< < Articles

Industrializing smart contracts with Truffle


Vous pouvez aussi lire cet article en version française.

This piece is the first of a serie on BlockChain networks. It is aimed for an audience already educated in BlockChain networks and Ethereum Smart Contracts.

Ever since the DAO Hack, smart contracts security has become a critical issue in decentralized applications development, especially on the Ethereum blockchain. Industrializing smart contracts is a key step to this security as it allows running unit, functional or integration tests automatically. Once we have an industrialized process, we can implement security testing. We’ll see how we can industrialize our smart contracts using Truffle. We will then be able to systematically validate the edits made to our code, and comply to our quality standards.

Truffle is a project initiated by ConsenSys (Vitalik Buterin’s company). It allows us to interface smart contracts with JavaScript code, and the NodeJS ecosystem. This provides us industrialization tooling coming from the JavaScript world, that we can apply to Ethereum smart contracts.

Truffle provides the following features:

  • Dependency management (through NPM or EthPM - Ethereum’s smart contracts package manager)
  • Smart contracts compilation
  • Migrations
  • Testing (2 available modes)

      <li style="font-weight: 400;">
        With JavaScript, to validate your contracts outside of the BlockChain network
      <br /> 
      <li style="font-weight: 400;">
        With Solidity, to validate them from within
      <br />

  • Interact with contracts in JavaScript

      <li style="font-weight: 400;">
        There is a console as well
      <br />

  • Manage multiple environments (named networks)
  • This tooling allows us to setup a classic industrialization process, such as: Build > Test > Deploy

    Let’s see how to build this with Truffle.


    First of all, we’ll need a project. Let’s use the one provided by Truffle:

    npm install -g truffle ethereumjs-testrpc && truffle init

    You should now have a project containing a contracts directory, a migrations directory, a test directory and a truffle.js file.


    In order to declare your smart contracts on the Ethereum network, it will need to know of your contracts capabilities. We need to generate a JSON file for each smart contract containing among other things the list of available functions. This file is similar to a header file (.h) in C/C++.

    Truffle provides a way to generate this file through the following command:

    truffle build

    Dependency management

    Your contracts or JavaScript code will most likely depend on other packages. Truffle allows us to handle those dependencies easily: once declared in the correct file, you can install them through the truffle install  command (for smart contracts dependencies) or npm install  (for JavaScript).

    To sum up, those are the needed commands to build our app:

    npm install
    truffle install
    truffle build

    Note: it might be easier in the long run to handle your dependencies by customizing Truffle's build process. This will depend on your project, and overrides the truffle build  command.


    Things get interesting here: indeed, we don’t want to test our code directly on the Ethereum BlockChain, but we’d like to be able to see what’s going on under the hood. That’s why we installed the ethereumjs-testrpc package during the setup: it will allow us to have a local Ethereum network, and check what’s happening in it.

    To run it, open a console, and enter the testrpc  command. Your network will be locally available (by default through port 8545).

    TestRPC Output

    Once launched, you can run your smart contracts tests with the command: truffle test .

    Truffle Test

    Our tests are running, and we can check the testrpc console to see what’s happening.

    TestRPC Test Output

    To summarize: in order to test our application we needed the following commands:

    testrpc & (run as a background task)
    truffle test

    Note: if you need to switch testrpc’s port, it’s quite easy. Run the testrpc commandwith the -p option: testrpc -p 8242 ; then, whithin the truffle.js file, update the port parameter for the development network:

    module.exports = {
     networks: {
       development: {
         host: "localhost",
         port: 8242,
         network_id: "*" // Match any network id

    Our application tests being green, we can go to the next step.


    In a Continuous Integration process, once our tests are green, we can deploy our application to an integration platform (where QA can try it for instance). To do so, we need to declare this environment within the truffle.js file:

    module.exports = {
     networks: {
       development: {
         host: "localhost",
         port: 8242,
         network_id: "*" // Match any network id
       integration: {
         host: "",
         port: 80,
         network_id: "*"

    Here, my “integration” environment is hosted on a remote server, that we can reach through the “” address. To deploy our contracts on the environment, we’ll use the following command:  

    truffle migrate --network integration

    Truffle Migrate

    This command updates the JSON files for our contracts into this environment, and then executes the migrations (declared within the migrations directory). Here’s what happens on this environment with those migrations:

    TestRPC Migrate Output

    Gitlab CI integration

    If you wish to integrate Truffle within Gitlab CI, here’s a sample .gitlab-ci.yml file which should work with the starting example of Truffle. Ideally, we would have a testrpc service declared within the Gitlab CI configuration, as well as a dedicated docker image to run the tests with Truffle. The process as indicated below is a bit slow otherwise, as we need to install everything each time we run it.

    image: alpine:latest    # Ideally, a dedicated docker image with Truffle on it
     - apk add --no-cache nodejs nodejs-npm git python g++ make
     - npm install -g truffle ethereumjs-testrpc
     - build
     - test
     - deploy
     stage: build
     tags: [ek-docker]
       - truffle compile
     stage: test
     tags: [ek-docker]
       - testrpc -p 8242 &     # We could also have a service
       - truffle test
     stage: deploy
     tags: [ek-docker]
       - testrpc -p 8242 &
       - truffle migrate --network integration

    Here’s the result within Gitlab CI:

    GitLab CI Truffle pipeline

    So here’s how to industrialize your Smart Contracts projects with Truffle in a few steps. You will now have a systematic validation of your code, and can even deploy it automatically.

    Next steps

    We can add checks to our process, noticeably in the testing step, such as integrating the static analysis tool Oyente (still in beta). This analysis will increase our confidence in the developed code, by telling us whether we respect coding standards, or have introduced a potential bug within our Smart Contract. It will also check for known security breaches.

    Ethereum Smart Contracts and Solidity programming language are still quite fresh. However, having industrialization tooling within the ecosystem indicates that the technology is growing more mature.