The CI build pipeline is setup with GitHub Actions by referring to the excellent article: Solidity and Truffle Continuous Integration Setup. In general, the execution of the following build processes will be triggered by git push:
- Unit Testing with
truffle test - ETH Gas Reporting with
codechecksandeth-gas-reporter - Test Coverage with
solidity-coverageandcoveralls - Secure Code Analysis with
smartbugs(11 tools supported)
Please refer to the full GitHub workflow file at .github/workflows/truffle.yml. I will further elaborate each build process below.
First, check out the source code from GitHub repository.
- uses: actions/checkout@v2Setup NodeJS environment required by Truffle.
- name: Setup NodeJS 14
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Show NodeJS version
run: npm --versionThis step is optional. It is for generate .env file with environment variables defined in DOT_ENV secret. These environment variables are used in unit testing.
- name: Create .env file
run: echo "${{ secrets.DOT_ENV }}" > .envPlease refer to the GitHub documentation on how to create Encrypted Secrets.
Install truffle globally.
- name: Install Truffle
run: npm install truffle -gInstall dependencies that used in build process such as @codechecks/client, coveralls, eth-gas-reporter, solidity-coverage or functional/testing code such as @openzeppelin/contracts, @openzeppelin/test-helpers, etc.
- name: Install Truffle Dependencies
run: npm install The CI=true flag is required for the creation of the gasReporterOutput.json file to be consumed by eth-gas-reporter/codechecks.
- name: Run Truffle Test with CI=true for Codechecks
run: CI=true truffle testExpected output:
This step will generate ETH gas report for smart contracts.
- name: Run Codechecks
run: npx codechecks
env:
CC_SECRET: ${{ secrets.CC_SECRET }} Expected output:
You need to request the CC_SECRET from https://app.codechecks.io/ for CI build.
- name: Run Test Coverage
run: truffle run coverageExpected output:
This step is optional. First, it generates .coveralls.yml file with repo_token defined in DOT_COVERALLS_YML secret. Then, it sends the coverage data to coveralls.
- name: Generate .coveralls.yml file
run: echo "${{ secrets.DOT_COVERALLS_YML }}" > .coveralls.yml
- name: Send Coverage Info to CoverAlls
run: cat coverage/lcov.info | npx coverallsYou need to request the repo_token from https://coveralls.io/.
Setup Python environment required by SmartBugs.
- name: Setup Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8 # Version range or exact version of a Python version to use, using SemVer's version range syntax
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
- name: Show Python version
run: python --versionClone SmartBugs from GitHub repo and install dependencies.
- name: Clone SmartBugs Repo
run: git clone https://github.com/smartbugs/smartbugs.git
- name: Remove SmartBugs Results and Install SmartBugs Dependencies
run: cd smartbugs;rm -r results;pip install -r requirements.txtRun analysis by iterating over all solidity files except Migrations.sol and store the outcome to the results directory.
- name: Run SmartBugs Analysis
run: |
solidityFiles=($(ls -I Migrations.sol contracts))
DIR=$(pwd);cd smartbugs
for sol in "${solidityFiles[@]}"
do
echo "Analysing $sol..."
python smartBugs.py --tool all --file $DIR/contracts/$sol
doneMove the results directory out of smartbugs directory and store it in current GitHub repo.
- name: Move SmartBugs Results to Parent Directory
run: |
[[ -d results ]] && rm -r results
cd smartbugs
mv results ../
- name: Commit SmartBugs Results
uses: EndBug/add-and-commit@v7
with:
author_name: github-actions
author_email: [email protected]
message: 'chore: added smartbugs results'
add: 'results'- The Run Codechecks step above generates the expected output locally but not in GitHub Actions.