forked from crytic/slither-action
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request crytic#29 from crytic/dev-new-exit-code-behavior
Add support for new `--fail-*` behavior
- Loading branch information
Showing
3 changed files
with
88 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -32,6 +32,7 @@ jobs: | |
| Key | Description | ||
|------------------|------------ | ||
| `ignore-compile` | If set to true, the Slither action will not attempt to compile the project. False by default. See [Advanced compilation](#advanced-compilation). | ||
| `fail-on` | Cause the action to fail if Slither finds any issue of this severity or higher. See [action fail behavior](#action-fail-behavior). | ||
| `node-version` | The version of `node` to use. If this field is not set, the latest version will be used. | ||
| `sarif` | If provided, the path of the SARIF file to produce, relative to the repo root (see [Github Code Scanning integration](#github-code-scanning-integration)). | ||
| `slither-args` | Extra arguments to pass to Slither. | ||
|
@@ -47,6 +48,24 @@ If the project requires advanced compilation settings or steps, set | |
Slither. You can find an example workflow that uses this option in the | ||
[examples](#examples) section. | ||
|
||
### Action fail behavior | ||
|
||
The Slither action supports a `fail-on` option, based on the `--fail-*` flags | ||
added in Slither 0.8.4. To maintain the current action behavior, this option | ||
defaults to `all`. The following table summarizes the action behavior across | ||
different Slither versions. You may adjust this option as needed for your | ||
workflows. If you are setting these options on your config file, set `fail-on: | ||
config` to prevent the action from overriding your settings. | ||
|
||
| `fail-on` | Slither <= 0.8.3 | Slither > 0.8.3 | ||
|--------------------|---------------------------|---------------- | ||
| `all` / `pedantic` | Fail on any finding | Fail on any finding | ||
| `low` | Fail on any finding | Fail on any finding >= low | ||
| `medium` | Fail on any finding | Fail on any finding >= medium | ||
| `high` | Fail on any finding | Fail on any finding >= high | ||
| `none` | Do not fail on findings | Do not fail on findings | ||
| `config` | Determined by config file | Determined by config file | ||
|
||
### Using a different Slither version | ||
|
||
If the latest Slither release has a bug that does not let you analyze your | ||
|
@@ -99,9 +118,9 @@ jobs: | |
- name: Run Slither | ||
uses: crytic/[email protected] | ||
id: slither | ||
continue-on-error: true | ||
with: | ||
sarif: results.sarif | ||
fail-on: none | ||
- name: Upload SARIF file | ||
uses: github/codeql-action/upload-sarif@v2 | ||
|
@@ -111,7 +130,7 @@ jobs: | |
|
||
Here: | ||
|
||
- `continue-on-error: true` is required to let the SARIF upload step run if Slither finds issues | ||
- `fail-on: none` is required to let the SARIF upload step run if Slither finds issues | ||
- `id: slither` is the name used to reference the step later on (e.g., in `steps.slither.outputs.sarif`) | ||
|
||
## Examples | ||
|
@@ -146,8 +165,8 @@ NodeJS 16.x and install project dependencies before running Slither on the | |
project. Slither will output findings in SARIF format, and those will get | ||
uploaded to GitHub. | ||
|
||
We include `continue-on-error: true` on the Slither action to avoid failing the | ||
run if findings are found. | ||
We include `fail-on: none` on the Slither action to avoid failing the run if | ||
findings are found. | ||
|
||
```yaml | ||
name: Slither Analysis | ||
|
@@ -170,11 +189,11 @@ jobs: | |
- name: Run Slither | ||
uses: crytic/[email protected] | ||
continue-on-error: true | ||
id: slither | ||
with: | ||
node-version: 16 | ||
sarif: results.sarif | ||
fail-on: none | ||
- name: Upload SARIF file | ||
uses: github/codeql-action/upload-sarif@v2 | ||
|
@@ -191,8 +210,8 @@ virtual environment and install project dependencies before running Slither on | |
the project. Slither will output findings in SARIF format, and those will get | ||
uploaded to GitHub. | ||
|
||
We also include `continue-on-error: true` on the Slither action to avoid | ||
failing the run if findings are found. | ||
We also include `fail-on: none` on the Slither action to avoid failing the run | ||
if findings are found. | ||
|
||
```yaml | ||
name: Slither Analysis | ||
|
@@ -215,10 +234,10 @@ jobs: | |
- name: Run Slither | ||
uses: crytic/[email protected] | ||
continue-on-error: true | ||
id: slither | ||
with: | ||
sarif: results.sarif | ||
fail-on: none | ||
- name: Upload SARIF file | ||
uses: github/codeql-action/upload-sarif@v2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters