-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rc 1 #1851
base: main
Are you sure you want to change the base?
Rc 1 #1851
Changes from all commits
1cc8ae7
2a9d74f
2de3144
643adfe
7071408
bb455dc
8bf1719
6801555
0863069
3114173
81dcb2f
b1399f5
ac53635
4df7593
9caaa22
98ca85a
18c265b
1216d97
6cdd454
95c1ffe
44189da
da9095c
906b7ae
aa2e6b8
7b8a269
cff9d59
a4259e4
32b2ce0
616a06f
ef1e3fe
cbc538d
963dd7d
8d05f50
4f571d5
4dc6fe3
4b1634f
3d22735
b216174
ad9b156
abe2e34
734981b
94ba145
44c2368
0a2fab3
841da49
c99cbdc
ca54d5e
fc32c71
07e63ac
96bf29a
6538de4
f26eaa8
364e7aa
d3bd7cb
43456ea
5c0bf58
0e25f47
29f4920
bc98bc6
51fddb3
78a9a12
34a4a72
e2c3420
3566285
f6db602
1ffcf80
d25fe44
d8c4cbf
ee5a764
d4b228f
56833b8
7dbed41
a7bd7df
5f93294
2b864cb
e7e5e41
42b99f1
5eab7af
61a925b
4b17f05
8b04beb
20b6995
fcbf3a6
0d4ec5f
27fc729
a43f706
08be027
511efe9
8165175
21f96e8
855b708
b05e444
c1c025f
f568ab5
c2195d1
995bd5a
115f47a
dcc3c60
e61c2dd
9eb0e77
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
name: test season pass | ||
|
||
on: | ||
pull_request: | ||
paths-ignore: | ||
- "contracts/**" | ||
- "client/**" | ||
- "**/manifest.json" | ||
- "discord-bot/**" | ||
- "config/**" | ||
- ".github/**" | ||
- "pnpm-lock.yaml" | ||
|
||
env: | ||
SCARB_VERSION: v2.8.2 | ||
|
||
jobs: | ||
test-season-pass: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
- uses: software-mansion/setup-scarb@v1 | ||
with: | ||
tool-versions: season_pass/contracts/.tool-versions | ||
- uses: foundry-rs/setup-snfoundry@v3 | ||
with: | ||
tool-versions: season_pass/contracts/.tool-versions | ||
Comment on lines
+17
to
+27
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💡 Codebase verification 🛠️ Refactor suggestion Update actions and pin the Ubuntu version. The current workflow uses
🔗 Analysis chainConsider updating actions and pinning the Ubuntu version. The job setup looks good overall, but there are a few suggestions for improvement:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- runs-on: ubuntu-latest
+ runs-on: ubuntu-22.04
🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Verify the existence and content of the .tool-versions file
# Test: Check if the file exists and display its content
if [ -f "season_pass/contracts/.tool-versions" ]; then
echo "Content of .tool-versions file:"
cat "season_pass/contracts/.tool-versions"
else
echo "Error: .tool-versions file not found"
exit 1
fi
Length of output: 201 Script: #!/bin/bash
# Description: Check the version of actions/checkout in the workflow file
# Use grep to find the actions/checkout version
echo "Checking actions/checkout version:"
grep 'uses: actions/checkout@' .github/workflows/test-season-pass.yml || { echo "actions/checkout not found"; exit 1; }
Length of output: 184 Script: #!/bin/bash
# Description: Verify if the Ubuntu version is pinned in the workflow file
# Check if runs-on is set to ubuntu-latest
echo "Checking runs-on configuration:"
if grep -q 'runs-on: ubuntu-latest' .github/workflows/test-season-pass.yml; then
echo "runs-on is set to ubuntu-latest. Consider pinning to a specific version like ubuntu-22.04."
exit 1
else
echo "runs-on is pinned to a specific Ubuntu version."
fi
Length of output: 346 |
||
- run: scarb build | ||
working-directory: season_pass/contracts | ||
- run: snforge test | ||
working-directory: season_pass/contracts |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
node_modules | ||
node_modules | ||
target | ||
.snfoundry_cache |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
scarb 2.7.0 | ||
dojo 1.0.0-alpha.12 | ||
dojo 1.0.0-alpha.17 |
Original file line number | Diff line number | Diff line change | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
@@ -1,7 +1,7 @@ | ||||||||||||||||
VITE_PUBLIC_MASTER_ADDRESS="0x779c2c098f066ddde5850ec8426511e46e6499adf0b5c77e8961917413b57db" | ||||||||||||||||
VITE_PUBLIC_MASTER_PRIVATE_KEY="0x189765c7b9daa2efdd3025d3236a929ce5e510834b8cba4f002a0d5c1accb5a" | ||||||||||||||||
VITE_PUBLIC_WORLD_ADDRESS="0x76ca3dfc3e96843716f882546f0db96b7da0cf988bdba284b469d0defb2f48f" | ||||||||||||||||
VITE_PUBLIC_ACCOUNT_CLASS_HASH="0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c" | ||||||||||||||||
VITE_PUBLIC_WORLD_ADDRESS="0x320b2713e324fe3125bbc42d85ff69cb3c0908b436fa38a35746dbc45deeb11" | ||||||||||||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💡 Codebase verification Old VITE_PUBLIC_WORLD_ADDRESS still present in deployment manifests The old VITE_PUBLIC_WORLD_ADDRESS is still found in the following files:
Please verify if these instances need to be updated to the new address to ensure consistency across your deployment configurations. 🔗 Analysis chainVerify the new VITE_PUBLIC_WORLD_ADDRESS value The VITE_PUBLIC_WORLD_ADDRESS has been updated to a new value. This change could have significant implications for the entire system in the production environment. Please confirm that this new address is correct and has been thoroughly tested. Run the following script to check for any other occurrences of the old address in the codebase: If any occurrences are found, they may need to be updated as well. Please run the following script to search for any remaining instances of the old VITE_PUBLIC_WORLD_ADDRESS: Please run the following script to search for any remaining instances of the old VITE_PUBLIC_WORLD_ADDRESS: 🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Search for any remaining instances of the old VITE_PUBLIC_WORLD_ADDRESS
OLD_ADDRESS="0x76ca3dfc3e96843716f882546f0db96b7da0cf988bdba284b469d0defb2f48f"
echo "Searching for occurrences of the old address:"
rg "$OLD_ADDRESS" --type-not env
Length of output: 294 Script: #!/bin/bash
# Description: Search for any remaining instances of the old VITE_PUBLIC_WORLD_ADDRESS
OLD_ADDRESS="0x76ca3dfc3e96843716f882546f0db96b7da0cf988bdba284b469d0defb2f48f"
echo "Searching for occurrences of the old address:"
rg "$OLD_ADDRESS" --type-not dotenv
Length of output: 300 Script: #!/bin/bash
# Description: Search for any remaining instances of the old VITE_PUBLIC_WORLD_ADDRESS
OLD_ADDRESS="0x76ca3dfc3e96843716f882546f0db96b7da0cf988bdba284b469d0defb2f48f"
echo "Searching for occurrences of the old address:"
rg "$OLD_ADDRESS" --glob '!*.env*'
Length of output: 530 |
||||||||||||||||
VITE_PUBLIC_ACCOUNT_CLASS_HASH="0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2" | ||||||||||||||||
VITE_EVENT_KEY="0x1a2f334228cee715f1f0f54053bb6b5eac54fa336e0bc1aacf7516decb0471d" | ||||||||||||||||
VITE_PUBLIC_TORII="https://api.cartridge.gg/x/eternum-42/torii" | ||||||||||||||||
VITE_PUBLIC_NODE_URL="https://api.cartridge.gg/x/eternum-42/katana/" | ||||||||||||||||
|
@@ -10,3 +10,7 @@ VITE_PUBLIC_GAME_VERSION="v0.9.0" | |||||||||||||||
VITE_PUBLIC_SHOW_FPS=false | ||||||||||||||||
VITE_PUBLIC_GRAPHICS_DEV=false | ||||||||||||||||
VITE_PUBLIC_TORII_RELAY="/dns4/api.cartridge.gg/tcp/443/x-parity-wss/%2Fx%2Feternum-42%2Ftorii%2Fwss" | ||||||||||||||||
|
||||||||||||||||
VITE_SEASON_PASS_ADDRESS="0x0" | ||||||||||||||||
VITE_REALMS_ADDRESS="0x0" | ||||||||||||||||
VITE_LORDS_ADDRESS="0x0" | ||||||||||||||||
Comment on lines
+14
to
+16
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Reconsider using placeholder addresses in production The newly added variables VITE_SEASON_PASS_ADDRESS, VITE_REALMS_ADDRESS, and VITE_LORDS_ADDRESS are all set to "0x0". This is unusual for a production environment and could potentially lead to issues or security risks. Consider the following actions:
Example: -VITE_SEASON_PASS_ADDRESS="0x0"
-VITE_REALMS_ADDRESS="0x0"
-VITE_LORDS_ADDRESS="0x0"
+# TODO: Update with actual addresses before deployment
+VITE_SEASON_PASS_ADDRESS="NOT_YET_DEPLOYED"
+VITE_REALMS_ADDRESS="NOT_YET_DEPLOYED"
+VITE_LORDS_ADDRESS="NOT_YET_DEPLOYED" Additionally, consider adding checks in the application code to ensure these addresses are properly set before using them. 📝 Committable suggestion
Suggested change
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
VITE_PUBLIC_MASTER_ADDRESS="0xb3ff441a68610b30fd5e2abbf3a1548eb6ba6f3559f2862bf2dc757e5828ca" | ||
VITE_PUBLIC_MASTER_PRIVATE_KEY="0x2bbf4f9fd0bbb2e60b0316c1fe0b76cf7a4d0198bd493ced9b8df2a3a24d68a" | ||
VITE_PUBLIC_WORLD_ADDRESS="0x177a3f3d912cf4b55f0f74eccf3b7def7c6144efeba033e9f21d9cdb0230c64" | ||
VITE_PUBLIC_ACCOUNT_CLASS_HASH="0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c" | ||
VITE_PUBLIC_MASTER_ADDRESS="0x127fd5f1fe78a71f8bcd1fec63e3fe2f0486b6ecd5c86a0466c3a21fa5cfcec" | ||
VITE_PUBLIC_MASTER_PRIVATE_KEY="0xc5b2fcab997346f3ea1c00b002ecf6f382c5f9c9659a3894eb783c5320f912" | ||
VITE_PUBLIC_WORLD_ADDRESS="0x320b2713e324fe3125bbc42d85ff69cb3c0908b436fa38a35746dbc45deeb11" | ||
VITE_PUBLIC_ACCOUNT_CLASS_HASH="0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2" | ||
VITE_NETWORK_FEE_TOKEN="0x49d36570d4e46f48e99674bd3fcc84644ddd6b96f7c741b1562b82f9e004dc7" | ||
Comment on lines
+1
to
+4
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💡 Codebase verification Security Concern Confirmed: The Action Items:
🔗 Analysis chainSecurity concern: Sensitive information in environment file The Consider the following recommendations:
To verify if this file is being tracked by git, run the following command: If the file is tracked, consider adding it to .gitignore to prevent accidental commits of sensitive information. 🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Check if .env.sample is tracked by git
git ls-files --error-unmatch client/.env.sample && echo "File is tracked" || echo "File is not tracked"
Length of output: 109 🧰 Tools🪛 Gitleaks
|
||
VITE_EVENT_KEY="0x1a2f334228cee715f1f0f54053bb6b5eac54fa336e0bc1aacf7516decb0471d" | ||
VITE_PUBLIC_TORII="http://localhost:8080" | ||
|
@@ -12,5 +12,9 @@ VITE_PUBLIC_DEV=false | |
VITE_PUBLIC_SHOW_FPS=true | ||
VITE_PUBLIC_GRAPHICS_DEV=false | ||
|
||
VITE_SEASON_PASS_ADDRESS="0x18cd31a545b13597adeafa40979a7456aae9d12bd0b9a9879089ed051402c6c" | ||
VITE_REALMS_ADDRESS="0x57e1cb22f5688a833ceff37d8569297877dd8fc1896e36f1a0c8b2d30b7de85" | ||
VITE_LORDS_ADDRESS="0x5839f41cadbe12678b2e7b67bd6daa5bd54b7b19bdc835c87fe4662dbf7a93c" | ||
|
||
# You will have to change this to your local torii. It will be in the printout. | ||
VITE_PUBLIC_TORII_RELAY="/ip4/0.0.0.0/udp/9091/webrtc-direct/certhash/uEiAN3-ttwg-yphp9ZgqhSCGNsWLXIo0eHEsrLRUzp4SpKg" |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,7 +22,7 @@ export const dojoConfig = createDojoConfig({ | |
masterAddress: VITE_PUBLIC_MASTER_ADDRESS, | ||
masterPrivateKey: VITE_PUBLIC_MASTER_PRIVATE_KEY, | ||
accountClassHash: | ||
VITE_PUBLIC_ACCOUNT_CLASS_HASH || "0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c", | ||
VITE_PUBLIC_ACCOUNT_CLASS_HASH || "0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 💡 Codebase verification Inconsistent
🔗 Analysis chainVerify the new account class hash across the codebase. The To ensure consistency and correctness, please run the following script: Ensure that:
If any inconsistencies are found, please update the relevant files to maintain consistency across the codebase. 🏁 Scripts executedThe following scripts were executed for the analysis: Script: #!/bin/bash
# Description: Verify the new account class hash across the codebase
# Test 1: Check for the new hash in .env files
echo "Checking .env files for the new hash:"
rg "0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2" .env*
# Test 2: Check for any remaining instances of the old hash
echo "Checking for any remaining instances of the old hash:"
rg "0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c"
# Test 3: Verify VITE_PUBLIC_ACCOUNT_CLASS_HASH in .env files
echo "Verifying VITE_PUBLIC_ACCOUNT_CLASS_HASH in .env files:"
rg "VITE_PUBLIC_ACCOUNT_CLASS_HASH" .env*
Length of output: 610 Script: #!/bin/bash
# Description: Comprehensive verification of the account class hash across the entire codebase
# Test 1: Check for the new hash in all files
echo "Checking for the new account class hash in the codebase:"
rg "0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2" --hidden --ignore-dir={node_modules,dist,build}
# Test 2: Check for any remaining instances of the old hash in all files
echo "Checking for any remaining instances of the old account class hash in the codebase:"
rg "0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c" --hidden --ignore-dir={node_modules,dist,build}
# Test 3: Verify all instances of VITE_PUBLIC_ACCOUNT_CLASS_HASH are updated
echo "Verifying all occurrences of VITE_PUBLIC_ACCOUNT_CLASS_HASH in the codebase:"
rg "VITE_PUBLIC_ACCOUNT_CLASS_HASH" --hidden --ignore-dir={node_modules,dist,build}
Length of output: 2187 Script: #!/bin/bash
# Description: Comprehensive verification of the account class hash across the entire codebase with corrected rg commands
# Test 1: Check for the new hash in all files
echo "Checking for the new account class hash in the codebase:"
rg "0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2" --hidden --ignore-dir node_modules --ignore-dir dist --ignore-dir build
# Test 2: Check for any remaining instances of the old account class hash in all files
echo "Checking for any remaining instances of the old account class hash in the codebase:"
rg "0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c" --hidden --ignore-dir node_modules --ignore-dir dist --ignore-dir build
# Test 3: Verify all instances of VITE_PUBLIC_ACCOUNT_CLASS_HASH are updated
echo "Verifying all occurrences of VITE_PUBLIC_ACCOUNT_CLASS_HASH in the codebase:"
rg "VITE_PUBLIC_ACCOUNT_CLASS_HASH" --hidden --ignore-dir node_modules --ignore-dir dist --ignore-dir build
Length of output: 2187 Script: #!/bin/bash
# Description: Comprehensive verification of the account class hash across the entire codebase using --glob to exclude directories
# Test 1: Check for the new account class hash in all files except excluded directories
echo "Checking for the new account class hash in the codebase:"
rg "0x07dc7899aa655b0aae51eadff6d801a58e97dd99cf4666ee59e704249e51adf2" --hidden --glob '!node_modules/**' --glob '!dist/**' --glob '!build/**'
# Test 2: Check for any remaining instances of the old account class hash in all files except excluded directories
echo "Checking for any remaining instances of the old account class hash in the codebase:"
rg "0x05400e90f7e0ae78bd02c77cd75527280470e2fe19c54970dd79dc37a9d3645c" --hidden --glob '!node_modules/**' --glob '!dist/**' --glob '!build/**'
# Test 3: Verify all instances of VITE_PUBLIC_ACCOUNT_CLASS_HASH are updated in all files except excluded directories
echo "Verifying all occurrences of VITE_PUBLIC_ACCOUNT_CLASS_HASH in the codebase:"
rg "VITE_PUBLIC_ACCOUNT_CLASS_HASH" --hidden --glob '!node_modules/**' --glob '!dist/**' --glob '!build/**'
Length of output: 2251 |
||
feeTokenAddress: VITE_PUBLIC_FEE_TOKEN_ADDRESS || "0x49d36570d4e46f48e99674bd3fcc84644ddd6b96f7c741b1562b82f9e004dc7", | ||
manifest, | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🛠️ Refactor suggestion
Consider using the SCARB_VERSION environment variable.
The
SCARB_VERSION
environment variable is defined but not explicitly used in the workflow steps. To ensure consistency and make version updates easier, consider using this variable in the setup steps.Update the Scarb setup step to use the environment variable:
- uses: software-mansion/setup-scarb@v1 with: + scarb-version: ${{ env.SCARB_VERSION }} tool-versions: season_pass/contracts/.tool-versions
📝 Committable suggestion