From 0e9bf3fef11a3b37930c3c3400c3afcac061166d Mon Sep 17 00:00:00 2001 From: Andrei Vlad Birgaoanu <99738872+andreivladbrg@users.noreply.github.com> Date: Fri, 15 Dec 2023 15:04:58 +0200 Subject: [PATCH] ci: add ci-slither file (#726) * ci: add ci-slither file ci: move Slither job from ci.yml to its dedicated file to run weekly * ci: remove lint and build jobs in slither * ci: bring back "lint" job --------- Co-authored-by: Paul Razvan Berg --- .github/workflows/ci-slither.yml | 83 ++++++++++++++++++++++++++++++++ .github/workflows/ci.yml | 42 ---------------- 2 files changed, 83 insertions(+), 42 deletions(-) create mode 100644 .github/workflows/ci-slither.yml diff --git a/.github/workflows/ci-slither.yml b/.github/workflows/ci-slither.yml new file mode 100644 index 000000000..d2e2f57d5 --- /dev/null +++ b/.github/workflows/ci-slither.yml @@ -0,0 +1,83 @@ +name: "CI Slither" + +env: + API_KEY_ETHERSCAN: ${{ secrets.API_KEY_ETHERSCAN }} + API_KEY_INFURA: ${{ secrets.API_KEY_INFURA }} + RPC_URL_MAINNET: ${{ secrets.RPC_URL_MAINNET }} + +on: + schedule: + - cron: "0 3 * * 0" # at 3:00am UTC every Sunday + +jobs: + lint: + runs-on: "ubuntu-latest" + steps: + - name: "Check out the repo" + uses: "actions/checkout@v3" + + - name: "Install Foundry" + uses: "foundry-rs/foundry-toolchain@v1" + + - name: "Install Pnpm" + uses: "pnpm/action-setup@v2" + with: + version: "8" + + - name: "Install Node.js" + uses: "actions/setup-node@v3" + with: + cache: "pnpm" + node-version: "lts/*" + + - name: "Install the Node.js dependencies" + run: "pnpm install" + + - name: "Lint the contracts" + run: "pnpm lint" + + - name: "Add lint summary" + run: | + echo "## Lint result" >> $GITHUB_STEP_SUMMARY + echo "✅ Passed" >> $GITHUB_STEP_SUMMARY + + slither-analyze: + runs-on: "ubuntu-latest" + permissions: + actions: "read" + contents: "read" + security-events: "write" + steps: + - name: "Check out the repo" + uses: "actions/checkout@v3" + + - name: "Install Pnpm" + uses: "pnpm/action-setup@v2" + with: + version: "8" + + - name: "Install Node.js" + uses: "actions/setup-node@v3" + with: + cache: "pnpm" + node-version: "lts/*" + + - name: "Install the Node.js dependencies" + run: "pnpm install" + + - name: "Run Slither analysis" + uses: "crytic/slither-action@v0.3.0" + id: "slither" + with: + fail-on: "none" + sarif: "results.sarif" + + - name: "Upload SARIF file to GitHub code scanning" + uses: "github/codeql-action/upload-sarif@v2" + with: + sarif_file: ${{ steps.slither.outputs.sarif }} + + - name: "Add Slither summary" + run: | + echo "## Slither result" >> $GITHUB_STEP_SUMMARY + echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24a6f34b3..2c424484e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -299,45 +299,3 @@ jobs: run: | echo "## Coverage result" >> $GITHUB_STEP_SUMMARY echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY - - slither-analyze: - needs: ["lint", "build"] - runs-on: "ubuntu-latest" - permissions: - actions: "read" - contents: "read" - security-events: "write" - steps: - - name: "Check out the repo" - uses: "actions/checkout@v3" - - - name: "Install Pnpm" - uses: "pnpm/action-setup@v2" - with: - version: "8" - - - name: "Install Node.js" - uses: "actions/setup-node@v3" - with: - cache: "pnpm" - node-version: "lts/*" - - - name: "Install the Node.js dependencies" - run: "pnpm install" - - - name: "Run Slither analysis" - uses: "crytic/slither-action@v0.3.0" - id: "slither" - with: - fail-on: "none" - sarif: "results.sarif" - - - name: "Upload SARIF file to GitHub code scanning" - uses: "github/codeql-action/upload-sarif@v2" - with: - sarif_file: ${{ steps.slither.outputs.sarif }} - - - name: "Add Slither summary" - run: | - echo "## Slither result" >> $GITHUB_STEP_SUMMARY - echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY