CI/CD Pipeline
π Continuous Integration & Deployment
Every single commit is automatically tested. No exceptions.
Pipeline Overview
GitHub Actions Workflows
1. Test Suite (ci.yml)
Runs on: Every commit to any branch
name: Test Suite
on: [push, pull_request]
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install Dependencies
run: npm ci
- name: Run Hardhat Tests (753 tests)
run: npm test
timeout-minutes: 10
- name: Run Foundry Tests (181 tests)
run: forge test
timeout-minutes: 5
- name: Generate Coverage
run: npm run coverage
- name: Upload Coverage
uses: codecov/codecov-action@v3Status: β
Active
Last Run: 2026-01-14 21:30 UTC
Result: 950/950 passing
View Workflow β (opens in a new tab)
2. Security Scans (security.yml)
Runs on: Every commit + Weekly schedule
name: Security Scans
on:
push:
schedule:
- cron: '0 0 * * 0' # Weekly
jobs:
slither:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run Slither
uses: crytic/slither-action@v0.3.0
with:
fail-on: high
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: slither-report
path: slither-report.json
mythril:
runs-on: ubuntu-latest
steps:
- name: Run Mythril
run: |
pip3 install mythril
myth analyze contracts/**/*.sol --execution-timeout 7200Status: β
Active
Last Run: 2026-01-13 18:45 UTC
Result: 0 vulnerabilities
View Workflow β (opens in a new tab)
3. Fuzzing (ci-fuzzing.yml)
Runs on: Every PR + Nightly
name: Fuzzing
on:
pull_request:
schedule:
- cron: '0 2 * * *' # Nightly at 2 AM
jobs:
echidna:
runs-on: ubuntu-latest
timeout-minutes: 480 # 8 hours
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Echidna
run: |
wget https://github.com/crytic/echidna/releases/download/v2.2.1/echidna
chmod +x echidna
- name: Run Echidna Fuzzing
run: ./echidna . --config echidna.config.yaml --test-limit 100000
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: echidna-results
path: echidna-*.logStatus: β
Active
Last Run: 2026-01-13 02:00 UTC
Result: 0 property violations
View Workflow β (opens in a new tab)
Recent CI Runs
| Date | Commit | Tests | Security | Result |
|---|---|---|---|---|
| 2026-01-19 | latest | 950/950 β | Pass β | β Success |
| 2026-01-14 18:45 | d4e9b82 | 486/867 β οΈ | Pass β | β οΈ Failing tests |
| 2026-01-13 22:15 | c3a8f47 | 486/867 β οΈ | Pass β | β οΈ Failing tests |
| 2026-01-13 16:30 | b2d7e36 | 443/443 β | Pass β | β Success |
| 2026-01-12 14:20 | f5c4a19 | 443/443 β | Pass β | β Success |
View All Runs β (opens in a new tab)
Pull Request Checks
Every PR must pass ALL these checks before merge:
Required Checks β
-
Hardhat Tests (753)
- Status: β Must pass
- Timeout: 10 minutes
- Failure = PR blocked
-
Foundry Tests (181)
- Status: β Must pass
- Timeout: 5 minutes
- Failure = PR blocked
-
Slither Analysis
- Status: β Must pass
- No high/critical issues
- Failure = PR blocked
-
Code Coverage
- Status: β Must not regress on core contracts
- Current: 61.22% overall / 84.41% core avg
- Warning if drops below
-
Gas Report
- Status: βΉοΈ Informational
- Shows gas changes
- Warning if increase >10%
Example PR Check
β
Test Suite / Hardhat Tests (753 tests) ~5-6m
β
Test Suite / Foundry Tests (181 tests) ~2s
β
Security / Slither Analysis 45s
β
Coverage / Generate Report 1m 12s
β οΈ Gas / Compare with main (+2.3%) 38s
All checks passed - Ready to merge β
Branch Protection Rules
main Branch
- β Require PR before merge
- β Require all checks pass
- β Require 1 approval (security team)
- β Require up-to-date branch
- β Require signed commits
- β Allow force push (disabled)
- β Allow deletions (disabled)
develop Branch
- β Require PR before merge
- β Require all checks pass
- β Allow force push (for rebasing)
Deployment Pipeline
Testnet Deployment (Fuji)
Triggered: Manually via GitHub Actions
name: Deploy to Fuji
on:
workflow_dispatch:
inputs:
version:
description: 'Version to deploy'
required: true
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Run Pre-deployment Checks
run: npm run pre-deploy
- name: Deploy Contracts
run: npx hardhat run scripts/deploy/deploy-fuji.js --network fuji
env:
PRIVATE_KEY: ${{ secrets.DEPLOYER_KEY }}
- name: Verify Contracts
run: npm run verify-all
- name: Update Documentation
run: npm run sync-dappLast Deployment: v2.4.0 (2026-01-24)
Network: Avalanche Fuji Testnet
Status: π’ Live
Documentation Deployment
Auto-deploys on every push to main
- Hosting: Vercel
- URL: https://docs.seal360.net (opens in a new tab)
- Build Time: ~2 minutes
- Status: π’ Live
name: Deploy Docs
on:
push:
branches: [main]
# Handled automatically by Vercel
# Builds Nextra site
# Deploys to productionMonitoring & Alerts
Slack Notifications
CI failures trigger instant Slack alerts:
π¨ CI Failed - seal360-contracts
Branch: feature/new-staking
Commit: a7f3c21
Failed Check: Hardhat Tests
Details: 5 tests failing in S360Governor
Link: https://github.com/.../actions/runs/123456Email Notifications
Security scan failures email security team:
Subject: [CRITICAL] Security Scan Failed - seal360-contracts
Slither detected 1 HIGH severity issue:
- Reentrancy in S360Staking.unstake()
View Report: https://github.com/.../artifacts/slither-report.jsonTest Coverage Tracking
Codecov Integration
Coverage reports uploaded automatically:
- Current Coverage: 61.22% overall / 84.41% core avg
- Branch Coverage: 96.2%
- Trend: βοΈ +0.3% (last 7 days)
View on Codecov β (opens in a new tab)
Coverage Badge
Displayed on README.md for instant visibility.
Performance Benchmarks
Test Execution Times
| Suite | Tests | Time | Per Test |
|---|---|---|---|
| Token | 45 | 28s | 0.62s |
| Staking | 58 | 42s | 0.72s |
| Bonding Curve | 52 | 35s | 0.67s |
| Governor | 89 | 125s | 1.40s |
| Security | 126 | 77s | 0.61s |
| Total | 753 | ~5-6m | ~0.45s avg |
Gas Usage Tracking
Gas costs tracked on every PR:
Function | Gas Before | Gas After | Change
----------------------|------------|-----------|--------
token.transfer() | 51,234 | 51,234 | 0%
staking.stake() | 127,456 | 125,892 | -1.2% β
bonding.buy() | 189,234 | 189,234 | 0%
governor.propose() | 234,567 | 236,123 | +0.7% β οΈLocal CI Simulation
Want to run CI checks locally before pushing?
Quick Check
npm run ci:quick
# Runs: tests + linting + format check
# Time: ~6 minutesFull CI
npm run ci:full
# Runs: tests + security + coverage + gas report
# Time: ~15 minutesPre-commit Hook
npm run setup-hooks
# Installs git hooks that run tests before commitCI/CD Statistics
Current Month (January 2026)
- Total Runs: 142
- Success Rate: 94.4% (134/142)
- Failed Runs: 8 (all fixed)
- Avg Duration: 7m 23s
- Tests Executed: updated (see latest CI run)
All Time
- Total Runs: 1,847
- Success Rate: 96.2%
- Tests Executed: 906,477
- Issues Caught: 47 bugs prevented from merge
Transparency Commitment
What We Publish
β
Every CI run - Public on GitHub Actions
β
Every test result - Logs available
β
Every security scan - Reports downloadable
β
Every coverage report - Updated real-time
β
Every deployment - Tracked and verified
What You Can Verify
- View all CI runs β (opens in a new tab)
- Download test artifacts β (opens in a new tab)
- View coverage trends β (opens in a new tab)
- Check deployment status β (opens in a new tab)
Questions?
Want to Set Up Similar CI?
- View our workflow files β (opens in a new tab)
- Fork and adapt β (opens in a new tab)
- Ask in Discord β (opens in a new tab)