fix : added validation in add image form.

[minato32]

This PR adds a GitHub Action that automatically checks token addresses submitted via the “Add Image” issue form.

What it does:

• added regex validation in github issue template file for address and image url
• Runs when an issue is opened or edited.
• Extracts the Network and Address from the form.
• Checks if the address exists on the selected network.

If invalid or missing:
Posts a comment to let the contributor know.
Adds an invalid-address label.

Summary by CodeRabbit

• New Features

  • Automatic token address validation for issues labeled “addImage,” with clear feedback via comments and an “invalid-address” label on failure.

• Documentation

  • Enhanced issue form with strict address validation (0x-prefixed, 40 hex characters).
  • Added image URL guidance (prefer 256×256 PNG/SVG) and a sample placeholder.
  • Improved form clarity with quoted values and a URL validation pattern.

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[coderabbitai]

Walkthrough

Adds YAML validation metadata to an issue template and introduces a GitHub Actions workflow that parses issue fields, validates a provided token address format and optionally queries chain RPC getCode, then comments and labels issues on failure.

Changes

Cohort / File(s)	Summary of changes
Issue template validation .github/ISSUE_TEMPLATE/2-addImageForm.yml	Added descriptions, placeholders and regex patterns for address (^0x[a-fA-F0-9]{40}$) and imageUrl (^(https?://[\w.-]+(?:/[\w\-.~!$&'()*+,;=:@%]*)*)$); quoted string values and minor YAML formatting adjustments.
Issue-driven address validation workflow .github/workflows/validate-token-address.yml	New workflow triggered on issues labeled addImage (opened/edited). Checks out repo, sets up Node 20, installs ethers, extracts Network and Address from issue body, validates presence/format, maps network→RPC (if present), calls getCode, fails on missing/invalid address or empty code and posts a comment plus invalid-address label on failure; skips RPC step if no mapping.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor User as User
    participant GH as GitHub Issues
    participant GA as GitHub Actions
    participant Script as Validation Script
    participant RPC as Chain RPC (ethers JsonRpcProvider)
    participant API as GitHub API

    User->>GH: Open/Edit issue with label "addImage"
    GH-->>GA: Trigger "Validate Token Address"

    GA->>Script: Checkout, setup Node, install ethers, run script
    Script->>GH: Read issue body (Network, Address)
    Script->>Script: Check Address present and matches ^0x[a-fA-F0-9]{40}$

    alt Missing or invalid format
        Script-->>GA: Fail validation
    else RPC mapping exists for Network
        Script->>RPC: provider.getCode(Address)
        alt getCode == "0x" or provider error indicating invalid
            Script-->>GA: Fail (not a contract / invalid)
        else Code present
            Script-->>GA: Success
        end
    else No RPC mapping
        Script-->>GA: Skip on-chain check (treat as pass)
    end

    opt On failure
        GA->>API: Post comment with error details
        GA->>API: Add "invalid-address" label
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

I hop through YAML, twitch my nose,
Regex carrots in tidy rows.
A workflow sniffs each token pass,
If bytecode's thin, I mark the glass.
Label, comment — then I pose a pose. 🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly indicates that validation was added to the “add image” form, which aligns with the changes to the issue template’s regex checks. It is concise and specific, avoiding vague language or unnecessary details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6b67e84 and 0ae39be.

📒 Files selected for processing (1)

• .github/workflows/validate-token-address.yml (1 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[minato32]

I have read the CLA Document and I hereby sign the CLA

[minato32]

closes #109

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (7)

.github/ISSUE_TEMPLATE/2-addImageForm.yml (2)

43-43: Broaden address regex to accept 0X prefix (optional)

Some users paste addresses with 0X. Consider allowing both 0x/0X; checksum enforcement can remain out-of-band.

-      pattern: "^0x[a-fA-F0-9]{40}$"
+      pattern: "^0[xX][a-fA-F0-9]{40}$"

---

53-53: Relax URL regex; current pattern rejects valid URLs with query/fragment and allows underscores in host

Simplify to accept any http(s) URL without spaces; reduces false negatives and avoids host underscore ambiguity.

-      pattern: "^(https?://[\\w.-]+(?:/[\\w\\-.~!$&'()*+,;=:@%]*)*)$"
+      pattern: "^https?://\\S+$"

.github/workflows/validate-token-address.yml (5)

20-22: Avoid modifying repo deps; pin ethers and don’t save

Prevent npm from touching package.json/lockfile and pin a known-major.

-      - name: Install ethers.js
-        run: npm install ethers
+      - name: Install ethers.js
+        run: npm install --no-save ethers@6

---

23-40: Harden extraction and sanitize outputs

• Make matching more specific to form headers to avoid accidental captures.
• Constrain network to the allowed set before exporting.

       - name: Extract address and network
         id: extract
         uses: actions/github-script@v7
         with:
           script: |
             const body = context.payload.issue.body;
 
-            // Extract Network
-            const networkMatch = body.match(/Network\s*\n\s*(.*)/);
+            // Extract Network (expects "### Network" section in issue form)
+            const networkMatch = body.match(/#+\s*Network\s*\n\s*([A-Z0-9_]+)/);
             const network = networkMatch ? networkMatch[1].trim() : null;
 
-            // Extract Address
-            const addressMatch = body.match(/Address\s*\n\s*(0x[a-fA-F0-9]{40})/);
+            // Extract Address (expects "### Address" section)
+            const addressMatch = body.match(/#+\s*Address\s*\n\s*(0x[a-fA-F0-9]{40})/);
             const address = addressMatch ? addressMatch[1].trim() : null;
 
-            core.setOutput('network', network || '');
+            const allowed = new Set(['MAINNET','GNOSIS_CHAIN','ARBITRUM_ONE','BASE','POLYGON','AVALANCHE','BNB','LENS']);
+            core.setOutput('network', (network && allowed.has(network)) ? network : '');
             core.setOutput('address', address || '');

---

55-64: RPC map OK; consider fallbacks (optional)

Public RPCs can rate-limit. Optional: add multiple URLs per network or a fallback map.

---

72-85: Add explicit timeout and non-zero exit on provider hang

You added a step timeout above; that’s good to avoid hanging runs. Consider retry/backoff if RPC is flaky. Optional.

---

87-110: Fix step condition syntax and de-duplicate labels/comments

• Use expression syntax for if.
• Optionally remove the invalid-address label when a subsequent edit passes validation.

-      - name: Add comment and label if invalid
-        if: failure()
+      - name: Add comment and label if invalid
+        if: ${{ failure() }}
         uses: actions/github-script@v7
         with:
           script: |
             const issue_number = context.issue.number;
             const address = '${{ steps.extract.outputs.address }}';
             const network = '${{ steps.extract.outputs.network }}';
 
             // Add comment
             await github.issues.createComment({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number,
               body: `⚠️ The address \`${address || 'N/A'}\` does not exist or is invalid on network \`${network || 'N/A'}\`. Please verify.`
             });
 
             // Add label
-            await github.issues.addLabels({
+            await github.issues.addLabels({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number,
               labels: ['invalid-address']
             });

To remove the label on success, add the following step after validation:

      - name: Remove invalid-address label on success
        if: ${{ success() }}
        uses: actions/github-script@v7
        with:
          script: |
            const labels = (await github.issues.listLabelsOnIssue({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number
            })).data.map(l => l.name);
            if (labels.includes('invalid-address')) {
              await github.issues.removeLabel({
                owner: context.repo.owner,
                repo: context.repo.repo,
                issue_number: context.issue.number,
                name: 'invalid-address'
              });
            }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1603e3d and 8cecc3e.

📒 Files selected for processing (2)

• .github/ISSUE_TEMPLATE/2-addImageForm.yml (1 hunks)
• .github/workflows/validate-token-address.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.8)

.github/workflows/validate-token-address.yml

13-13: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

16-16: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (2)

.github/ISSUE_TEMPLATE/2-addImageForm.yml (2)

39-39: Address description LGTM

Clear and helpful guidance for contributors.

---

49-50: Image field copy/placeholder LGTM

Good UX; sets expectation without blocking.

[alfetopito]

Thank you for the contribution!

Please make sure to acknowledge/fix if appropriate comments by CodeRabbit as well.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 696f6c2 and 008744c.

📒 Files selected for processing (1)

• .github/workflows/validate-token-address.yml (1 hunks)

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 008744c and 39b0753.

⛔ Files ignored due to path filters (2)

• .yarn/install-state.gz is excluded by !**/.yarn/**, !**/*.gz
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/validate-token-address.yml (1 hunks)
• .yarnrc.yml (1 hunks)
• package.json (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .yarnrc.yml

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/validate-token-address.yml (1)

36-41: Consider making extraction more robust.

The regex patterns assume a specific issue body format. If the issue template changes or users edit the structure, extraction may fail silently.

Consider:

• Adding validation that both fields were extracted successfully
• Logging extracted values for debugging
• Using more forgiving regex patterns or structured parsing

Example improvement:

             const addressMatch = body.match(/Address\s*\n\s*(0x[a-fA-F0-9]{40})/);
             const address = addressMatch ? addressMatch[1].trim() : null;
 
+            console.log('Extracted network:', network);
+            console.log('Extracted address:', address);
+
             core.setOutput('network', network || '');
             core.setOutput('address', address || '');

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 39b0753 and 6b67e84.

📒 Files selected for processing (1)

• .github/workflows/validate-token-address.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/validate-token-address.yml (1)

112-135: LGTM!

The failure handling correctly uses the failure() condition, provides helpful feedback to users, and adds an appropriate label for triage.

[minato32]

appropriate comments by CodeRabbit as well.

@alfetopito @shoom3301 hey I have resolved all the coderabbit comments as well.