chore(deps): bump midnight-base-crypto from ledger-6.1.0-alpha.3 to ledger-6.1.0-alpha.5 #1280
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| paths-ignore: [docs/**, '**.md', .github/**, .gitignore] | |
| push: | |
| branches: [main] | |
| paths-ignore: | |
| - docs/** | |
| - '**.md' | |
| - .github/** | |
| # run concurrency group for the workflow | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| changed_files: | |
| if: ${{ github.event.pull_request.draft == false }} | |
| runs-on: ubuntu-latest | |
| name: Test changed-files | |
| outputs: | |
| changed-rust-files: ${{ steps.changed-files-yaml.outputs.code_any_changed }} | |
| changed-lockfile-files: ${{ steps.changed-files-yaml.outputs.lockfile_any_changed }} | |
| changed-docker-files: ${{ steps.changed-files-yaml.outputs.docker_any_changed }} | |
| changed-tests-files: ${{ steps.changed-files-yaml.outputs.tests_any_changed }} | |
| steps: | |
| # Checkout the repository | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Get changed files | |
| id: changed-files-yaml | |
| uses: tj-actions/changed-files@212f9a7760ad2b8eb511185b841f3725a62c2ae0 # v45.0.6 | |
| with: | |
| files_yaml: | | |
| code: | |
| - '**/*.rs' | |
| - 'rustfmt.toml' | |
| - 'rust-toolchain.toml' | |
| lockfile: | |
| - 'Cargo.lock' | |
| - 'Cargo.toml' | |
| docker: | |
| - 'Dockerfile.development' | |
| - 'Dockerfile.production' | |
| - 'docker-compose.yml' | |
| - 'Cargo.lock' | |
| - 'Cargo.toml' | |
| tests: | |
| - '**/*.rs' | |
| - 'tests/**/*.json' | |
| ci: | |
| if: ${{ github.event.pull_request.draft == false && always() }} | |
| permissions: | |
| contents: none | |
| name: CI | |
| needs: [test, msrv, rustfmt, clippy] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Failed | |
| run: exit 1 | |
| if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
| msrv: | |
| if: | | |
| ${{ github.event.pull_request.draft == false && github.event_name != 'push' && ( needs.changed_files.outputs.changed-rust-files == 'true' || needs.changed_files.outputs.changed-lockfile-files == 'true') }} | |
| runs-on: ubuntu-latest | |
| needs: changed_files | |
| timeout-minutes: 10 | |
| steps: | |
| # Checkout the repository | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Prepare | |
| id: init | |
| uses: ./.github/actions/prepare | |
| # Get the output of the prepare composite action | |
| - name: Get cache-hit output | |
| run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' | |
| - name: Install cargo hack | |
| uses: taiki-e/install-action@7689010b667477e55299b24c373cdf719c945fdf # cargo-hack | |
| # Check the minimum supported Rust version | |
| - name: Default features | |
| run: cargo hack check --feature-powerset --locked --rust-version --all-targets | |
| rustfmt: | |
| if: | | |
| ${{ github.event.pull_request.draft == false && github.event_name != 'push' && needs.changed_files.outputs.changed-rust-files == 'true' }} | |
| needs: changed_files | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| # Checkout the repository | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Prepare | |
| id: init | |
| uses: ./.github/actions/prepare | |
| # Get the output of the prepare composite action | |
| - name: Get cache-hit output | |
| run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' | |
| # Check the formatting of the code | |
| - name: Check formatting | |
| run: cargo fmt --all -- --check | |
| # lint checks | |
| clippy: | |
| if: | | |
| ${{ github.event.pull_request.draft == false && github.event_name != 'push' && needs.changed_files.outputs.changed-rust-files == 'true' }} | |
| needs: changed_files | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| # Checkout the repository | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Prepare | |
| id: init | |
| uses: ./.github/actions/prepare | |
| # Get the output of the prepare composite action | |
| - name: Get cache-hit output | |
| run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' | |
| - name: Check | |
| run: cargo clippy --all-features --all-targets -- -D warnings | |
| # Run tests | |
| test: | |
| if: | | |
| ${{ github.event.pull_request.draft == false && needs.changed_files.outputs.changed-tests-files == 'true' }} | |
| permissions: | |
| contents: read | |
| needs: changed_files | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| # Checkout the repository | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Prepare | |
| id: init | |
| uses: ./.github/actions/prepare | |
| with: | |
| components: llvm-tools-preview | |
| # Get the output of the prepare composite action | |
| - name: Get cache-hit output | |
| run: 'echo "Cache hit >>>>>: ${{ steps.init.outputs.cache-hit }}"' | |
| - name: Install cargo hack | |
| uses: taiki-e/install-action@7689010b667477e55299b24c373cdf719c945fdf # cargo-hack | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@16edcff251c6bb06f6878981359f84b77b28e7e2 # cargo-llvm-cov | |
| - name: Build | |
| run: cargo test --no-run --locked | |
| # Unit tests coverage | |
| - name: Generate Unit Coverage Report | |
| env: | |
| LLVM_PROFILE_FILE: unit-%p-%m.profraw | |
| RUSTFLAGS: -Cinstrument-coverage | |
| run: RUST_TEST_THREADS=1 cargo hack llvm-cov --locked --lcov --output-path unit-lcov.info --lib | |
| # Integration tests coverage | |
| - name: Generate Integration Coverage Report | |
| env: | |
| LLVM_PROFILE_FILE: integration-%p-%m.profraw | |
| RUSTFLAGS: -Cinstrument-coverage | |
| run: RUST_TEST_THREADS=1 cargo hack llvm-cov --locked --lcov --output-path integration-lcov.info --test integration | |
| - name: Generate Properties Coverage Report | |
| env: | |
| LLVM_PROFILE_FILE: properties-%p-%m.profraw | |
| RUSTFLAGS: -Cinstrument-coverage | |
| run: RUST_TEST_THREADS=1 cargo hack llvm-cov --locked --lcov --output-path properties-lcov.info --test properties | |
| # Upload unit coverage | |
| - name: Upload Unit Coverage to Codecov | |
| uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| name: unit-coverage | |
| files: unit-lcov.info | |
| flags: unittests | |
| fail_ci_if_error: false | |
| # Upload integration coverage | |
| - name: Upload Integration Coverage to Codecov | |
| uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| name: integration-coverage | |
| files: integration-lcov.info | |
| flags: integration | |
| fail_ci_if_error: false | |
| # Upload properties coverage | |
| - name: Upload Properties Coverage to Codecov | |
| uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| name: properties-coverage | |
| files: properties-lcov.info | |
| flags: properties | |
| fail_ci_if_error: false | |
| docker-scan: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| needs: [changed_files, ci] | |
| if: | | |
| ${{ github.event.pull_request.draft == false && needs.changed_files.outputs.changed-docker-files == 'true' }} | |
| steps: | |
| # Checkout the repository | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@e77e8065d9f7ec6abdd9838668cd7b43924dd64d # main | |
| with: | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Prepare | |
| id: init | |
| uses: ./.github/actions/prepare | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Build x86 local container | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| tags: openzeppelin-monitor-dev:${{ github.sha }}-amd64 | |
| push: false | |
| load: true | |
| file: Dockerfile.development | |
| platforms: linux/amd64 | |
| # - name: Build arm64 local container | |
| # uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| # with: | |
| # tags: openzeppelin-monitor-dev:${{ github.sha }}-arm64 | |
| # push: false | |
| # load: true | |
| # file: Dockerfile.development | |
| # platforms: linux/arm64 | |
| - name: Test image and binary architectures | |
| run: | | |
| set -euo pipefail | |
| # platforms=("amd64" "arm64") | |
| platforms=("amd64") | |
| for platform in "${platforms[@]}"; do | |
| image_tag="openzeppelin-monitor-dev:${{ github.sha }}-${platform}" | |
| echo ">>>>>>>>Inspecting $platform<<<<<<<<" | |
| image_arch=$(docker image inspect $image_tag --format '{{.Architecture}}') | |
| binary_info=$(docker run --rm --platform linux/$platform --entrypoint sh $image_tag -c \ | |
| "apk add --no-cache file >/dev/null && file openzeppelin-monitor") | |
| echo ">>>>>>>>Binary info: $binary_info<<<<<<<<" | |
| # Determine binary architecture | |
| case "$binary_info" in | |
| *"ARM aarch64"*) | |
| binary_arch="arm64" | |
| ;; | |
| *"x86-64"*) | |
| binary_arch="amd64" | |
| ;; | |
| *) | |
| echo "Unknown binary architecture: $binary_info........." | |
| exit 1 | |
| ;; | |
| esac | |
| echo ">>>>>>>>Image arch: $image_arch | Binary arch: $binary_arch<<<<<<<<" | |
| if [ "$image_arch" != "$binary_arch" ]; then | |
| echo ">>>>>>>Architecture mismatch: Image=$image_arch Binary=$binary_arch<<<<<<<" | |
| exit 1 | |
| fi | |
| echo ">>>>>>>Architecture match for $platform<<<<<<<<" | |
| done | |
| - name: Scan image | |
| uses: anchore/scan-action@f6601287cdb1efc985d6b765bbf99cb4c0ac29d8 # v7.0.0 | |
| with: | |
| image: openzeppelin-monitor-dev:${{ github.sha }}-amd64 | |
| fail-build: true | |
| severity-cutoff: high | |
| output-format: table |