Merge branch '2026-01-28-audit' of github.com:rainlanguage/rain.math.… #764
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Rainix CI | |
| on: [push] | |
| concurrency: | |
| group: ${{ github.ref }}-rainix | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| jobs: | |
| rainix: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| task: [rainix-rs-test, rainix-sol-legal] | |
| include: | |
| # Solidity doesn't need to be tested on multiple platforms | |
| - os: ubuntu-latest | |
| task: rainix-sol-test | |
| - os: ubuntu-latest | |
| task: rainix-sol-static | |
| # We don't need to do rust static analysis on multiple platforms | |
| - os: ubuntu-latest | |
| task: rainix-rs-static | |
| # We don't need to do build for wasm32 on multiple platforms | |
| - os: ubuntu-latest | |
| task: test-wasm-build | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| DEPLOYMENT_KEY: ${{ github.ref == 'refs/heads/main' && secrets.PRIVATE_KEY || secrets.PRIVATE_KEY_DEV }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - uses: nixbuild/nix-quick-install-action@v30 | |
| with: | |
| nix_conf: | | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore and save Nix store | |
| uses: nix-community/cache-nix-action@v6 | |
| with: | |
| # restore and save a cache using this key | |
| primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} | |
| # if there's no cache hit, restore a cache by this prefix | |
| restore-prefixes-first-match: nix-${{ runner.os }}- | |
| gc-max-store-size-linux: 5G | |
| gc-max-store-size-macos: 5G | |
| - run: nix develop -c rainix-sol-prelude | |
| if: matrix.task == 'rainix-rs-test' || matrix.task == 'rainix-rs-static' || matrix.task == 'test-wasm-build' | |
| - name: Run ${{ matrix.task }} | |
| env: | |
| ETH_RPC_URL: ${{ secrets.CI_DEPLOY_SEPOLIA_RPC_URL || vars.CI_DEPLOY_SEPOLIA_RPC_URL }} | |
| CI_FORK_ARB_RPC_URL: ${{ secrets.RPC_URL_ARBITRUM_FORK || vars.RPC_URL_ARBITRUM_FORK || '' }} | |
| CI_FORK_ETH_RPC_URL: ${{ secrets.RPC_URL_ETHEREUM_FORK || vars.RPC_URL_ETHEREUM_FORK || '' }} | |
| CI_FORK_BASE_RPC_URL: ${{ secrets.RPC_URL_BASE_FORK || vars.RPC_URL_BASE_FORK || '' }} | |
| CI_FORK_FLARE_RPC_URL: ${{ secrets.RPC_URL_FLARE_FORK || vars.RPC_URL_FLARE_FORK || '' }} | |
| ETHERSCAN_API_KEY: ${{ secrets.EXPLORER_VERIFICATION_KEY }} | |
| DEPLOY_BROADCAST: "" | |
| DEPLOY_VERIFIER: "" | |
| DEPLOY_METABOARD_ADDRESS: ${{ vars.CI_DEPLOY_SEPOLIA_METABOARD_ADDRESS }} | |
| CI_FORK_SEPOLIA_BLOCK_NUMBER: ${{ vars.CI_FORK_SEPOLIA_BLOCK_NUMBER }} | |
| CI_FORK_SEPOLIA_DEPLOYER_ADDRESS: ${{ vars.CI_FORK_SEPOLIA_DEPLOYER_ADDRESS }} | |
| CI_DEPLOY_SEPOLIA_RPC_URL: ${{ secrets.CI_DEPLOY_SEPOLIA_RPC_URL || vars.CI_DEPLOY_SEPOLIA_RPC_URL }} | |
| run: nix develop -c ${{ matrix.task }} |