-
-
Notifications
You must be signed in to change notification settings - Fork 17
Introduce CI Pipeline for Gas Optimization, Storage Safety, and Contract Integrity Validation #69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
KanishkSogani
merged 29 commits into
StabilityNexus:main
from
aniket866:advance-workflows
Apr 4, 2026
Merged
Changes from 11 commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
9900b2a
advance-worflows
aniket866 680be7f
advance-worflows
aniket866 7a46d10
Code rabbit follow up
aniket866 085732e
Code rabbit follow up
aniket866 1b5f9e3
Code rabbit follow up
aniket866 0b1af16
Code rabbit follow up
aniket866 73974b9
code-rabbit-local-fix
aniket866 917f07a
Merge branch 'advance-workflows' of https://github.com/aniket866/Iden…
aniket866 5cb0bb4
code-rabbit-local-fix
aniket866 8761690
local-code-rabbit-fix
aniket866 d3b3d1e
local-code-rabbit-fix
aniket866 8912709
Code rabbit follow up
aniket866 aa44c29
Code rabbit follow up
aniket866 f2da137
Code rabbit follow up
aniket866 c493e3a
Code rabbit follow-up
aniket866 c0320de
code-rabbit-followup
aniket866 b321fba
gas-snap-shot-fix
aniket866 c23b99e
gas-snapshot
aniket866 3d6a0f8
Copilot-suggestions
aniket866 198453c
Copilot-suggestions
aniket866 f4ea87e
Copilot-fix
aniket866 eec5ddf
Update 4naly3er workflow for optimization report
aniket866 cafd272
Update .github/workflows/contract-size.yml
aniket866 631ca6a
Update .github/workflows/mythril.yml
aniket866 c1ffe53
Update .github/workflows/mythril.yml
aniket866 835e9b4
Code rabbit follow-up
aniket866 4a41210
Code rabbit follow-up
aniket866 e14020c
Code rabbit follow-up
aniket866 c37c2ed
Fixing-ci-fails
aniket866 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| name: 4naly3er Report | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| jobs: | ||
| analyzer_4naly3er: | ||
| name: 4naly3er Gas Optimization Report | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Setup Node.js | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: "18" | ||
|
|
||
| - name: Install 4naly3er | ||
| run: | | ||
| git clone https://github.com/Picodes/4naly3er | ||
| cd 4naly3er | ||
| rm -f src/issues/NC/uselessOverride.ts || true | ||
| yarn | ||
|
|
||
|
aniket866 marked this conversation as resolved.
Outdated
|
||
| - name: Run 4naly3er on src/ | ||
| run: | | ||
| cd 4naly3er | ||
| yarn analyze ../src ../4naly3er-report.md | ||
|
coderabbitai[bot] marked this conversation as resolved.
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| name: ABI Diff Check | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| abi-diff: | ||
| name: ABI Diff Check | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
|
||
| - name: Build contracts | ||
| run: forge build | ||
|
|
||
| - name: Generate ABIs and diff against baseline | ||
| run: | | ||
| mkdir -p .abi-current | ||
| CHANGED=0 | ||
|
|
||
| if [ ! -d .abi-baselines ]; then | ||
| echo "No .abi-baselines directory. Skipping check." | ||
| exit 0 | ||
| fi | ||
|
|
||
| # Derive contract names from existing baselines to avoid placeholder drift. | ||
| mapfile -t CONTRACTS < <(find .abi-baselines -type f -name '*.json' -exec basename {} .json \;) | ||
| if [ "${#CONTRACTS[@]}" -eq 0 ]; then | ||
| echo "No ABI baselines found in .abi-baselines/. Skipping ABI diff." | ||
| exit 0 | ||
| fi | ||
|
|
||
| for contract in "${CONTRACTS[@]}"; do | ||
| if ! forge inspect "$contract" abi > ".abi-current/${contract}.json" 2>/dev/null; then | ||
| echo "::error::Failed to generate ABI for $contract" | ||
| CHANGED=1 | ||
| continue | ||
| fi | ||
|
|
||
| baseline=".abi-baselines/${contract}.json" | ||
| if [ -f "$baseline" ]; then | ||
| if ! diff -u "$baseline" ".abi-current/${contract}.json"; then | ||
| echo "❌ ABI changed for $contract — this may be a breaking change!" | ||
| CHANGED=1 | ||
| fi | ||
| else | ||
| echo "::error::No ABI baseline for $contract. Add .abi-baselines/${contract}.json" | ||
| CHANGED=1 | ||
| fi | ||
|
aniket866 marked this conversation as resolved.
|
||
| done | ||
|
|
||
| if [ "$CHANGED" -eq 1 ]; then | ||
| exit 1 | ||
| fi | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| name: Contract Size Check | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| contract-size: | ||
| name: Contract Size Check | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
|
||
| - name: Build and check contract sizes | ||
| run: | | ||
| forge build --sizes 2>&1 | tee sizes.txt | ||
| # Fail if any contract is >= 23616 bytes (warn zone before 24KB EIP-170 limit) | ||
| if grep -E '^\s*\|.*\s([2-9][0-9]{3}|[1-9][0-9]{4})\s' sizes.txt; then | ||
|
aniket866 marked this conversation as resolved.
Outdated
|
||
| echo "❌ One or more contracts are dangerously close to or over the 24KB limit." | ||
| exit 1 | ||
| fi | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| name: Coverage Report | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| coverage: | ||
| name: Coverage Report | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
|
||
| - name: Install lcov | ||
| run: | | ||
| sudo apt-get update | ||
| sudo apt-get install -y lcov | ||
|
|
||
| - name: Generate coverage report | ||
| run: forge coverage --report lcov | ||
|
|
||
| - name: Upload to Codecov | ||
| uses: codecov/codecov-action@v4 | ||
| with: | ||
| files: ./lcov.info | ||
| fail_ci_if_error: false | ||
| token: ${{ secrets.CODECOV_TOKEN }} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| name: Gas Report | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| gas-report: | ||
| name: Gas Report on Test Run | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
|
||
| - name: Run tests with gas report | ||
| run: forge test --gas-report |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| name: Gas Snapshot Diff | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| gas-snapshot: | ||
| name: Gas Snapshot Diff | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
aniket866 marked this conversation as resolved.
|
||
|
|
||
| - name: Compare gas snapshot diff | ||
| run: | | ||
| if [ ! -f .gas-snapshot ]; then | ||
| echo "No .gas-snapshot found. Generating one now instead of diffing." | ||
| forge snapshot | ||
| exit 0 | ||
| fi | ||
| if ! forge snapshot --diff .gas-snapshot; then | ||
| echo "❌ Gas usage increased. Review the diff above." | ||
| exit 1 | ||
|
aniket866 marked this conversation as resolved.
|
||
| fi | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| name: Mythril Security Scan | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| mythril: | ||
| name: Mythril Security Scan | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
|
||
| - name: Build contracts | ||
| run: forge build | ||
|
|
||
| - name: Run Mythril on all contracts | ||
| run: | | ||
| find src -name "*.sol" | while read contract; do | ||
| echo "🔍 Scanning $contract ..." | ||
| docker run --rm \ | ||
| -v "$(pwd):/project" \ | ||
| mythril/myth analyze "/project/$contract" \ | ||
| --solv 0.8.24 \ | ||
| --execution-timeout 60 | ||
|
aniket866 marked this conversation as resolved.
Outdated
|
||
| done | ||
|
aniket866 marked this conversation as resolved.
Outdated
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| name: Storage Layout Diff | ||
|
|
||
| on: | ||
| push: | ||
| branches: [main, master] | ||
| pull_request: | ||
| branches: [main, master] | ||
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
|
|
||
| jobs: | ||
| storage-layout-diff: | ||
| name: Storage Layout Diff | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
|
|
||
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
|
|
||
| - name: Build contracts | ||
| run: forge build | ||
|
|
||
| - name: Generate storage layouts | ||
| run: | | ||
| set -euo pipefail | ||
| if [ ! -d .storage-baselines ]; then | ||
| echo "No .storage-baselines directory. Skipping generation." | ||
| exit 0 | ||
| fi | ||
|
|
||
| mkdir -p .storage-layouts | ||
| mapfile -t CONTRACTS < <(find .storage-baselines -type f -name '*.json' -exec basename {} .json \;) | ||
|
|
||
| if [ "${#CONTRACTS[@]}" -eq 0 ]; then | ||
| echo "No baselines found in .storage-baselines. Skipping generation." | ||
| exit 0 | ||
| fi | ||
|
|
||
| for contract in "${CONTRACTS[@]}"; do | ||
| forge inspect "$contract" storage-layout > ".storage-layouts/${contract}.json" | ||
| done | ||
|
|
||
| - name: Diff against baseline | ||
| run: | | ||
| shopt -s nullglob | ||
| CHANGED=0 | ||
| if [ ! -d .storage-layouts ]; then | ||
| echo "No .storage-layouts generated. Skipping diff." | ||
| exit 0 | ||
| fi | ||
| files=(.storage-layouts/*.json) | ||
| if [ ${#files[@]} -eq 0 ]; then | ||
| echo "No storage layouts were generated. Skipping diff." | ||
| exit 0 | ||
| fi | ||
|
|
||
| for file in "${files[@]}"; do | ||
| name=$(basename "$file") | ||
| baseline=".storage-baselines/$name" | ||
| if [ -f "$baseline" ]; then | ||
| if ! diff -u "$baseline" "$file"; then | ||
| echo "❌ Storage layout changed for $name" | ||
| CHANGED=1 | ||
| fi | ||
| else | ||
| echo "❌ No baseline found for $name — add it to .storage-baselines/" | ||
| CHANGED=1 | ||
| fi | ||
| done | ||
|
|
||
| if [ "$CHANGED" -eq 1 ]; then | ||
| exit 1 | ||
| fi |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.