Conversation
|
Note on the required checks:
|
anxolin
left a comment
anxolin
left a comment
There was a problem hiding this comment.
Looks solid. Only big concern is regarding fuzzy tests.
Additional comments
action bump
The action was bumped from v0.3.0 to v1.0.2 (the SHA 244f685b corresponds to v1.0.2). This is a major version jump.
The workflow config looks compatible (same project-url and github-token inputs), and v1.0.2 appears to be the current release, so this is likely fine
foundry pinned version
Not introduced by this PR, but worth noting: the foundry toolchain is pinned to SHA 82dee4ba (v1.4.0) but still uses version.
Not a concern cause @kaze-cow fixed it here https://github.com/cowprotocol/contracts/pull/246/changes
| forge --version | ||
| if [ "${{ matrix.profile }}" == "solc-0.7.6" ]; then | ||
| FOUNDRY_PROFILE=ci forge build --sizes --use 0.7.6 --skip 'test/*' --skip 'script/*' | ||
| if [ "$PROFILE" == "solc-0.7.6" ]; then |
There was a problem hiding this comment.
Could it break the fuzzy tests in the CI?
There was a problem hiding this comment.
Good catch, I also don't understand why FOUNDRY_PROFILE=ci was removed. Its point was to make CI deterministic (code). Maybe the idea was to add that to the env variables but it didn't happen?
3 participants
This PR hardens the CI by explicitly pinning all GitHub actions to their exact commit SHAs. Additionally, it enables Dependabot for future upgrades + security alerts.