fhevm/.github/workflows/host-contracts-slither-analysis.yml at 3104cf43938f7b811ce610228f4fea68eb52bb97 · zama-ai/fhevm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: host-contracts-slither-analysis

# The SARIF output is temporarily disabled.
on:
  pull_request:
    branches:
      - main

permissions: {}

jobs:
  check-changes:
    name: host-contracts-slither-analysis/check-changes
    permissions:
      actions: 'read' # Required to read workflow run information
      contents: 'read' # Required to checkout repository code
      pull-requests: 'read' # Required to read pull request information
    runs-on: ubuntu-latest
    outputs:
      changes-host-contracts: ${{ steps.filter.outputs.host-contracts }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: 'false'
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # v3.0.2
        id: filter
        with:
          filters: |
            host-contracts:
              - .github/workflows/host-contracts-slither-analysis.yml
              - host-contracts/**
  analyze:
    name: host-contracts-slither-analysis/analyze (bpr)
    needs: check-changes
    if: ${{ needs.check-changes.outputs.changes-host-contracts == 'true' }}
    runs-on: large_ubuntu_32
    env:
      HARDHAT_NETWORK: hardhat
    permissions:
      contents: 'read' # Required to checkout repository code
      checks: 'write' # Required to create GitHub checks for test results
      security-events: 'write' # Required to write security events for SAST results
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: 'false'
      - run: cp ./host-contracts/.env.example ./host-contracts/.env
      - run: npm --workspace=host-contracts ci --include=optional
      - run: npm --workspace=host-contracts run deploy:emptyProxies
      - run: npm --workspace=host-contracts run compile
      - name: Run Slither
        uses: crytic/slither-action@d86660fe7e45835a0ec7b7aeb768d271fb421ea0 # temporarily commit that fixes the issue
        with:
          node-version: 20
          ignore-compile: false
          solc-version: "0.8.24"
          slither-config: ".slither.config.json"
          # sarif: results.sarif
          fail-on: none
          target: "./host-contracts/"
      # - name: Upload SARIF file
      #   uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11
      #  with:
      #    sarif_file: results.sarif