main.yml

name: main

on:
    push:
        branches: [main]
    pull_request:

concurrency:
    group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
    cancel-in-progress: true

jobs:
    deps:
        runs-on: ubuntu-latest
        outputs:
            cache-key: ${{ steps.cache-env.outputs.cache-key }}
        steps:
            - uses: actions/checkout@v4
            - uses: actions/setup-node@v4
              with:
                  node-version: 20

            - name: Output cache key
              id: cache-env
              run: echo "cache-key=${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}" >> $GITHUB_OUTPUT

            - uses: actions/cache@v4
              id: cache
              with:
                  path: node_modules
                  key: ${{ steps.cache-env.outputs.cache-key }}
                  restore-keys: ${{ runner.os }}-node_modules-

            - if: steps.cache.outputs.cache-hit != 'true'
              run: yarn

    changed-files:
        runs-on: ubuntu-latest
        outputs:
            any_changed: ${{ steps.changed-files.outputs.any_changed }}
            modified_files: ${{ steps.changed-files.outputs.modified_files }}
        steps:
            - uses: actions/checkout@v4
            - name: Get changed files
              id: changed-files
              uses: tj-actions/changed-files@v44
              with:
                  files: packages/**/*.{sol,json,ts}

    compile:
        if: needs.changed-files.outputs.any_changed == 'true'
        needs: [changed-files, deps]
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v4
            - uses: actions/setup-node@v4
              with:
                  node-version: 20
            - uses: actions/cache/restore@v4
              with:
                  path: node_modules
                  key: ${{ needs.deps.outputs.cache-key }}

            - run: yarn compile

            - name: Upload compilation results
              uses: actions/upload-artifact@v4
              with:
                  name: all-artifacts
                  path: packages/**/artifacts/**

    style:
        needs: deps
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v4
            - uses: actions/setup-node@v4
              with:
                  node-version: 20
            - uses: actions/cache/restore@v4
              with:
                  path: node_modules
                  key: ${{ needs.deps.outputs.cache-key }}

            - run: yarn format
    tests:
        if: needs.changed-files.outputs.any_changed == 'true'
        needs: [changed-files, set-matrix, deps, compile]
        runs-on: ubuntu-latest
        strategy:
            matrix:
                dir: ${{ fromJson(needs.set-matrix.outputs.matrix) }}

        steps:
            - uses: actions/checkout@v4
            - uses: actions/setup-node@v4
              with:
                  node-version: 20
            - uses: actions/cache/restore@v4
              with:
                  path: node_modules
                  key: ${{ needs.deps.outputs.cache-key }}
            - uses: actions/download-artifact@v4
              with:
                  name: all-artifacts
                  path: packages/

            - if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
              name: Test
              run: |
                  workspace=$(jq -r '.name' packages/${{ matrix.dir }}/package.json)
                  yarn workspace "$workspace" run test:coverage

            - if: contains(needs.changed-files.outputs.modified_files, matrix.dir) && github.event_name == 'push' && github.ref == 'refs/heads/main'
              name: Coveralls
              uses: coverallsapp/github-action@v2
              with:
                  github-token: ${{ secrets.GITHUB_TOKEN }}
                  parallel: true
                  flag-name: run ${{ join(matrix.*, '-') }}

    set-matrix:
        if: needs.changed-files.outputs.any_changed == 'true'
        needs: changed-files
        runs-on: ubuntu-latest
        outputs:
            matrix: ${{ steps.set-matrix.outputs.matrix }}
        steps:
            - uses: actions/checkout@v4
            - name: Set matrix
              id: set-matrix
              run: |
                  matrix=$(ls -1 packages | jq -Rsc 'split("\n") | map(select(length > 0))')
                  echo "matrix=$matrix" >> $GITHUB_OUTPUT

    slither:
        if: needs.changed-files.outputs.any_changed == 'true'
        needs: [changed-files, set-matrix, deps]
        runs-on: ubuntu-latest
        permissions:
            contents: read
            security-events: write
        strategy:
            matrix:
                dir: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
        steps:
            - uses: actions/checkout@v4

            # FIXME this does not work as a way to restore compilation results for slither job but it does for the compile job ??
            #- uses: actions/download-artifact@v4
            #  with:
            #      name: all-artifacts
            #      path: packages/

            - uses: actions/setup-node@v4
              with:
                  node-version: 20
            - uses: actions/cache/restore@v4
              with:
                  path: node_modules
                  key: ${{ needs.deps.outputs.cache-key }}
            - if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
              name: Compile contracts
              run: |
                  workspace=$(jq -r '.name' packages/${{ matrix.dir }}/package.json)
                  yarn workspace "$workspace" run compile

            - if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
              name: Run slither
              uses: crytic/slither-action@v0.4.0
              id: slither
              with:
                  ignore-compile: true
                  node-version: 20
                  fail-on: none
                  sarif: results.sarif
                  slither-args: --filter-paths "test" --exclude-dependencies --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
                  target: packages/${{ matrix.dir }}

            - if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
              name: Upload SARIF files
              uses: github/codeql-action/upload-sarif@v3
              with:
                  sarif_file: ${{ steps.slither.outputs.sarif }}

            - name: Create/update checklist as PR comment
              uses: actions/github-script@v7
              if: github.even_name == 'pull_request'
              env:
                  REPORT: ${{ steps.slither.stdout }}
              with:
                  script: |
                      const script = require('.github/scripts/slither-comment')
                      const header = '# Slither report'
                      const body = process.env.REPORT
                      await script({ github, context, header, body })