name: static-analysis on: push: # Triggers the workflow on push to main branches: [main] paths: - 'solidity/**' - '.github/workflows/static-analysis.yml' # Triggers the workflow on pull request pull_request: paths: - 'solidity/**' - '.github/workflows/static-analysis.yml' jobs: slither: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} submodules: recursive - name: yarn-cache uses: actions/cache@v3 with: path: | **/node_modules .yarn key: ${{ runner.os }}-yarn-cache-${{ hashFiles('./yarn.lock') }} - name: yarn-install run: yarn install - name: foundry-install uses: onbjerg/foundry-toolchain@v1 - name: forge-build run: cd solidity && forge build --build-info - name: Static analysis uses: crytic/slither-action@v0.3.0 id: slither with: target: 'solidity/' slither-config: 'solidity/slither.config.json' sarif: results.sarif fail-on: none ignore-compile: true - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 with: sarif_file: ${{ steps.slither.outputs.sarif }}