Skip to content

Merge pull request #37 from node-real/v0.4.2_combo_fix #9

Merge pull request #37 from node-real/v0.4.2_combo_fix

Merge pull request #37 from node-real/v0.4.2_combo_fix #9

Workflow file for this run

name: 'Slither Analysis'
on:
workflow_dispatch:
pull_request:
push:
branches:
- develop
jobs:
slither-analyze:
runs-on: ubuntu-latest
container:
image: us-docker.pkg.dev/oplabs-tools-artifacts/images/ci-builder:v0.43.0
steps:
- uses: actions/checkout@v4
# Workaround to prevent slither-action from trying to install JS deps.
# Without this step, it detects the `package.json`, and since there is no
# lockfile it defaults `npm install` which fails due to the preinstall
# script to enforce pnpm. https://github.com/crytic/slither-action/issues/44#issuecomment-1338183656
- name: Remove package.json
run: rm packages/contracts-bedrock/package.json
- name: Run Slither
uses: crytic/[email protected]
id: slither
with:
target: packages/contracts-bedrock
slither-config: packages/contracts-bedrock/slither.config.json
fail-on: config
sarif: results.sarif
slither-args: --triage-database packages/contracts-bedrock/slither.db.json
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: ${{ steps.slither.outputs.sarif }}