diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 1e5643d..0ecb374 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -4,59 +4,57 @@ on: workflow_call: inputs: rust-toolchain: - description: 'Rust toolchain to use' - default: 'nightly' + description: "Rust toolchain to use" + default: "nightly" required: false type: string pip-mxpy-args: - description: 'pip mxpy install arguments' - default: 'multiversx-sdk-cli==v9.5.2' + description: "pip mxpy install arguments" + default: "multiversx-sdk-cli==v9.5.2" required: false type: string sc-meta-version: - description: 'multiversx-sc-meta version' - default: '' + description: "multiversx-sc-meta version" + default: "" required: false type: string mx-scenario-go-version: - description: 'sc-scenario-go version' - default: '' + description: "sc-scenario-go version" + default: "" required: false type: string path-to-sc-meta: - description: 'multiversx-sc-meta from local' - default: '' + description: "multiversx-sc-meta from local" + default: "" required: false type: string clippy-args: - description: 'cargo clippy arguments' - default: '--all-targets --all-features' + description: "cargo clippy arguments" + default: "--all-targets --all-features" required: false type: string enable-contracts-size-report: - description: 'Enable contracts size report' + description: "Enable contracts size report" default: true required: false type: boolean coverage-args: - description: 'sc-meta test-coverage arguments' - default: '--output ./coverage.md' + description: "sc-meta test-coverage arguments" + default: "--output ./coverage.md" required: false type: string binaryen-version: - description: 'binaryen (wasm-opt) version to use' - default: 'version_112' - required: false - type: string - wabt-version: - description: 'wabt version to use' - default: '1.0.27-1' + description: "binaryen (wasm-opt) version to use" + default: "version_112" required: false type: string secrets: token: - description: 'Github token' + description: "Github token" required: true + deploy-keys: + description: "Deploy SSH private keys" + required: false jobs: wasm_test: @@ -65,6 +63,14 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -79,8 +85,6 @@ jobs: tar -xf binaryen.tar.gz cp binaryen-${{ inputs.binaryen-version }}/bin/wasm-opt $HOME/.local/bin - sudo apt install -y wabt=${{ inputs.wabt-version }} - cargo install wasm-opt cargo install twiggy @@ -110,24 +114,27 @@ jobs: - name: Build the wasm contracts env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: sc-meta all build --no-imports --target-dir $(pwd)/target --path . - name: Run the wasm tests env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: cargo test --features multiversx-sc-scenario/run-go-tests - name: Generate the contract report if: ${{ inputs.enable-contracts-size-report }} env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: | sc-meta all build-dbg --twiggy-paths --target-dir $(pwd)/target --path . mxpy contract report --skip-build --skip-twiggy --output-format json --output-file report.json - name: Upload the report json if: ${{ inputs.enable-contracts-size-report }} - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: report path: report.json @@ -166,7 +173,7 @@ jobs: head: ${{ github.event.pull_request.head.sha }} - name: Upload the report markdown - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: ${{ github.event_name == 'pull_request' && inputs.enable-contracts-size-report }} with: name: report-markdown @@ -178,8 +185,8 @@ jobs: if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && inputs.enable-contracts-size-report }} with: issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: 'Contract comparison' + comment-author: "github-actions[bot]" + body-includes: "Contract comparison" - name: Create or update the report comment uses: peter-evans/create-or-update-comment@v2 @@ -196,6 +203,14 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -224,11 +239,12 @@ jobs: - name: Run tests and generate report env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: | sc-meta test-coverage ${{ inputs.coverage-args }} - name: Upload the report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: coverage path: coverage.md @@ -256,6 +272,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + - uses: actions-rust-lang/setup-rust-toolchain@v1 with: toolchain: ${{ inputs.rust-toolchain }} @@ -263,8 +288,8 @@ jobs: - name: Run the rust tests env: RUSTFLAGS: "" - run: - cargo test + CARGO_NET_GIT_FETCH_WITH_CLI: true + run: cargo test clippy_check: name: Clippy linter check diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 49e6031..1bdd4eb 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -9,7 +9,7 @@ on: description: Image multiversx/sdk-rust-contract-builder project_path: type: string - default: '.' + default: "." required: false description: A specific project path contract_name: @@ -27,7 +27,11 @@ on: description: Skip preliminary checks. Never set this in production! package_whole_project_src: type: boolean - description: Include all project files in the packaged source (*.source.json) + description: Include all project files in the packaged source (*.source.json) + secrets: + deploy-keys: + description: "Deploy SSH private keys" + required: false jobs: build: @@ -86,6 +90,42 @@ jobs: fetch-depth: 0 repository: ${{ env.GITHUB_REPOSITORY }} + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + + - name: Install rust + uses: actions-rust-lang/setup-rust-toolchain@v1 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + toolchain: ${{ inputs.rust-toolchain }} + target: wasm32-unknown-unknown + + - name: Vendored dependencies (if private dependencies are used) + env: + CARGO_NET_GIT_FETCH_WITH_CLI: true + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + run: | + mkdir -p .cargo + shopt -s globstar + cargos=($(echo **/Cargo.toml)) + cargos_s=$(printf -- '-s %s ' "${cargos[@]}") + cargo vendor ${cargos_s} >> .cargo/config.toml + + # Prevent mx-sdk-rust-contract-builder from bulding vendored dependencies + rm -f vendor/**/multiversx.json + + for checksum_file in **/.cargo-checksum.json; do + jq 'del(.files."multiversx.json")' "$checksum_file" > "$checksum_file.tmp" && mv "$checksum_file.tmp" "$checksum_file" + done + - name: Preliminary checks if: ${{ inputs.skip_preliminary_checks == false }} run: | @@ -110,7 +150,7 @@ jobs: else: logging.error(f"wasm/Cargo.lock file not found: {cargo_lock}") missing_cargo_lock = True - + if missing_cargo_lock: sys.exit(f"ERROR: One or more 'wasm/Cargo.lock' files are missing. They are essential for reproducible builds.") EOF @@ -120,18 +160,18 @@ jobs: - name: Download build script run: | wget https://raw.githubusercontent.com/multiversx/mx-sdk-rust-contract-builder/${{ inputs.image_tag }}/build_with_docker.py - + - name: Build contracts run: | flag_package_whole_project_src="" if ${{ inputs.package_whole_project_src }}; then flag_package_whole_project_src="--package-whole-project-src" fi - + python3 ./build_with_docker.py --no-docker-tty --image=multiversx/sdk-rust-contract-builder:${{ inputs.image_tag }} --project=${{ inputs.project_path }} --contract=${{ inputs.contract_name }} --output=/home/runner/work/output-from-docker ${flag_package_whole_project_src} - + - name: Save artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: build-output path: | @@ -167,7 +207,7 @@ jobs: try: logging.info(f"Fetching existing release notes, if any, for repository = {repository}, tag = {ref_name} ...") - + request = urllib.request.urlopen(f"https://api.github.com/repos/{repository}/releases/tags/{ref_name}") data = json.loads(request.read()) existing_notes = data["body"]