-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: run slither only for v2 contracts #230
Conversation
WalkthroughThe changes optimize the Slither analysis by targeting it solely on v2 contracts located in the Changes
Assessment against linked issues
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Outside diff range, codebase verification and nitpick comments (1)
.github/workflows/slither.yaml (1)
Line range hint
1-47
: Review of the general workflow setup.The workflow is triggered on various events (
push
andpull_request
), which is standard for CI processes. The use ofactions/checkout@v3
with recursive submodules,actions/setup-node@v2
with Node.js 18, andfoundry-rs/foundry-toolchain@v1
for smart contract compilation are appropriate choices.
- Security: Permissions are correctly scoped to
contents: read
andsecurity-events: write
, which minimizes potential security risks.- Efficiency: The workflow steps are logically ordered and should execute without unnecessary delays.
Consider verifying if
yarn build
optimally configures for production environments, especially in terms of minimizing build artifacts and optimizing performance.
Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Files selected for processing (1)
- .github/workflows/slither.yaml (1 hunks)
Additional comments not posted (1)
.github/workflows/slither.yaml (1)
48-48
: Ensure correct targeting for Slither analysis.The configuration change to target
contracts/prototypes
for Slither analysis aligns with the PR objectives and issue #228. This should effectively focus the static analysis on the v2 contracts as intended.
Signed-off-by: Francisco de Borja Aranda Castillejo <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Files selected for processing (1)
- slither.config.json (1 hunks)
Additional comments not posted (1)
slither.config.json (1)
3-3
: Configuration update to exclude legacy contracts paths is correct.The update to the
filter_paths
field correctly includes the pathscontracts/evm
andcontracts/zevm
to be excluded from Slither analysis. This change aligns with the PR objectives and optimizes the analysis process by focusing on the relevant v2 contracts.
@skosito can you check this one sometime? |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #230 +/- ##
=======================================
Coverage 58.29% 58.29%
=======================================
Files 11 11
Lines 235 235
Branches 61 61
=======================================
Hits 137 137
Misses 98 98 ☔ View full report in Codecov by Sentry. |
Closes #228
Summary by CodeRabbit