Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mpetrunic/gitmythx

Github app for running mythx checksuite
https://github.com/mpetrunic/gitmythx

Last synced: 17 days ago
JSON representation

Github app for running mythx checksuite

Host: GitHub
URL: https://github.com/mpetrunic/gitmythx
Owner: mpetrunic
License: mit
Created: 2019-04-30T17:43:55.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-04-30T19:34:19.000Z (over 5 years ago)
Last Synced: 2024-10-18T08:38:39.646Z (2 months ago)
Language: TypeScript
Size: 160 KB
Stars: 4
Watchers: 1
Forks: 3
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# GitMythX
[![GitHub license](https://img.shields.io/github/license/NodeFactoryIo/node-ts-starter.svg)](https://github.com/NodeFactoryIo/node-ts-starter/blob/master/LICENSE)

Repo containing github app for running MythX security checks.

## Example
- example repo: https://github.com/mpetrunic/GitMythx-example
- commit check - success - https://github.com/mpetrunic/GitMythx-example/commits/master
- PR check - failed - https://github.com/mpetrunic/GitMythx-example/pull/1
- issue viewer for PR: https://gitmythx.nodefactory.io/github/check/status/115227721

## Usage

- Install [GitMythX](https://github.com/apps/gitmythx) to your smart contract repo
- After installation you will be redirected to obtain MythX credentials
- You can create MythX account [here](https://mythx.io/)
- Add `gitmythx.json` file to root of your repo

Example of `gitmythx.json` file:
```json
{
// full version including commit
"solidityVersion": "v0.5.1+commit.c8a2cb62",
"contracts": [
//create this object for each contract you want to be run against security check
{
"name": "TestContract",
//relative to github repo root
"path": "./contracts/TestContract.sol"
}
]
}
```

## Development

Following software is required to be installed to use this repo:
* [NodeJs](https://nodejs.org/en/) >= v8.4.0
* [Yarn](https://yarnpkg.com/en/docs/install#debian-stable)
* Docker
* docker-compose

### Usage

#### Creating github app
- Go to: Github -> Settings -> Developer settings -> Github Apps -> New Github App
- Put some dummy urls (you will update urls after you start app locally)
- Check `Redirect on update`
- Permissions:
- Checks: Read & Write
- Repository contents: Read-only
- Pull requests: Read & Write
- Subscribe to following events:
- Check suite
- Check run
- Generate private key and save as `pk.pem` in root of application

#### Running application locally

On first use of this repo, run `npx run build` which will
build docker image.You will have to run `npx run build` each time
you change dependencies in package.json (yarn.lock).

Copy `.env.sample` into `.env` and fill out env variables, some fields can only be populated after creating of github app.

Using `npx run dev` will start all required docker containers, execute migrations etc.

Since github requires https hook, install [ngrok](https://ngrok.com/) or something similar
and in new terminal run `ngrok http 3000`. Copy generated https tunnel.

Update following props in GithubApp:
- Homepage URL:
- User authorization callback URL: /oauth/github
- Setup URL (optional): /setup
- Webhook URL: /github/hook
- Webhook secret:

Run `npx run` to see all available commands and their description.

## Notice
* make sure you update yarn.lock before building
* use sequelize-cli local to generate migrations (because of timestamp)