From 2ca4f7a45925b05f07c0591bf7b7bd04e73304ea Mon Sep 17 00:00:00 2001 From: Ahmed Ihsan Tawfeeq Date: Fri, 20 Oct 2023 10:08:08 -0600 Subject: [PATCH 1/5] ci: add slither job chore: fix solc remap path in slither config --- .github/workflows/ci.yml | 34 +++++++++++++++++++++++++++++++++- slither.config.json | 2 +- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a5f6eb27..a5b469dbb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -284,4 +284,36 @@ jobs: - name: "Add coverage summary" run: | echo "## Coverage result" >> $GITHUB_STEP_SUMMARY - echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY \ No newline at end of file + echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY + + slither-analyze: + needs: ["lint", "build"] + runs-on: "ubuntu-latest" + permissions: + actions: "read" + contents: "read" + security-events: "write" + steps: + - name: "Check out the repo" + uses: "actions/checkout@v3" + with: + submodules: "recursive" + + - name: "Run Slither analysis" + uses: "crytic/slither-action@v0.3.0" + id: "slither" + with: + fail-on: "none" + sarif: "results.sarif" + solc-version: "0.8.19" + target: "src/" + + - name: "Upload SARIF file to GitHub code scanning" + uses: "github/codeql-action/upload-sarif@v2" + with: + sarif_file: ${{ steps.slither.outputs.sarif }} + + - name: "Add Slither summary" + run: | + echo "## Slither result" >> $GITHUB_STEP_SUMMARY + echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY diff --git a/slither.config.json b/slither.config.json index 725063073..0776b9633 100644 --- a/slither.config.json +++ b/slither.config.json @@ -2,7 +2,7 @@ "detectors_to_exclude": "naming-convention,reentrancy-events,solc-version,timestamp", "filter_paths": "(lib|test)", "solc_remaps": [ - "@openzeppelin/contracts=lib/openzeppelin-contracts/contracts/", + "@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/", "@prb/math/=lib/prb-math/", "@prb/test/=lib/prb-test/src/", "forge-std/=lib/forge-std/src/", From 8e956f9c742f574e4f49bbaec3c49f5e208a1720 Mon Sep 17 00:00:00 2001 From: Ahmed Ihsan Tawfeeq Date: Fri, 20 Oct 2023 15:56:24 -0600 Subject: [PATCH 2/5] ci: use cached build for slither job --- .github/workflows/ci.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a5b469dbb..cc29943e6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -299,6 +299,16 @@ jobs: with: submodules: "recursive" + - name: "Restore the cached build" + uses: "actions/cache/restore@v3" + with: + fail-on-cache-miss: true + key: "foundry-build-${{ github.sha }}" + path: | + cache + out + out-optimized + - name: "Run Slither analysis" uses: "crytic/slither-action@v0.3.0" id: "slither" @@ -307,6 +317,7 @@ jobs: sarif: "results.sarif" solc-version: "0.8.19" target: "src/" + ignore-compile: true - name: "Upload SARIF file to GitHub code scanning" uses: "github/codeql-action/upload-sarif@v2" From 1efd9a9a7cbed48f287dfb04cb7be6e51b824618 Mon Sep 17 00:00:00 2001 From: andreivladbrg Date: Sat, 21 Oct 2023 16:09:29 +0300 Subject: [PATCH 3/5] ci: use solc 0.8.21 in slither job --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cc29943e6..6bba69058 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -315,7 +315,7 @@ jobs: with: fail-on: "none" sarif: "results.sarif" - solc-version: "0.8.19" + solc-version: "0.8.21" target: "src/" ignore-compile: true From 53166df9711843a03dd405e6a06b5cf71bf60ab2 Mon Sep 17 00:00:00 2001 From: Ahmed Ihsan Tawfeeq Date: Mon, 23 Oct 2023 23:54:51 -0600 Subject: [PATCH 4/5] ci: revise slither job revert: ci: use cached build for slither job --- .github/workflows/ci.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6bba69058..9f6995b26 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -299,16 +299,6 @@ jobs: with: submodules: "recursive" - - name: "Restore the cached build" - uses: "actions/cache/restore@v3" - with: - fail-on-cache-miss: true - key: "foundry-build-${{ github.sha }}" - path: | - cache - out - out-optimized - - name: "Run Slither analysis" uses: "crytic/slither-action@v0.3.0" id: "slither" @@ -316,8 +306,6 @@ jobs: fail-on: "none" sarif: "results.sarif" solc-version: "0.8.21" - target: "src/" - ignore-compile: true - name: "Upload SARIF file to GitHub code scanning" uses: "github/codeql-action/upload-sarif@v2" From bd3ad827fb09b6bf366bde8289fb5921f58bece0 Mon Sep 17 00:00:00 2001 From: Ahmed Ihsan Tawfeeq Date: Tue, 24 Oct 2023 06:17:52 -0600 Subject: [PATCH 5/5] ci: remove superfluous "solc-version" config in slither job not required when a compilation framework is used --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f6995b26..59c164541 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -305,7 +305,6 @@ jobs: with: fail-on: "none" sarif: "results.sarif" - solc-version: "0.8.21" - name: "Upload SARIF file to GitHub code scanning" uses: "github/codeql-action/upload-sarif@v2"