Skip to content

Add zksync os setup in CI #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Add zksync os setup in CI #50

wants to merge 2 commits into from

Conversation

@ly0va
Copy link
Member

@ly0va ly0va commented Dec 1, 2025

No description provided.

@github-actions
Copy link

github-actions bot commented Dec 1, 2025
edited
Loading

LCOV Report ✅

All Files

  • Lines: 556/715 (77.8%) ✅ (Minimum coverage is 0%)
  • Functions: 118/136 (86.8%)
  • Branches: 86/245 (35.1%)

Changed Files

N/A

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 1, 2025
View reviewed changes
.github/workflows/ci.yaml
Comment on lines 132 to 196
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@v5

- name: Install Foundry
uses: foundry-rs/[email protected]
with:
# zksync-os-server's zkos-l1-state.json doesn't work on latest version of anvil
version: v1.3.4

- name: Install dependencies
run: forge soldeer install

- name: Build contracts
run: forge build

- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10.20.0

- name: Use Node.js
uses: actions/setup-node@v6
with:
node-version: lts/Jod
cache: pnpm

- name: Install dependencies
run: |
pnpm install -r --frozen-lockfile
cd ${{ github.workspace }}/..
git clone https://github.com/eth-infinitism/account-abstraction
git clone https://github.com/matter-labs/zksync-os-server
- name: Run server
run: |
cd ${{ github.workspace }}/../zksync-os-server
cargo build --release --bin zksync-os-server
anvil --load-state zkos-l1-state.json --port 8545 &> anvil.log &
cargo run --release --bin zksync-os-server &> zksync.log &
- name: Deploy entrypoint
run: |
cd ${{ github.workspace }}/../account-abstraction
git checkout v0.8.0
sed -i "60a zksyncos: { url: 'http://localhost:3050', accounts: ['0x7726827caac94a7f9e1b160f7ea819f172f7b6f9d2a97f992c38edeab82d4110'] }," hardhat.config.ts
pnpm install
pnpm run deploy --network zksyncos
- name: Deploy contracts and a test account
run: |
pnpm deploy-test:zksync-os
- name: Run bundler
run: pnpm bundler:zksync-os &> bundler.log &

- name: Run integration tests
run: |
# Rich account
PRIVATE_KEY=0x7726827caac94a7f9e1b160f7ea819f172f7b6f9d2a97f992c38edeab82d4110
# send 10 ETH
TO=0xa0Ee7A142d267C1f36714E4a8F75612F20a79720
cast send --private-key ${PRIVATE_KEY} --rpc-url http://localhost:3050 ${TO} --value 10000000000000000000
pnpm test:zksync-os

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 5 hours ago

To fix this issue, we should add a permissions block to the zksync-os job definition in .github/workflows/ci.yaml, restricting permissions to the minimum necessary. Since the job only checks out code and runs build/test tasks, it likely only needs contents: read permission (as recommended for jobs not interacting with issues, PRs, or requiring elevated repository access). The change should be made directly after the runs-on: ubuntu-latest line in the zksync-os job definition.

No new imports, packages, or definitions are required—just an addition to the YAML workflow.

Suggested changeset 1
.github/workflows/ci.yaml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -130,6 +130,8 @@
 
   zksync-os:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v5
EOF
@@ -130,6 +130,8 @@

zksync-os:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the repository
uses: actions/checkout@v5
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ly0va