[StepSecurity] Apply security best practices #121

Workflow file for this run

.github/workflows/certora.yml at 8029976

	name: Certora verification

	on:
	pull_request:
	branches:
	- main

	jobs:
	verify:
	runs-on: ubuntu-latest
	outputs:
	matrix: ${{ steps.set-matrix.outputs.matrix }}
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	submodules: recursive

	- name: Install Python
	uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
	with:
	python-version: '3.10'

	- name: Install certora
	run: pip3 install certora-cli

	- name: Install solc
	run: \|
	wget https://github.com/ethereum/solidity/releases/download/v0.8.23/solc-static-linux
	chmod +x solc-static-linux
	sudo mv solc-static-linux /usr/local/bin/solc8.23

	- name: Install Foundry
	uses: foundry-rs/foundry-toolchain@82dee4ba654bd2146511f85f0d013af94670c4de # v1.4.0
	with:
	version: nightly

	- name: Run Forge build
	run: \|
	forge --version
	forge build --sizes
	id: build

	- name: Verify rule ${{ matrix.params.name }}
	run: >
	message="$(git log -n 1 --pretty=format:'CI ${{matrix.params.name}} %h .... %s')";
	certoraRun \
	certora/confs/${{ matrix.params.command }} \
	--msg "$(echo $message \| sed 's/[^a-zA-Z0-9., _-]/ /g')"
	env:
	CERTORAKEY: ${{ secrets.CERTORAKEY }}

	strategy:
	fail-fast: false
	max-parallel: 4
	matrix:
	params:
	- {name: ERC4337Account, command: 'ERC4337Account.conf --rule cantInitTwice'}
	- {name: ERC4337Account, command: 'ERC4337Account.conf --exclude_rule cantInitTwice'}
	- {name: ERC4337AccountInv, command: 'ERC4337AccountInv.conf'}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[StepSecurity] Apply security best practices #121

Workflow file

[StepSecurity] Apply security best practices #121

Uh oh!

Workflow file for this run