Add GitHub Actions YAML file

[anton-trunov]

This should allow users to automatically build contracts, run tests and run the misti static analyzer if they host their projects on GitHub.

Related Blueprint issue: ton-org/create-ton#22

[jubnzv]

I would help at least with Misti integration. The configuration process should match the instruction: https://nowarp.io/tools/misti/docs/tutorial/ci-cd.

Perhaps, we should also restrict the default warning severity level to Medium (-m medium) in order to make it less noisy.

[anton-trunov]

@jubnzv Feel free too add CI to this repo, any help would be greatly appreciated

[jubnzv]

I would implement Misti integration as a separate GitHub action: nowarp/misti#153.

However, I would need to prepare an additional minor release for Misti to make the analysis less noisy and more configurable. At a minimum, I would need:

• The --min-severity option: nowarp/misti@79e1a84
• Fixes for false positives I've recently found: ReadOnlyVariables: False positive on the map value nowarp/misti#148 and ArgCopyMutation: Don't report arguments returned from the function nowarp/misti#149
• Poor man's warning suppression: Warnings suppression: config and --suppress option nowarp/misti#152

Additionally, I would improve blueprint integration to enable running the GitHub action for blueprint plugins:

• Choose a project when running Misti nowarp/blueprint-misti#6

After implementing this I suggest to create an another minor release (since my roadmap for more valuable detectors hasn't approved: ton-society/grants-and-bounties#777), release a github action and integrate it to the Tact template.

[jubnzv]

Otherwise, if we need to implement this ASAP, we can add a CI without running Misti and simply include it to the package.json adding usage instructions.

[anton-trunov]

We don't really need it ASAP, let's solve it the proper way.

[jubnzv]

Alright, here is my plan for the next minor release that includes adding the GitHub action: https://github.com/nowarp/misti/milestone/8.

[jubnzv]

I developed the initial implementation of a GitHub Action for Misti, but I decided not to publish it. Here are the problems:

• The blueprint configuration is too complicated: we need a flag if the blueprint is used, the name/names of the blueprint projects to analyze, and a command to run the blueprint (e.g., npx blueprint misti, yarn blueprint misti, etc.). The user also has to manually install and configure the blueprint-misti plugin before running it. This overcomplicates things, and a single run action would be more explicit and simpler.
• We still need to specify arguments for the Misti command or keep the action's configuration up-to-date with the current CLI options in Misti, which requires creating custom options.
• The GitHub Actions runner for Node doesn't support Node.js 20+. Therefore, the implementation must be wrapped in Docker.

Overall, at this time, a separate GitHub Action for Misti is not feasible and only complicates things. It might become simpler later when we eliminate extra configuration options, introduce execution without Tact configuration, hack Blueprint, and when Node22 becomes available for GitHub Actions. For now, it makes no sense.

I will prepare a CI in this repo without using the misti-action package.