Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions .github/workflows/certora-prover.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,16 +38,20 @@ jobs:
github.event_name == 'workflow_dispatch'
runs-on: protocol-x64-16core
steps:
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: audit

# Checkout the repository with submodules
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive
# Use dev branch for scheduled runs, otherwise use the branch that triggered the workflow
ref: ${{ github.event_name == 'schedule' && 'dev' || github.ref }}

# Install the Foundry toolchain
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand All @@ -56,7 +60,7 @@ jobs:
run: forge install

# Run Certora compilation step only
- uses: Certora/certora-run-action@v1
- uses: Certora/certora-run-action@56c6a98e84eee5cd3a135967a9a4bc06ef6d38cc
with:
# List of configuration files for different contracts to verify
configurations: |-
Expand Down Expand Up @@ -94,16 +98,20 @@ jobs:
github.event_name == 'schedule' ||
github.event_name == 'workflow_dispatch'
steps:
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: audit

# Checkout the repository with submodules
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive
# Use dev branch for scheduled runs, otherwise use the branch that triggered the workflow
ref: ${{ github.event_name == 'schedule' && 'dev' || github.ref }}

# Install the Foundry toolchain.
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand All @@ -112,7 +120,7 @@ jobs:
run: forge install

# Run Certora verification with the same configurations
- uses: Certora/certora-run-action@v1
- uses: Certora/certora-run-action@56c6a98e84eee5cd3a135967a9a4bc06ef6d38cc
with:
# List of configuration files for different contracts to verify
configurations: |-
Expand Down
36 changes: 32 additions & 4 deletions .github/workflows/checks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,49 @@ jobs:
name: Typo Linting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: crate-ci/[email protected]
- name: Harden Runner
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: block
allowed-endpoints: >
github.com:443
release-assets.githubusercontent.com:443
objects.githubusercontent.com:443
release-assets.githubusercontent.com:443

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: crate-ci/typos@717cd03663352cbd05e4d28c01366e571ff5f2ed
with:
config: .github/configs/typos-cli.toml

go-bindings:
name: Bindings
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Harden Runner
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: block
allowed-endpoints: >
archive.ubuntu.com:80
auth.docker.io:443
binaries.soliditylang.org:443
foundry.paradigm.xyz:443
gethstore.blob.core.windows.net:443
github.com:443
production.cloudflare.docker.com:443
raw.githubusercontent.com:443
registry-1.docker.io:443
release-assets.githubusercontent.com:443
security.ubuntu.com:80
objects.githubusercontent.com:443

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
fetch-depth: 0
- name: Build and validate
if: github.event_name == 'push'
run: |
make docker
docker run -v `pwd`:/build -w /build --rm -i eigenlayer-contracts:latest bash -c "make gha"
if [ ! -z "$(git status --porcelain)" ]; then git diff; git status; exit 1; fi
if [ ! -z "$(git status --porcelain)" ]; then git diff; git status; exit 1; fi
16 changes: 13 additions & 3 deletions .github/workflows/foundry-post-merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,24 @@ jobs:
strategy:
fail-fast: true
steps:
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: block
allowed-endpoints: >
binaries.soliditylang.org:443
github.com:443
release-assets.githubusercontent.com:443
eth-mainnet.g.alchemy.com:443
powerful-dimensional-season.ethereum-holesky.quiknode.pro:443

# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive

# Restore Forge cache
- name: Cache Forge Build
uses: actions/cache@v3
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
with:
path: |
cache/
Expand All @@ -48,7 +58,7 @@ jobs:

# Install the Foundry toolchain.
- name: "Install Foundry"
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand Down
64 changes: 52 additions & 12 deletions .github/workflows/foundry.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,25 @@ jobs:
suite: [Unit, Integration, Fork]

steps:
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: block
allowed-endpoints: >
binaries.soliditylang.org:443
github.com:443
release-assets.githubusercontent.com:443
eth-mainnet.g.alchemy.com:443
powerful-dimensional-season.ethereum-holesky.quiknode.pro:443
objects.githubusercontent.com:443

# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive

# Restore Forge cache
- name: Cache Forge Build
uses: actions/cache@v3
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
with:
path: |
cache/
Expand All @@ -45,7 +56,7 @@ jobs:

# Install the Foundry toolchain.
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand Down Expand Up @@ -83,14 +94,23 @@ jobs:
name: Test (Storage)
runs-on: protocol-x64-16core
steps:
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: block
allowed-endpoints: >
api.etherscan.io:443
binaries.soliditylang.org:443
eth-mainnet.g.alchemy.com:443
github.com:443
release-assets.githubusercontent.com:443
# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive

# Restore Forge cache
- name: Cache Forge Build
uses: actions/cache@v3
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
with:
path: |
cache/
Expand All @@ -101,7 +121,7 @@ jobs:

# Install the Foundry toolchain.
- name: "Install Foundry"
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand All @@ -119,14 +139,23 @@ jobs:
name: Coverage
runs-on: protocol-x64-16core
steps:

- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: block
allowed-endpoints: >
binaries.soliditylang.org:443
github.com:443
release-assets.githubusercontent.com:443

# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive

# Restore Foundry and Forge cache
- name: Cache Foundry Dependencies
uses: actions/cache@v3
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
with:
path: |
~/.cargo
Expand All @@ -139,7 +168,7 @@ jobs:

# Install the Foundry toolchain.
- name: "Install Foundry"
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand Down Expand Up @@ -169,7 +198,7 @@ jobs:

# Upload coverage report as artifact before potential failure
- name: Upload Coverage Report
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
with:
name: code-coverage-report
path: report/*
Expand Down Expand Up @@ -208,14 +237,24 @@ jobs:
name: Size Diff
runs-on: protocol-x64-16core
steps:
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
egress-policy: block
allowed-endpoints: >
*.blob.core.windows.net:443
binaries.soliditylang.org:443
github.com:443
objects.githubusercontent.com:443
release-assets.githubusercontent.com:443

# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@v4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: recursive

# Install the Foundry toolchain.
- name: "Install Foundry"
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand Down Expand Up @@ -276,3 +315,4 @@ jobs:
if [ "$has_differences" -eq 0 ]; then
echo -e "\033[1;32m✨ No contract size changes detected ✨\033[0m"
fi

15 changes: 7 additions & 8 deletions .github/workflows/validate-deployment-scripts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,22 +21,21 @@ jobs:
env: [preprod, testnet, mainnet, testnet-sepolia, testnet-hoodi, testnet-base-sepolia]

steps:
# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@v4
- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911
with:
submodules: recursive
egress-policy: audit

- name: Setup Node.js
uses: actions/setup-node@v3
# Check out repository with all submodules for complete codebase access.
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
node-version: '18'
submodules: recursive

- name: Install Zeus
run: npm install -g @layr-labs/zeus

# Restore Forge cache
- name: Cache Forge Build
uses: actions/cache@v3
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684
with:
path: |
cache/
Expand All @@ -47,7 +46,7 @@ jobs:

# Install the Foundry toolchain.
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de
with:
version: stable

Expand Down