solhint.yaml

# A Github Actions config to run Solhint and report the artifact to DeepSource
name: Solhint Analysis for Solidity

on:
  # Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present solhint
  # SARIF reports.
  push:
    branches: [main, master]
  pull_request:

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    env:
      DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}

      - uses: actions/setup-node@v4
        with:
          node-version: "16"
          cache: npm
          cache-dependency-path: "solidity/package-lock.json"

      - name: Install solhint
        run: |
          npm install solhint@^4.1.1

      - name: Run solhint
        id: solhint
        run: |
          cd solidity
          npx solhint '*.sol' -f sarif > solhint.sarif
        # The following line prevents aborting the workflow immediately in case your files fail solhint checks.
        # This allows the following upload-sarif action to still upload the results.
        continue-on-error: true

      - name: Upload SARIF report files to DeepSource
        id: upload-sarif
        run: |
          # Install the CLI
          curl https://deepsource.io/cli | sh

          # Send the report to DeepSource
          ./bin/deepsource report --analyzer solhint --analyzer-type community --value-file solidity/solhint.sarif

      # Ensure the workflow eventually fails if files did not pass solhint checks.
      - name: Verify solhint succeeded
        shell: bash
        run: |
          echo "If this step fails, solhint found issues. Check the output of the scan step above."
          [[ "${{ steps.solhint.outcome }}" == "success" ]]