From db80dd7a179410e68362f165df9dbfbbb9c69bd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michalina=20Ciencia=C5=82a?= Date: Wed, 27 Apr 2022 11:58:43 +0200 Subject: [PATCH 1/3] Use the latest Slither 0.8.3 in CI Slither 0.8.3 fixes issues with false validation failures from crytic/slither#1067 --- .github/workflows/contracts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 9883168d..6343cc17 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -218,7 +218,7 @@ jobs: - name: Install Slither env: - SLITHER_VERSION: 0.8.0 + SLITHER_VERSION: 0.8.3 run: pip3 install slither-analyzer==$SLITHER_VERSION - name: Install dependencies From cc784a375aa544cd7c9dcd1262cc4b4b4f984d16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michalina=20Ciencia=C5=82a?= Date: Wed, 27 Apr 2022 12:00:05 +0200 Subject: [PATCH 2/3] Expand NPM workflow triggers We want to publish the new NPM package tagged with `development` every time changes affecting contracts get merged to `main`. We already trigger the workflow when changes are applied in - "contracts/**" - "package.json" - "yarn.lock" but it also makes sense to trigger the workflow when there are changes in - "deploy/**" - "hardhat.config.ts" as they also can affect the content of the exported package with the contracts. --- .github/workflows/npm.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/npm.yml b/.github/workflows/npm.yml index 924c48d4..85942317 100644 --- a/.github/workflows/npm.yml +++ b/.github/workflows/npm.yml @@ -6,6 +6,8 @@ on: - main paths: - "contracts/**" + - "deploy/**" + - "hardhat.config.ts" - "package.json" - "yarn.lock" workflow_dispatch: From ac4ce1a74a5c8579494b432bd7579e156411e3be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michalina=20Ciencia=C5=82a?= Date: Wed, 27 Apr 2022 12:11:30 +0200 Subject: [PATCH 3/3] Remove `@threshold-network/solidity-contracts` before etherscan verification In order for the `etherscan-verify` plugin not to pick up wrong files for verification we have to remove contracts of the dependent projects stored in the `node_modules`. We've been doing that for `@keep-network/keep-core` and `@keep-network/tbtc` but some time ago a new dependency was added, to `@threshold-network/solidity-contracts` and we need to remove its files as well. --- .github/workflows/contracts.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 6343cc17..a6d1c54f 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -159,12 +159,13 @@ jobs: - name: Install needed dependencies run: yarn install --frozen-lockfile - # If we don't remove the `keep-core` and `tbtc` contracts from `node-modules`, - # the `etherscan-verify` plugins tries to verify them, which is not desired. + # If we don't remove the dependencies' contracts from `node-modules`, the + # `etherscan-verify` plugins tries to verify them, which is not desired. - name: Prepare for verification on Etherscan run: | rm -rf ./node_modules/@keep-network/keep-core rm -rf ./node_modules/@keep-network/tbtc + rm -rf ./node_modules/@threshold-network/solidity-contracts - name: Verify contracts on Etherscan env: