kleros
diff --git a/‎.eslintrc.json‎
Lines changed: 0 additions & 37 deletions b/‎.eslintrc.json‎
Lines changed: 0 additions & 37 deletions
diff --git a/‎.github/workflows/contracts-testing.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/contracts-testing.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/dependabot-automerge.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/dependabot-automerge.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dependency-review.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/deploy-bots.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/deploy-bots.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/deploy-subgraph.yml‎
Lines changed: 48 additions & 0 deletions b/‎.github/workflows/deploy-subgraph.yml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎.github/workflows/scorecards.yml‎
Lines changed: 12 additions & 3 deletions b/‎.github/workflows/scorecards.yml‎
Lines changed: 12 additions & 3 deletions
diff --git a/‎.github/workflows/sentry-release.yml‎
Lines changed: 11 additions & 4 deletions b/‎.github/workflows/sentry-release.yml‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎.lintstagedrc.json‎
Lines changed: 3 additions & 6 deletions b/‎.lintstagedrc.json‎
Lines changed: 3 additions & 6 deletions
diff --git a/‎.prettierrc.json‎
Lines changed: 0 additions & 15 deletions b/‎.prettierrc.json‎
Lines changed: 0 additions & 15 deletions
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
+      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
       with:
         disable-sudo: true
         egress-policy: block
@@ -38,7 +38,7 @@ jobs:
     - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
 
     - name: Cache node modules
-      uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0
+      uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
       env:
         cache-name: cache-node-modules
       with:
 
@@ -12,7 +12,7 @@ jobs:
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -21,7 +21,7 @@ jobs:
 
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@4de7a6c08ce727a42e0adbbdc345f761a01240ce # v1.3.6
+        uses: dependabot/fetch-metadata@cd6e996708b8cfe0b639401134a3b9a3177be7b2 # v1.5.1
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
 
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
         with:
           disable-sudo: true
           egress-policy: block
 
@@ -8,12 +8,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
       - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
+      - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0
       - uses: aws-actions/setup-sam@2993f015a7af30461b7641a256042fe0c6fc0c2e
       - uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
         with:
 
@@ -0,0 +1,48 @@
+name: Deploy the Subgraph
+
+on:
+  workflow_dispatch:
+    inputs:
+      network:
+        description: The network to deploy the subgraph to
+        required: true
+        default: 'arbitrum-goerli'
+        type: choice
+        options:
+          - arbitrum-goerli
+          - arbitrum
+
+permissions:
+  contents: read
+
+jobs:
+  buildAndDeploy:
+    runs-on: ubuntu-latest
+    environment: kleros-org-subgraph
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout code
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
+        with:
+          node-version: 16
+
+      - name: Install the dependencies
+        run: yarn install
+
+      - name: Build the subgraph
+        run: |
+          yarn codegen
+          yarn build
+
+      - name: Authenticate with TheGraph
+        run: yarn graph auth "${{ secrets.SUBGRAPH_AUTH_TOKEN }}" --product hosted-service
+
+      - name: Deploy the subgraph
+        run: yarn deploy:${{ inputs.network }}
@@ -32,12 +32,21 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
+        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
-            api.github.com:443 api.osv.dev:443 auth.docker.io:443 bestpractices.coreinfrastructure.org:443 fulcio.sigstore.dev:443 github.com:443 index.docker.io:443 sigstore-tuf-root.storage.googleapis.com:443
+            api.github.com:443 
+            api.securityscorecards.dev:443
+            api.osv.dev:443 
+            auth.docker.io:443 
+            bestpractices.coreinfrastructure.org:443 
+            fulcio.sigstore.dev:443
+            rekor.sigstore.dev:443
+            github.com:443
+            index.docker.io:443 
+            sigstore-tuf-root.storage.googleapis.com:443
 
       - name: "Checkout code"
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.1.0
@@ -75,6 +84,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.1.27
+        uses: github/codeql-action/upload-sarif@83f0fe6c4988d98a455712a27f0255212bba9bd4 # v2.1.27
         with:
           sarif_file: results.sarif
@@ -17,14 +17,21 @@ jobs:
       version: ${{ steps.set-version.outputs.version }}
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0
+      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
       with:
-        egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          binaries.soliditylang.org:443
+          github.com:443
+          nodejs.org:443
+          registry.yarnpkg.com:443
+          sentry.io:443
 
     - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
 
     - name: Cache node modules
-      uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0
+      uses: actions/cache@04f198bf0b2a39f7230a4304bf07747a0bddf146
       env:
         cache-name: cache-node-modules
       with:
@@ -57,7 +64,7 @@ jobs:
       working-directory: web
 
     - name: Create Sentry release
-      uses: getsentry/action-release@bd5f874fcda966ba48139b0140fb3ec0cb3aabdd # v1.2.1
+      uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7 # v1.4.1
       env:
         SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
         SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
 
@@ -1,8 +1,5 @@
 {
-  "*.{js,jsx,ts,tsx}": "prettier --write",
-  "*.{md,html,json}": "prettier --write",
-  "*.sol": [
-    "prettier --write",
-    "solhint --fix"
-  ]
+  "*.{js,jsx,ts,tsx}": "prettier --write --config prettier-config/.prettierrc.js",
+  "*.{md,html,json}": "prettier --write --config prettier-config/.prettierrc.js",
+  "*.sol": "prettier --write --config prettier-config/.prettierrc.js"
 }
Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,5 @@`
`1`	`1`	`{`
`2`		`- "*.{js,jsx,ts,tsx}": "prettier --write",`
`3`		`- "*.{md,html,json}": "prettier --write",`
`4`		`- "*.sol": [`
`5`		`- "prettier --write",`
`6`		`- "solhint --fix"`
`7`		`- ]`
	`2`	`+ "*.{js,jsx,ts,tsx}": "prettier --write --config prettier-config/.prettierrc.js",`
	`3`	`+ "*.{md,html,json}": "prettier --write --config prettier-config/.prettierrc.js",`
	`4`	`+ "*.sol": "prettier --write --config prettier-config/.prettierrc.js"`
`8`	`5`	`}`