copper-tone-tech/mev-beta
1
0
Fork 0
Code Issues Pull Requests 7 Actions Packages Projects Releases Wiki Activity
Files
master
mev-beta/docs/5_development/LOCAL_CICD.md
Krypto Kajun 850223a953 fix(multicall): resolve critical multicall parsing corruption issues 
- Added comprehensive bounds checking to prevent buffer overruns in multicall parsing
- Implemented graduated validation system (Strict/Moderate/Permissive) to reduce false positives
- Added LRU caching system for address validation with 10-minute TTL
- Enhanced ABI decoder with missing Universal Router and Arbitrum-specific DEX signatures
- Fixed duplicate function declarations and import conflicts across multiple files
- Added error recovery mechanisms with multiple fallback strategies
- Updated tests to handle new validation behavior for suspicious addresses
- Fixed parser test expectations for improved validation system
- Applied gofmt formatting fixes to ensure code style compliance
- Fixed mutex copying issues in monitoring package by introducing MetricsSnapshot
- Resolved critical security vulnerabilities in heuristic address extraction
- Progress: Updated TODO audit from 10% to 35% complete

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-17 00:12:55 -05:00

91 lines
4.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Local CI/CD with Drone & Harness
This project now treats GitHub Actions configs as legacy. The authoritative automation lives in the Drone and Harness definitions checked into the repository.
## Running the Drone pipelines locally
Prerequisites:
- Docker Engine available (for the Drone runner images).
- `drone` CLI installed (`brew install drone-cli` or `go install github.com/harness/drone-cli/drone@latest`).
Common commands:
```bash
# Execute the primary test suite locally
DRONE_GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD) \
DRONE_COMMIT_SHA=$(git rev-parse HEAD) \
drone exec --pipeline test-suite
# Run the security pipeline (same environment variables as above)
drone exec --pipeline security-suite
# Kick off the optional integration run (requires RPC endpoints/mocks)
drone exec --pipeline integration-opt-in
```
Optional tags:
- `legacy` enables the archived integration suites (RPC-heavy).
- `forked` enables the fork/anvil smoke tests (e.g., flash swap executor).
Pipeline summary (mirrors historical GitHub jobs):
| Drone Stage | What it Does |
| ----------- | ------------ |
| `setup-go-cache` | Warm caches, verify modules. |
| `lint` | `golangci-lint` with 10m timeout. |
| `unit-tests` | Full `go test -race -cover ./...`. |
| `build-binary` | Compiles `./cmd/mev-bot` into `bin/mev-bot`. |
| `smoke-start` | Boots the binary for 5s using a test encryption key (expected to fail without keystore). |
| `math-audit` | Runs `tools/math-audit` and validates artifacts. |
| `simulate-profit` | Executes `./scripts/run_profit_simulation.sh`. |
| `docker-build` | Dry-run Docker build via `plugins/docker`. |
| `security-suite` | Gosec, govulncheck, Nancy, and fuzz tests for `pkg/security`. |
| `integration-opt-in` | Executes `go test -tags=integration ./...` when explicitly triggered. |
## Harness pipeline hand-off
Harness orchestration focuses on promotion to staging/production. See `harness/pipelines/staging.yaml` for the canonical workflow. Use Harness CLI (`harness pipeline execute ...`) or the UI to run the same stages locally.
### Running the staging workflow without Harness
For offline validation you can mirror the Harness stages with the helper script `scripts/staging-pipeline-local.sh`. Every stage runs inside a container using either Podman or Docker (auto-detected, or honour `LOCAL_STAGING_RUNTIME`). It executes the same lint, test, audit, simulation, image build, and Helm deployment steps that the Harness `staging_promotion` pipeline performs.
```bash
# end-to-end local staging run (writes logs under reports/ci/local-staging)
./scripts/staging-pipeline-local.sh
# example with custom image tag and real Helm upgrade instead of dry-run
LOCAL_STAGING_IMAGE_TAG=$(git rev-parse --short HEAD) \
LOCAL_STAGING_HELM_DRY_RUN=false \
./scripts/staging-pipeline-local.sh
# skip Docker and deploy stages (lint/tests/audit/simulation only)
LOCAL_STAGING_SKIP_DOCKER=true \
LOCAL_STAGING_SKIP_DEPLOY=true \
./scripts/staging-pipeline-local.sh
```
Key environment toggles:
- `LOCAL_STAGING_BRANCH` branch recorded in logs (defaults to `git rev-parse --abbrev-ref HEAD`).
- `LOCAL_STAGING_RUNTIME` force `docker` or `podman` (defaults to auto-detect).
- `LOCAL_STAGING_IMAGE_NAME`, `LOCAL_STAGING_IMAGE_TAG`, `LOCAL_STAGING_IMAGE_TAR` Docker image reference and saved tarball path.
- `LOCAL_STAGING_SKIP_DOCKER` skip the Docker build/save stage when `true`.
- `LOCAL_STAGING_HELM_DRY_RUN` set to `false` to perform a real Helm upgrade; defaults to `true` (safe dry-run).
- `LOCAL_STAGING_SKIP_DEPLOY` skip the Helm/Kubernetes stage when `true`.
- `LOCAL_STAGING_KUBECONFIG` path to the kubeconfig file mounted inside the Helm/Kubectl containers (defaults to `~/.kube/config`).
The script only needs a container runtime and will pull the required tool images (`golang:1.24`, `golangci-lint`, `helm`, `kubectl`). Logs and artifacts are saved in `reports/ci/local-staging`, mirroring the Harness pipeline output layout.
## Migrating from GitHub Actions
- `.github/workflows/` remains for reference only (manual dispatch only). New checks must be added to Drone or Harness.
- Update the Agent checklist (`AGENTS.md`) when a GitHub workflow is fully retired.
- Security and compliance reporting artifacts still upload to `reports/` for archival.
## Troubleshooting
- Drone steps run inside containers; ensure required host folders (e.g., `reports/`) are writable.
- Some integration tests require RPC endpoints. Set environment variables (`ARBITRUM_RPC_ENDPOINT`, etc.) or skip the pipeline.
- For Harness, secrets mount from the Harness secret manager—you will need the CLI logged in to your Harness account before executing pipelines locally.
Reference in New Issue View Git Blame Copy Permalink