chore(ci): add certora CI integration (#40)

2023-12-11 15:10:41 +01:00 · 2023-12-11 15:10:41 +01:00 · cf7a8b6574
parent d9a64559a2
commit cf7a8b6574
6 changed files with 70 additions and 1 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -10,3 +10,4 @@ Ensure you completed **all of the steps** below before submitting your pull requ
 - [ ] Ran `forge snapshot`?
 - [ ] Ran `pnpm lint`?
 - [ ] Ran `forge test`?
+- [ ] Ran `pnpm verify`?
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -10,6 +10,7 @@ on:
  push:
    branches:
      - "main"
+      - "develop"

 jobs:
  lint:
@ -117,3 +118,51 @@ jobs:
        run: |
          echo "## Coverage result" >> $GITHUB_STEP_SUMMARY
          echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY
+  verify:
+    needs: ["lint", "build"]
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Install Python
+        uses: actions/setup-python@v2
+        with: { python-version: 3.9 }
+
+      - name: Install Java
+        uses: actions/setup-java@v1
+        with: { java-version: "11", java-package: jre }
+
+      - name: Install Certora CLI
+        run: pip3 install certora-cli==5.0.5
+
+      - name: Install Solidity
+        run: |
+          wget https://github.com/ethereum/solidity/releases/download/v0.8.19/solc-static-linux
+          chmod +x solc-static-linux
+          sudo mv solc-static-linux /usr/local/bin/solc
+
+      - name: "Install Pnpm"
+        uses: "pnpm/action-setup@v2"
+        with:
+          version: "8"
+
+      - name: "Install Node.js"
+        uses: "actions/setup-node@v3"
+        with:
+          cache: "pnpm"
+          node-version: "lts/*"
+
+      - name: "Install the Node.js dependencies"
+        run: "pnpm install"
+
+      - name: Verify rules
+        run: "pnpm verify"
+        env:
+          CERTORAKEY: ${{ secrets.CERTORAKEY }}
+
+    strategy:
+      fail-fast: false
+      max-parallel: 16
--- a/.gitignore
+++ b/.gitignore
@ -22,3 +22,5 @@ artifacts
 typechain
 typechain-types
 gmx-contracts
+
+.certora_internal
--- a/certora/certora.conf
+++ b/certora/certora.conf
@ -0,0 +1,12 @@
+{
+  "files": ["contracts/StakeManager.sol"],
+  "msg": "Verifying StakeManager.sol",
+  "rule_sanity": "basic",
+  "verify": "StakeManager:certora/specs/StakeManager.spec",
+  "wait_for_results": "all",
+  "packages": [
+    "@openzeppelin=lib/openzeppelin-contracts"
+  ]
+}
+
+
--- a/certora/specs/StakeManager.spec
+++ b/certora/specs/StakeManager.spec
@ -0,0 +1,4 @@
+
+rule shouldPass {
+  assert true;
+}
--- a/package.json
+++ b/package.json
@ -20,7 +20,8 @@
  "scripts": {
    "clean": "rm -rf cache out",
    "lint": "pnpm lint:sol && pnpm prettier:check",
-    "lint:sol": "forge fmt --check && pnpm solhint {script,src,test}/**/*.sol",
+    "verify": "certoraRun certora/certora.conf",
+    "lint:sol": "forge fmt --check && pnpm solhint {script,src,test,certora}/**/*.sol",
    "prettier:check": "prettier --check **/*.{json,md,yml} --ignore-path=.prettierignore",
    "prettier:write": "prettier --write **/*.{json,md,yml} --ignore-path=.prettierignore"
  }