From 11a9296fabe1a54c28ccd2043bd362dc7c42720a Mon Sep 17 00:00:00 2001 From: Elena Gesheva Date: Mon, 31 May 2021 16:12:21 +0300 Subject: [PATCH 1/2] Add static analysis action (#848) * Add static analysis github action setup python and install slither * Add nvmrc file for setting node to v14.17 * Update slither command run to link missing contract packages from monorepo root * Add steps for installing dependencies * Add yarn build step to github action * Enable colour in github action for static analysis * Disable certain detectors * Ensure slither does not fail build * Add instructions on running static analysis to monorepo readme --- .github/workflows/static-analysis.yml | 61 ++++++++++++++++++++++++++ .gitignore | 3 ++ .nvmrc | 1 + README.md | 14 ++++-- packages/contracts/package.json | 3 ++ packages/contracts/slither.config.json | 12 +++++ 6 files changed, 91 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/static-analysis.yml create mode 100644 .nvmrc create mode 100644 packages/contracts/slither.config.json diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml new file mode 100644 index 000000000000..9eab9a0b3de9 --- /dev/null +++ b/.github/workflows/static-analysis.yml @@ -0,0 +1,61 @@ +name: Static analysis + +on: + push: + branches: + - master + - develop + pull_request: + workflow_dispatch: + +env: + PYTEST_ADDOPTS: "--color=yes" + +jobs: + slither: + name: Slither run + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Fetch history + run: git fetch + + - name: Setup node + uses: actions/setup-node@v1 + with: + node-version: '12.x' + + - name: Get yarn cache directory path + id: yarn-cache-dir-path + run: echo "::set-output name=dir::$(yarn cache dir)" + + - uses: actions/cache@v2 + id: yarn-cache + with: + path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + ${{ runner.os }}-yarn- + + - name: Install Dependencies + # only install dependencies if there was a change in the deps + # if: steps.yarn-cache.outputs.cache-hit != 'true' + run: yarn install + + - name: Build + run: yarn build + + - name: Set up Python 3.8 + uses: actions/setup-python@v2 + with: + python-version: '3.8' + + - name: Install Slither + run: pip3 install slither-analyzer + + - name: Run analysis + working-directory: ./packages/contracts + shell: bash + run: yarn test:slither + continue-on-error: true diff --git a/.gitignore b/.gitignore index 18b731ead5fc..45c8671678a8 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,9 @@ cache-ovm l2geth/build/bin packages/contracts/deployments/custom packages/contracts/coverage* +packages/contracts/@ens* +packages/contracts/@openzeppelin* +packages/contracts/hardhat* packages/data-transport-layer/db diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 000000000000..62df50f1eefe --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +14.17.0 diff --git a/README.md b/README.md index d7b11ea584f2..8ed492095de5 100644 --- a/README.md +++ b/README.md @@ -23,14 +23,14 @@ Extensive documentation is available [here](http://community.optimism.io/docs/) * [`message-relayer`](./packages/message-relayer): Service for relaying L2 messages to L1 * [`l2geth`](./l2geth): Fork of [go-ethereum v1.9.10](https://github.com/ethereum/go-ethereum/tree/v1.9.10) implementing the [OVM](https://research.paradigm.xyz/optimism#optimistic-geth). * [`integration-tests`](./integration-tests): Integration tests between a L1 testnet, `l2geth`, -* [`ops`](./ops): Contains Dockerfiles for containerizing each service involved in the protocol, +* [`ops`](./ops): Contains Dockerfiles for containerizing each service involved in the protocol, as well as a docker-compose file for bringing up local testnets easily ## Quickstart ### Installation -Dependency management is done using `yarn`. +Dependency management is done using `yarn`. ```bash git clone git@github.com:ethereum-optimism/optimism.git @@ -67,7 +67,7 @@ you can run `yarn lerna run test --parallel --since master` #### Running the integration tests The integration tests first require bringing up the Optimism stack. This is done via -a Docker Compose network. For better performance, we also recommend enabling Docker +a Docker Compose network. For better performance, we also recommend enabling Docker BuildKit ```bash @@ -110,3 +110,11 @@ can be hard to filter through. In order to view the logs from a specific service ``` docker-compose logs --follow ``` +### Static analysis + +To run `slither` locally in `./packages/contracts` do + +``` +pip3 install slither-analyzer +yarn test:slither +``` diff --git a/packages/contracts/package.json b/packages/contracts/package.json index e8f750f6d7a3..ec5771a978c3 100644 --- a/packages/contracts/package.json +++ b/packages/contracts/package.json @@ -32,6 +32,9 @@ "test:contracts": "hardhat test --show-stack-traces", "test:gas": "hardhat test \"test/contracts/OVM/execution/OVM_StateManager.gas-spec.ts\" --no-compile --show-stack-traces", "test:coverage": "NODE_OPTIONS=--max_old_space_size=8192 hardhat coverage", + "test:slither": "slither .", + "pretest:slither": "rm -f @openzeppelin && rm -f @ens && rm -f hardhat && ln -s ../../node_modules/@openzeppelin @openzeppelin && ln -s ../../node_modules/@ens @ens && ln -s ../../node_modules/hardhat hardhat", + "posttest:slither": "rm -f @openzeppelin && rm -f @ens && rm -f hardhat", "lint": "yarn lint:fix && yarn lint:check", "lint:fix": "yarn run lint:fix:typescript", "lint:fix:typescript": "prettier --config .prettierrc.json --write \"hardhat.config.ts\" \"{src,test}/**/*.ts\"", diff --git a/packages/contracts/slither.config.json b/packages/contracts/slither.config.json new file mode 100644 index 000000000000..8827f71e57ec --- /dev/null +++ b/packages/contracts/slither.config.json @@ -0,0 +1,12 @@ +{ + "detectors_to_exclude": "conformance-to-solidity-naming-conventions,assembly-usage,low-level-calls,block-timestamp", + "exclude_informational": false, + "exclude_low": false, + "exclude_medium": false, + "exclude_high": false, + "solc_disable_warnings": false, + "hardhat_ignore_compile": true, + "disable_color": false, + "exclude_dependencies": true, + "filter_paths": "@openzeppelin|hardhat|contracts/test-helpers|contracts/test-libraries" +} From 5a7984973622d1d6e610ac98cfc206ab9a3bfe1a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 May 2021 19:21:45 +0300 Subject: [PATCH 2/2] build(deps): bump ws from 7.4.4 to 7.4.6 in /ops/docker/hardhat (#987) Bumps [ws](https://github.com/websockets/ws) from 7.4.4 to 7.4.6. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/7.4.4...7.4.6) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ops/docker/hardhat/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ops/docker/hardhat/yarn.lock b/ops/docker/hardhat/yarn.lock index bad1ef0d6d31..5d7149c252ea 100644 --- a/ops/docker/hardhat/yarn.lock +++ b/ops/docker/hardhat/yarn.lock @@ -2252,9 +2252,9 @@ wrappy@1: integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= ws@^7.2.1: - version "7.4.4" - resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.4.tgz#383bc9742cb202292c9077ceab6f6047b17f2d59" - integrity sha512-Qm8k8ojNQIMx7S+Zp8u/uHOx7Qazv3Yv4q68MiWWWOJhiwG5W3x7iqmRtJo8xxrciZUY4vRxUTJCKuRnF28ZZw== + version "7.4.6" + resolved "https://registry.yarnpkg.com/ws/-/ws-7.4.6.tgz#5654ca8ecdeee47c33a9a4bf6d28e2be2980377c" + integrity sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A== xtend@^4.0.0, xtend@^4.0.1, xtend@~4.0.0: version "4.0.2"