From 338d91511cafdd506db16ffd64ffe35ff598ae82 Mon Sep 17 00:00:00 2001
From: Oleh Andrushko <53293405+olich97@users.noreply.github.com>
Date: Thu, 7 Dec 2023 11:47:18 +0100
Subject: [PATCH] CI testsssss (#1)

* Add doc step to ci

* Fix ci

* Bump ci action version

* Refactor ci

* Refactor ci, comments improvements

* Add slither to ci

* Add documentation deploy to ci
---
 .github/workflows/ci.yml   | 72 +++++++++++++++++++++++++-------------
 .github/workflows/docs.yml | 52 +++++++++++++++++++++++++++
 2 files changed, 100 insertions(+), 24 deletions(-)
 create mode 100644 .github/workflows/docs.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f29f134..9b23197 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,7 +11,7 @@ env:
   FOUNDRY_PROFILE: ci
 
 jobs:
-  build:
+  build-n-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -23,16 +23,10 @@ jobs:
         run: |
           forge --version
           forge build --sizes
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Install Foundry
-        uses: foundry-rs/foundry-toolchain@v1
 
       - name: Run tests
-        run: forge test -vvv
+        run: |
+          forge test -vvv
   
   format:
     runs-on: ubuntu-latest
@@ -58,34 +52,64 @@ jobs:
       - name: Run coverage
         run: forge coverage --report summary --report lcov
 
-      # To ignore coverage for certain directories modify the paths in this step as needed. The
-      # below default ignores coverage results for the test and script directories. Alternatively,
-      # to include coverage in all directories, comment out this step. Note that because this
-      # filtering applies to the lcov file, the summary table generated in the previous step will
-      # still include all files and directories.
-      # The `--rc lcov_branch_coverage=1` part keeps branch info in the filtered report, since lcov
-      # defaults to removing branch info.
+      # Adjust the paths in this step to exclude specific directories from coverage analysis. By default, 
+      # coverage results for 'test' and 'script' directories are omitted. If you prefer to track coverage 
+      # across all directories, simply disable this step. Keep in mind, this filter only affects the lcov 
+      # report; the summary table created earlier will still reflect all files and directories.
+      # The inclusion of `--rc lcov_branch_coverage=1` ensures that branch coverage information is retained 
+      # in the lcov report, countering the default behavior of lcov which excludes branch data.
       - name: Filter directories
         run: |
           sudo apt update && sudo apt install -y lcov
           lcov --remove lcov.info 'test/*' 'script/*' --output-file lcov.info --rc lcov_branch_coverage=1
 
-      # This step posts a detailed coverage report as a comment and deletes previous comments on
-      # each push. The below step is used to fail coverage if the specified coverage threshold is
-      # not met. The below step can post a comment (when it's `github-token` is specified) but it's
-      # not as useful, and this action cannot fail CI based on a minimum coverage threshold, which
-      # is why we use both in this way.
+      # This step automatically publishes a comprehensive coverage report as a comment on each push and
+      # removes any previous comments. 
       - name: Post coverage report
-        if: github.event_name == 'pull_request' # This action fails when ran outside of a pull request.
+        if: github.event_name == 'pull_request'
         uses: romeovs/lcov-reporter-action@v0.3.1
         with:
           delete-old-comments: true
           lcov-file: ./lcov.info
           github-token: ${{ secrets.GITHUB_TOKEN }} # Adds a coverage summary comment to the PR.
 
+      # This step verifies that the minimum coverage threshold is met and fails if it is not.
       - name: Verify minimum coverage
-        uses: zgosalvez/github-actions-report-lcov@v2
+        uses: zgosalvez/github-actions-report-lcov@v4
         with:
           coverage-files: ./lcov.info
           minimum-coverage: 100 # Set coverage threshold.
-   
\ No newline at end of file
+
+  code-analysis:
+    runs-on: ubuntu-latest
+    permissions:
+      # required for uploading slither sarif results
+      security-events: write
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run static analysis with slither
+        uses: crytic/slither-action@v0.3.0
+        id: slither
+        continue-on-error: true
+        with:
+          sarif: results.sarif
+          slither-args: --filter-paths "./lib|./test" # exclude other contracts (open zeppelin ones) and test
+
+      - name: Upload static anaylisis SARIF output file # it should also add relevant comments on PR
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.slither.outputs.sarif }}
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Build documentation
+        run: |
+          forge --version
+          forge doc
\ No newline at end of file
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
new file mode 100644
index 0000000..b82c87a
--- /dev/null
+++ b/.github/workflows/docs.yml
@@ -0,0 +1,52 @@
+# Simple workflow for deploying static content to GitHub Pages
+name: Deploy documentation to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["main"]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Single deploy job since we're just deploying
+  build-n-deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1 
+
+      - name: Build documentation
+        run: |
+          forge --version
+          forge doc
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v2
+        with:
+          # Upload docs folder
+          path: 'docs'
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v3