Add slither integration #1324
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
tags: | |
- "v*" | |
pull_request: | |
branches: | |
- master | |
concurrency: | |
group: ci-${{ github.ref }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
build: | |
needs: [lint, test] | |
strategy: | |
matrix: | |
environment: [ubuntu-latest, macos-13, macos-14, windows-latest] | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ${{ matrix.environment }} | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Speed up Go (Windows) | |
if: runner.os == 'Windows' | |
run: | | |
DIR='D:\a\local' | |
mkdir -p "$DIR" && cd "$DIR" | |
mkdir go go-cache go-tmp tmpdir | |
go env -w GOPATH="$DIR\\go" | |
go env -w GOCACHE="$DIR\\go-cache" | |
go env -w GOTMPDIR="$DIR\\go-tmp" | |
printf '%s\\go\\bin\n' "$DIR" | tee -a "$GITHUB_PATH" | |
printf 'TMP=%s\\tmpdir\n' "$DIR" | tee -a "$GITHUB_ENV" | |
printf 'TEMP=%s\\tmpdir\n' "$DIR" | tee -a "$GITHUB_ENV" | |
go env | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "^1.22" | |
# disable caching during release (tag) builds | |
cache: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
- name: Build (Linux and macOS) | |
if: runner.os == 'Linux' || runner.os == 'macOS' | |
run: go build -o medusa -v . | |
- name: Compress (Linux and macOS) | |
if: runner.os == 'Linux' || runner.os == 'macOS' | |
run: tar -czvf medusa-${{ runner.os }}-${{ runner.arch }}.tar.gz medusa | |
- name: Build (Windows) | |
if: runner.os == 'Windows' | |
run: go build -o medusa.exe -v . | |
- name: Compress (Windows) | |
if: runner.os == 'Windows' | |
run: tar -czvf medusa-${{ runner.os }}-${{ runner.arch }}.tar.gz medusa.exe | |
- name: Rename for release | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
shell: bash | |
run: | | |
[ ! -f medusa-Linux-X64.tar.gz ] || mv medusa-Linux-X64.tar.gz medusa-linux-x64.tar.gz | |
[ ! -f medusa-macOS-X64.tar.gz ] || mv medusa-macOS-X64.tar.gz medusa-mac-x64.tar.gz | |
[ ! -f medusa-macOS-ARM64.tar.gz ] || mv medusa-macOS-ARM64.tar.gz medusa-mac-arm64.tar.gz | |
[ ! -f medusa-Windows-X64.tar.gz ] || mv medusa-Windows-X64.tar.gz medusa-win-x64.tar.gz | |
- name: Sign artifact | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
uses: sigstore/gh-action-sigstore-python@v3.0.0 | |
with: | |
inputs: ./medusa-*.tar.gz | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: medusa-${{ runner.os }}-${{ runner.arch }} | |
path: | | |
./medusa-*.tar.gz | |
./medusa-*.tar.gz.sigstore.json | |
release: | |
needs: [build] | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Download binaries | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: medusa-* | |
merge-multiple: true | |
- name: Create GitHub release and upload binaries | |
uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 | |
with: | |
draft: true | |
name: "${{ github.ref_name }}" | |
files: | | |
./medusa-*.tar.gz | |
./medusa-*.tar.gz.sigstore.json | |
lint: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "^1.22" | |
- name: Actionlint | |
run: | | |
go install github.com/rhysd/actionlint/cmd/actionlint@latest | |
actionlint | |
- name: Prettier | |
run: | | |
npm install -g prettier | |
prettier --check '**.json' '**/*.md' '**/*.yml' '!(pkg)' | |
- name: Markdown link check | |
run: | | |
npm install -g markdown-link-check@3.10.3 | |
markdown-link-check --config .github/workflows/resources/markdown_link_check.json ./*.md | |
- name: Format | |
run: | | |
go fmt ./... | |
git diff --exit-code | |
- name: Lint | |
run: | | |
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest | |
golangci-lint run --timeout 5m0s | |
- name: Gencodec | |
run: | | |
go get github.com/fjl/gencodec | |
pushd fuzzing/config | |
go run github.com/fjl/gencodec -type FuzzingConfig -field-override fuzzingConfigMarshaling -out gen_fuzzing_config.go | |
git diff --exit-code -- . | |
popd | |
test: | |
strategy: | |
matrix: | |
environment: [ubuntu-latest, macos-13, macos-14, windows-latest] | |
runs-on: ${{ matrix.environment }} | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Speed up Go, Python, Node (Windows) | |
if: runner.os == 'Windows' | |
run: | | |
DIR='D:\a\local' | |
mkdir -p "$DIR" && cd "$DIR" | |
echo "::group::Go" | |
mkdir -p go go-cache go-tmp tmpdir | |
go env -w GOPATH="$DIR\\go" | |
go env -w GOCACHE="$DIR\\go-cache" | |
go env -w GOTMPDIR="$DIR\\go-tmp" | |
printf '%s\\go\\bin\n' "$DIR" | tee -a "$GITHUB_PATH" | |
printf 'TMP=%s\\tmpdir\n' "$DIR" | tee -a "$GITHUB_ENV" | |
printf 'TEMP=%s\\tmpdir\n' "$DIR" | tee -a "$GITHUB_ENV" | |
go env | |
echo "::endgroup::" | |
echo "::group::Python" | |
python3 -m venv venv | |
printf '%s\\venv\\Scripts\n' "$DIR" | tee -a "$GITHUB_PATH" | |
printf 'VIRTUAL_ENV=%s\\venv\n' "$DIR" | tee -a "$GITHUB_ENV" | |
echo "::endgroup::" | |
echo "::group::Node" | |
npm config set cache "$DIR\\npm-cache" --global | |
echo "::endgroup::" | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "^1.22" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18.15 | |
- name: Install Node dependencies | |
run: npm install hardhat | |
- name: Install Python dependencies | |
run: | | |
pip3 install --no-cache-dir solc-select slither-analyzer | |
- name: Install solc | |
run: | | |
solc-select use 0.8.17 --always-install | |
- name: Test | |
run: go test ./... | |
all-checks: | |
if: always() | |
needs: [lint, test, build, release] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 | |
with: | |
allowed-skips: release | |
jobs: ${{ toJSON(needs) }} |