Skip to content

add package.json

add package.json #4

Workflow file for this run

# A Github Actions config to run Solhint and report the artifact to DeepSource
name: Solhint Analysis for Solidity
on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present solhint
# SARIF reports.
push:
branches: [main, master]
pull_request:
jobs:
scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
env:
DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/setup-node@v4
with:
node-version: "16"
cache: npm
cache-dependency-path: "solidity/package-lock.json"
- name: Install solhint
run: |
npm install solhint@^4.1.1
- name: Run solhint
id: solhint
run: |
cd solidity
npx solhint '*.sol' -f sarif > solhint.sarif
# The following line prevents aborting the workflow immediately in case your files fail solhint checks.
# This allows the following upload-sarif action to still upload the results.
continue-on-error: true
- name: Upload SARIF report files to DeepSource
id: upload-sarif
run: |
# Install the CLI
curl https://deepsource.io/cli | sh
# Send the report to DeepSource
./bin/deepsource report --analyzer solhint --analyzer-type community --value-file solidity/solhint.sarif
# Ensure the workflow eventually fails if files did not pass solhint checks.
- name: Verify solhint succeeded
shell: bash
run: |
echo "If this step fails, solhint found issues. Check the output of the scan step above."
[[ "${{ steps.solhint.outcome }}" == "success" ]]