diff --git a/.github/workflows/run-slither.yaml b/.github/workflows/slither-solidity.yaml similarity index 93% rename from .github/workflows/run-slither.yaml rename to .github/workflows/slither-solidity.yaml index 0b3f9fef..33234062 100644 --- a/.github/workflows/run-slither.yaml +++ b/.github/workflows/slither-solidity.yaml @@ -1,6 +1,5 @@ # ref: https://github.com/crytic/slither-action#how-to-use-1 -# A copy-paste Github Actions config to run Slither and report the artifact to DeepSource -name: Slither Analysis +name: Slither Analysis for Solidity on: # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present slither diff --git a/.github/workflows/slither-vyper.yaml b/.github/workflows/slither-vyper.yaml new file mode 100644 index 00000000..a595b562 --- /dev/null +++ b/.github/workflows/slither-vyper.yaml @@ -0,0 +1,51 @@ +# ref: https://github.com/crytic/slither-action#how-to-use-1 +name: Slither Analysis for Vyper + +on: + # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present slither + # SARIF reports. + push: + branches: [main, master] + pull_request: + +jobs: + scan: + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + env: + DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }} + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Run Slither + uses: crytic/slither-action@v0.3.0 + id: slither + with: + slither-version: 0.10.0 + solc-version: 0.8.21 + target: "vyper/" + # The following makes slither produce scan analysis in SARIF format + sarif: ./slither.sarif + # The following line prevents aborting the workflow immediately in case your files fail Slither checks. + # This allows the following upload-sarif action to still upload the results. + continue-on-error: true + + - name: Upload SARIF report files to DeepSource + id: upload-sarif + run: | + # Install the CLI + curl https://deepsource.io/cli | sh + + # Send the report to DeepSource + ./bin/deepsource report --analyzer slither --analyzer-type community --value-file ${{ steps.slither.outputs.sarif }} + + # Ensure the workflow eventually fails if files did not pass slither checks. + - name: Verify slither-action succeeded + shell: bash + run: | + echo "If this step fails, slither found issues. Check the output of the scan step above." + [[ "${{ steps.slither.outcome }}" == "success" ]] diff --git a/.github/workflows/run-solhint.yaml b/.github/workflows/solhint.yaml similarity index 84% rename from .github/workflows/run-solhint.yaml rename to .github/workflows/solhint.yaml index 8843da0d..7c3365dc 100644 --- a/.github/workflows/run-solhint.yaml +++ b/.github/workflows/solhint.yaml @@ -1,5 +1,5 @@ # A Github Actions config to run Solhint and report the artifact to DeepSource -name: Solhint Analysis +name: Solhint Analysis for Solidity on: # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present solhint @@ -21,15 +21,21 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} - - uses: actions/setup-node@v4 (Install deps and solhint) + - uses: actions/setup-node@v4 with: node-version: "16" cache: npm + cache-dependency-path: "solidity/package-lock.json" + + - name: Install solhint + run: | + npm install solhint@^4.1.1 - name: Run solhint id: solhint run: | - npx solhint 'solidity/*.sol' -f sarif > solhint.sarif + cd solidity + npx solhint '*.sol' -f sarif > solhint.sarif # The following line prevents aborting the workflow immediately in case your files fail solhint checks. # This allows the following upload-sarif action to still upload the results. continue-on-error: true diff --git a/solidity/package-lock.json b/solidity/package-lock.json index d12e6e5c..7857dc35 100644 --- a/solidity/package-lock.json +++ b/solidity/package-lock.json @@ -1,11 +1,11 @@ { - "name": "demo-solidity", + "name": "solidity", "lockfileVersion": 2, "requires": true, "packages": { "": { "devDependencies": { - "solhint": "github:protofire/solhint#develop" + "solhint": "^4.1.1" } }, "node_modules/@babel/code-frame": { @@ -1068,10 +1068,10 @@ } }, "node_modules/solhint": { - "version": "4.0.0", - "resolved": "git+ssh://git@github.com/protofire/solhint.git#1a9fe480e056eaa963edba56816ecec616bb923a", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/solhint/-/solhint-4.1.1.tgz", + "integrity": "sha512-7G4iF8H5hKHc0tR+/uyZesSKtfppFIMvPSW+Ku6MSL25oVRuyFeqNhOsXHfkex64wYJyXs4fe+pvhB069I19Tw==", "dev": true, - "license": "MIT", "dependencies": { "@solidity-parser/parser": "^0.16.0", "ajv": "^6.12.6", @@ -2036,9 +2036,10 @@ } }, "solhint": { - "version": "git+ssh://git@github.com/protofire/solhint.git#1a9fe480e056eaa963edba56816ecec616bb923a", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/solhint/-/solhint-4.1.1.tgz", + "integrity": "sha512-7G4iF8H5hKHc0tR+/uyZesSKtfppFIMvPSW+Ku6MSL25oVRuyFeqNhOsXHfkex64wYJyXs4fe+pvhB069I19Tw==", "dev": true, - "from": "solhint@github:protofire/solhint#develop", "requires": { "@solidity-parser/parser": "^0.16.0", "ajv": "^6.12.6", diff --git a/solidity/package.json b/solidity/package.json index 2a70b73a..6d05c98a 100644 --- a/solidity/package.json +++ b/solidity/package.json @@ -1,5 +1,5 @@ { "devDependencies": { - "solhint": "solhint@^4.1.1" + "solhint": "^4.1.1" } } \ No newline at end of file