Skip to content

Commit

Permalink
feat(ci): run slither in main workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@sripwoud
sripwoud authored Jun 26, 2024
2 parents 8c4e821 + ce52e79 commit cdeb8e4
Show file tree
Hide file tree
Showing 3 changed files with 188 additions and 37 deletions.
24 changes: 24 additions & 0 deletions .github/sripts/slither-comment.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
module.exports = async ({ github, context, header, body }) => {
const comment = [header, body].join("\n")

const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.payload.number
})

const botComment = comments.find(
(comment) =>
// github-actions bot user
comment.user.id === 41898282 && comment.body.startsWith(header)
)

const commentFn = botComment ? "updateComment" : "createComment"

await github.rest.issues[commentFn]({
owner: context.repo.owner,
repo: context.repo.repo,
body: comment,
...(botComment ? { comment_id: botComment.id } : { issue_number: context.payload.number })
})
}
197 changes: 162 additions & 35 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,66 +2,193 @@ name: main

on:
push:
branches:
- main
branches: [main]
pull_request:

concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true

jobs:
style:
deps:
runs-on: ubuntu-latest

outputs:
cache-key: ${{ steps.cache-env.outputs.cache-key }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20

- name: Setup Node
uses: actions/setup-node@v4
- name: Output cache key
id: cache-env
run: echo "cache-key=${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}" >> $GITHUB_OUTPUT

- uses: actions/cache@v4
id: cache
with:
node-version: "20"
cache: yarn
path: node_modules
key: ${{ steps.cache-env.outputs.cache-key }}
restore-keys: ${{ runner.os }}-node_modules-

- name: Install dependencies
- if: steps.cache.outputs.cache-hit != 'true'
run: yarn

- name: Format code
run: yarn format
tests:
changed-files:
runs-on: ubuntu-latest

outputs:
any_changed: ${{ steps.changed-files.outputs.any_changed }}
modified_files: ${{ steps.changed-files.outputs.modified_files }}
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/checkout@v4
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
with:
files: packages/**/*.{sol,json,ts}

- name: Setup Node
uses: actions/setup-node@v4
compile:
if: needs.changed-files.outputs.any_changed == 'true'
needs: [changed-files, deps]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
cache: yarn
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}

- name: Install dependencies
run: yarn
- run: yarn compile

- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
- name: Upload compilation results
uses: actions/upload-artifact@v4
with:
files: |
packages/**/*.{sol,json,ts}
name: all-artifacts
path: packages/**/artifacts/**

- if: steps.changed-files.outputs.any_changed == 'true'
name: Compile contracts
run: yarn compile
style:
needs: deps
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}

- run: yarn format
tests:
if: needs.changed-files.outputs.any_changed == 'true'
needs: [changed-files, set-matrix, deps, compile]
runs-on: ubuntu-latest
strategy:
matrix:
dir: ${{ fromJson(needs.set-matrix.outputs.matrix) }}

steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}
- uses: actions/download-artifact@v4
with:
name: all-artifacts
path: packages/

- if: steps.changed-files.outputs.any_changed == 'true'
name: Test contracts
run: yarn test
- if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
name: Test
run: |
workspace=$(jq -r '.name' packages/${{ matrix.dir }}/package.json)
yarn workspace "$workspace" run test:coverage
- if: steps.changed-files.outputs.any_changed == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main'
- if: github.event_name == 'push' && github.ref == 'refs/heads/main'
name: Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}

set-matrix:
if: needs.changed-files.outputs.any_changed == 'true'
needs: changed-files
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- name: Set matrix
id: set-matrix
run: |
matrix=$(ls -1 packages | jq -Rsc 'split("\n") | map(select(length > 0))')
echo "matrix=$matrix" >> $GITHUB_OUTPUT
slither:
if: needs.changed-files.outputs.any_changed == 'true'
needs: [changed-files, set-matrix, deps]
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
matrix:
dir: ${{ fromJson(needs.set-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4

# FIXME this does not work as a way to restore compilation results for slither job but it does for the compile job ??
#- uses: actions/download-artifact@v4
# with:
# name: all-artifacts
# path: packages/

- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache/restore@v4
with:
path: node_modules
key: ${{ needs.deps.outputs.cache-key }}
- if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
name: Compile contracts
run: |
workspace=$(jq -r '.name' packages/${{ matrix.dir }}/package.json)
yarn workspace "$workspace" run compile
- if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
name: Run slither
uses: crytic/[email protected]
id: slither
with:
ignore-compile: true
node-version: 20
fail-on: none
sarif: results.sarif
slither-args: --filter-paths "test" --exclude-dependencies --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
target: packages/${{ matrix.dir }}

- if: contains(needs.changed-files.outputs.modified_files, matrix.dir)
name: Upload SARIF files
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.slither.outputs.sarif }}

- name: Create/update checklist as PR comment
uses: actions/github-script@v7
if: github.even_name == 'pull_request'
env:
REPORT: ${{ steps.slither.stdout }}
with:
script: |
const script = require('.github/scripts/slither-comment')
const header = '# Slither report'
const body = process.env.REPORT
await script({ github, context, header, body })
4 changes: 2 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
"bugs": "https://github.com/privacy-scaling-explorations/zk-kit.solidity/issues",
"private": true,
"scripts": {
"compile": "yarn workspaces foreach -A run compile",
"test": "yarn workspaces foreach -A run test:coverage",
"compile": "yarn workspaces foreach -Ap run compile",
"test": "yarn workspaces foreach -Ap run test:coverage",
"version:bump": "yarn workspace @zk-kit/${0}.sol version ${1} && yarn remove:stable-version-field ${0} && NO_HOOK=1 git commit -am \"chore(${0}): v${1}\" && git tag ${0}.sol-v${1}",
"version:publish": "yarn workspaces foreach -A --no-private npm publish --tolerate-republish --access public",
"version:release": "changelogithub",
Expand Down

0 comments on commit cdeb8e4

Please sign in to comment.