multiversx · rvignolo · May 10, 2024 · May 16, 2024 · May 17, 2024 · May 17, 2024
diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml
@@ -4,59 +4,57 @@ on:
   workflow_call:
     inputs:
       rust-toolchain:
-        description: 'Rust toolchain to use'
-        default: 'nightly'
+        description: "Rust toolchain to use"
+        default: "nightly"
         required: false
         type: string
       pip-mxpy-args:
-        description: 'pip mxpy install arguments'
-        default: 'multiversx-sdk-cli==v9.5.2'
+        description: "pip mxpy install arguments"
+        default: "multiversx-sdk-cli==v9.5.2"
         required: false
         type: string
       sc-meta-version:
-        description: 'multiversx-sc-meta version'
-        default: ''
+        description: "multiversx-sc-meta version"
+        default: ""
         required: false
         type: string
       mx-scenario-go-version:
-        description: 'sc-scenario-go version'
-        default: ''
+        description: "sc-scenario-go version"
+        default: ""
         required: false
         type: string
       path-to-sc-meta:
-        description: 'multiversx-sc-meta from local'
-        default: ''
+        description: "multiversx-sc-meta from local"
+        default: ""
         required: false
         type: string
       clippy-args:
-        description: 'cargo clippy arguments'
-        default: '--all-targets --all-features'
+        description: "cargo clippy arguments"
+        default: "--all-targets --all-features"
         required: false
         type: string
       enable-contracts-size-report:
-        description: 'Enable contracts size report'
+        description: "Enable contracts size report"
         default: true
         required: false
         type: boolean
       coverage-args:
-        description: 'sc-meta test-coverage arguments'
-        default: '--output ./coverage.md'
+        description: "sc-meta test-coverage arguments"
+        default: "--output ./coverage.md"
         required: false
         type: string
       binaryen-version:
-        description: 'binaryen (wasm-opt) version to use'
-        default: 'version_112'
-        required: false
-        type: string
-      wabt-version:
-        description: 'wabt version to use'
-        default: '1.0.27-1'
+        description: "binaryen (wasm-opt) version to use"
+        default: "version_112"
         required: false
         type: string
     secrets:
       token:
-        description: 'Github token'
+        description: "Github token"
         required: true
+      deploy-keys:
+        description: "Deploy SSH private keys"
+        required: false
 
 jobs:
   wasm_test:
@@ -65,6 +63,14 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Setup Credentials
+        uses: webfactory/ssh-agent@v0.9.0
+        env:
+          SUPER_SECRET: ${{ secrets.deploy-keys }}
+        if: ${{ env.SUPER_SECRET != '' }}
+        with:
+          ssh-private-key: ${{ secrets.deploy-keys }}
+
       - name: Install rust
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
@@ -79,8 +85,6 @@ jobs:
           tar -xf binaryen.tar.gz
           cp binaryen-${{ inputs.binaryen-version }}/bin/wasm-opt $HOME/.local/bin
 
-          sudo apt install -y wabt=${{ inputs.wabt-version }}
-
           cargo install wasm-opt
           cargo install twiggy
 
@@ -110,24 +114,27 @@ jobs:
       - name: Build the wasm contracts
         env:
           RUSTFLAGS: ""
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
         run: sc-meta all build --no-imports --target-dir $(pwd)/target --path .
 
       - name: Run the wasm tests
         env:
           RUSTFLAGS: ""
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
         run: cargo test --features multiversx-sc-scenario/run-go-tests
 
       - name: Generate the contract report
         if: ${{ inputs.enable-contracts-size-report }}
         env:
           RUSTFLAGS: ""
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
         run: |
           sc-meta all build-dbg --twiggy-paths --target-dir $(pwd)/target --path .
           mxpy contract report --skip-build --skip-twiggy --output-format json --output-file report.json
 
       - name: Upload the report json
         if: ${{ inputs.enable-contracts-size-report }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: report
           path: report.json
@@ -166,7 +173,7 @@ jobs:
             head: ${{ github.event.pull_request.head.sha }}
 
       - name: Upload the report markdown
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         if: ${{ github.event_name == 'pull_request' && inputs.enable-contracts-size-report }}
         with:
           name: report-markdown
@@ -178,8 +185,8 @@ jobs:
         if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository  && inputs.enable-contracts-size-report }}
         with:
           issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: 'Contract comparison'
+          comment-author: "github-actions[bot]"
+          body-includes: "Contract comparison"
 
       - name: Create or update the report comment
         uses: peter-evans/create-or-update-comment@v2
@@ -196,6 +203,14 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
+      - name: Setup Credentials
+        uses: webfactory/ssh-agent@v0.9.0
+        env:
+          SUPER_SECRET: ${{ secrets.deploy-keys }}
+        if: ${{ env.SUPER_SECRET != '' }}
+        with:
+          ssh-private-key: ${{ secrets.deploy-keys }}
+
       - name: Install rust
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
@@ -224,11 +239,12 @@ jobs:
       - name: Run tests and generate report
         env:
           RUSTFLAGS: ""
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
         run: |
           sc-meta test-coverage ${{ inputs.coverage-args }}
 
       - name: Upload the report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coverage
           path: coverage.md
@@ -256,15 +272,24 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+
+      - name: Setup Credentials
+        uses: webfactory/ssh-agent@v0.9.0
+        env:
+          SUPER_SECRET: ${{ secrets.deploy-keys }}
+        if: ${{ env.SUPER_SECRET != '' }}
+        with:
+          ssh-private-key: ${{ secrets.deploy-keys }}
+
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           toolchain: ${{ inputs.rust-toolchain }}
 
       - name: Run the rust tests
         env:
           RUSTFLAGS: ""
-        run:
-          cargo test
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
+        run: cargo test
 
   clippy_check:
     name: Clippy linter check

diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml
@@ -9,7 +9,7 @@ on:
         description: Image multiversx/sdk-rust-contract-builder
       project_path:
         type: string
-        default: '.'
+        default: "."
         required: false
         description: A specific project path
       contract_name:
@@ -27,7 +27,11 @@ on:
         description: Skip preliminary checks. Never set this in production!
       package_whole_project_src:
         type: boolean
-        description: Include all project files in the packaged source (*.source.json) 
+        description: Include all project files in the packaged source (*.source.json)
+    secrets:
+      deploy-keys:
+        description: "Deploy SSH private keys"
+        required: false
 
 jobs:
   build:
@@ -86,6 +90,42 @@ jobs:
           fetch-depth: 0
           repository: ${{ env.GITHUB_REPOSITORY }}
 
+      - name: Setup Credentials
+        uses: webfactory/ssh-agent@v0.9.0
+        env:
+          SUPER_SECRET: ${{ secrets.deploy-keys }}
+        if: ${{ env.SUPER_SECRET != '' }}
+        with:
+          ssh-private-key: ${{ secrets.deploy-keys }}
+
+      - name: Install rust
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        env:
+          SUPER_SECRET: ${{ secrets.deploy-keys }}
+        if: ${{ env.SUPER_SECRET != '' }}
+        with:
+          toolchain: ${{ inputs.rust-toolchain }}
+          target: wasm32-unknown-unknown
+
+      - name: Vendored dependencies (if private dependencies are used)
+        env:
+          CARGO_NET_GIT_FETCH_WITH_CLI: true
+          SUPER_SECRET: ${{ secrets.deploy-keys }}
+        if: ${{ env.SUPER_SECRET != '' }}
+        run: |
+          mkdir -p .cargo
+          shopt -s globstar
+          cargos=($(echo **/Cargo.toml))
+          cargos_s=$(printf -- '-s %s ' "${cargos[@]}")
+          cargo vendor ${cargos_s} >> .cargo/config.toml
+
+          # Prevent mx-sdk-rust-contract-builder from bulding vendored dependencies
+          rm -f vendor/**/multiversx.json
+
+          for checksum_file in **/.cargo-checksum.json; do
+            jq 'del(.files."multiversx.json")' "$checksum_file" > "$checksum_file.tmp" && mv "$checksum_file.tmp" "$checksum_file"
+          done
+
       - name: Preliminary checks
         if: ${{ inputs.skip_preliminary_checks == false }}
         run: |
@@ -110,7 +150,7 @@ jobs:
               else:
                 logging.error(f"wasm/Cargo.lock file not found: {cargo_lock}")
                 missing_cargo_lock = True
-            
+
           if missing_cargo_lock:
             sys.exit(f"ERROR: One or more 'wasm/Cargo.lock' files are missing. They are essential for reproducible builds.")
           EOF
@@ -120,18 +160,18 @@ jobs:
       - name: Download build script
         run: |
           wget https://raw.githubusercontent.com/multiversx/mx-sdk-rust-contract-builder/${{ inputs.image_tag }}/build_with_docker.py
-      
+
       - name: Build contracts
         run: |
           flag_package_whole_project_src=""
           if ${{ inputs.package_whole_project_src }}; then
             flag_package_whole_project_src="--package-whole-project-src"
           fi
-          
+
           python3 ./build_with_docker.py --no-docker-tty --image=multiversx/sdk-rust-contract-builder:${{ inputs.image_tag }} --project=${{ inputs.project_path }} --contract=${{ inputs.contract_name }} --output=/home/runner/work/output-from-docker ${flag_package_whole_project_src}
-      
+
       - name: Save artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: build-output
           path: |
@@ -167,7 +207,7 @@ jobs:
 
           try:
             logging.info(f"Fetching existing release notes, if any, for repository = {repository}, tag = {ref_name} ...")
-            
+
             request = urllib.request.urlopen(f"https://api.github.com/repos/{repository}/releases/tags/{ref_name}")
             data = json.loads(request.read())
             existing_notes = data["body"]