This repository contains Certora Run GitHub Action that allows you to run Certora Prover on your contracts in parallel, receive the results as a comment on the pull request.
Currently, it's an alpha release.
To use this action, add the Certora Run GitHub Application to the repository and add
following to your GitHub Actions workflow:
jobs:
certora_run:
runs-on: ubuntu-latest
permissions:
contents: read
statuses: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm install
- uses: Certora/certora-run-action@main
with:
configurations: |-
tests/conf-verified.conf
tests/conf-verified.conf --rule monotone --method "counter()"
tests/conf-verified.conf --rule invertible
tests/conf-verified.conf --method "counter()"
solc-versions: 0.7.6 0.8.1
job-name: "Verified Rules"
certora-key: ${{ secrets.CERTORAKEY }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}This action will download all the specified Solidity versions, start certora-cli on
every configuration file, and run the tests asynchronously. If one of the configurations
fails to start, the action will be marked as failed, and all other jobs will continue to run.
Once all the tests are finished Certora Run GitHub Application will mark the commit
statuses as either success or failure and comment on the pull request with the
results.
Both solidity compilers and certora-cli dependencies are cached between runs.
This action requires the following permissions:
contents: read- Clone the repository and read the configuration files.statuses: write- Write the status of the run to the GitHub UI.pull-requests: write- Write the run status & comment on the pull request.
besides the permissions, the action requires the following secrets:
CERTORAKEY- API key for Certora Prover.
configurations- List of configuration files to run.solc-versions- List of Solidity versions to download.cli-version- Version of thecertora-clito use (optional). By default, the latest version is used.use-alpha- Use the alpha version of thecertora-cli(optional).use-beta- Use the beta version of thecertora-cli(optional).server- Server to run the tests on (optional). Default isproduction.solc-remove-version-prefix- Prefix to remove from the Solidity version (optional).job-name- Name of the job (optional).
First, it will add a comment with details about runs:
Then you can see the live status of the runs:
And finally, once the first job finishes, GH App will add and update a review with the results:
For local development, you can use the act tool to run the action locally. The easiest way to set up everything is through combination of nix and direnv.
In order to set up the environment, follow these steps:
direnv allowThen you can run the action with the following command:
act workflow_dispatch \
-s GITHUB_TOKEN="$(gh auth token)" \
-s CERTORAKEY="$CERTORAKEY" \
-W .github/workflows/main.yml \
--container-architecture=linux/amd64