Governance Checks #1514
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Governance Checks | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| on: | |
| schedule: | |
| - cron: "0 */2 * * *" | |
| push: | |
| paths-ignore: | |
| - "reports/**" | |
| - "README.md" | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| tree: | |
| name: Refresh tree | |
| runs-on: ubuntu-latest | |
| env: | |
| TENDERLY_ACCESS_TOKEN: ${{ secrets.TENDERLY_ACCESS_TOKEN }} | |
| TENDERLY_PROJECT_SLUG: ${{ secrets.TENDERLY_PROJECT_SLUG }} | |
| TENDERLY_ACCOUNT: ${{ secrets.TENDERLY_ACCOUNT }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: bgd-labs/github-workflows/.github/actions/setup-node@main | |
| - uses: bgd-labs/action-rpc-env@main | |
| with: | |
| ALCHEMY_API_KEY: ${{ secrets.ALCHEMY_API_KEY }} | |
| QUICKNODE_TOKEN: ${{ secrets.QUICKNODE_TOKEN }} | |
| QUICKNODE_ENDPOINT_NAME: ${{ secrets.QUICKNODE_ENDPOINT_NAME }} | |
| - name: tree building | |
| run: bun run ci:tree | |
| - name: check diff | |
| run: | | |
| if [[ -z $(git status -s) ]] | |
| then | |
| echo "tree is clean" | |
| else | |
| git config --global user.name 'Cache bot' | |
| git config --global user.email '[email protected]' | |
| git config --global pull.rebase true | |
| git pull origin main --rebase --autostash | |
| git add . | |
| git commit -am "fix(cache): automatic cache update :robot:" | |
| git push | |
| fi | |
| payloads: | |
| needs: [tree] | |
| strategy: | |
| matrix: | |
| chainId: | |
| [ | |
| 1, | |
| 10, | |
| 56, | |
| 100, | |
| 137, | |
| 146, | |
| 324, | |
| 1088, | |
| 8453, | |
| 42161, | |
| 42220, | |
| 43114, | |
| 59144, | |
| 534352, | |
| ] | |
| name: Check all live payloads | |
| runs-on: ubuntu-latest | |
| env: | |
| FOUNDRY_PROFILE: ci | |
| ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} | |
| TENDERLY_ACCESS_TOKEN: ${{ secrets.TENDERLY_ACCESS_TOKEN }} | |
| TENDERLY_PROJECT_SLUG: ${{ secrets.TENDERLY_PROJECT_SLUG }} | |
| TENDERLY_ACCOUNT: ${{ secrets.TENDERLY_ACCOUNT }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| ref: main | |
| - uses: bgd-labs/github-workflows/.github/actions/setup-node@main | |
| - uses: bgd-labs/action-rpc-env@main | |
| with: | |
| ALCHEMY_API_KEY: ${{ secrets.ALCHEMY_API_KEY }} | |
| QUICKNODE_TOKEN: ${{ secrets.QUICKNODE_TOKEN }} | |
| QUICKNODE_ENDPOINT_NAME: ${{ secrets.QUICKNODE_ENDPOINT_NAME }} | |
| - name: Install Foundry | |
| uses: bgd-labs/foundry-zksync-toolchain@340cea9a42119d9a77a6bb0a8236d4311582b709 | |
| with: | |
| version: nightly | |
| - name: scheduled ${{ matrix.chainId }} | |
| id: all | |
| run: bun run ci:simulate --chainId ${{ matrix.chainId }} | |
| env: | |
| ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }} | |
| TENDERLY_ACCESS_TOKEN: ${{ secrets.TENDERLY_ACCESS_TOKEN }} | |
| TENDERLY_PROJECT_SLUG: ${{ secrets.TENDERLY_PROJECT_SLUG }} | |
| TENDERLY_ACCOUNT: ${{ secrets.TENDERLY_ACCOUNT }} | |
| - name: check diff | |
| id: diff | |
| run: | | |
| if [[ -z $(git status -s) ]] | |
| then | |
| echo "tree is clean" | |
| else | |
| git add . | |
| git diff --cached > ${{ matrix.chainId }}.patch | |
| echo "diff=true" >> $GITHUB_OUTPUT | |
| fi | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ steps.diff.outputs.diff == 'true' }} | |
| with: | |
| # Name of the artifact to upload. | |
| # Optional. Default is 'artifact' | |
| name: ${{ matrix.chainId }}_patch | |
| # A file, directory or wildcard pattern that describes what to upload | |
| # Required. | |
| path: ${{ matrix.chainId }}.patch | |
| # Duration after which artifact will expire in days. 0 means using default retention. | |
| # Minimum 1 day. | |
| # Maximum 90 days unless changed from the repository settings page. | |
| # Optional. Defaults to repository settings. | |
| retention-days: 1 | |
| - name: Post to a Slack channel | |
| id: slack | |
| if: failure() | |
| uses: slackapi/[email protected] | |
| with: | |
| # Slack channel id, channel name, or user id to post message. | |
| # See also: https://api.slack.com/methods/chat.postMessage#channels | |
| channel-id: "C068J77L8JG" | |
| # For posting a rich message using Block Kit | |
| payload: | | |
| { | |
| "text": "GitHub Action build result: ${{ job.status }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "GitHub Action build result: ${{ job.status }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| report: | |
| needs: ["payloads"] | |
| name: Commit actual changes | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| # Destination path. Supports basic tilde expansion. | |
| # Optional. Default is $GITHUB_WORKSPACE | |
| path: /tmp/patches | |
| # When multiple artifacts are matched, this changes the behavior of the destination directories. | |
| # If true, the downloaded artifacts will be in the same directory specified by path. | |
| # If false, the downloaded artifacts will be extracted into individual named directories within the specified path. | |
| # Optional. Default is 'false' | |
| merge-multiple: true | |
| - name: check diff | |
| run: | | |
| if [ -z "$( ls -A '/tmp/patches' )" ] | |
| then | |
| echo "tree is clean" | |
| else | |
| git apply /tmp/patches/*.patch | |
| git config --global user.name 'Cache bot' | |
| git config --global user.email '[email protected]' | |
| git add . | |
| git commit -am "fix(cache): automatic cache update :robot:" | |
| git push | |
| exit | |
| fi |