diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml index 2d7bc95fab..8f2bf3b36a 100644 --- a/.github/workflows/slither.yml +++ b/.github/workflows/slither.yml @@ -6,28 +6,32 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + - uses: dorny/paths-filter@v2 + id: filter + with: + filters: | + solidity: + - 'ethereum-bridge-contracts/**' - name: Set .env + if: steps.filter.outputs.solidity == 'true' working-directory: ethereum-bridge-contracts run: cp env.template .env - name: Run Slither uses: crytic/slither-action@v0.3.0 + if: steps.filter.outputs.solidity == 'true' id: slither with: - fail-on: all + fail-on: none sarif: results.sarif slither-config: ethereum-bridge-contracts/slither.config.json target: ethereum-bridge-contracts slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/ - - name: Push SARIF to DefectDojo - # TODO: push to DefectDojo - run: ls results.sarif - - name: Create/update checklist as PR comment uses: actions/github-script@v6 - if: github.event_name == 'push' + if: github.event_name == 'push' && steps.filter.outputs.solidity == 'true' env: REPORT: ${{ steps.slither.outputs.stdout }} with: @@ -36,3 +40,14 @@ jobs: const header = '# Slither report' const { REPORT } = process.env await script({ github, context, header, body: REPORT }) + + - name: Push SARIF to GH + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: results.sarif + + - name: Push SARIF to DefectDojo + if: steps.filter.outputs.solidity == 'true' + # TODO: push to DefectDojo + run: ls results.sarif