Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,18 @@
additionalBuildInputs = [ pkgs.git ];
};

rainix-check-deploy-constants = mkTask {
name = "check-published-deploy-constants";
body = ''
set -euo pipefail
exec ${./lib/check-published-deploy-constants.sh} "$@"
'';
additionalBuildInputs = [
pkgs.curl
pkgs.gnugrep
];
};

rainix-rs-static = mkTask {
name = "rainix-rs-static";
body = ''
Expand All @@ -286,6 +298,7 @@
sol-tasks = [
rainix-sol-artifacts
rainix-sol-single-contract
rainix-check-deploy-constants
];

rs-tasks = [
Expand Down Expand Up @@ -586,6 +599,7 @@
inherit
rainix-sol-artifacts
rainix-sol-single-contract
rainix-check-deploy-constants
rainix-rs-static
prettier-bundle
sol-shell-test
Expand Down
60 changes: 60 additions & 0 deletions lib/check-published-deploy-constants.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: LicenseRef-DCL-1.0
# SPDX-FileCopyrightText: Copyright (c) 2020 Rain Open Source Software Ltd
#
# Checks that every version published to the soldeer registry for a given
# package has a full suite of pinned deploy constants in the specified Solidity
# file. For each published version and each constant prefix, asserts that both
# a DEPLOYED_ADDRESS_<ver> and DEPLOYED_CODEHASH_<ver> constant exist (where
# <ver> is the version string with dots replaced by underscores).
#
# Usage:
# check-published-deploy-constants <soldeer-package> <deploy-lib-path> <prefix> [<prefix> ...]
#
# Arguments:
# soldeer-package soldeer package name to query (e.g. "raindex")
# deploy-lib-path path to the Solidity file holding the constants
# prefix... one or more constant name prefixes
#
# Output (always exits 0):
# OK every published version has its full constant suite
# MISSING: <names> one or more expected constants are absent
# SKIP: <reason> the registry could not be reached (nothing verified)

set -euo pipefail

if [ "$#" -lt 3 ]; then
printf 'Usage: check-published-deploy-constants <soldeer-package> <deploy-lib-path> <prefix> [<prefix>...]\n' >&2
exit 1
fi
Comment on lines +26 to +29

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Keep the CLI contract success-only here too.

The linked issue/PR contract says callers should only see OK, MISSING, or SKIP and a zero exit status. exit 1 adds a fourth behavior that can break consumers wiring this into CI.

Proposed fix
 if [ "$#" -lt 3 ]; then
-  printf 'Usage: check-published-deploy-constants <soldeer-package> <deploy-lib-path> <prefix> [<prefix>...]\n' >&2
-  exit 1
+  printf 'SKIP: usage: check-published-deploy-constants <soldeer-package> <deploy-lib-path> <prefix> [<prefix>...]\n'
+  exit 0
 fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [ "$#" -lt 3 ]; then
printf 'Usage: check-published-deploy-constants <soldeer-package> <deploy-lib-path> <prefix> [<prefix>...]\n' >&2
exit 1
fi
if [ "$#" -lt 3 ]; then
printf 'SKIP: usage: check-published-deploy-constants <soldeer-package> <deploy-lib-path> <prefix> [<prefix>...]\n'
exit 0
fi
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@lib/check-published-deploy-constants.sh` around lines 26 - 29, The argument
validation in check-published-deploy-constants should follow the same
success-only CLI contract as the rest of the script, so replace the early
failure exit with a zero-status path that emits one of the allowed statuses
instead of aborting. Update the main guard around the usage check and any
caller-facing output so the script never returns a nonzero code for this case,
keeping the observable results limited to OK, MISSING, or SKIP.


package="$1"
lib="$2"
shift 2

versions=$(
curl -fsS "https://api.soldeer.xyz/api/v1/revision?project_name=${package}" 2>/dev/null \
| grep -oE '"version":"[0-9][0-9.]*"' | cut -d'"' -f4 | sort -u
) || true

if [ -z "$versions" ]; then
printf 'SKIP: could not fetch published soldeer versions'
exit 0
Comment on lines +35 to +42

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Don't collapse parse failures into a connectivity SKIP.

Because || true is attached to the whole pipeline, any successful fetch that produces no grep matches also lands in SKIP: could not fetch.... That masks parser/API drift as a benign skip.

Proposed fix
-versions=$(
-  curl -fsS "https://api.soldeer.xyz/api/v1/revision?project_name=${package}" 2>/dev/null \
-    | grep -oE '"version":"[0-9][0-9.]*"' | cut -d'"' -f4 | sort -u
-) || true
-
-if [ -z "$versions" ]; then
+response=$(curl -fsS "https://api.soldeer.xyz/api/v1/revision?project_name=${package}" 2>/dev/null) || {
   printf 'SKIP: could not fetch published soldeer versions'
   exit 0
-fi
+}
+
+versions=$(
+  printf '%s' "$response" \
+    | grep -oE '"version":"[0-9][0-9.]*"' \
+    | cut -d'"' -f4 \
+    | sort -u
+)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
versions=$(
curl -fsS "https://api.soldeer.xyz/api/v1/revision?project_name=${package}" 2>/dev/null \
| grep -oE '"version":"[0-9][0-9.]*"' | cut -d'"' -f4 | sort -u
) || true
if [ -z "$versions" ]; then
printf 'SKIP: could not fetch published soldeer versions'
exit 0
response=$(curl -fsS "https://api.soldeer.xyz/api/v1/revision?project_name=${package}" 2>/dev/null) || {
printf 'SKIP: could not fetch published soldeer versions'
exit 0
}
versions=$(
printf '%s' "$response" \
| grep -oE '"version":"[0-9][0-9.]*"' \
| cut -d'"' -f4 \
| sort -u
)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@lib/check-published-deploy-constants.sh` around lines 35 - 42, The version
lookup in check-published-deploy-constants.sh is treating parse failures the
same as fetch failures because the `versions` pipeline ends with `|| true`, so
`grep`/`cut` empties fall through to the `SKIP` branch. Update the shell logic
around the `curl`/`grep`/`cut` pipeline so only real connectivity/request
failures are ignored, while malformed or unexpected API responses are detected
separately and reported as a parse/API drift issue instead of `SKIP`; use the
existing `versions` assignment and the `if [ -z "$versions" ]` check to split
these cases clearly.

fi

missing=""
for v in $versions; do
suffix=$(printf '%s' "$v" | tr . _)
for p in "$@"; do
for kind in ADDRESS CODEHASH; do
name="${p}_${kind}_${suffix}"
grep -qE "constant ${name} =" "$lib" || missing="${missing} ${name}"
done
done
done

if [ -n "$missing" ]; then
printf 'MISSING:%s' "$missing"
else
printf 'OK'
fi
5 changes: 5 additions & 0 deletions test/bats/devshell/sol-shell/sol-tasks.test.bats
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,8 @@
run command -v rainix-sol-artifacts
[ "$status" -eq 0 ]
}

@test "check-published-deploy-constants should be available on PATH" {
run command -v check-published-deploy-constants
[ "$status" -eq 0 ]
}
Loading