Update security.yaml and remove commands from flake

gildlab · May 10, 2024 · ac751f6 · ac751f6
1 parent 252f19f
commit ac751f6
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 65 deletions.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -1,18 +1,28 @@
-name: Security tests
+name: Rainix CI
 on: [push]
+
 jobs:
-  test:
-    runs-on: ubuntu-latest
+  rainix:
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        task: [rainix-sol-static]
+      fail-fast: false
+    runs-on: ${{ matrix.os }}
+    env:
+      DEPLOYMENT_KEY: ${{ github.ref == 'refs/heads/main' && secrets.PRIVATE_KEY || secrets.PRIVATE_KEY_DEV }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v18
+      - uses: actions/checkout@v4
         with:
-          fetch-depth: 0
           submodules: recursive
+          fetch-depth: 0
 
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v4
+      - uses: DeterminateSystems/nix-installer-action@v4
       - uses: DeterminateSystems/magic-nix-cache-action@v2
 
-      - name: Security check
-        run: nix develop -c security-check
+      - run: nix develop -c rainix-sol-prelude
+      - name: Run ${{ matrix.task }}
+        env:
+          ETH_RPC_URL: ${{ secrets.CI_DEPLOY_RPC_URL }}
+          ETHERSCAN_API_KEY: ${{ secrets.EXPLORER_VERIFICATION_KEY }}
+        run: nix develop -c ${{ matrix.task }}
diff --git a/flake.nix b/flake.nix
@@ -2,69 +2,18 @@
   description = "Flake for development workflows.";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs";
     rainix.url = "github:rainprotocol/rainix";
     flake-utils.url = "github:numtide/flake-utils";
   };
 
-  outputs = { self, flake-utils, rainix, nixpkgs }:
+  outputs = {self, flake-utils, rainix }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = rainix.pkgs.${system};
-        rust-toolchain = rainix.rust-toolchain.${system};
-
-        ci-lint = rainix.mkTask.${system} {
-          name = "ci-lint";
-          body = ''
-            set -euxo pipefail
-            npm install
-            solhint 'contracts/**/*.sol'
-            prettier --check .
-          '';
-        };
-        flush-all = rainix.mkTask.${system} {
-          name = "flush-all";
-          body = ''
-            set -euxo pipefail
-            rm -rf artifacts
-            rm -rf cache
-            rm -rf node_modules
-            rm -rf typechain
-            rm -rf typechain-types
-            rm -rf bin
-          '';
-        };
-        security-check = rainix.mkTask.${system} {
-          name = "security-check";
-          body = ''
-            set -euxo pipefail
-            flush-all
-            npm install
-
-            # Run slither against all our contracts.
-            # Disable npx as nix-shell already handles availability of what we need.
-            # Dependencies and tests are out of scope.
-            slither . --npx-disable --filter-paths="contracts/test" --exclude-dependencies --fail-high
-          '';
-        };
-        ipfs-add = rainix.mkTask.${system} {
-          name = "ipfs-add";
-          body = ''
-            ipfs add -r --pin --cid-version 1 erc1155Metadata
-          '';
-        };
       in {
-        devShells.default = pkgs.mkShell {
-          shellHook = rainix.devShells.${system}.default.shellHook;
-          buildInputs = rainix.devShells.${system}.default.buildInputs ++ [
-            pkgs.nodejs-18_x
-            pkgs.slither-analyzer
-            ci-lint
-            flush-all
-            ipfs-add
-            security-check];
-        };
-       }
+        packages = rainix.packages.${system};
+        devShells = rainix.devShells.${system};
+      }
     );
 
 }