From b50991b819c55882db3506a0b375a333e00face5 Mon Sep 17 00:00:00 2001 From: Francisco de Borja Aranda Castillejo Date: Fri, 12 Jul 2024 08:30:06 +0200 Subject: [PATCH] ci: add slither integration (#188) Signed-off-by: Francisco de Borja Aranda Castillejo Co-authored-by: Francisco de Borja Aranda Castillejo --- .github/workflows/slither.yaml | 74 ++++++++++++++++++++++++++++++++++ slither.config.json | 8 ++++ 2 files changed, 82 insertions(+) create mode 100644 .github/workflows/slither.yaml create mode 100644 slither.config.json diff --git a/.github/workflows/slither.yaml b/.github/workflows/slither.yaml new file mode 100644 index 00000000..1a98d5dc --- /dev/null +++ b/.github/workflows/slither.yaml @@ -0,0 +1,74 @@ +name: Slither + +on: + push: + branches: + - main + pull_request: + branches: + - '*' + types: + - synchronize + - opened + - reopened + - ready_for_review + +jobs: + slither: + runs-on: ubuntu-latest + strategy: + matrix: + include: + - project: 'messaging/erc20' + file: 'm-erc20.sarif' + - project: 'messaging/message' + file: 'm-message.sarif' + - project: 'messaging/nft' + file: 'm-nft.sarif' + - project: 'messaging/zeta' + file: 'm-zeta.sarif' + - project: 'omnichain/multioutput' + file: 'o-multioutput.sarif' + - project: 'omnichain/nft' + file: 'o-nft.sarif' + - project: 'omnichain/staking' + file: 'o-staking.sarif' + - project: 'omnichain/swap' + file: 'o-swap.sarif' + permissions: + contents: read + security-events: write + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Node.js + uses: actions/setup-node@v2 + with: + node-version: '18' + + - name: Install Dependencies + run: yarn install + + - name: Install Foundry + uses: foundry-rs/foundry-toolchain@v1 + + - name: Build projects + continue-on-error: true + run: yarn build + + - name: Run Slither on ${{ matrix.project}} + uses: crytic/slither-action@main + continue-on-error: true + with: + ignore-compile: true + sarif: ${{ matrix.file}} + node-version: '18' + target: ${{ matrix.project}} + fail-on: none + + - name: Upload zevm-app-contracts SARIF file + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ${{ matrix.file}} diff --git a/slither.config.json b/slither.config.json new file mode 100644 index 00000000..d6883dc8 --- /dev/null +++ b/slither.config.json @@ -0,0 +1,8 @@ +{ + "detectors_to_exclude": "", + "compile_force_framework": "hardhat", + "hardhat_ignore_compile": true, + "npx_disable": true, + "foundry_ignore_compile": true, + "filter_paths": "artifacts,cache,data,dist,docs,lib,node_modules,pkg,scripts,tasks,test,testing,typechain-types" +}