Skip to content

Commit

Permalink
add package.json
Browse files Browse the repository at this point in the history
  • Loading branch information
eshaan-deepsource committed Jan 16, 2024
1 parent 2519580 commit fe63f2a
Show file tree
Hide file tree
Showing 6 changed files with 71 additions and 13 deletions.
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# ref: https://github.com/crytic/slither-action#how-to-use-1
# A copy-paste Github Actions config to run Slither and report the artifact to DeepSource
name: Slither Analysis
name: Slither Analysis for Solidity

on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present slither
Expand Down
51 changes: 51 additions & 0 deletions .github/workflows/slither-vyper.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# ref: https://github.com/crytic/slither-action#how-to-use-1
name: Slither Analysis for Vyper

on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present slither
# SARIF reports.
push:
branches: [main, master]
pull_request:

jobs:
scan:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
env:
DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }}
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Run Slither
uses: crytic/[email protected]
id: slither
with:
slither-version: 0.10.0
solc-version: 0.8.21
target: "vyper/"
# The following makes slither produce scan analysis in SARIF format
sarif: ./slither.sarif
# The following line prevents aborting the workflow immediately in case your files fail Slither checks.
# This allows the following upload-sarif action to still upload the results.
continue-on-error: true

- name: Upload SARIF report files to DeepSource
id: upload-sarif
run: |
# Install the CLI
curl https://deepsource.io/cli | sh
# Send the report to DeepSource
./bin/deepsource report --analyzer slither --analyzer-type community --value-file ${{ steps.slither.outputs.sarif }}
# Ensure the workflow eventually fails if files did not pass slither checks.
- name: Verify slither-action succeeded
shell: bash
run: |
echo "If this step fails, slither found issues. Check the output of the scan step above."
[[ "${{ steps.slither.outcome }}" == "success" ]]
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# A Github Actions config to run Solhint and report the artifact to DeepSource
name: Solhint Analysis
name: Solhint Analysis for Solidity

on:
# Note that both `push` and `pull_request` triggers should be present for GitHub to consistently present solhint
Expand All @@ -21,15 +21,21 @@ jobs:
with:
ref: ${{ github.event.pull_request.head.sha }}

- uses: actions/setup-node@v4 (Install deps and solhint)
- uses: actions/setup-node@v4
with:
node-version: "16"
cache: npm
cache-dependency-path: "solidity/package-lock.json"

- name: Install solhint
run: |
npm install solhint@^4.1.1
- name: Run solhint
id: solhint
run: |
npx solhint 'solidity/*.sol' -f sarif > solhint.sarif
cd solidity
npx solhint '*.sol' -f sarif > solhint.sarif
# The following line prevents aborting the workflow immediately in case your files fail solhint checks.
# This allows the following upload-sarif action to still upload the results.
continue-on-error: true
Expand Down
15 changes: 8 additions & 7 deletions solidity/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion solidity/package.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"devDependencies": {
"solhint": "solhint@^4.1.1"
"solhint": "^4.1.1"
}
}
1 change: 1 addition & 0 deletions vyper/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
vyper

0 comments on commit fe63f2a

Please sign in to comment.