This repository contains Certora Run GitHub Action that allows you to run Certora Prover on your contracts in parallel, receive the results as a comment on the pull request.
To use this action, add the Certora Run Application to the repository and add the following to your GitHub Actions workflow:
jobs:
certora_run:
runs-on: ubuntu-latest
permissions:
contents: read
statuses: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm install
- uses: Certora/certora-run-action@main
with:
configurations: |-
tests/conf-verified.conf
tests/conf-verified.conf --rule monotone --method "counter()"
tests/conf-verified.conf --rule invertible
tests/conf-verified.conf --method "counter()"
solc-versions: 0.7.6 0.8.1
job-name: "Verified Rules"
certora-key: ${{ secrets.CERTORAKEY }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
This action will download all the specified Solidity versions, start certora-cli
on
every configuration file, and run the tests asynchronously. If one of the configurations
fails to start, the action will be marked as failed, and all other jobs will continue to run.
Once all the tests are finished Certora Run GitHub Application
will mark the commit
statuses as either success
or failure
and comment on the pull request with the
results.
Both solidity compilers and certora-cli
dependencies are cached between runs.
This action requires the following permissions:
contents: read
- Clone the repository and read the configuration files.statuses: write
- Write the status of the run to the GitHub UI.pull-requests: write
- Write the run status & comment on the pull request.
besides the permissions, the action requires the following secrets:
CERTORAKEY
- API key for Certora Prover.
configurations
- List of configuration files to run.solc-versions
- List of Solidity versions to download.cli-version
- Version of thecertora-cli
to use (optional). By default, the latest version is used.use-alpha
- Use the alpha version of thecertora-cli
(optional).use-beta
- Use the beta version of thecertora-cli
(optional).server
- Server to run the tests on (optional). Default isproduction
.solc-remove-version-prefix
- Prefix to remove from the Solidity version (optional).job-name
- Name of the job (optional).install-java
- Install Java for type checking (optional). Default istrue
.compilation-steps-only
- Compile the spec and the code without sending a verification request to the cloud (optional). Default isfalse
.certora-key
- API key for Certora Prover.
First, it will add a comment with details about runs:
Then you can see the live status of the runs:
And finally, once the first job finishes, GH App will add and update a review with the results:
For local development, you can use the act tool to run the action locally. The easiest way to set up everything is through combination of nix and direnv.
In order to set up the environment, follow these steps:
direnv allow
Then you can run the action with the following command:
act workflow_dispatch \
-s GITHUB_TOKEN="$(gh auth token)" \
-s CERTORAKEY="$CERTORAKEY" \
-W .github/workflows/main.yml \
--container-architecture=linux/amd64
For testing please create a PR using Certora Action Test repository. The PR should start several workflows on all of our environments.