chore(deps): update rlespinasse/github-slug-action action to v5 - autoclosed #193

Workflow file for this run

.github/workflows/solidity.yml at 6dc0182

	name: Solidity

	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main
	tags:
	- "v*"

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	actions: write
	checks: write
	contents: write
	deployments: write
	id-token: write
	issues: write
	discussions: write
	packages: write
	pages: write
	pull-requests: write
	repository-projects: write
	security-events: write
	statuses: write

	jobs:
	codescanning:
	name: Code Scanning
	#runs-on: ubuntu-latest
	runs-on: namespace-profile-btp-scs
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Install canvas dependencies
	run: \|
	sudo apt-get update
	sudo apt-get install -y build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev

	- uses: crytic/slither-action@v0.4.0
	id: slither
	with:
	sarif: slither.sarif
	slither-args: --filter-paths "lib/" --filter-paths "node_modules/"
	solc-version: ${{ vars.SOL_VERSION \|\| '0.8.27' }}
	fail-on: none

	- name: Upload findings to GitHub Advanced Security Dashboard
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{ steps.slither.outputs.sarif }}
	if: always()

	test:
	services:
	foundry:
	image: ghcr.io/settlemint/btp-anvil-test-node:latest
	ports:
	- '8545:8545'
	name: Build Set
	#runs-on: ubuntu-latest
	runs-on: namespace-profile-btp-scs
	steps:
	- name: Checkout
	uses: namespacelabs/nscloud-checkout-action@v5
	with:
	submodules: recursive
	token: ${{ secrets.PAT_TOKEN }}

	- name: Setup caches
	uses: namespacelabs/nscloud-cache-action@v1
	with:
	path: \|
	./node_modules
	~/.npm

	- name: Install Foundry
	uses: foundry-rs/foundry-toolchain@v1
	with:
	version: nightly

	- uses: actions/setup-node@v4
	with:
	node-version: 20

	- name: Install Node dependencies
	run: npm install

	- name: Install circom
	if: github.repository == 'settlemint/solidity-zeto'
	run: \|
	curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf \| sh -s -- -y
	git clone https://github.com/iden3/circom.git
	cd circom
	cargo build --release
	cargo install --path circom

	- name: Install snarkjs
	if: github.repository == 'settlemint/solidity-zeto'
	run: \|
	npm install -g snarkjs@latest

	- name: Install zeto
	if: github.repository == 'settlemint/solidity-zeto'
	run: \|
	git clone https://github.com/victoryeo/zeto.git
	cd zeto
	cd zkp/circuits
	npm install
	cd ..
	circom circuits/anon_enc_nullifier.circom --output ./js/lib --sym --wasm
	circom circuits/anon_enc.circom --output ./js/lib --sym --wasm
	circom circuits/anon_nullifier.circom --output ./js/lib --sym --wasm
	circom circuits/anon.circom --output ./js/lib --sym --wasm
	circom circuits/check-nullifiers.circom --output ./js/lib --sym --wasm
	circom circuits/nf_anon_nullifier.circom --output ./js/lib --sym --wasm
	circom circuits/nf_anon.circom --output ./js/lib --sym --wasm

	- name: Create folders
	if: github.repository == 'settlemint/solidity-zeto'
	run: \|
	mkdir -p ./zeto/proving-keys
	mkdir -p ./zeto/contracts-lib

	- name: Download ptau
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/proving-keys/
	run: \|
	wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_12.ptau
	wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_13.ptau
	wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_16.ptau
	wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_11.ptau
	wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_15.ptau

	- name: Generate R1CS circuit format
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/zkp/
	run: \|
	circom circuits/anon_enc_nullifier.circom --output ../proving-keys --r1cs
	circom circuits/anon_enc.circom --output ../proving-keys --r1cs
	circom circuits/anon_nullifier.circom --output ../proving-keys --r1cs
	circom circuits/anon.circom --output ../proving-keys --r1cs
	circom circuits/check-nullifiers.circom --output ../proving-keys --r1cs
	circom circuits/nf_anon_nullifier.circom --output ../proving-keys --r1cs
	circom circuits/nf_anon.circom --output ../proving-keys --r1cs

	- name: Generate proving keys
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/zkp/
	run: \|
	snarkjs groth16 setup ../proving-keys/anon.r1cs ../proving-keys/powersOfTau28_hez_final_12.ptau ../proving-keys/anon.zkey
	snarkjs groth16 setup ../proving-keys/anon_enc.r1cs ../proving-keys/powersOfTau28_hez_final_13.ptau ../proving-keys/anon_enc.zkey
	snarkjs groth16 setup ../proving-keys/anon_nullifier.r1cs ../proving-keys/powersOfTau28_hez_final_16.ptau ../proving-keys/anon_nullifier.zkey
	snarkjs groth16 setup ../proving-keys/anon_enc_nullifier.r1cs ../proving-keys/powersOfTau28_hez_final_16.ptau ../proving-keys/anon_enc_nullifier.zkey
	snarkjs groth16 setup ../proving-keys/nf_anon.r1cs ../proving-keys/powersOfTau28_hez_final_11.ptau ../proving-keys/nf_anon.zkey
	snarkjs groth16 setup ../proving-keys/nf_anon_nullifier.r1cs ../proving-keys/powersOfTau28_hez_final_15.ptau ../proving-keys/nf_anon_nullifier.zkey

	- name: Per-circuit set up ceremony on proving keys
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/zkp/
	run: \|
	snarkjs zkey contribute ../proving-keys/anon.zkey ../proving-keys/anon_new.zkey --name="contribution" -v -e="random entropy"
	snarkjs zkey contribute ../proving-keys/anon_enc.zkey ../proving-keys/anon_enc_new.zkey --name="contribution" -v -e="random entropy"
	snarkjs zkey contribute ../proving-keys/anon_nullifier.zkey ../proving-keys/anon_nullifier_new.zkey --name="contribution" -v -e="random entropy"
	snarkjs zkey contribute ../proving-keys/anon_enc_nullifier.zkey ../proving-keys/anon_enc_nullifier_new.zkey --name="contribution" -v -e="random entropy"
	snarkjs zkey contribute ../proving-keys/nf_anon.zkey ../proving-keys/nf_anon_new.zkey --name="contribution" -v -e="random entropy"
	snarkjs zkey contribute ../proving-keys/nf_anon_nullifier.zkey ../proving-keys/nf_anon_nullifier_new.zkey --name="contribution" -v -e="random entropy"

	- name: Generate verfication keys
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/zkp/
	run: \|
	snarkjs zkey export verificationkey ../proving-keys/anon_new.zkey ../proving-keys/anon-vkey.json
	snarkjs zkey export verificationkey ../proving-keys/anon_enc_new.zkey ../proving-keys/anon_enc-vkey.json
	snarkjs zkey export verificationkey ../proving-keys/anon_nullifier_new.zkey ../proving-keys/anon_nullifier-vkey.json
	snarkjs zkey export verificationkey ../proving-keys/anon_enc_nullifier_new.zkey ../proving-keys/anon_enc_nullifier-vkey.json
	snarkjs zkey export verificationkey ../proving-keys/nf_anon_new.zkey ../proving-keys/nf_anon-vkey.json
	snarkjs zkey export verificationkey ../proving-keys/nf_anon_nullifier_new.zkey ../proving-keys/nf_anon_nullifier-vkey.json

	- name: Generate solidity verifier library
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/zkp/
	run: \|
	snarkjs zkey export solidityverifier ../proving-keys/anon_new.zkey ../contracts-lib/verifier_anon.sol
	snarkjs zkey export solidityverifier ../proving-keys/anon_enc_new.zkey ../contracts-lib/verifier_anon_enc.sol
	snarkjs zkey export solidityverifier ../proving-keys/anon_nullifier_new.zkey ../contracts-lib/verifier_anon_nullifier.sol
	snarkjs zkey export solidityverifier ../proving-keys/anon_enc_nullifier_new.zkey ../contracts-lib/verifier_anon_enc_nullifier.sol
	snarkjs zkey export solidityverifier ../proving-keys/nf_anon_new.zkey ../contracts-lib/verifier_nf_anon.sol
	snarkjs zkey export solidityverifier ../proving-keys/nf_anon_nullifier_new.zkey ../contracts-lib/verifier_nf_anon_nullifier.sol

	- name: Edit solidity files
	if: github.repository == 'settlemint/solidity-zeto'
	working-directory: zeto/contracts-lib/
	run: \|
	sed 's/Groth16Verifier/Groth16Verifier_Anon/' verifier_anon.sol > ../solidity/contracts/lib/verifier_anon.sol
	sed 's/Groth16Verifier/Groth16Verifier_AnonEnc/' verifier_anon_enc.sol > ../solidity/contracts/lib/verifier_anon_enc.sol
	sed 's/Groth16Verifier/Groth16Verifier_AnonNullifier/' verifier_anon_nullifier.sol > ../solidity/contracts/lib/verifier_anon_nullifier.sol
	sed 's/Groth16Verifier/Groth16Verifier_AnonEncNullifier/' verifier_anon_enc_nullifier.sol > ../solidity/contracts/lib/verifier_anon_enc_nullifier.sol
	sed 's/Groth16Verifier/Groth16Verifier_NFAnon/' verifier_nf_anon.sol > ../solidity/contracts/lib/verifier_nf_anon.sol
	sed 's/Groth16Verifier/Groth16Verifier_NFAnonNullifier/' verifier_nf_anon_nullifier.sol > ../solidity/contracts/lib/verifier_nf_anon_nullifier.sol

	- name: Run Forge build
	run: \|
	forge --version
	forge build --sizes

	- name: Run Hardhat build
	run: \|
	npx hardhat compile

	- name: Run Forge tests
	run: \|
	forge test -vvv

	- name: Run Hardhat test
	run: \|
	npx hardhat test

	- name: Setup LCOV
	if: github.ref_name != 'main'
	uses: hrishikesh-kadam/setup-lcov@v1

	- name: Run Forge Coverage
	if: github.ref_name != 'main'
	run: \|
	forge coverage --report lcov --report summary
	id: coverage

	- name: Deploy to the local node
	run: \|
	npx hardhat ignition deploy --network localhost ignition/modules/main.ts

	- name: Install YQ
	uses: alexellis/arkade-get@master
	with:
	print-summary: false
	yq: latest

	- name: Build the subgraph
	run: \|
	if [ ! -d "subgraph" ] \|\| [ -z "$(ls -A subgraph)" ]; then
	echo "Subgraph directory is missing or empty"
	exit 0
	fi
	if [ -f "subgraph/subgraph.config.json" ]; then
	npx graph-compiler --config subgraph/subgraph.config.json --include node_modules/@openzeppelin/subgraphs/src/datasources subgraph/datasources --export-schema --export-subgraph
	yq -i e '.specVersion = "1.2.0"' generated/scs.subgraph.yaml
	yq -i e '.features = ["nonFatalErrors", "fullTextSearch", "ipfsOnEthereumContracts"]' generated/scs.subgraph.yaml
	yq -i e '.dataSources[].mapping.apiVersion = "0.0.7"' generated/scs.subgraph.yaml
	yq -i e '.dataSources[].network = "localhost"' generated/scs.subgraph.yaml
	yq -i e '.templates[].mapping.apiVersion = "0.0.7"' generated/scs.subgraph.yaml
	yq -i e '.templates[].network = "localhost"' generated/scs.subgraph.yaml
	npx graph codegen generated/scs.subgraph.yaml
	npx graph build --ipfs=https://ipfs.network.thegraph.com generated/scs.subgraph.yaml \| tee build_output.txt
	else
	cd subgraph
	npx graph codegen subgraph.yaml
	npx graph build --ipfs=https://ipfs.network.thegraph.com subgraph.yaml \| tee build_output.txt

	cat build_output.txt

	# Extract and process IPFS hashes from the file
	ipfs_hashes=$(grep -oP 'Qm[a-zA-Z0-9]{44}' build_output.txt)

	echo "IPFS hashes: $ipfs_hashes"

	for hash in $ipfs_hashes; do
	echo "Processing IPFS hash: $hash"
	echo "Pinning $hash to Infura"
	curl -s -X POST -u "${{ secrets.INFURA_IPFS_API_KEY }}:${{ secrets.INFURA_IPFS_API_SECRET }}" "https://ipfs.infura.io:5001/api/v0/pin/add?arg=$hash" \|\| true
	echo "Pinning $hash to Chainstack"
	curl -s --request POST --url https://api.chainstack.com/v1/ipfs/pins/pinbycid --header 'accept: application/json' --header 'authorization: Bearer ${{ secrets.CHAINSTACK_API_KEY }}' --header 'content-type: application/json' --data "{\"bucket_id\": \"BUCK-8412-8292-8457\", \"cid\": \"$hash\"}" \|\| true
	done

	# Write IPFS hashes to a file
	echo "$ipfs_hashes" \| sed 's/^/"/;s/$/"/' \| paste -sd ',' > ipfs_hashes.txt
	fi


	- name: Report code coverage
	if: github.event_name == 'pull_request'
	uses: zgosalvez/github-actions-report-lcov@v4.1.19
	continue-on-error: true
	with:
	coverage-files: lcov.info
	github-token: ${{ secrets.GITHUB_TOKEN }}
	update-comment: true

	- name: Inject slug/short variables
	uses: rlespinasse/github-slug-action@v5

	- name: Package version
	id: package-version
	run: \|
	OLD_VERSION=$(jq -r '.version' package.json)
	echo "Old version: $OLD_VERSION"
	if [[ $GITHUB_REF_SLUG =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
	VERSION=$(echo $GITHUB_REF_SLUG \| sed 's/^v//')
	echo "TAG=latest" >> $GITHUB_ENV
	elif [[ $GITHUB_REF_NAME == "main" ]]; then
	VERSION="${OLD_VERSION}-main$(echo $GITHUB_SHA_SHORT \| sed 's/^v//')"
	echo "TAG=main" >> $GITHUB_ENV
	else
	VERSION="${OLD_VERSION}-pr$(echo $GITHUB_SHA_SHORT \| sed 's/^v//')"
	echo "TAG=pr" >> $GITHUB_ENV
	fi
	echo "VERSION=$VERSION" >> $GITHUB_ENV
	echo "Updating version to $VERSION"
	jq --arg version "$VERSION" '.version = $version' package.json > package.json.tmp && mv package.json.tmp package.json

	echo "Updated version to $VERSION"

	- name: Install zsh
	run: \|
	sudo apt-get update
	sudo apt-get install -y zsh

	- name: Verify zsh installation
	run: \|
	zsh --version
	which zsh

	- name: Generate README.md
	if: github.repository == 'settlemint/solidity-predeployed'
	run: \|
	rm -Rf README.md
	cp .github/BASE.md README.md
	./genesis-output
	echo "" >> README.md
	echo "\`\`\`json" >> README.md
	cat all_allocations.json >> README.md
	echo "\`\`\`" >> README.md
	cat all_allocations.json

	- name: Add IPFS hashes to README if exists
	run: \|
	if [ -f ipfs_hashes.txt ]; then
	echo "" >> README.md
	echo "## IPFS Hashes" >> README.md
	echo "\`\`\`" >> README.md
	cat ipfs_hashes.txt >> README.md
	echo "\`\`\`" >> README.md
	fi

	- uses: JS-DevTools/npm-publish@v3
	with:
	token: ${{ secrets.NPM_TOKEN }}
	package: ./package.json
	access: public
	provenance: false
	strategy: all
	tag: ${{ env.TAG }}

	- name: Create or update a comment
	if: ${{ github.event_name == 'pull_request' }}
	uses: taoliujun/action-unique-comment@v1
	with:
	uniqueIdentifier: ${{ github.workflow }}
	body: \|
	# 📦 Packages
	\| Package \| Install \|
	\| ------- \| -------------------- \|
	\| React \| `npm i @${{ github.repository_owner }}/${{ github.repository }}@${{ env.VERSION }}` \|

	- uses: stefanzweifel/git-auto-commit-action@v5
	if: ${{ env.TAG == 'latest' }}
	with:
	commit_message: "chore: update package versions [skip ci]"
	branch: main
	file_pattern: 'package.json README.md'

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Install Cosign
	uses: sigstore/cosign-installer@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker meta
	id: docker_meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/${{ github.repository }}
	tags: \|
	type=schedule
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=sha

	- name: Build and push
	uses: docker/build-push-action@v6
	id: build-and-push
	with:
	platforms: linux/amd64,linux/arm64
	provenance: true
	sbom: true
	push: true
	load: false
	tags: ${{ steps.docker_meta.outputs.tags }}
	labels: ${{ steps.docker_meta.outputs.labels }}
	no-cache: true


	- name: Sign the images with GitHub OIDC Token
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	TAGS: ${{ steps.docker_meta.outputs.tags }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes ${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update rlespinasse/github-slug-action action to v5 - autoclosed #193

Workflow file

chore(deps): update rlespinasse/github-slug-action action to v5 - autoclosed #193

Jobs

Run details

Workflow file for this run