Merge pull request #13 from tlvince/feat/stdout

Add stdout output

README.md

@@ -327,3 +327,75 @@ jobs:
       with:
         ignore-compile: true
 ```
+
+## Example workflow: Markdown report
+
+The following GitHub Actions workflow example will create/update pull requests
+with the contents of Slither's Markdown report. Useful for when [GitHub Advanced
+Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security)
+(required for the SARIF feature) is unavailable.
+
+```yaml
+name: Slither Analysis
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Run Slither
+      uses: crytic/[email protected]
+      id: slither
+      with:
+        node-version: 16
+        fail-on: none
+        slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
+
+    - name: Create/update checklist as PR comment
+      uses: actions/github-script@v6
+      if: github.event_name == 'pull_request'
+      with:
+        script: |
+          const script = require('.github/scripts/comment')
+          const header = '# Slither report'
+          const body = `${{ steps.slither.outputs.stdout }}`
+          await script({ github, context, header, body })
+```
+
+`.github/scripts/comment.js`:
+
+```js
+module.exports = async ({ github, context, header, body }) => {
+  const comment = [header, body].join("\n");
+
+  const { data: comments } = await github.rest.issues.listComments({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    issue_number: context.payload.number,
+  });
+
+  const botComment = comments.find(
+    (comment) =>
+      // github-actions bot user
+      comment.user.id === 41898282 && comment.body.startsWith(header)
+  );
+
+  const commentFn = botComment ? "updateComment" : "createComment";
+
+  await github.rest.issues[commentFn]({
+    owner: context.repo.owner,
+    repo: context.repo.repo,
+    body: comment,
+    ...(botComment
+      ? { comment_id: botComment.id }
+      : { issue_number: context.payload.number }),
+  });
+};
+```

action.yml

@@ -34,6 +34,8 @@ inputs:
 outputs:
   sarif:
     description: 'If produced, the path of the SARIF file, relative to the repo root.'
+  stdout:
+    description: 'Standard output from Slither. Works well when passing `--checklist` in slither-args.'
 runs:
   using: 'docker'
   image: 'Dockerfile'

entrypoint.sh

@@ -6,6 +6,10 @@ get() {
     env | sed -n "s/^$1=\(.*\)/\1/;T;p"
 }
 
+random_string() {
+    echo "$RANDOM $RANDOM $RANDOM $RANDOM $RANDOM" | md5sum | head -c 20
+}
+
 version_lte() {
     printf '%s\n%s\n' "$1" "$2" | sort -C -V
 }
@@ -17,6 +21,7 @@ SARIFOUT="$4"
 SLITHERVER="$5"
 SLITHERARGS="$(get INPUT_SLITHER-ARGS)"
 SLITHERCONF="$(get INPUT_SLITHER-CONFIG)"
+STDOUTFILE="/tmp/slither-stdout"
 IGNORECOMPILE="$(get INPUT_IGNORE-COMPILE)"
 
 # #19 - an user may set SOLC_VERSION in the workflow and cause problems here.
@@ -258,8 +263,11 @@ fi
 FAILONFLAG="$(fail_on_flags)"
 
 if [[ -z "$SLITHERARGS" ]]; then
-    slither "$TARGET" $SARIFFLAG $IGNORECOMPILEFLAG $FAILONFLAG $CONFIGFLAG
+    slither "$TARGET" $SARIFFLAG $IGNORECOMPILEFLAG $FAILONFLAG $CONFIGFLAG | tee "$STDOUTFILE"
 else
     echo "[-] SLITHERARGS provided. Running slither with extra arguments"
-    printf "%s\n" "$SLITHERARGS" | xargs slither "$TARGET" $SARIFFLAG $IGNORECOMPILEFLAG $FAILONFLAG $CONFIGFLAG
+    printf "%s\n" "$SLITHERARGS" | xargs slither "$TARGET" $SARIFFLAG $IGNORECOMPILEFLAG $FAILONFLAG $CONFIGFLAG | tee "$STDOUTFILE"
 fi
+
+DELIMITER="$(random_string)"
+{ echo "stdout<<$DELIMITER"; cat "$STDOUTFILE"; echo -e "\n$DELIMITER"; } >> "$GITHUB_OUTPUT"