diff --git a/.github/workflows/solidity-foundry.yml b/.github/workflows/solidity-foundry.yml index 4b2d7b9b96..49cae064ad 100644 --- a/.github/workflows/solidity-foundry.yml +++ b/.github/workflows/solidity-foundry.yml @@ -40,7 +40,7 @@ jobs: { "name": "vrf", "setup": { "run-coverage": false, "min-coverage": 98.5, "run-gas-snapshot": false, "run-forge-fmt": false }} ] EOF - + matrix=$(cat matrix.json | jq -c .) echo "matrix=$matrix" >> $GITHUB_OUTPUT @@ -74,7 +74,7 @@ jobs: list-files: 'shell' filters: | non_src: - - '.github/workflows/solidity-foundry.yml' + - '.github/workflows/solidity-foundry.yml' - 'contracts/foundry.toml' - 'contracts/gas-snapshots/*.gas-snapshot' - 'contracts/package.json' @@ -130,7 +130,7 @@ jobs: - '!contracts/src/v0.8/*.t.sol' - '!contracts/src/v0.8/**/testhelpers/**' - '!contracts/src/v0.8/testhelpers/**' - - '!contracts/src/v0.8/vendor/**' + - '!contracts/src/v0.8/vendor/**' tests: if: ${{ needs.changes.outputs.non_src_changes == 'true' || needs.changes.outputs.sol_modified_added == 'true' }} @@ -300,16 +300,16 @@ jobs: - name: Run Slither shell: bash - run: | + run: | # modify remappings so that solc can find dependencies ./contracts/scripts/ci/modify_remappings.sh contracts contracts/remappings.txt mv remappings_modified.txt remappings.txt - + # without it Slither sometimes fails to use remappings correctly - cp contracts/foundry.toml foundry.toml + cp contracts/foundry.toml foundry.toml + + FILES="${{ needs.changes.outputs.not_test_sol_modified_files }}" - FILES="${{ needs.changes.outputs.not_test_sol_modified_files }}" - for FILE in $FILES; do PRODUCT=$(echo "$FILE" | awk -F'src/[^/]*/' '{print $2}' | cut -d'/' -f1) echo "::debug::Running Slither for $FILE in $PRODUCT" @@ -387,16 +387,16 @@ jobs: for file in contracts/scripts/ci/*.sh; do chmod +x "$file" done - + # modify remappings so that solc can find dependencies ./contracts/scripts/ci/modify_remappings.sh contracts contracts/remappings.txt mv remappings_modified.txt remappings.txt - + # without it Slither sometimes fails to use remappings correctly cp contracts/foundry.toml foundry.toml - + FILES="${{ needs.changes.outputs.sol_mod_only_files }}" - + for FILE in $FILES; do PRODUCT=$(echo "$FILE" | awk -F'src/[^/]*/' '{print $2}' | cut -d'/' -f1) echo "::debug::Running Slither for $FILE in $PRODUCT" @@ -406,7 +406,7 @@ jobs: SLITHER_CONFIG="contracts/configs/slither/.slither.config-default-pr.json" fi ./contracts/scripts/ci/generate_slither_report.sh "${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/" "$SLITHER_CONFIG" "." "$FILE" "contracts/slither-reports-base-ref" "--solc-remaps @=contracts/node_modules/@" - done + done - name: Upload Slither report if: needs.changes.outputs.sol_mod_only == 'true' @@ -438,19 +438,19 @@ jobs: current_report="contracts/slither-reports-current/$filename" new_issues_report="contracts/slither-reports-current/${filename%.md}_new_issues.md" if [ -f "$current_report" ]; then - if ./contracts/scripts/ci/find_slither_report_diff.sh "$base_report" "$current_report" "$new_issues_report" "contracts/scripts/ci/prompt-difference.md" "contracts/scripts/ci/prompt-validation.md"; then - if [[ -s $new_issues_report ]]; then - awk 'NR==2{print "*This new issues report has been automatically generated by LLM model using two Slither reports. One based on `${{ github.base_ref}}` and another on `${{ github.sha }}` commits.*"}1' $new_issues_report > tmp.md && mv tmp.md $new_issues_report - echo "Replacing full Slither report with diff for $current_report" + if ./contracts/scripts/ci/find_slither_report_diff.sh "$base_report" "$current_report" "$new_issues_report" "contracts/scripts/ci/prompt-difference.md" "contracts/scripts/ci/prompt-validation.md"; then + if [[ -s $new_issues_report ]]; then + awk 'NR==2{print "*This new issues report has been automatically generated by LLM model using two Slither reports. One based on `${{ github.base_ref}}` and another on `${{ github.sha }}` commits.*"}1' $new_issues_report > tmp.md && mv tmp.md $new_issues_report + echo "Replacing full Slither report with diff for $current_report" rm $current_report && mv $new_issues_report $current_report - else + else echo "No difference detected between $base_report and $current_report reports. Won't include any of them." rm $current_report fi else echo "::warning::Failed to generate a diff report with new issues for $base_report using an LLM model, will use full report." fi - + else echo "::warning::Failed to find current commit's equivalent of $base_report (file $current_report doesn't exist, but should have been generated). Please check Slither logs." fi @@ -485,6 +485,8 @@ jobs: retention-days: 7 - name: Find Slither comment in the PR + # We only want to create the comment if the PR is not modified by a bot + if: "! contains(github.actor, '[bot]') && github.event_name == 'push' && github.event.pusher.username && ! contains(github.event.pusher.username, '[bot]')" uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.0.0 id: find-comment with: @@ -506,11 +508,13 @@ jobs: ARTIFACTS=$(gh api -X GET repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts) ARTIFACT_ID=$(echo "$ARTIFACTS" | jq '.artifacts[] | select(.name=="slither-reports-${{ github.sha }}") | .id') echo "Artifact ID: $ARTIFACT_ID" - + slither_artifact_url="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}/artifacts/$ARTIFACT_ID" - echo "slither_artifact_url=$slither_artifact_url" >> $GITHUB_OUTPUT + echo "slither_artifact_url=$slither_artifact_url" >> $GITHUB_OUTPUT - name: Create or update Slither comment in the PR + # We only want to create the comment if the PR is not modified by a bot + if: "! contains(github.actor, '[bot]') && github.event_name == 'push' && github.event.pusher.username && ! contains(github.event.pusher.username, '[bot]')" uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: comment-id: ${{ steps.find-comment.outputs.comment-id }} @@ -518,7 +522,7 @@ jobs: body: | ## Static analysis results are available Hey @${{ github.event.push && github.event.push.pusher && github.event.push.pusher.username || github.actor }}, you can view Slither reports in the job summary [here](${{ steps.job-summary-url.outputs.job_summary_url }}) or download them as artifact [here](${{ steps.build-slither-artifact-url.outputs.slither_artifact_url }}). - + Please check them before merging and make sure you have addressed all issues. edit-mode: replace diff --git a/.github/workflows/solidity-tracability.yml b/.github/workflows/solidity-tracability.yml index 7682538015..64059f111a 100644 --- a/.github/workflows/solidity-tracability.yml +++ b/.github/workflows/solidity-tracability.yml @@ -164,6 +164,8 @@ jobs: body-includes: 'Solidity Review Jira issue' - name: Create or update traceability comment in the PR + # We only want to create the comment if the PR is not modified by a bot + if: "! contains(github.actor, '[bot]') && github.event_name == 'push' && github.event.pusher.username && ! contains(github.event.pusher.username, '[bot]')" uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: comment-id: ${{ steps.find-comment.outputs.comment-id }}