From e73c37f40a25eb62fafa1e93f663042f2c38eb91 Mon Sep 17 00:00:00 2001 From: Daniel Schiavini Date: Fri, 9 Feb 2024 15:21:56 +0100 Subject: [PATCH 1/8] Use `pull_request_target` with permissions check --- .github/workflows/main.yaml | 56 ++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 16 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 20d07d9c..f734be1d 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,24 +1,21 @@ name: unitary -on: ["push", "pull_request"] - -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +on: pull_request_target jobs: unitary: runs-on: ubuntu-latest strategy: matrix: - python-version: ["3.10", "3.11"] + python-version: [ "3.10", "3.11" ] name: "unit tests: python ${{ matrix.python-version }}" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Setup Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -31,15 +28,14 @@ jobs: - name: Run Unit Tests run: pytest -n auto tests/unitary/ - integration: - name: "integration tests (forked and networked modes)" + anvil: + name: "integration tests (networked against anvil)" runs-on: ubuntu-latest - # only run in single process, so there is no contention for sepolia tx nonce steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Setup Python 3.11 - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.11" cache: "pip" @@ -52,16 +48,44 @@ jobs: - name: Install Foundry uses: foundry-rs/foundry-toolchain@v1 + - name: Run Networked Tests against anvil + # run separately to clarify its dependency on outside binary + run: pytest -n auto tests/integration/network/anvil/ + + integration: + name: "integration tests (fork mode and Sepolia)" + runs-on: ubuntu-latest + # only run in single process, so there is no contention for sepolia tx nonce + steps: + - name: Check if the user is a contributor + uses: actions/github-script@v7 + with: + script: | + const { actor: username, repo: { owner, repo } } = context; + const collaborator = await github.rest.repos.getCollaboratorPermissionLevel({ owner, repo, username }); + if (!collaborator.data.user.permissions.push) { + core.setFailed(username + ' is not a contributor'); + } + + - uses: actions/checkout@v4 + + - name: Setup Python 3.11 + uses: actions/setup-python@v4 + with: + python-version: "3.11" + cache: "pip" + + - name: Install Requirements + run: | + pip install -r dev-requirements.txt + pip install . + - name: Run Fork Mode Tests run: pytest -n auto tests/integration/fork/ env: MAINNET_ENDPOINT: ${{ secrets.ALCHEMY_MAINNET_ENDPOINT }} ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} - - name: Run Networked Tests against anvil - # run separately to clarify its dependency on outside binary - run: pytest -n auto tests/integration/network/anvil/ - - name: Run Sepolia Tests # disable xdist, otherwise they can contend for tx nonce run: pytest -n 0 tests/integration/network/sepolia/ From 77a472aee1d0848391894f3cf6f607982af912d7 Mon Sep 17 00:00:00 2001 From: Daniel Schiavini Date: Fri, 9 Feb 2024 15:53:16 +0100 Subject: [PATCH 2/8] More triggers --- .github/workflows/main.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index f734be1d..411b75b3 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,6 +1,13 @@ name: unitary -on: pull_request_target +on: + pull_request: + types: [ opened, synchronize, reopened ] + pull_request_target: + types: [ opened, synchronize, reopened ] + push: + branches: + - master jobs: unitary: @@ -55,6 +62,7 @@ jobs: integration: name: "integration tests (fork mode and Sepolia)" runs-on: ubuntu-latest + if: github.event_name == 'push' || github.event_name == 'pull_request_target' # only run in single process, so there is no contention for sepolia tx nonce steps: - name: Check if the user is a contributor From 05ec3c99beb3e5c22bf428613b0363651ce1cf05 Mon Sep 17 00:00:00 2001 From: Daniel Schiavini Date: Fri, 9 Feb 2024 15:53:39 +0100 Subject: [PATCH 3/8] Remove comment --- .github/workflows/main.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 411b75b3..f7e807a6 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -63,7 +63,6 @@ jobs: name: "integration tests (fork mode and Sepolia)" runs-on: ubuntu-latest if: github.event_name == 'push' || github.event_name == 'pull_request_target' - # only run in single process, so there is no contention for sepolia tx nonce steps: - name: Check if the user is a contributor uses: actions/github-script@v7 From 596ef132ed9fe3542141280b8a632be47f33672d Mon Sep 17 00:00:00 2001 From: Daniel Schiavini Date: Wed, 14 Feb 2024 16:14:17 +0100 Subject: [PATCH 4/8] Grab merge commit --- .github/workflows/main.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 00972769..8393cd92 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -88,6 +88,8 @@ jobs: } - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.merge_commit_sha }} - name: Setup Python 3.11 uses: actions/setup-python@v4 From 4255fdfe91c8faca02ad3b0dc72a1e68990e0c6f Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 14 Feb 2024 10:21:33 -0500 Subject: [PATCH 5/8] remove specific triggers --- .github/workflows/main.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 8393cd92..f02ac378 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -2,9 +2,7 @@ name: unitary on: pull_request: - types: [ opened, synchronize, reopened ] pull_request_target: - types: [ opened, synchronize, reopened ] push: branches: - master From f7452336c71c2b8e7225928d8ebc444515e45c2e Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 14 Feb 2024 10:23:51 -0500 Subject: [PATCH 6/8] rename some pipelines --- .github/workflows/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index f02ac378..93c1b4da 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -47,7 +47,7 @@ jobs: tests/unitary/ anvil: - name: "integration tests (networked against anvil)" + name: "integration tests (anvil)" runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -71,7 +71,7 @@ jobs: run: pytest -n auto tests/integration/network/anvil/ integration: - name: "integration tests (fork mode and Sepolia)" + name: "integration tests (Alchemy: fork mode and Sepolia)" runs-on: ubuntu-latest if: github.event_name == 'push' || github.event_name == 'pull_request_target' steps: From 6b17f7bece0faa0f5517cf857764bdf40ff28988 Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 14 Feb 2024 10:25:45 -0500 Subject: [PATCH 7/8] we don't need to run on `pull_request` anymore since we jerry-rigged `pull_request_target` to run against the merge commit --- .github/workflows/main.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 93c1b4da..141848cf 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,7 +1,6 @@ name: unitary on: - pull_request: pull_request_target: push: branches: From 1feede1689ee132429f3bb2a2bd86f9dcd6795cc Mon Sep 17 00:00:00 2001 From: Charles Cooper Date: Wed, 14 Feb 2024 10:26:20 -0500 Subject: [PATCH 8/8] always do contributor check --- .github/workflows/main.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 141848cf..16e38281 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -72,7 +72,6 @@ jobs: integration: name: "integration tests (Alchemy: fork mode and Sepolia)" runs-on: ubuntu-latest - if: github.event_name == 'push' || github.event_name == 'pull_request_target' steps: - name: Check if the user is a contributor uses: actions/github-script@v7