The CI build pipeline is setup with GitHub Actions by referring to the excellent article: Solidity and Truffle Continuous Integration Setup. In general, the execution of the following build processes will be triggered by git push
:
- Unit Testing with
truffle test
- ETH Gas Reporting with
codechecks
andeth-gas-reporter
- Test Coverage with
solidity-coverage
andcoveralls
- Secure Code Analysis with
smartbugs
(11 tools supported)
Please refer to the full GitHub workflow file at .github/workflows/truffle.yml. I will further elaborate each build process below.
First, check out the source code from GitHub repository.
- uses: actions/checkout@v2
Setup NodeJS environment required by Truffle.
- name: Setup NodeJS 14
uses: actions/setup-node@v2
with:
node-version: '14'
- name: Show NodeJS version
run: npm --version
This step is optional. It is for generate .env file with environment variables defined in DOT_ENV
secret. These environment variables are used in unit testing.
- name: Create .env file
run: echo "${{ secrets.DOT_ENV }}" > .env
Please refer to the GitHub documentation on how to create Encrypted Secrets.
Install truffle globally.
- name: Install Truffle
run: npm install truffle -g
Install dependencies that used in build process such as @codechecks/client
, coveralls
, eth-gas-reporter
, solidity-coverage
or functional/testing code such as @openzeppelin/contracts
, @openzeppelin/test-helpers
, etc.
- name: Install Truffle Dependencies
run: npm install
The CI=true
flag is required for the creation of the gasReporterOutput.json
file to be consumed by eth-gas-reporter/codechecks
.
- name: Run Truffle Test with CI=true for Codechecks
run: CI=true truffle test
Expected output:
This step will generate ETH gas report for smart contracts.
- name: Run Codechecks
run: npx codechecks
env:
CC_SECRET: ${{ secrets.CC_SECRET }}
Expected output:
You need to request the CC_SECRET
from https://app.codechecks.io/ for CI build.
- name: Run Test Coverage
run: truffle run coverage
Expected output:
This step is optional. First, it generates .coveralls.yml
file with repo_token
defined in DOT_COVERALLS_YML
secret. Then, it sends the coverage data to coveralls
.
- name: Generate .coveralls.yml file
run: echo "${{ secrets.DOT_COVERALLS_YML }}" > .coveralls.yml
- name: Send Coverage Info to CoverAlls
run: cat coverage/lcov.info | npx coveralls
You need to request the repo_token
from https://coveralls.io/.
Setup Python environment required by SmartBugs.
- name: Setup Python 3.8
uses: actions/setup-python@v2
with:
python-version: 3.8 # Version range or exact version of a Python version to use, using SemVer's version range syntax
architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
- name: Show Python version
run: python --version
Clone SmartBugs from GitHub repo and install dependencies.
- name: Clone SmartBugs Repo
run: git clone https://github.com/smartbugs/smartbugs.git
- name: Remove SmartBugs Results and Install SmartBugs Dependencies
run: cd smartbugs;rm -r results;pip install -r requirements.txt
Run analysis by iterating over all solidity files except Migrations.sol
and store the outcome to the results
directory.
- name: Run SmartBugs Analysis
run: |
solidityFiles=($(ls -I Migrations.sol contracts))
DIR=$(pwd);cd smartbugs
for sol in "${solidityFiles[@]}"
do
echo "Analysing $sol..."
python smartBugs.py --tool all --file $DIR/contracts/$sol
done
Move the results
directory out of smartbugs
directory and store it in current GitHub repo.
- name: Move SmartBugs Results to Parent Directory
run: |
[[ -d results ]] && rm -r results
cd smartbugs
mv results ../
- name: Commit SmartBugs Results
uses: EndBug/add-and-commit@v7
with:
author_name: github-actions
author_email: action@github.com
message: 'chore: added smartbugs results'
add: 'results'
- The Run Codechecks step above generates the expected output locally but not in GitHub Actions.