From 5125d16a585b050323e82fb8ac34ac3ce5b1d3f6 Mon Sep 17 00:00:00 2001
From: Timofey <5527315+epanchee@users.noreply.github.com>
Date: Fri, 1 Dec 2023 18:09:22 +0400
Subject: [PATCH] add files which are not part of audit
---
.github/workflows/check_artifacts.yml | 120 ++++++++++++++++++++++++
.github/workflows/code_coverage.yml | 62 ++++++++++++
.github/workflows/release_artifacts.yml | 37 ++++++++
.github/workflows/tests_and_checks.yml | 76 +++++++++++++++
.gitignore | 2 +
scripts/check_artifacts_size.sh | 18 ++++
6 files changed, 315 insertions(+)
create mode 100644 .github/workflows/check_artifacts.yml
create mode 100644 .github/workflows/code_coverage.yml
create mode 100644 .github/workflows/release_artifacts.yml
create mode 100644 .github/workflows/tests_and_checks.yml
create mode 100644 .gitignore
create mode 100755 scripts/check_artifacts_size.sh
diff --git a/.github/workflows/check_artifacts.yml b/.github/workflows/check_artifacts.yml
new file mode 100644
index 0000000..7b77979
--- /dev/null
+++ b/.github/workflows/check_artifacts.yml
@@ -0,0 +1,120 @@
+name: Compiled binaries checks
+
+on:
+ pull_request:
+ push:
+ branches:
+ - main
+
+env:
+ CARGO_TERM_COLOR: always
+ CARGO_NET_GIT_FETCH_WITH_CLI: true
+
+jobs:
+ fetch_deps:
+ name: Fetch cargo dependencies
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Cancel Previous Runs
+ uses: styfle/cancel-workflow-action@0.11.0
+ with:
+ access_token: ${{ github.token }}
+
+ - uses: actions/checkout@v3
+ - uses: webfactory/ssh-agent@v0.7.0
+ with:
+ ssh-private-key: |
+ ${{ secrets.GOV_PRIVATE_KEY }}
+ ${{ secrets.CORE_PRIVATE_KEY }}
+
+ - uses: actions/cache@v3
+ if: always()
+ with:
+ path: |
+ ~/.cargo/bin
+ ~/.cargo/git/checkouts
+ ~/.cargo/git/db
+ ~/.cargo/registry/cache
+ ~/.cargo/registry/index
+ key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+ restore-keys: |
+ ${{ runner.os }}-cargo-
+
+ - run: |
+ git config url."ssh://git@github.com/astroport-fi/hidden_astroport_governance.git".insteadOf "https://github.com/astroport-fi/hidden_astroport_governance"
+ git config url."ssh://git@github.com/astroport-fi/hidden_astroport_core.git".insteadOf "https://github.com/astroport-fi/hidden_astroport_core"
+
+ - name: Install stable toolchain
+ uses: actions-rs/toolchain@v1
+ with:
+ profile: minimal
+ toolchain: 1.68.0
+ override: true
+
+ - name: Fetch cargo deps
+ uses: actions-rs/cargo@v1
+ with:
+ command: fetch
+ args: --locked
+
+ check-artifacts-size:
+ runs-on: ubuntu-latest
+ name: Check Artifacts Size
+ needs: fetch_deps
+ steps:
+ - name: Checkout sources
+ uses: actions/checkout@v3
+
+ - uses: actions/cache@v3
+ with:
+ path: |
+ ~/.cargo/bin
+ ~/.cargo/git/checkouts
+ ~/.cargo/git/db
+ ~/.cargo/registry/cache
+ ~/.cargo/registry/index
+ key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+ # docker can't pull private sources, so we fail if cache is missing
+ fail-on-cache-miss: true
+
+ - name: Build Artifacts
+ run: |
+ docker run \
+ -v "$GITHUB_WORKSPACE":/code \
+ -v ~/.cargo/registry:/usr/local/cargo/registry \
+ -v ~/.cargo/git:/usr/local/cargo/git \
+ cosmwasm/workspace-optimizer:0.12.13
+
+ - name: Save artifacts cache
+ uses: actions/cache/save@v3
+ with:
+ path: artifacts
+ key: ${{ runner.os }}-artifacts-${{ hashFiles('**/Cargo.lock') }}
+
+ - name: Check Artifacts Size
+ run: |
+ $GITHUB_WORKSPACE/scripts/check_artifacts_size.sh
+
+
+
+ cosmwasm-check:
+ runs-on: ubuntu-latest
+ name: Cosmwasm check
+ needs: check-artifacts-size
+ steps:
+ # We need this only to get Cargo.lock
+ - name: Checkout sources
+ uses: actions/checkout@v3
+ - name: Restore cached artifacts
+ uses: actions/cache/restore@v3
+ with:
+ path: artifacts
+ key: ${{ runner.os }}-artifacts-${{ hashFiles('**/Cargo.lock') }}
+ fail-on-cache-miss: true
+ - name: Install cosmwasm-check
+ # Uses --debug for compilation speed
+ run: cargo install --debug --version 1.4.0 cosmwasm-check
+ - name: Cosmwasm check
+ run: |
+ cosmwasm-check $GITHUB_WORKSPACE/artifacts/*.wasm --available-capabilities cosmwasm_1_1,iterator,stargate
diff --git a/.github/workflows/code_coverage.yml b/.github/workflows/code_coverage.yml
new file mode 100644
index 0000000..d628678
--- /dev/null
+++ b/.github/workflows/code_coverage.yml
@@ -0,0 +1,62 @@
+name: Code coverage
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+
+env:
+ CARGO_TERM_COLOR: always
+ CARGO_NET_GIT_FETCH_WITH_CLI: true
+
+jobs:
+ code-coverage:
+ name: Code coverage
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Cancel Previous Runs
+ uses: styfle/cancel-workflow-action@0.9.1
+ with:
+ access_token: ${{ github.token }}
+
+ - uses: webfactory/ssh-agent@v0.7.0
+ with:
+ ssh-private-key: |
+ ${{ secrets.GOV_PRIVATE_KEY }}
+ ${{ secrets.CORE_PRIVATE_KEY }}
+
+ - name: Checkout repository
+ uses: actions/checkout@v2
+ - run: |
+ git config url."ssh://git@github.com/astroport-fi/hidden_astroport_governance.git".insteadOf "https://github.com/astroport-fi/hidden_astroport_governance"
+ git config url."ssh://git@github.com/astroport-fi/hidden_astroport_core.git".insteadOf "https://github.com/astroport-fi/hidden_astroport_core"
+
+ - name: Install stable toolchain
+ uses: actions-rs/toolchain@v1
+ with:
+ profile: minimal
+ toolchain: 1.68.0
+ override: true
+
+ - name: Run cargo-tarpaulin
+ uses: actions-rs/tarpaulin@v0.1
+ with:
+ version: '0.22.0'
+ args: '--exclude-files *tests*.rs target*.rs -e astroport-osmo-e2e-tests --workspace -o Html'
+
+ - name: Attach coverage report
+ uses: actions/upload-artifact@v3
+ with:
+ path: ${{ github.workspace }}/tarpaulin-report.html
+ if-no-files-found: error
+
+ - name: Upload to codecov.io
+ if: github.ref == 'refs/heads/main'
+ uses: codecov/codecov-action@v3
+ with:
+ token: ${{secrets.CODECOV_TOKEN}}
+ fail_ci_if_error: true
diff --git a/.github/workflows/release_artifacts.yml b/.github/workflows/release_artifacts.yml
new file mode 100644
index 0000000..adcc123
--- /dev/null
+++ b/.github/workflows/release_artifacts.yml
@@ -0,0 +1,37 @@
+name: Release Artifacts
+on:
+ push:
+ tags:
+ - "v*.*.*"
+
+jobs:
+ release-artifacts:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/cache@v3
+ with:
+ path: |
+ ~/.cargo/bin
+ ~/.cargo/git/checkouts
+ ~/.cargo/git/db
+ ~/.cargo/registry/cache
+ ~/.cargo/registry/index
+ key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+ # docker can't pull private sources, so we fail if cache is missing
+ fail-on-cache-miss: true
+ - name: Build Artifacts
+ run: |
+ docker run \
+ -v "$GITHUB_WORKSPACE":/code \
+ -v ~/.cargo/registry:/usr/local/cargo/registry \
+ -v ~/.cargo/git:/usr/local/cargo/git \
+ cosmwasm/workspace-optimizer:0.12.13
+ tar -zcvf cosmwasm-artifacts.tar.gz artifacts
+ - name: Create Release
+ uses: softprops/action-gh-release@v1
+ with:
+ files: cosmwasm-artifacts.tar.gz
+ token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/tests_and_checks.yml b/.github/workflows/tests_and_checks.yml
new file mode 100644
index 0000000..2ad0605
--- /dev/null
+++ b/.github/workflows/tests_and_checks.yml
@@ -0,0 +1,76 @@
+name: Contract tests and checks
+
+on:
+ pull_request:
+ push:
+ branches:
+ - main
+
+env:
+ CARGO_TERM_COLOR: always
+ CARGO_NET_GIT_FETCH_WITH_CLI: true
+
+jobs:
+ test_and_check:
+ name: Test and check
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Cancel Previous Runs
+ uses: styfle/cancel-workflow-action@0.11.0
+ with:
+ access_token: ${{ github.token }}
+
+ - uses: actions/checkout@v3
+ - uses: webfactory/ssh-agent@v0.7.0
+ with:
+ ssh-private-key: |
+ ${{ secrets.GOV_PRIVATE_KEY }}
+ ${{ secrets.CORE_PRIVATE_KEY }}
+
+ - uses: actions/cache@v3
+ if: always()
+ with:
+ path: |
+ ~/.cargo/bin
+ ~/.cargo/git/checkouts
+ ~/.cargo/git/db
+ ~/.cargo/registry/cache
+ ~/.cargo/registry/index
+ target
+ key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+ restore-keys: |
+ ${{ runner.os }}-cargo-
+
+ - run: |
+ git config url."ssh://git@github.com/astroport-fi/hidden_astroport_governance.git".insteadOf "https://github.com/astroport-fi/hidden_astroport_governance"
+ git config url."ssh://git@github.com/astroport-fi/hidden_astroport_core.git".insteadOf "https://github.com/astroport-fi/hidden_astroport_core"
+
+ - name: Install stable toolchain
+ uses: actions-rs/toolchain@v1
+ with:
+ profile: minimal
+ toolchain: 1.68.0
+ override: true
+ target: wasm32-unknown-unknown
+ components: rustfmt, clippy, llvm-tools-preview
+
+ - name: Run tests
+ uses: actions-rs/cargo@v1
+ with:
+ command: test
+ args: --no-fail-fast --locked -- --test-threads 1 # disable parallelism due to issue with test-tube that cause flaky tests
+ env:
+ RUST_BACKTRACE: 1
+
+ - name: Run cargo clippy
+ uses: actions-rs/cargo@v1
+ with:
+ command: clippy
+ args: -- -D warnings
+
+ - name: Run cargo fmt
+ uses: actions-rs/cargo@v1
+ with:
+ command: fmt
+ args: --all -- --check
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..544c9a5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+/target
+/artifacts/
diff --git a/scripts/check_artifacts_size.sh b/scripts/check_artifacts_size.sh
new file mode 100755
index 0000000..178120f
--- /dev/null
+++ b/scripts/check_artifacts_size.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -e
+set -o pipefail
+
+# terra: https://github.com/terra-money/wasmd/blob/2308975f45eac299bdf246737674482eaa51051c/x/wasm/types/validation.go#L12
+# injective: https://github.com/InjectiveLabs/wasmd/blob/e087f275712b5f0a798791495dee0e453d67cad3/x/wasm/types/validation.go#L19
+maximum_size=800
+
+for artifact in artifacts/*.wasm; do
+ artifactsize=$(du -k "$artifact" | cut -f 1)
+ if [ "$artifactsize" -gt $maximum_size ]; then
+ echo "Artifact file size exceeded: $artifact"
+ echo "Artifact size: $artifactsize"
+ echo "Max size: $maximum_size"
+ exit 1
+ fi
+done