Miscellaneous improvements from the Veridise audit #1784
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
env: | |
CARGO_NET_GIT_FETCH_WITH_CLI: true | |
INFURA_API_KEY: '${{ secrets.INFURA_API_KEY }}' | |
USER_PRIVATE_KEY: '${{ secrets.USER_PRIVATE_KEY }}' | |
ETHERSCAN_API_KEY: '${{ secrets.ETHERSCAN_API_KEY }}' | |
ETHEREUM_MAINNET_RPC: https://eth.llamarpc.com | |
jobs: | |
Linter: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run yarn format check | |
run: nix develop -c yarn format:check | |
Build_All: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Build all | |
run: nix develop -c yarn check:build | |
# EOS_Relayer_Test: | |
# runs-on: self-hosted | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: recursive | |
# - name: Use local my-action | |
# uses: ./.github/actions/setup | |
# with: | |
# cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
# - name: Run Verifier in EOS - Relayer test | |
# run: nix develop -c yarn test './tests/eosLightClient/test-verifier-in-EOS-relay.ts' | |
Solidity_Validators_Accumulator_Test: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run Solidity Validators accumulator tests | |
run: nix develop -c make test-validator-accumulator | |
# Nim_Light_Client_Compiled_with_Emsctipten_Tests: | |
# runs-on: self-hosted | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: recursive | |
# - name: Use local my-action | |
# uses: ./.github/actions/setup | |
# with: | |
# cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
# | |
# - name: Run Nim Light Client compiled with emsctipten tests | |
# run: nix develop -c yarn test-emcc './tests/test-nim-to-wasm.ts' 'test-nim-light-client.ts' | |
Nim_Light_Client_Clang_Test: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run Nim Light Client compiled with clang tests | |
run: nix develop -c yarn test './tests/test-nim-to-wasm.ts' 'test-nim-light-client.ts' | |
Nim_Groth16_Verifier_Tests: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run Nim groth16 verifier tests | |
run: nix develop -c make test-groth16-verifier | |
# Disable temporary till we find way to have docker in local setup | |
# Run_Light_Client_In_Cosmos_Test: | |
# runs-on: self-hosted | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: recursive | |
# - name: Use local my-action | |
# uses: ./.github/actions/setup | |
# with: | |
# cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
# - name: Run Light Client in Cosmos test | |
# run: nix develop -c yarn test './tests/cosmosLightClient/test-nim-light-client-in-cosmos.ts' | |
# Run_Verifier_In_Cosmos_Test: | |
# runs-on: self-hosted | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: recursive | |
# - name: Use local my-action | |
# uses: ./.github/actions/setup | |
# with: | |
# cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
# - name: Run Verifier in Cosmos test | |
# run: nix develop -c yarn test './tests/cosmosLightClient/test-verifier-in-cosmos.ts' | |
# Run_Verifier_In_Cosmos_Relay_Tests: | |
# runs-on: self-hosted | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# submodules: recursive | |
# - name: Use local my-action | |
# uses: ./.github/actions/setup | |
# with: | |
# cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
# - name: Run Verifier in Cosmos - Relayer test | |
# run: nix develop -c yarn test './tests/cosmosLightClient/test-verifier-in-cosmos-relay.ts' | |
Run_Circom_Tests: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run circom tests | |
run: nix develop -c make test-circom-circuits | |
Run_Plonky2_Tests: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run plonky2 circuit tests | |
run: nix develop -c make test-plonky2-circuits | |
Run_Verify_Given_Proof: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run Verify given proof - test using bncurve and constantine | |
run: nix develop -c nim c -r 'tests/verify_proof/verify_given_proof_test.nim' | |
Run_Verify_Given_Proof_ffJS: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run Verify given proof - test using ffJavascript | |
run: nix develop -c yarn test ./tests/verify_proof/verify_given_proof_test.ts | |
Solidity_Verifier_Tests: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run Solidity verifier tests | |
run: nix develop -c make evm-simulation | |
OneShot_Syncing_Simulation: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run one shot syncing simulation | |
run: nix develop -c make one-shot-syncing-simulation | |
Bash_Scripts_Building_Circom_Circuits: | |
runs-on: self-hosted | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Use local my-action | |
uses: ./.github/actions/setup | |
with: | |
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Run one of the scripts building the circom circuits | |
run: nix develop -c ./scripts/build-circom-compress-circuits.sh | |
check: | |
if: always() | |
needs: | |
- Linter | |
# - EOS_Relayer_Test | |
- Solidity_Validators_Accumulator_Test | |
# - Nim_Light_Client_Compiled_with_Emsctipten_Tests | |
- Nim_Light_Client_Clang_Test | |
- Nim_Groth16_Verifier_Tests | |
# - Run_Light_Client_In_Cosmos_Test | |
# - Run_Verifier_In_Cosmos_Test | |
- Run_Circom_Tests | |
# - Run_Verifier_In_Cosmos_Relay_Tests | |
- Run_Verify_Given_Proof | |
- Run_Verify_Given_Proof_ffJS | |
- Solidity_Verifier_Tests | |
- OneShot_Syncing_Simulation | |
- Run_Plonky2_Tests | |
runs-on: self-hosted | |
steps: | |
- name: Check if any job failed or was cancelled | |
if: >- | |
${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
run: exit 1 | |
- name: Success | |
if: >- | |
${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }} | |
run: echo "All dependent jobs succeeded!" |