name: static-analysis on: push: # Triggers the workflow on push to main branches: [main] paths: - 'solidity/**' - '.github/workflows/static-analysis.yml' # Triggers the workflow on pull request pull_request: paths: - 'solidity/**' - '.github/workflows/static-analysis.yml' jobs: slither: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} submodules: recursive - name: yarn-cache uses: buildjet/cache@v4 with: path: | **/node_modules .yarn key: ${{ runner.os }}-yarn-cache-${{ hashFiles('./yarn.lock') }} restore-keys: | ${{ runner.os }}-yarn-cache- - name: yarn-install run: yarn install - name: foundry-install uses: foundry-rs/foundry-toolchain@v1 - name: forge-build run: cd solidity && forge build --build-info - name: Static analysis uses: crytic/slither-action@v0.4.0 id: slither with: target: 'solidity/' slither-config: 'solidity/slither.config.json' sarif: results.sarif fail-on: none ignore-compile: true - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.slither.outputs.sarif }} category: "slither" - name: Olympix Integrated Security uses: olympix/integrated-security@main env: OLYMPIX_API_TOKEN: ${{ secrets.OLYMPIX_API_TOKEN }} OLYMPIX_CLI_LOG_LEVEL: 0 with: args: -p ./solidity/contracts --output-format sarif --output-path ./ - name: Upload result to GitHub Code Scanning uses: github/codeql-action/upload-sarif@v3 with: sarif_file: olympix.sarif category: "olympix"