mirror of
https://github.com/datahaven-xyz/datahaven
synced 2026-05-23 17:28:23 +00:00
da2847bbbf
## Summary
Implements storage layout testing for the upgradeable
`DataHavenServiceManager` contract to prevent state
corruption during proxy upgrades.
## Changes
### New Files
- **`contracts/storage-snapshots/DataHavenServiceManager.storage.json`**
- Baseline storage layout
snapshot
- **`contracts/storage-snapshots/README.md`** - Documentation for
updating snapshots and known
limitations
- **`contracts/scripts/check-storage-layout.sh`** - CI script that
compares current layout against
snapshot
- **`contracts/test/storage/StorageLayout.t.sol`** - Upgrade simulation
tests verifying state
preservation
- **`.github/workflows/task-storage-layout.yml`** - CI workflow for
storage layout checks
### Modified Files
- **`.github/workflows/CI.yml`** - Added `storage-layout` job to run in
parallel with other checks
## How It Works
**Two-pronged approach:**
1. **Snapshot Diff** - Compares current storage layout against committed
snapshot using `forge inspect`.
Catches unintended variable reordering, type changes, or gap
modifications.
2. **Upgrade Simulation** - Foundry tests that populate state, perform a
proxy upgrade, and verify all
values survive:
- `test_upgradePreservesState` - Verifies core state variables
- `test_upgradePreservesValidatorMappings` - Verifies
`validatorEthAddressToSolochainAddress` mapping
- `test_upgradePreservesMultipleValidators` - Verifies
`validatorsAllowlist` with multiple entries
- `test_functionalityAfterUpgrade` - Verifies contract remains
functional post-upgrade
## Normalization
The snapshot comparison normalizes JSON to avoid false positives:
- Removes `astId` (changes with compiler runs)
- Removes `contract` (contains full file path)
- Removes `.types` section (contains unstable AST IDs embedded in type
keys)
- Sorts by slot number
## Usage
```bash
# Check storage layout against snapshot
./scripts/check-storage-layout.sh
# Run upgrade simulation tests
forge test --match-contract StorageLayoutTest -vvv
# Update snapshot (when intentionally changing storage)
forge inspect DataHavenServiceManager storage --json >
storage-snapshots/DataHavenServiceManager.storage.json
```
## Test Plan
- ./scripts/check-storage-layout.sh passes
- forge test --match-contract StorageLayoutTest -vvv passes (4 tests)
- CI workflow runs successfully
82 lines
2.5 KiB
YAML
82 lines
2.5 KiB
YAML
#! Main CI Specification for DataHaven Repository
|
|
#!
|
|
#! This workflow runs validation checks on pull requests.
|
|
#! For main branch releases, see release.yml
|
|
|
|
name: CI
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- perm-*
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
# Permissions granted to reusable workflows
|
|
# Note: Called workflows (workflow_call) are constrained by these permissions
|
|
permissions:
|
|
contents: read
|
|
actions: write # Required for artifact upload/download in build-operator, moonwall-tests
|
|
packages: write # Required for docker-build-ci to push to ghcr.io
|
|
|
|
concurrency:
|
|
group: pr-checks-${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
# Tier 0 - Warm sccache for all Rust jobs
|
|
warm-sccache:
|
|
uses: ./.github/workflows/task-warm-sccache.yml
|
|
|
|
# First Tier - Build the binary (depends on warm cache)
|
|
build-operator:
|
|
needs: [warm-sccache]
|
|
uses: ./.github/workflows/task-build-operator.yml
|
|
|
|
# First Tier - Other parallel jobs
|
|
ts-build:
|
|
uses: ./.github/workflows/task-ts-build.yml
|
|
ts-lint:
|
|
uses: ./.github/workflows/task-ts-lint.yml
|
|
unit-tests:
|
|
needs: [warm-sccache]
|
|
uses: ./.github/workflows/task-rust-tests.yml
|
|
contract-tests:
|
|
uses: ./.github/workflows/task-foundry-tests.yml
|
|
storage-layout:
|
|
uses: ./.github/workflows/task-storage-layout.yml
|
|
rust-lint:
|
|
needs: [warm-sccache]
|
|
uses: ./.github/workflows/task-rust-lint.yml
|
|
|
|
# Second Tier - Jobs that depend on operator build
|
|
check-metadata:
|
|
needs: [build-operator]
|
|
uses: ./.github/workflows/task-check-metadata.yml
|
|
with:
|
|
binary-hash: ${{ needs.build-operator.outputs.binary-hash }}
|
|
|
|
docker-build-ci:
|
|
needs: [build-operator]
|
|
uses: ./.github/workflows/task-docker-ci.yml
|
|
# Note: GITHUB_TOKEN is automatically available to reusable workflows
|
|
with:
|
|
binary-hash: ${{ needs.build-operator.outputs.binary-hash }}
|
|
|
|
moonwall-tests:
|
|
needs: [build-operator]
|
|
uses: ./.github/workflows/task-moonwall-tests.yml
|
|
with:
|
|
binary-hash: ${{ needs.build-operator.outputs.binary-hash }}
|
|
|
|
# Third Tier - E2E tests depend on docker build
|
|
e2e-tests:
|
|
needs: [docker-build-ci]
|
|
uses: ./.github/workflows/task-e2e.yml
|
|
# Note: GITHUB_TOKEN is automatically available to reusable workflows
|
|
with:
|
|
image-tag: ${{ needs.docker-build-ci.outputs.image-tag }}
|
|
secrets:
|
|
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|