diff --git a/.gitignore b/.gitignore index 85198aa..46bbcb2 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,7 @@ docs/ # Dotenv file .env + +# Local development dependencies +dev/node_modules/ +dev/.venv/ diff --git a/README.md b/README.md index 72ce9fd..ccd232b 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ This project is meant to be used as a templated during the creation of new Githu It will contain some useful configuration files and scripts, that can be used also with existing projects (manually copied). - ## Usage ### Build @@ -27,6 +26,32 @@ forge test forge fmt ``` +### Local tooling + +Solhint and Slither are pinned as local development dependencies under `dev/`. +Install them with: + +```shell +npm install --prefix dev +python -m venv dev/.venv +dev/.venv/bin/pip install -r dev/requirements.txt +``` + +Use the local binaries when running these tools: + +```shell +dev/node_modules/.bin/solhint --version +dev/.venv/bin/slither --version +``` + +### Slither + +Slither uses the pinned local Python dependency and checks contracts under `src` by default: + +```shell +dev/.venv/bin/slither src --config-file slither.config.json +``` + ### Gas Snapshots ```shell @@ -44,18 +69,18 @@ forge script script/Counter.s.sol:CounterScript --rpc-url --priva The following operations need to be performed after this repository has been created. - [ ] In GitHub repo settings: - - [ ] Add a new ruleset called "Protected branches" and include the following changes: - - Enforcement status: active - - Target branches: Include default branch - - Require linear history - - Require a pull request before merging - - Required approvals: 1 - - Allowed merge methods: Squash - - Block force pushes - - [ ] In General → Features → Pull requests: - - Select "Pull request title and description" in "Default commit message" option - - Unckeck "Allow merge commits" option - - Check "Allow auto-merge" option + - [ ] Add a new ruleset called "Protected branches" and include the following changes: + - Enforcement status: active + - Target branches: Include default branch + - Require linear history + - Require a pull request before merging + - Required approvals: 1 + - Allowed merge methods: Squash + - Block force pushes + - [ ] In General → Features → Pull requests: + - Select "Pull request title and description" in "Default commit message" option + - Unckeck "Allow merge commits" option + - Check "Allow auto-merge" option - [ ] Run `forge install` to install the dependencies. This will create a new `foundry.lock` file which you should commit to the project - [ ] Make sure you use the [latest version of Solidity](https://github.com/argotorg/solidity/releases) by updating the `solc` version in `foundry.toml` -- [ ] Once all entries in this list are checked, delete this section from the readme \ No newline at end of file +- [ ] Once all entries in this list are checked, delete this section from the readme diff --git a/dev/requirements.txt b/dev/requirements.txt new file mode 100644 index 0000000..8cd5ccd --- /dev/null +++ b/dev/requirements.txt @@ -0,0 +1 @@ +slither-analyzer==0.11.5 diff --git a/slither.config.json b/slither.config.json new file mode 100644 index 0000000..308ad06 --- /dev/null +++ b/slither.config.json @@ -0,0 +1,4 @@ +{ + "detectors_to_exclude": "solc-version", + "filter_paths": "(lib/|test/|script/)" +}