fix: bind disclosure proof inputs #175
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ZeroID CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| permissions: | |
| contents: read | |
| env: | |
| NODE_VERSION: "20" | |
| RUST_VERSION: "1.85" | |
| GO_VERSION: "1.25.8" | |
| jobs: | |
| # =========================================================================== | |
| # SECURITY | |
| # =========================================================================== | |
| security-scan: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| cache-dependency-path: | | |
| package-lock.json | |
| backend/package-lock.json | |
| - run: npm ci | |
| - name: Install backend dependencies | |
| working-directory: ./backend | |
| run: npm ci | |
| - name: Validate ZK circuit schema manifest | |
| run: npm run circuits:validate | |
| - name: Validate enterprise route schemas | |
| run: npm run routes:validate | |
| - name: Validate workflow action pinning | |
| run: npm run workflows:validate | |
| - name: NPM Security Audit | |
| run: npm run security:audit:all | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| - name: Install cargo-audit | |
| uses: taiki-e/install-action@e1c4cd42111751368541a7cb5db3522bd1f846a4 | |
| with: | |
| tool: cargo-audit | |
| - name: Rust Security Audit | |
| working-directory: ./crates/zeroid-tee | |
| run: cargo audit --deny warnings | |
| - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@latest | |
| - name: Go Vulnerability Audit | |
| working-directory: ./sdk/go | |
| run: $(go env GOPATH)/bin/govulncheck ./... | |
| # =========================================================================== | |
| # LINT & TYPE-CHECK | |
| # =========================================================================== | |
| lint-format: | |
| name: Lint & Format | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| - run: npm ci | |
| - run: npm run lint | |
| - run: npm run type-check | |
| - run: npm run format:check | |
| # =========================================================================== | |
| # FRONTEND TESTS | |
| # =========================================================================== | |
| test-frontend: | |
| name: Frontend Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| - run: npm ci | |
| - run: npm run test:ci | |
| - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 | |
| with: | |
| files: ./coverage/lcov.info | |
| flags: frontend | |
| continue-on-error: true | |
| # =========================================================================== | |
| # BACKEND TESTS | |
| # =========================================================================== | |
| test-backend: | |
| name: Backend Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| - run: npm ci | |
| - name: Install backend dependencies | |
| working-directory: ./backend | |
| run: npm ci | |
| - name: Run backend tests | |
| working-directory: ./backend | |
| run: npm test | |
| # =========================================================================== | |
| # SMART CONTRACT TESTS | |
| # =========================================================================== | |
| test-contracts: | |
| name: Contract Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| - run: npm ci | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@c7450ba673e133f5ee30098b3b54f444d3a2ca2d | |
| - name: Compile contracts | |
| run: forge build | |
| - name: Run Forge tests | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| forge test -vv \ | |
| --no-match-contract 'AccumulatorRevocation(Fuzz|Invariant)Test' | |
| else | |
| forge test -vv | |
| fi | |
| # =========================================================================== | |
| # RUST TEE CRATE | |
| # =========================================================================== | |
| test-rust: | |
| name: Rust TEE Crate | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 | |
| with: | |
| toolchain: ${{ env.RUST_VERSION }} | |
| components: rustfmt, clippy | |
| - name: Install cargo-audit | |
| uses: taiki-e/install-action@e1c4cd42111751368541a7cb5db3522bd1f846a4 | |
| with: | |
| tool: cargo-audit | |
| - name: Check formatting | |
| working-directory: ./crates/zeroid-tee | |
| run: cargo fmt -- --check | |
| - name: Run Clippy | |
| working-directory: ./crates/zeroid-tee | |
| run: cargo clippy --all-targets -- -D clippy::correctness -W clippy::suspicious -A unused-imports -A unused-variables -A clippy::new-without-default | |
| - name: Run tests | |
| working-directory: ./crates/zeroid-tee | |
| run: cargo test | |
| - name: Run cargo audit | |
| working-directory: ./crates/zeroid-tee | |
| run: cargo audit --deny warnings | |
| # =========================================================================== | |
| # GO SDK TESTS | |
| # =========================================================================== | |
| test-go: | |
| name: Go SDK Tests | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@latest | |
| - name: Run Go tests | |
| working-directory: ./sdk/go | |
| run: go test ./... | |
| - name: Run govulncheck | |
| working-directory: ./sdk/go | |
| run: $(go env GOPATH)/bin/govulncheck ./... | |
| # =========================================================================== | |
| # PRODUCTION IMAGE | |
| # =========================================================================== | |
| test-docker: | |
| name: Production Image Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - name: Build frontend production image | |
| run: docker build --pull --progress=plain -t zeroid-frontend:${{ github.sha }} . | |
| # =========================================================================== | |
| # BUILD | |
| # =========================================================================== | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| needs: | |
| [ | |
| security-scan, | |
| lint-format, | |
| test-frontend, | |
| test-backend, | |
| test-contracts, | |
| test-rust, | |
| test-go, | |
| test-docker, | |
| ] | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 | |
| - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: "npm" | |
| - run: npm ci | |
| - run: npm run build |