Skip to content

feat: add semgrep security issues scanning #446

feat: add semgrep security issues scanning

feat: add semgrep security issues scanning #446

name: Check For Core Contracts Storage Changes
on:
push:
branches:
- development
pull_request:
jobs:
provide_contracts:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Foundry
uses: onbjerg/foundry-toolchain@v1
with:
version: nightly
- name: Narrow down test matrix scope to changed contracts to limit API requests
id: changed-contracts
uses: tj-actions/changed-files@v42
with:
files_yaml: |
contracts:
- packages/contracts/src/dollar/core/*.sol
- name: Set contracts matrix
id: set-matrix
working-directory: packages/contracts
if: steps.changed-contracts.outputs.contracts_any_changed == 'true'
env:
CHANGED_CONTRACTS: ${{ steps.changed-contracts.outputs.contracts_all_changed_files }}
run: |
for CONTRACT in "$CHANGED_CONTRACTS"; do
echo ${CONTRACT} | xargs basename -a | cut -d'.' -f1 | xargs -I{} echo src/dollar/core/{}.sol:{} >> contracts.txt
done
echo "matrix=$(cat contracts.txt | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
check_storage_layout:
needs: provide_contracts
runs-on: ubuntu-latest
if: ${{ needs.provide_contracts.outputs.matrix != '[]' && needs.provide_contracts.outputs.matrix != '' }}
strategy:
matrix:
contract: ${{ fromJSON(needs.provide_contracts.outputs.matrix) }}
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
- name: Install Foundry
uses: onbjerg/foundry-toolchain@v1
with:
version: nightly
- name: Check For Core Contracts Storage Changes
uses: Rubilmax/foundry-storage-check@main
with:
workingDirectory: packages/contracts
contract: ${{ matrix.contract }}
failOnRemoval: true