feat(ci): run slither in main workflow #8
Conversation
sripwoud
force-pushed
the
feat/slither-workflow
branch
10 times, most recently
from
9a5cf34
to
47070ce
Compare
sripwoud
force-pushed
the
feat/slither-workflow
branch
2 times, most recently
from
3cab4e0
to
3f2e629
Compare
sripwoud
force-pushed
the
feat/slither-workflow
branch
from
c83e8ad
to
5900c42
Compare
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
sripwoud
force-pushed
the
feat/slither-workflow
branch
from
f757c37
to
f8d6ca6
Compare
Cache is stored only after successfuly checks to revert
This reverts commit 2132057.
sripwoud
force-pushed
the
feat/slither-workflow
branch
from
5e1aa49
to
67050ff
Compare
node-version instead of node_version as action input
Somehow restoring/downloading the compile artifacts with actions/download-artifact does not work
sripwoud
changed the title
sripwoud
force-pushed
the
feat/slither-workflow
branch
from
7b906d6
to
ce52e79
Compare
|
I invite the contracts authors to check the slither alerts in the code scanning section: |
| pull_request: | ||
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
| cancel-in-progress: true | ||
|
|
||
| jobs: | ||
| style: | ||
| deps: |
There was a problem hiding this comment.
How does this job work exactly?
Looks like the workflow doesn't install dependencies until there's some change in the yarn.lock file right?
So, I imagine the other jobs like tests, style and compile should be quite faster right?
There was a problem hiding this comment.
My understanding is that job contexts are isolated.
So when you do e.g
job:
steps:
- uses: actions/setup-node@v4
with:
cache: yarnIt only caches deps in this particular job.
As the workflow is running several jobs that depends on the same lock file (we are in a monorepo), I thought it is redundant to run yarn in all jobs and was looking for a way to share the node_modules content between jobs.
One solution is to use directly actions/cache (actions/setup-node cache feature uses it under the hood).
It should speed up the whole workflow but I haven't measured it.
There was a problem hiding this comment.
I see! Looks great and we should definitely re-use it in the other repos imo.
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| # FIXME this does not work as a way to restore compilation results for slither job but it does for the compile job ?? |
There was a problem hiding this comment.
This is not clear. Were you trying to re-use the already generated artifacts here?
There was a problem hiding this comment.
I thought I could reuse the artifacts generated from the compile job yes.
Like I am successfully doing in the tests job. see your previous question
#8 (comment)
But somehow I had errors with slither if using actions/dowload-artifact to get the contracts compilation artifacts. So I am compiling again here (not a big deal, just less efficient/ slower).
I can't find an example failing workflow. So let me test again.
There was a problem hiding this comment.
I see! If it doesn't work it's still fine agree.
Integrate slither via its GH action into the
main.ymlworkflow:Closes #7 ?
Notes
As this PR does not change any files that trigger the slither workflow, I tested it in another branch, see #9