Skip to content

Commit

Permalink
Move workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@H00N24
H00N24 committed Dec 10, 2024
1 parent bed391c commit 6203804
Show file tree
Hide file tree
Showing 2 changed files with 302 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
contents: read
statuses: write
pull-requests: write
uses: ./workflow.yml@feat/initial-setup
uses: ./github/workflows/workflow.yml@feat/initial-setup
secrets: inherit
with:
use-beta: true
Expand Down
301 changes: 301 additions & 0 deletions .github/workflows/workflow.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,301 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/github-workflow.json
name: Reusable Workflow
on:
workflow_call:
inputs:
cli-version:
required: false
type: string
description: |-
The version of the `certora-cli` to use. If not specified, the latest version
will be used.
Example:
```yaml
cli-version: 7.0.0
```
configurations:
required: true
type: string
description: |-
List of paths to configuration files to use for the `certoraRun` command.
Example:
```yaml
configurations: |-
certConfigs/config1.conf
certConfigs/config2.conf
certConfigs/config3.conf
```
solc-versions:
required: true
type: string
description: |-
List of Solidity versions to use for the `certoraRun` command.
Example:
```yaml
solc-versions: |-
0.5.16
0.6.12
0.7.6
```
solc-remove-version-prefix:
required: false
type: string
description: |-
The prefix to remove from the Solidity version when saving binaries.
server:
required: true
default: production
type: string
description: |-
The server to run the tests on. Default is `production`.
Options: `production`, `staging`, or `vaas-dev`.
use-alpha:
required: false
type: boolean
description: |-
Whether to use the alpha version of the `certora-cli`.
use-beta:
required: false
type: boolean
description: |-
Whether to use the beta version of the `certora-cli`.
add-status:
required: true
default: true
type: boolean
description: |-
Whether to add status checks to the commit.
secrets:
CERTORAKEY:
required: true

env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
certora_run:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: feat/initial-setup
- name: Fetch Relevant Commit SHA for the Event
run: |
COMMIT_SHA=""
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
COMMIT_SHA="${{ github.event.pull_request.head.sha }}"
elif [[ "${{ github.event_name }}" == "push" ]]; then
COMMIT_SHA="${{ github.sha }}"
elif [[ "${{ github.event_name }}" == "workflow_run" ]]; then
COMMIT_SHA="${{ github.event.workflow_run.head_commit.id }}"
elif [[ "${{ github.event_name }}" == "commit_comment" ]]; then
COMMIT_SHA="${{ github.event.comment.commit_id }}"
elif [[ "${{ github.event_name }}" == "issue_comment" ]]; then
COMMIT_SHA="${{ github.event.comment.commit_id }}"
elif [[ "${{ github.event_name }}" == "pull_request_review" ]]; then
COMMIT_SHA="${{ github.event.review.commit_id }}"
elif [[ "${{ github.event_name }}" == "pull_request_review_comment" ]]; then
COMMIT_SHA="${{ github.event.comment.commit_id }}"
else
COMMIT_SHA="$(git rev-parse HEAD)"
fi
echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
echo "SHORT_COMMIT_SHA=${COMMIT_SHA:0:12}" >> $GITHUB_ENV
- name: Group ID and Message
run: |
echo "MESSAGE_SUFFIX=GH:${{ github.repository }}/${SHORT_COMMIT_SHA}" >> $GITHUB_ENV
echo "GROUP_ID=$(cat /proc/sys/kernel/random/uuid)" >> $GITHUB_ENV
- name: Cache CLI Dependencies Key
run: echo "${{ inputs.cli-version }}-${{ inputs.use-alpha }}-${{ inputs.use-beta }}" > .certora-cache

- name: Install uv
uses: astral-sh/setup-uv@v4
with:
enable-cache: true
cache-dependency-glob: .certora-cache

- name: Install certora-cli
run: |
CERT_CLI_PACKAGE="certora-cli"
if [ '${{ inputs.use_alpha }}' == 'true' ]; then
CERT_CLI_PACKAGE="certora-cli-alpha"
elif [ '${{ inputs.use_beta }}' == 'true' ]; then
CERT_CLI_PACKAGE="certora-cli-beta"
fi
CERT_CLI_PACKAGE="${CERT_CLI_PACKAGE}${CERT_CLI_VERSION:+==$CERT_CLI_VERSION}"
echo "CERT_CLI_PACKAGE=$CERT_CLI_PACKAGE" >> $GITHUB_ENV
uv tool install "$CERT_CLI_PACKAGE"
env:
CERT_CLI_VERSION: ${{ inputs.cli_version }}

- name: Cache Solidity Binaries
id: solc-cache
uses: actions/cache@v4
with:
path: /opt/solc-bin
key: solc-bin

- name: Add Solidity to Github Path
run: echo "/opt/solc-bin/" >> $GITHUB_PATH

- name: Download Solidity Binaries
run: |
mkdir -p /opt/solc-bin
VERSIONS="${{ inputs.solc-versions }}"
GH_LINK='https://api.github.com/repos/ethereum/solidity/releases/tags/v'
JQ_FILTER='.assets[] | select(.name == "solc-static-linux") | .url'
AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
for version in $VERSIONS; do
version="${version#v}"
if [ -z "${{ inputs.solc-remove-version-prefix }}" ]; then
use_version=$version
else
use_version="${version#${{ inputs.solc-remove-version-prefix }}}"
fi
BIN_PATH="/opt/solc-bin/solc$use_version"
if [ ! -f "$BIN_PATH" ]; then
echo "Downloading Solidity $version"
RELEASE_DETAIL=$(curl -sH "$AUTH_HEADER" "${GH_LINK}${version}")
if [[ -z "$RELEASE_DETAIL" || $(jq 'has("assets")' <<< "$RELEASE_DETAIL") == "false" ]]; then
echo "Failed to fetch release details for Solidity $version"
echo "$RELEASE_DETAIL"
exit 1
fi
BIN_LINK=$(jq -r "$JQ_FILTER" <<< "$RELEASE_DETAIL")
curl -L \
-H "Accept: application/octet-stream" \
-H "$AUTH_HEADER" \
"${BIN_LINK}" -o "$BIN_PATH"
# Verify the binary
chmod +x "$BIN_PATH"
"solc$use_version" --version
fi
done
ls -1 /opt/solc-bin/
- name: Sanitize confugurations
run: |
CONFIGURATIONS="${{ inputs.configurations }}"
for conf in $CONFIGURATIONS; do
echo "Sanitizing $conf"
tmp_conf=$(mktemp)
jq 'del(.wait_for_results)' $conf > $tmp_conf
mv $tmp_conf $conf
done
- name: Run Certora
id: certora-run
run: |
CONFIGURATIONS="${{ inputs.configurations }}"
MAX_MSG_LEN=254
SUFFIX_LEN=${#MESSAGE_SUFFIX}
REMAINING_LEN=$((MAX_MSG_LEN - SUFFIX_LEN))
jobs=0
LOG_DIR="/tmp/certora-logs/"
mkdir -p "$LOG_DIR"
for conf in $CONFIGURATIONS; do
echo "Starting $conf"
if [[ ${#conf} -gt $conf_max_length ]]; then
msg_conf=${conf: -$REMAINING_LEN}
else
msg_conf=$conf
fi
# Create log files
STDOUT="$LOG_DIR/$conf.stdout"
mkdir -p "$(dirname "$STDOUT")"
STDERR="$LOG_DIR/$conf.stderr"
mkdir -p "$(dirname "$STDERR")"
uvx --from "$CERT_CLI_PACKAGE" certoraRun \
$conf \
--msg "${msg_conf} ${MESSAGE_SUFFIX}" \
--server "${{ inputs.server }}" \
--group_id "${GROUP_ID}" \
--send_only \
--wait_for_results none >"$STDERR" 2>"$STDERR" &
((jobs++)) || true
done
# Wait for all jobs to finish and mark if any failed
total_ret=0
failed_jobs=0
for conf in $CONFIGURATIONS; do
ret=0
wait -n || ret=$?
if [ $ret -ne 0 ]; then
((jobs--)) || true
((failed_jobs++)) || true
total_ret=$ret
fi
done
# Add jobs to output
echo "total_jobs=$jobs" >> $GITHUB_OUTPUT
echo "failed_jobs=$failed_jobs" >> $GITHUB_OUTPUT
# Remove empty log files
find "$LOG_DIR" -type f -empty -delete
if [ $ret -ne 0 ]; then
echo "Some configurations failed! Please check the logs."
exit $ret
fi
env:
CERTORAKEY: ${{ secrets.CERTORAKEY }}

- name: Add GH Status
if: ${{ inputs.add-status }}
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/statuses/$COMMIT_SHA \
-d '{"state":"pending","target_url":"https://prover.certora.com","description":"0/${{ steps.certora-run.outputs.total_jobs }} jobs finished.","context":"certora-run"}'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Upload Logs
uses: actions/upload-artifact@v4
id: upload-logs
if: always()
with:
name: logs
path: /tmp/certora-logs/*

# Add comment with log link
- name: Add Comment With Logs Link
if: ${{ steps.upload-logs.outputs.artifact-url }}
run: |
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/${{ github.repository }}/commits/$COMMIT_SHA/comments \
-d '{"body":"# Started Certora Run\n\n- Started ${{ steps.certora-run.outputs.total_jobs }} jobs\n- ${{ steps.certora-run.outputs.failed_jobs }} jobs failed\n\n[Logs](${{ steps.upload-logs.outputs.artifact-url }})\n"}'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 comments on commit 6203804

Please sign in to comment.