slither-action icon indicating copy to clipboard operation
slither-action copied to clipboard

Published 20 hours ago verified publisher icon crytic

Non-reproducible builds in mono-repo setups

Open 0xmichalis opened this issue 2 years ago • 2 comments

The action as it is currently set up, is not suitable for a mono-repo where the dependency lock file exists at the top-level of the repo and the target directory where the contracts live is nested because of https://github.com/crytic/slither-action/blob/68ad2434d613601b79da77aeb6b3bb04024d3d10/entrypoint.sh#L113-L126.

0xmichalis avatar Jun 13 '22 10:06 0xmichalis

Hi, thanks for the report! Do you have an example repository you can share to make the structure more clear?

Note that if you have a complex or unsupported build procedure, you can always roll your own build steps as part of the actions workflow and then run the slither action with ignore-compile. You can check the dapp example on the repo readme for general guidance.

elopez avatar Jun 13 '22 12:06 elopez

Hi @elopez thanks for the prompt response, appreciate it! Ignoring compilation is a helpful feature, thanks for pointing it out! I'll try to get a minimal repo setup to reproduce this issue.

0xmichalis avatar Jun 13 '22 13:06 0xmichalis