gha-utils/.github/workflows/slither-analyze.yml at main · sablier-labs/gha-utils · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: "Analyze an Ethereum project with Slither"

on:
  workflow_call:
    inputs:
      working-directory:
        default: "."
        required: false
        type: "string"

jobs:
  slither-analyze:
    defaults:
      run:
        working-directory: ${{ inputs.working-directory }}
    runs-on: "ubuntu-latest"
    permissions:
      actions: "read"
      contents: "read"
      security-events: "write"
    steps:
      - name: "Check out the repo"
        uses: "actions/checkout@v4"

      - name: "Install Bun"
        uses: "oven-sh/setup-bun@v2"
        with:
          bun-version: "latest"

      - name: "Install the Node.js dependencies"
        run: "bun install --frozen-lockfile"

      - name: "Run Slither analysis"
        uses: "crytic/slither-action@v0.4.0"
        id: "slither"
        with:
          fail-on: "none"
          sarif: "results.sarif"

      - name: "Upload SARIF file to GitHub code scanning"
        uses: "github/codeql-action/upload-sarif@v2"
        with:
          sarif_file: ${{ steps.slither.outputs.sarif }}

      - name: "Add summary"
        run: | # shell
          echo "## Slither result" >> $GITHUB_STEP_SUMMARY
          echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY