This is a stripped down version of the Solhint NPM package for CI purposes only.
Solhint Authors can be found at Protofire
name: solhint-ci
on: [pull_request]
jobs:
solhint:
name: runner / solhint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: solhint
uses: contractshark/inject-solhint-ci@latest
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review # Change reporter.
solhint_input: 'contracts/*.sol'
Injection via NPM module, e.g.
yarn add --dev "https://github.com/contractshark/inject-solihint-ci#$COMMIT_REF"
Usage
You can install Solhint using npm:
yarn add --dev solhint-ci
# verify that it was installed correctly
solhint --version
First initialize a configuration file, if you don't have one:
solhint --init
This will create a .solhint.json
file with the default rules enabled. Then run Solhint with one or more Globs as arguments. For example, to lint all files inside contracts
directory, you can do:
solhint 'contracts/**/*.sol'
To lint a single file:
solhint contracts/MyToken.sol
Run solhint
without arguments to get more information:
Usage: solhint [options] <file> [...other_files]
Linter for Solidity programming language
Options:
-V, --version output the version number
-f, --formatter [name] report formatter name (stylish, table, tap, unix)
-w, --max-warnings [maxWarningsNumber] number of allowed warnings
-c, --config [file_name] file to use as your .solhint.json
-q, --quiet report errors only - default: false
--ignore-path [file_name] file to use as your .solhintignore
--fix automatically fix problems
--init create configuration file for solhint
-h, --help output usage information
Commands:
stdin [options] linting of source code data provided to STDIN
You can use a .solhint.json
file to configure Solhint for the whole project.
To generate a new sample .solhint.json
file in current folder you can do:
solhint --init
This file has the following format:
{
"extends": "solhint:recommended",
"plugins": [],
"rules": {
"avoid-suicide": "error",
"avoid-sha3": "warn"
}
}
A full list of all supported rules can be found here.
To ignore files that do not require validation you can use a .solhintignore
file. It supports rules in
the .gitignore
format.
node_modules/
additional-tests.sol
The default rulesets provided by solhint are the following:
- solhint:default
- solhint:recommended
Use one of these as the value for the "extends" property in your configuration file.
You can use comments in the source code to configure solhint in a given line or file.
For example, to disable all validations in the line following a comment:
// solhint-disable-next-line
uint[] a;
You can disable specific rules on a given line. For example:
// solhint-disable-next-line not-rely-on-time, not-rely-on-block-hash
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number))));
Disable validation on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line
Disable specific rules on current line:
uint pseudoRand = uint(keccak256(abi.encodePacked(now, blockhash(block.number)))); // solhint-disable-line not-rely-on-time, not-rely-on-block-hash
You can disable a rule for a group of lines:
/* solhint-disable avoid-tx-origin */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable avoid-tx-origin */
Or disable all validations for a group of lines:
/* solhint-disable */
function transferTo(address to, uint amount) public {
require(tx.origin == owner);
to.call.value(amount)();
}
/* solhint-enable */
Full list with all supported Security Rules