141 automate upgrade safety check in ci pipeline #162
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Update ValidateUpgrade.s.sol to validate both YieldDistributor and ButteredBread - Create test/upgrades/ci/ directory for automated flattened contracts Workflow file changes needed separately due to GitHub permissions. Fixes #141 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Reorder initializer calls to match the expected linearized order: ERC20Upgradeable -> EIP712Upgradeable -> OwnableUpgradeable -> ReentrancyGuardUpgradeable This resolves upgrade safety validation errors that were blocking deployment. Fixes #149 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…grade-safety-check-in-ci-pipeline
Regenerated flattened contract to include the initializer order fix from issue-149-fix. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Updated ValidateUpgrade.s.sol to use validateImplementation instead of validateUpgrade - Removed need for contract flattening and reference contracts - Deleted test/upgrades/ci directory as it's no longer needed - Skip storage checks since we're validating implementations, not upgrades This approach is simpler and more maintainable for CI automation. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This reverts commit d456847.
- Removed flattening steps from CI workflow - Updated ValidateUpgrade.s.sol to use v1.0.4 reference contracts - Added unsafeSkipStorageCheck for YieldDistributor due to ERC7201 migration - Removed test/upgrades/ci directory as it's no longer needed The upgrade validation now works without flattening, making the CI simpler. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Added 'flatten' job that runs only after tests and upgrade safety checks pass - Flattening only occurs on pushes to dev/main branches (not on PRs) - Contracts are flattened into versioned directories (test/upgrades/flattened/<version>/) - Includes compilation verification of flattened contracts - Auto-commits flattened contracts back to the repository with [skip ci] to avoid loops This ensures flattened contracts are only created and tracked after all validation passes. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
* chore: Update .gitmodules to https * Fix incorrect order of parent initializer calls in ButteredBread.sol (#150) * Fix incorrect order of parent initializer calls in ButteredBread.sol Reorder initializer calls to match the expected linearized order: ERC20Upgradeable -> EIP712Upgradeable -> OwnableUpgradeable -> ReentrancyGuardUpgradeable This resolves upgrade safety validation errors that were blocking deployment. Fixes #149 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Add missing EIP712 initializer call The previous fix was incomplete - we also need to explicitly call __EIP712_init() as it's not automatically called by __ERC20Votes_init(). Added: - Import for EIP712Upgradeable - __EIP712_init() call with contract name and version "1" This ensures all parent initializers are called in the correct order. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> * fix: use addr() to generate addresses from a seed value * Refactor OpenZeppelin library remappings (#151) Simplified remappings.txt from 9 entries to 6 and standardized all imports to use @OpenZeppelin patterns for better readability and consistency. - Consolidated multiple OpenZeppelin remapping patterns into standardized @openzeppelin/contracts/ and @openzeppelin/contracts-upgradeable/ paths - Updated 13 files across contracts, tests, and deployment scripts - Maintained backward compatibility while improving code consistency - All contracts compile successfully with new remappings Fixes #130 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> * fix: rename balanceOfLP to getLPData to fix naming mismatch (#118) (#144) The function balanceOfLP was returning LPData struct (balance + scaling factor) but the name suggested it only returned balance. Renamed to getLPData and updated documentation to clarify it returns complete LP data structure. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: bagelface <bagelface@protonmail.com> Co-authored-by: bagelface.eth <87501783+bagelface@users.noreply.github.com>
* chore: Update .gitmodules to https * Fix incorrect order of parent initializer calls in ButteredBread.sol (#150) * Fix incorrect order of parent initializer calls in ButteredBread.sol Reorder initializer calls to match the expected linearized order: ERC20Upgradeable -> EIP712Upgradeable -> OwnableUpgradeable -> ReentrancyGuardUpgradeable This resolves upgrade safety validation errors that were blocking deployment. Fixes #149 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Add missing EIP712 initializer call The previous fix was incomplete - we also need to explicitly call __EIP712_init() as it's not automatically called by __ERC20Votes_init(). Added: - Import for EIP712Upgradeable - __EIP712_init() call with contract name and version "1" This ensures all parent initializers are called in the correct order. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> * fix: use addr() to generate addresses from a seed value * Refactor OpenZeppelin library remappings (#151) Simplified remappings.txt from 9 entries to 6 and standardized all imports to use @OpenZeppelin patterns for better readability and consistency. - Consolidated multiple OpenZeppelin remapping patterns into standardized @openzeppelin/contracts/ and @openzeppelin/contracts-upgradeable/ paths - Updated 13 files across contracts, tests, and deployment scripts - Maintained backward compatibility while improving code consistency - All contracts compile successfully with new remappings Fixes #130 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> * fix: rename balanceOfLP to getLPData to fix naming mismatch (#118) (#144) The function balanceOfLP was returning LPData struct (balance + scaling factor) but the name suggested it only returned balance. Renamed to getLPData and updated documentation to clarify it returns complete LP data structure. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: bagelface <bagelface@protonmail.com> Co-authored-by: bagelface.eth <87501783+bagelface@users.noreply.github.com>
…tps://github.com/BreadchainCoop/breadchain into 141-automate-upgrade-safety-check-in-ci-pipeline
There was a problem hiding this comment.
Pull Request Overview
This PR automates upgrade safety checks in the CI pipeline by adding validation for smart contract upgrades and tracking flattened contract versions. The purpose is to ensure upgrade compatibility is verified automatically before merging code changes.
- Added automated upgrade safety validation for both YieldDistributor and ButteredBread contracts
- Integrated upgrade checks into the CI workflow that runs on pull requests and pushes
- Added contract flattening and version tracking to maintain upgrade reference points
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| script/upgrades/ValidateUpgrade.s.sol | Updated script to validate upgrades for both YieldDistributor and ButteredBread contracts with proper configuration |
| .github/workflows/test.yml | Added upgrade safety job and contract flattening workflow with version tracking |
- Only flatten and track contracts on merges to dev branch (not main) - Remove v1.0.4 hardcoded references, use flattened previous version - Remove unsafeSkipStorageCheck flag from YieldDistributor validation - Store flattened contracts in current/ and copy to previous/ for future validations - Improve solc compilation output to show errors when compilation fails 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add check in workflow to skip validation if no previous version exists - Prevents CI failure when no flattened contracts are present yet - Validation will run after first merge to dev creates initial flattened versions 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove solc compilation check from flatten step (forge already validates) - Shorten paths from test/upgrades/flattened/ to test/upgrades/ - Update all references to use the shorter path structure 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add flattened YieldDistributor and ButteredBread to test/upgrades/current/ - These will serve as the baseline for future upgrade validations - Will be automatically updated on merges to dev branch 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
bagelface
reviewed
Aug 18, 2025
.github/workflows/test.yml
Outdated
| - name: Install Foundry | ||
| uses: foundry-rs/foundry-toolchain@v1 | ||
| with: | ||
| version: nightly |
Contributor
There was a problem hiding this comment.
probably better to use stable tagged build https://github.com/foundry-rs/foundry/releases/tag/stable
bagelface
reviewed
Aug 18, 2025
.github/workflows/test.yml
Outdated
|
|
||
| env: | ||
| FOUNDRY_PROFILE: ci | ||
| FOUNDRY_DISABLE_NIGHTLY_WARNING: true |
Contributor
There was a problem hiding this comment.
if we use stable tag we can remove this
bagelface
reviewed
Aug 18, 2025
.github/workflows/test.yml
Outdated
| forge clean && forge build | ||
| # Check if previous flattened contracts exist | ||
| if [ -f "test/upgrades/previous/YieldDistributor.sol" ] && [ -f "test/upgrades/previous/ButteredBread.sol" ]; then |
Contributor
There was a problem hiding this comment.
Don't love the contract paths being hardcoded since it'll require more maintenance this way (it's actually already out of date because it's missing "VotingMultipliers"). I think it'd be better to dynamically pull the contracts at the top level of /src. For example:
name: test
on:
workflow_dispatch:
pull_request:
branches: [ dev, main ]
push:
branches: [ dev, main ]
env:
FOUNDRY_PROFILE: ci
jobs:
check:
strategy:
fail-fast: true
name: Foundry project
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: stable
- name: Run Forge build
run: |
forge --version
forge build --sizes
id: build
- name: Run Forge tests
run: |
forge test -vvv
id: test
upgrade-safety:
name: Upgrade Safety Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: stable
- name: Run upgrade safety validation
run: |
forge clean && forge build
if [ -d "test/upgrades/previous" ] && ls test/upgrades/previous/*.sol 1> /dev/null 2>&1; then
echo "Previous contracts found, running upgrade validation..."
forge script script/upgrades/ValidateUpgrade.s.sol
else
echo "No previous contracts found, skipping upgrade validation (initial deployment)"
fi
flatten:
name: Flatten and Track Contracts
runs-on: ubuntu-latest
needs: [check, upgrade-safety]
if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1
with:
version: stable
- name: Create flattened contracts directory
run: mkdir -p test/upgrades/current
- name: Flatten all top-level contracts
run: |
# Find all Solidity files directly under src/, not nested
for contract in $(find src -maxdepth 1 -type f -name "*.sol"); do
name=$(basename "$contract")
forge flatten "$contract" > "test/upgrades/current/$name"
done
# Backup for future upgrade validations
rm -rf test/upgrades/previous
cp -r test/upgrades/current test/upgrades/previous
echo "Flattened contracts saved to test/upgrades/current/"
echo "Previous version backed up to test/upgrades/previous/"
- name: Commit flattened contracts
uses: stefanzweifel/git-auto-commit-action@v5
with:
file_pattern: test/upgrades/**/*.sol
commit_message: "chore: auto-flatten contracts after validation passes [skip ci]"
push_options: '--follow-tags'
bagelface
reviewed
Aug 18, 2025
bagelface
requested changes
Aug 18, 2025
Contributor
bagelface
left a comment
bagelface
left a comment
There was a problem hiding this comment.
Also should include "VotingMultipliers" contract
- Switch from Foundry nightly to stable version - Remove FOUNDRY_DISABLE_NIGHTLY_WARNING env var - Add VotingMultipliers contract to upgrade validation - Make contract flattening dynamic (flatten all top-level src/ contracts) - Update validation check to be more generic (check for any .sol files) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Workflow now runs on PRs targeting release/** branches - Ensures upgrade safety checks run for release PRs 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Workflow now triggers on all PRs (not just to dev/main) - Jobs check if PR is from a branch containing 'release' anywhere in the name - Ensures release-related branches get full CI checks regardless of target 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Remove branch restrictions from pull_request trigger - Add explicit conditions to run jobs on: - All pushes to dev/main - PRs targeting dev or main branches - PRs from any branch containing 'release' in the name - Manual workflow dispatch 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
- Now checks both source branch (head_ref) and target branch (base_ref) for 'release' - This handles PRs targeting release branches (e.g., PR to 164-release-v104) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.