[TT-1326] Update Solidty Foundry pipeline with Slither

.github/actions/detect-solidity-foundry-version/action.yml

@@ -0,0 +1,26 @@
+name: 'Detect Foundry version in GNUmakefile'
+description: 'Detects Foundry version in GNUmakefile'
+inputs:
+  working-directory:
+    description: 'The GNUmakefile directory'
+    required: false
+    default: 'contracts'
+outputs:
+  foundry-version:
+    description: 'Foundry version found in GNUmakefile'
+    value: ${{ steps.extract-foundry-version.outputs.foundry-version }}
+runs:
+  using: 'composite'
+  steps:
+    - name: Extract Foundry version
+      id: extract-foundry-version
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+      run: |
+        foundry_version=$(grep -Eo "foundryup --version [^ ]+" GNUmakefile | awk '{print $3}')
+        if [ -z "$foundry_version" ]; then
+          echo "::error::Foundry version not found in GNUmakefile"
+          exit 1
+        fi
+        echo "Foundry version found: $foundry_version"
+        echo "foundry-version=$foundry_version" >> $GITHUB_OUTPUT

.github/actions/setup-slither/action.yaml

@@ -0,0 +1,10 @@
+name: Setup Slither
+description: Installs Slither 0.10.3 for contract analysis. Requires Python 3.6 or higher.
+runs:
+  using: composite
+  steps:
+    - name: Install Slither
+      shell: bash
+      run: |
+        python -m pip install --upgrade pip
+        pip install slither-analyzer==0.10.3

.github/actions/setup-solc-select/action.yaml

@@ -0,0 +1,30 @@
+name: Setup Solc Select
+description: Installs Solc Select, required versions and selects the version to use. Requires Python 3.6 or higher.
+inputs:
+  to_install:
+    description: Comma-separated list of solc versions to install
+    required: true
+  to_use:
+    description: Solc version to use
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Install solc-select and solc
+      shell: bash
+      run: |
+        pip3 install solc-select
+        sudo ln -s /usr/local/bin/solc-select /usr/bin/solc-select
+                
+        IFS=',' read -ra versions <<< "${{ inputs.to_install }}"
+        for version in "${versions[@]}"; do
+          solc-select install $version
+          if [ $? -ne 0 ]; then
+            echo "Failed to install Solc $version"
+            exit 1
+          fi
+        done
+        
+        solc-select install ${{ inputs.to_use }}
+        solc-select use ${{ inputs.to_use }}

.github/actions/validate-artifact-scope/action.yaml

@@ -0,0 +1,103 @@
+name: Validate Artifact Scope
+description: Checks there are any modified Solidity files outside of the specified scope. If so, it prints a warning message, but does not fail the workflow.
+inputs:
+  product:
+    description: The product for which the artifacts are being generated
+    required: true
+  sol_files:
+    description: Comma-separated (CSV) or space-separated (shell) list of Solidity files to check
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Transform input array
+      id: transform_input_array
+      shell: bash
+      run: |
+        is_csv_format() {
+          local input="$1"
+          if [[ "$input" =~ "," ]]; then
+            return 0
+          else
+            return 1
+          fi
+        }
+        
+        is_space_separated_string() {
+          local input="$1"
+          if [[ "$input" =~ ^[^[:space:]]+([[:space:]][^[:space:]]+)*$ ]]; then
+            return 0
+          else
+            return 1
+          fi
+        }
+        
+        array="${{ inputs.sol_files }}"
+        
+        if is_csv_format "$array"; then
+          echo "::debug::CSV format detected, nothing to do"
+          echo "sol_files=$array" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+        
+        if is_space_separated_string "$array"; then
+          echo "::debug::Space-separated format detected, converting to CSV"
+          csv_array="${array// /,}"
+          echo "sol_files=$csv_array" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+        
+        echo "::error::Invalid input format for sol_files. Please provide a comma-separated (CSV) or space-separated (shell) list of Solidity files"
+        exit 1
+
+    - name: Check for changes outside of artifact scope
+      shell: bash
+      run: |
+        echo "::debug::All modified contracts:"
+        echo "${{ steps.transform_input_array.outputs.sol_files }}" | tr ',' '\n'
+        if [ "${{ inputs.product }}" = "shared" ]; then
+          excluded_paths_pattern="!/^contracts\/src\/v0\.8\/interfaces/ && !/^contracts\/src\/v0\.8\/${{ inputs.product }}/ && !/^contracts\/src\/v0\.8\/[^\/]+\.sol$/"
+        else
+          excluded_paths_pattern="!/^contracts\/src\/v0\.8\/${{ inputs.product }}/"
+        fi
+        echo "::debug::Excluded paths: $excluded_paths_pattern"
+        unexpected_files=$(echo "${{ steps.transform_input_array.outputs.sol_files }}" | tr ',' '\n' | awk "$excluded_paths_pattern")
+        missing_files=""
+        set -e 
+        set -o pipefail
+        if [[ -n "$unexpected_files" ]]; then
+          products=()
+          productsStr=""
+          IFS=$'\n' read -r -d '' -a files <<< "$unexpected_files" || true
+          echo "Files: ${files[@]}"
+        
+          for file in "${files[@]}"; do
+            missing_files+="$file,"
+        
+            product=$(echo "$file" | awk -F'src/v0.8/' '{if ($2 ~ /\//) print substr($2, 1, index($2, "/")-1); else print "shared"}')
+            if [[ ! " ${products[@]} " =~ " ${product} " ]]; then
+              products+=("$product")
+              productsStr+="$product, "
+            fi
+          done
+          productsStr=${productsStr%, }
+        
+          set +e 
+          set +o pipefail
+        
+          missing_files=$(echo $missing_files | tr ',' '\n')
+        
+          echo "Error: Found modified contracts outside of the expected scope: ${{ inputs.product }}"
+          echo "Files:"
+          echo "$missing_files"
+          echo "Action required: If you want to generate artifacts for other products ($productsStr) run this workflow again with updated configuration"
+        
+          echo "# Warning!" >> $GITHUB_STEP_SUMMARY
+          echo "## Reason: Found modified contracts outside of the expected scope: ${{ inputs.product }}" >> $GITHUB_STEP_SUMMARY
+          echo "### Files:" >> $GITHUB_STEP_SUMMARY
+          echo "$missing_files" >> $GITHUB_STEP_SUMMARY
+          echo "## Action required: If you want to generate artifacts for other products ($productsStr) run this workflow again with updated configuration" >> $GITHUB_STEP_SUMMARY            
+        else
+          echo "No unexpected files found."
+        fi

.github/actions/validate-solidity-artifacts/action.yaml

@@ -0,0 +1,115 @@
+name: Validate Solidity Artifacts
+description: Checks whether Slither reports and UML diagrams were generated for all necessary files. If not, a warning is printed in job summary, but the job is not marked as failed.
+inputs:
+  slither_reports_path:
+    description: Path to the Slither reports directory (without trailing slash)
+    required: true
+  uml_diagrams_path:
+    description: Path to the UML diagrams directory  (without trailing slash)
+    required: true
+  validate_slither_reports:
+    description: Whether Slither reports should be validated
+    required: true
+  validate_uml_diagrams:
+    description: Whether UML diagrams should be validated
+    required: true
+  sol_files:
+    description: Comma-separated (CSV) or space-separated (shell) list of Solidity files to check
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Transform input array
+      id: transform_input_array
+      shell: bash
+      run: |
+        is_csv_format() {
+          local input="$1"
+          if [[ "$input" =~ "," ]]; then
+            return 0
+          else
+            return 1
+          fi
+        }
+        
+        is_space_separated_string() {
+          local input="$1"
+          if [[ "$input" =~ ^[^[:space:]]+([[:space:]][^[:space:]]+)*$ ]]; then
+            return 0
+          else
+            return 1
+          fi
+        }
+        
+        array="${{ inputs.sol_files }}"
+        
+        if is_csv_format "$array"; then
+          echo "::debug::CSV format detected, nothing to do"
+          echo "sol_files=$array" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+        
+        if is_space_separated_string "$array"; then
+          echo "::debug::Space-separated format detected, converting to CSV"
+          csv_array="${array// /,}"
+          echo "sol_files=$csv_array" >> $GITHUB_OUTPUT
+          exit 0
+        fi
+        
+        echo "::error::Invalid input format for sol_files. Please provide a comma-separated (CSV) or space-separated (shell) list of Solidity files"
+        exit 1
+
+    - name: Validate UML diagrams
+      if: ${{ inputs.validate_uml_diagrams == 'true' }}
+      shell: bash
+      run: |
+        echo "Validating UML diagrams"        
+        IFS=',' read -r -a modified_files <<< "${{ steps.transform_input_array.outputs.sol_files }}"
+        missing_svgs=()        
+        for file in "${modified_files[@]}"; do
+          svg_file="$(basename "${file%.sol}").svg"
+          if [ ! -f "${{ inputs.uml_diagrams_path }}/$svg_file" ]; then
+            echo "Error: UML diagram for $file not found"
+            missing_svgs+=("$file")
+          fi
+        done
+        
+        if [ ${#missing_svgs[@]} -gt 0 ]; then
+            echo "Error: Missing UML diagrams for files: ${missing_svgs[@]}"
+            echo "# Warning!" >> $GITHUB_STEP_SUMMARY
+            echo "## Reason: Missing UML diagrams for files:" >> $GITHUB_STEP_SUMMARY
+            for file in "${missing_svgs[@]}"; do
+              echo " $file" >> $GITHUB_STEP_SUMMARY
+            done
+            echo "## Action required: Please try to generate artifacts for them locally or using a different tool" >> $GITHUB_STEP_SUMMARY
+        else 
+            echo "All UML diagrams generated successfully"
+        fi
+
+    - name: Validate Slither reports
+      if: ${{ inputs.validate_slither_reports == 'true' }}
+      shell: bash
+      run: |
+        echo "Validating Slither reports"
+        IFS=',' read -r -a modified_files <<< "${{ steps.transform_input_array.outputs.sol_files }}"
+        missing_reports=()
+        for file in "${modified_files[@]}"; do
+          report_file="$(basename "${file%.sol}")-slither-report.md"            
+          if [ ! -f "${{ inputs.slither_reports_path }}/$report_file" ]; then
+            echo "Error: Slither report for $file not found"
+            missing_reports+=("$file")
+          fi
+        done
+        
+        if [ ${#missing_reports[@]} -gt 0 ]; then
+            echo "Error: Missing Slither reports for files: ${missing_reports[@]}"
+            echo "# Warning!" >> $GITHUB_STEP_SUMMARY
+            echo "## Reason: Missing Slither reports for files:" >> $GITHUB_STEP_SUMMARY
+            for file in "${missing_reports[@]}"; do
+              echo " $file" >> $GITHUB_STEP_SUMMARY
+            done
+            echo "## Action required: Please try to generate artifacts for them locally" >> $GITHUB_STEP_SUMMARY
+        else 
+           echo "All Slither reports generated successfully"
+        fi