diff --git a/.github/workflows/contracts-testing.yml b/.github/workflows/contracts-testing.yml index db3baa32a..f6815e169 100644 --- a/.github/workflows/contracts-testing.yml +++ b/.github/workflows/contracts-testing.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@v2.10.1 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: disable-sudo: true egress-policy: block @@ -68,9 +68,7 @@ jobs: ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}- - name: Install contracts dependencies - run: | - # TODO: re-enable hardened mode once the kleros-app resolution is fixed - YARN_ENABLE_HARDENED_MODE=0 yarn workspace @kleros/kleros-v2-contracts install + run: yarn workspace @kleros/kleros-v2-contracts install - name: Install Foundry uses: foundry-rs/foundry-toolchain@8f1998e9878d786675189ef566a2e4bf24869773 # v1.2.0 diff --git a/.github/workflows/sentry-release.yml b/.github/workflows/sentry-release.yml index f64e20481..7e07a0a5d 100644 --- a/.github/workflows/sentry-release.yml +++ b/.github/workflows/sentry-release.yml @@ -17,47 +17,54 @@ jobs: version: ${{ steps.set-version.outputs.version }} steps: - name: Harden Runner - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.5.0 + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 with: disable-sudo: true egress-policy: block allowed-endpoints: > binaries.soliditylang.org:443 + classic.yarnpkg.com:443 github.com:443 + nightly.yarnpkg.com:443 nodejs.org:443 + objects.githubusercontent.com:443 registry.yarnpkg.com:443 - sentry.io:443 + registry.npmjs.org:443 54.185.253.63:443 + sentry.io:443 - - uses: actions/checkout@7739b9ba2efcda9dde65ad1e3c2dbe65b41dfba7 - + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + submodules: recursive + + - name: Set up corepack (for yarn) + run: | + corepack enable + corepack prepare yarn@4.5.1 --activate + yarn set version 4.5.1 + + - name: Setup Node.js environment + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + with: + node-version: 20.x + cache: yarn + - name: Cache node modules - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 env: cache-name: cache-node-modules with: path: | ~/.npm **/node_modules - key: | - ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }} + key: ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }} restore-keys: | ${{ runner.os }}-build-${{ secrets.CACHE_VERSION }}-${{ env.cache-name }}- - - - name: Set up Node.js - uses: actions/setup-node@2a017f350dbf6c4b6bb4508cc83809719115162e - with: - node-version: 16 - - - name: Install dependencies - run: | - yarn workspace @kleros/kleros-v2-contracts install - yarn workspace @kleros/kleros-v2-web install - - name: Build + - name: Install dependencies and build run: | - yarn workspace @kleros/kleros-v2-contracts build - yarn workspace @kleros/kleros-v2-web build + . web/.env.mainnet-neo.public + yarn build:web:ci - name: Set version id: set-version @@ -65,7 +72,7 @@ jobs: working-directory: web - name: Create Sentry release - uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7 # v1.4.1 + uses: getsentry/action-release@v1 env: SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_ORG: ${{ secrets.SENTRY_ORG }}