version: 1.21.x
128+
108129
- name: Checkout code
109130
uses: actions/checkout@v2
131+
110132
- name: Test
111133
run: |
112134
make test
135+
113136
- name: Upload coverage report
114137
run: bash <(curl -s https://codecov.io/bash)

0 commit comments

Comments
 (0)