[bin-build] Update build process to conditionally copy jsdoc and depl… #13
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ───────────────────────────────────────────────────────────────────────────── | |
| # CI | Hardhat – Compile, Test, Audit | |
| # ───────────────────────────────────────────────────────────────────────────── | |
| name: CI | Hardhat | |
| on: | |
| push: | |
| paths: | |
| - 'hardhat/**' | |
| - '.github/workflows/hardhat.ci.yml' | |
| pull_request: | |
| paths: | |
| - 'hardhat/**' | |
| - '.github/workflows/hardhat.ci.yml' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build-and-test: | |
| name: Compile, Test & Audit | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: hardhat | |
| strategy: | |
| matrix: | |
| node-version: ['24'] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Setup Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| cache-dependency-path: hardhat/package-lock.json | |
| # ── Install ────────────────────────────────────────────────────────── | |
| # Use `npm ci` for reproducible installs from the lockfile. | |
| # Never install packages globally in CI. | |
| - name: Install dependencies (npm ci) | |
| run: npm ci | |
| # ── Security Audit ─────────────────────────────────────────────────── | |
| # Production deps are what ships on-chain – fail on any moderate+ vuln. | |
| - name: npm audit – production deps (moderate+) | |
| run: npm audit --audit-level=moderate --omit=dev | |
| # Dev/toolchain deps (hardhat, solidity-coverage, etc.) carry known | |
| # transitive vulnerabilities that upstream hasn't patched yet. | |
| # Log them for visibility but don't block the pipeline. | |
| - name: npm audit – dev deps (informational) | |
| run: npm audit --audit-level=moderate || true | |
| # ── Compile ────────────────────────────────────────────────────────── | |
| - name: Compile Solidity contracts | |
| run: npx hardhat compile | |
| # ── Test ───────────────────────────────────────────────────────────── | |
| - name: Run tests | |
| run: npx hardhat test | |
| env: | |
| REPORT_GAS: 'true' | |
| # ── Coverage (optional, only on primary Node version) ──────────────── | |
| - name: Solidity coverage | |
| if: matrix.node-version == '20' | |
| run: npx hardhat coverage | |
| # ── Lockfile integrity check ───────────────────────────────────────── | |
| # Fail if package-lock.json is out of sync with package.json | |
| - name: Verify lockfile is up to date | |
| run: | | |
| git diff --exit-code package-lock.json || { | |
| echo "::error::package-lock.json is out of sync with package.json. Run 'npm install' locally and commit the lockfile." | |
| exit 1 | |
| } |