chore(deps): update zgosalvez/github-actions-report-lcov action to v4.1.11 - autoclosed #27

Workflow file for this run

.github/workflows/solidity.yml at 698f1f1

	name: Branch

	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main
	tags:
	- "v*"

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	actions: write
	checks: write
	contents: write
	deployments: write
	id-token: write
	issues: write
	discussions: write
	packages: write
	pages: write
	pull-requests: write
	repository-projects: write
	security-events: write
	statuses: write

	jobs:
	codescanning:
	name: Code Scanning
	#runs-on: ubuntu-latest
	runs-on: namespace-profile-btp-scs
	container:
	image: returntocorp/semgrep
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Install canvas dependencies
	run: \|
	apk update
	apk add --no-cache cairo-dev jpeg-dev pango-dev giflib-dev build-base g++ pkgconfig

	- name: Fetch semgrep rules
	uses: actions/checkout@v4
	with:
	repository: decurity/semgrep-smart-contracts
	path: rules

	- run: semgrep ci --sarif --output=semgrep.sarif \|\| true
	env:
	SEMGREP_RULES: rules/solidity/security rules/solidity/performance

	- uses: crytic/slither-action@v0.4.0
	id: slither
	with:
	sarif: slither.sarif
	slither-args: --filter-paths "lib/" --filter-paths "node_modules/"
	solc-version: 0.8.24
	fail-on: none

	- name: Upload findings to GitHub Advanced Security Dashboard
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: semgrep.sarif
	if: always()

	- name: Upload findings to GitHub Advanced Security Dashboard
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{ steps.slither.outputs.sarif }}
	if: always()

	test:
	services:
	foundry:
	image: ghcr.io/settlemint/btp-anvil-test-node:latest
	ports:
	- '8545:8545'
	name: Test
	#runs-on: ubuntu-latest
	runs-on: namespace-profile-btp-scs
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Install Foundry
	uses: foundry-rs/foundry-toolchain@v1
	with:
	version: nightly

	- uses: actions/setup-node@v4
	with:
	node-version: 20

	- name: Install Node dependencies
	run: npm install

	- name: Run Forge build
	run: \|
	forge --version
	forge build --sizes

	- name: Run Hardhat build
	run: \|
	npx hardhat compile

	- name: Run Forge tests
	run: \|
	forge test -vvv

	- name: Run Hardhat test
	run: \|
	npx hardhat test

	- name: Setup LCOV
	if: github.ref_name != 'main'
	uses: hrishikesh-kadam/setup-lcov@v1

	- name: Run Forge Coverage
	if: github.ref_name != 'main'
	run: \|
	forge coverage --report lcov --report summary
	id: coverage

	- name: Deploy to the local node
	run: \|
	npx hardhat ignition deploy --network localhost ignition/modules/main.ts

	- name: Install YQ
	uses: alexellis/arkade-get@master
	with:
	print-summary: false
	yq: latest

	- name: Build the subgraph
	run: \|
	if [ ! -d "subgraph" ] \|\| [ -z "$(ls -A subgraph)" ]; then
	echo "Subgraph directory is missing or empty"
	exit 0
	fi
	npx graph-compiler --config subgraph/subgraph.config.json --include node_modules/@openzeppelin/subgraphs/src/datasources subgraph/datasources --export-schema --export-subgraph
	yq -i e '.specVersion = "1.2.0"' generated/scs.subgraph.yaml
	yq -i e '.features = ["nonFatalErrors", "fullTextSearch", "ipfsOnEthereumContracts"]' generated/scs.subgraph.yaml
	yq -i e '.dataSources[].mapping.apiVersion = "0.0.7"' generated/scs.subgraph.yaml
	yq -i e '.dataSources[].network = "localhost"' generated/scs.subgraph.yaml
	yq -i e '.templates[].mapping.apiVersion = "0.0.7"' generated/scs.subgraph.yaml
	yq -i e '.templates[].network = "localhost"' generated/scs.subgraph.yaml
	npx graph codegen generated/scs.subgraph.yaml
	npx graph build generated/scs.subgraph.yaml

	- name: Report code coverage
	if: github.ref_name != 'main'
	uses: zgosalvez/github-actions-report-lcov@v4.1.10
	with:
	coverage-files: lcov.info
	minimum-coverage: 90
	github-token: ${{ secrets.GITHUB_TOKEN }}
	update-comment: true

	docker:
	needs:
	- test
	name: Docker
	#runs-on: ubuntu-latest
	runs-on: namespace-profile-btp-scs
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Install Cosign
	uses: sigstore/cosign-installer@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker meta
	id: docker_meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	ghcr.io/${{ github.repository }}
	tags: \|
	type=schedule
	type=ref,event=branch
	type=ref,event=pr
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	type=sha

	- name: Build and push
	uses: docker/build-push-action@v6
	id: build-and-push
	with:
	platforms: linux/amd64,linux/arm64
	provenance: true
	sbom: true
	push: true
	load: false
	tags: ${{ steps.docker_meta.outputs.tags }}
	labels: ${{ steps.docker_meta.outputs.labels }}
	no-cache: true


	- name: Sign the images with GitHub OIDC Token
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	TAGS: ${{ steps.docker_meta.outputs.tags }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes ${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update zgosalvez/github-actions-report-lcov action to v4.1.11 - autoclosed #27

Workflow file

chore(deps): update zgosalvez/github-actions-report-lcov action to v4.1.11 - autoclosed #27

Jobs

Run details

Workflow file for this run