Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a sherif monorepo linter to the CI #452

Merged
merged 6 commits into from
Jul 9, 2024
Merged

Add a sherif monorepo linter to the CI #452

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e74c7dd
add a monorepo linter to the ci
mmv08 Jun 30, 2024
2716468
Fix monorepo lint errors
mmv08 Jul 5, 2024
00f76b3
pin dependencies that affect the bytecode
mmv08 Jul 5, 2024
1582795
pin dependencies that affect the bytecode
mmv08 Jul 5, 2024
5084bef
Update modules/passkey/package.json
mmv08 Jul 9, 2024
5ebd689
loosen up sheriff version
mmv08 Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,8 @@ jobs:
with:
node-version: 20.x
cache: pnpm
- run: pnpm install
- run: pnpm run fmt:global-check
- run: |
pnpm install
pnpm run fmt:global-check
# -i is to ignore packages that are expected to have multiple versions across the workspace
npx sherif@latest -i @openzeppelin/contracts
Copy link
Collaborator

@nlordell nlordell Jul 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not a fan of this - it means that CI can break from one run to another because of new sherif rules.

Why not add it as a dependency to the root of the repository? It can even be part of the fmt:global-check in order to be easier to run locally.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is their recommended way of running it: https://github.com/QuiiBz/sherif

I agree using latest is a mistake, I'll pin it to a specific version.

It can even be part of the fmt:global-check

It can be, but I am unsure if it's related to formatting 🤷

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can be, but I am unsure if it's related to formatting 🤷

😅 - it definitely isn't. What I meant more was that we can use NPM scripts to run both checks with a single command. A wise @mmv08 once taught me that this is the way :P

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pinned the version sir

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I migrated it to the package.json file, and one thing that I missed straight away is the comments 🙈 I have no way to explain what the -i flag does and why certain packages are excluded

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git blame 😛

True that JSON doesn't allow for comments which is annoying 😞

8 changes: 4 additions & 4 deletions examples/4337-gas-metering/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,14 +53,14 @@
"@alchemy/aa-core": "2.3.1",
"@gelatonetwork/relay-sdk": "^5.5.6",
"alchemy-sdk": "3.1.2",
"dotenv": "16.4.5",
"ethers": "^6.12.1",
"dotenv": "^16.4.5",
"ethers": "^6.13.1",
"permissionless": "0.1.29",
"viem": "2.12.5"
},
"devDependencies": {
"@types/node": "20.14.0",
"@types/node": "^20.14.8",
"tsx": "4.11.0",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated nit that I'm just noticing now: it feels weird that we write dependencies differently for different packages in our repository. Here, we are using "x.y.z", while in others we are using "^x.y.z", even though there is nothing special about these dependencies for expressing them differently from a semver perspective.

Not for this PR, just something that I wanted to bring up.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe there's a purpose, the problem is that there are no comments allowed in the package.json, so that knowledge may be lost. There are some hacky solutions though: https://stackoverflow.com/questions/14221579/how-do-i-add-comments-to-package-json-for-npm-install

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These packages are getting pinned by the lock file. The places where versioning matters more are for dependencies, because those get transitively installed.

I think that git blame might be able to include documentation for these.

"typescript": "^5.4.5"
"typescript": "^5.5.2"
}
}
2 changes: 1 addition & 1 deletion examples/4337-passkeys/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,4 @@
"vite": "^5.3.1",
"vite-plugin-commonjs": "^0.10.1"
}
}
}
6 changes: 3 additions & 3 deletions modules/4337/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,15 @@
"url": "https://github.com/safe-global/safe-modules/issues"
},
"devDependencies": {
"@account-abstraction/contracts": "^0.7.0",
"@account-abstraction/contracts": "0.7.0",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a dependency? I think we import types from it when building the contract:

safe-modules/modules/4337/contracts/Safe4337Module.sol

Lines 6 to 9 in bb5e1f7

import {IAccount} from "@account-abstraction/contracts/interfaces/IAccount.sol";
import {PackedUserOperation} from "@account-abstraction/contracts/interfaces/PackedUserOperation.sol";
import {_packValidationData} from "@account-abstraction/contracts/core/Helpers.sol";
import {UserOperationLib} from "@account-abstraction/contracts/core/UserOperationLib.sol";

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes sir.

"@noble/curves": "^1.4.0",
"@nomicfoundation/hardhat-ethers": "^3.0.6",
"@nomicfoundation/hardhat-network-helpers": "^1.0.11",
"@nomicfoundation/hardhat-toolbox": "^5.0.0",
"@openzeppelin/contracts": "^5.0.2",
"@safe-global/safe-4337-local-bundler": "workspace:^0.0.0",
"@safe-global/safe-4337-provider": "workspace:^0.0.0",
"@simplewebauthn/server": "10.0.0",
"@simplewebauthn/server": "^10.0.0",
"@types/chai": "^4.3.16",
"@types/mocha": "^10.0.7",
"@types/node": "^20.14.8",
Expand All @@ -76,4 +76,4 @@
"dependencies": {
"@safe-global/safe-contracts": "^1.4.1-build.0"
}
}
}
16 changes: 8 additions & 8 deletions modules/allowances/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,23 +27,23 @@
"devDependencies": {
"@nomicfoundation/hardhat-toolbox": "^5.0.0",
"@openzeppelin/contracts": "^5.0.2",
"@safe-global/safe-deployments": "^1.36.0",
"@safe-global/safe-deployments": "^1.37.0",
"@safe-global/safe-singleton-factory": "^1.0.25",
"@typechain/ethers-v6": "^0.5.1",
"@typechain/hardhat": "^9.1.0",
"@types/mocha": "^10.0.6",
"@types/node": "^20.14.0",
"@types/mocha": "^10.0.7",
"@types/node": "^20.14.8",
"@typescript-eslint/eslint-plugin": "^7.12.0",
"@typescript-eslint/parser": "^7.12.0",
"dotenv": "^16.4.5",
"eslint": "^8.57.0",
"ethers": "^6.12.1",
"hardhat": "^2.22.3",
"ethers": "^6.13.1",
"hardhat": "^2.22.5",
"hardhat-deploy": "^0.12.4",
"solhint": "5.0.1",
"solhint": "^5.0.1",
"solidity-coverage": "^0.8.12",
"ts-node": "^10.9.2",
"typechain": "^8.3.2",
"typescript": "5.4.5"
"typescript": "^5.5.2"
}
}
}
14 changes: 7 additions & 7 deletions modules/passkey/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,24 +48,24 @@
"devDependencies": {
"@noble/curves": "^1.4.0",
"@nomicfoundation/hardhat-ethers": "^3.0.6",
"@nomicfoundation/hardhat-network-helpers": "^1.0.10",
"@nomicfoundation/hardhat-network-helpers": "^1.0.11",
"@nomicfoundation/hardhat-toolbox": "^5.0.0",
"@safe-global/mock-contract": "^4.1.0",
"@safe-global/safe-4337": "workspace:^0.3.0-1",
"@safe-global/safe-4337-local-bundler": "workspace:^0.0.0",
"@simplewebauthn/server": "^10.0.0",
"@types/node": "^20.14.0",
"@types/node": "^20.14.8",
"dotenv": "^16.4.5",
"ethers": "^6.12.1",
"hardhat": "^2.22.3",
"ethers": "^6.13.1",
"hardhat": "^2.22.5",
"hardhat-deploy": "^0.12.4",
"solhint": "^5.0.1",
"ts-node": "^10.9.2",
"typescript": "^5.4.5"
"typescript": "^5.5.2"
},
"dependencies": {
"@account-abstraction/contracts": "^0.7.0",
"@openzeppelin/contracts": "^5.0.0",
"@account-abstraction/contracts": "0.7.0",
"@openzeppelin/contracts": "^5.0.2",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a transitive dependency from account-abstraction (whose package has a bug and doesn't correctly include the contracts as a dependency) and uses version 5.0.0:

https://github.com/eth-infinitism/account-abstraction/blob/7af70c8993a6f42973f520ae0752386a5032abe7/yarn.lock#L901-L904

I would suggest marking this as:

Suggested change
"@openzeppelin/contracts": "^5.0.2",
"@openzeppelin/contracts": "=5.0.0",

To indicate this is an exact version on purpose.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, they do include it as a dependency (I created a PR to fix it). We have it because hardhat can't resolve pnpm modules correctly: NomicFoundation/hardhat#4292

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, good find.

Should we use 5.0.0 though, so it matches the version in the repository?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only use the AA dependency in tests and do not depend on the same bytecode, so I think it's fine. Openzeppelin package is also following semver so I think it's in the allowed version range.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, I accidentally commited the fix. Still good with me though

Copy link
Collaborator

@nlordell nlordell Jul 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait - if its only used in tests, then I think it should be a devDependency. I'm so confused 😭

"@safe-global/safe-contracts": "^1.4.1-build.0",
mmv08 marked this conversation as resolved.
Show resolved Hide resolved
"cbor": "^9.0.2"
}
Expand Down
12 changes: 6 additions & 6 deletions modules/recovery/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,18 +39,18 @@
"devDependencies": {
"@nomicfoundation/hardhat-ethers": "^3.0.6",
"@nomicfoundation/hardhat-toolbox": "^5.0.0",
"@types/node": "^20.14.0",
"@types/node": "^20.14.8",
"@types/yargs": "^17.0.32",
"dotenv": "^16.4.5",
"ethers": "^6.12.1",
"hardhat": "^2.22.3",
"ethers": "^6.13.1",
"hardhat": "^2.22.5",
"hardhat-deploy": "^0.12.4",
"typescript": "^5.4.5",
"typescript": "^5.5.2",
"yargs": "^17.7.2"
},
"dependencies": {
"candide-contracts": "github:5afe/CandideWalletContracts#113d3c059e039e332637e8f686d9cbd505f1e738",
"@openzeppelin/contracts": "=4.9.6",
"@safe-global/safe-contracts": "=1.4.1-build.0"
"@safe-global/safe-contracts": "^1.4.1-build.0"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should use exact dependencies for these:

Suggested change
"@safe-global/safe-contracts": "^1.4.1-build.0"
"@safe-global/safe-contracts": "=1.4.1-build.0"

They affect the build and ultimately the bytecode - so not doing so could lead to issues where packages that depend on the contracts here build with different bytecode than what the contract build originally.

Same applies for other @safe-global/safe-contracts and @account-abstraction/contracts dependencies elsewhere.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I've done this in the recovery package (technically, we shouldn't have this dependency here, but it's listed as a dev dependency in their repo) and the 4337 one. I proposed a change to them in our shared Slack channel.

}
}
}
2 changes: 2 additions & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
"name": "@safe-global/safe-modules",
"version": "1.0.0",
"description": "A monorepo for Safe modules",
"private": true,
"packageManager": "pnpm@9.4.0",
"main": "dist/index.js",
"workspaces": [
"packages/*",
Expand Down
12 changes: 6 additions & 6 deletions packages/4337-local-bundler/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@
"prepare": "pnpm run build"
},
"dependencies": {
"@account-abstraction/contracts": "^0.7.0",
"@account-abstraction/contracts": "0.7.0",
"@nomicfoundation/hardhat-toolbox": "^5.0.0",
"@safe-global/safe-4337-provider": "workspace:^0.0.0",
"@safe-global/safe-contracts" : "^1.4.1-build.0",
"ethers": "^6.12.1",
"hardhat": "^2.22.3",
"@safe-global/safe-contracts": "^1.4.1-build.0",
"ethers": "^6.13.1",
"hardhat": "^2.22.5",
"hardhat-deploy": "^0.12.4",
"node-fetch": "^3.3.2",
"typescript": "^5.4.5"
"typescript": "^5.5.2"
}
}
}
12 changes: 7 additions & 5 deletions packages/4337-provider/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
"prepare": "pnpm run build"
},
"dependencies": {
"@types/node": "^20.14.0",
"ethers": "^6.12.1",
"rimraf" :"^5.0.7",
"typescript": "^5.4.5"
"ethers": "^6.13.1",
"rimraf": "^5.0.7",
"typescript": "^5.5.2"
},
"devDependencies": {
"@types/node": "^20.14.8"
}
}
}
Loading
Loading