-
Notifications
You must be signed in to change notification settings - Fork 81
415 lines (374 loc) · 15.7 KB
/
reusable-build.yaml
File metadata and controls
415 lines (374 loc) · 15.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
name: Reusable Build Solana Program
on:
workflow_call:
inputs:
program:
description: "Program to build"
required: true
type: string
network:
description: "Target network for deployment (devnet/mainnet)"
required: false
default: "devnet"
type: string
deploy:
description: "Deploy program after build"
required: false
type: boolean
default: false
upload_idl:
description: "Upload IDL after build"
required: false
type: boolean
default: true
verify:
description: "Verify build on-chain using solana-verify"
required: false
type: boolean
default: true
use-squads:
description: "Use Squads multisig for deployment"
required: false
type: boolean
default: false
priority-fee:
description: "Priority fee in microlamports for transactions"
required: false
type: string
default: "100000"
vault-index:
description: "Index of the vault to use for the multisig"
required: false
type: string
default: "0"
features:
description: "Cargo features to enable during build"
type: string
required: false
default: ""
override-solana-version:
description: "The version is taken from the cargo.lock but you can also override it here"
type: string
required: false
default: ""
override-anchor-version:
description: "The version is taken from the cargo.lock but you can also override it here"
type: string
required: false
default: ""
override-program-id:
description: "The program ID is taken from anchor.toml or PROGRAM_ADDRESS_KEYPAIR. But you can also override it here"
type: string
required: false
default: ""
secrets:
DEVNET_SOLANA_DEPLOY_URL:
MAINNET_SOLANA_DEPLOY_URL:
DEVNET_DEPLOYER_KEYPAIR:
MAINNET_DEPLOYER_KEYPAIR:
PROGRAM_ADDRESS_KEYPAIR:
DEVNET_MULTISIG:
DEVNET_MULTISIG_VAULT:
MAINNET_MULTISIG:
MAINNET_MULTISIG_VAULT:
outputs:
buffer:
description: "Program buffer address"
value: ${{ jobs.build.outputs.buffer }}
idl_buffer:
description: "IDL buffer address"
value: ${{ jobs.build.outputs.idl_buffer }}
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 60
env:
SOLANA_VERIFY_VERSION: "0.4.1"
outputs:
buffer: ${{ steps.program-buffer.outputs.buffer }}
idl_buffer: ${{ steps.idl-buffer.outputs.buffer }}
is_anchor: ${{ steps.check-anchor.outputs.is_anchor }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Check for Anchor.toml
id: check-anchor
run: |
if [ -f "Anchor.toml" ]; then
echo "is_anchor=true" >> $GITHUB_OUTPUT
echo "Anchor.toml found - this is an Anchor project"
else
echo "is_anchor=false" >> $GITHUB_OUTPUT
echo "No Anchor.toml found - this is not an Anchor project"
fi
- name: Validate network
if: inputs.network != 'devnet' && inputs.network != 'mainnet'
run: |
echo "Error: network must be either 'devnet' or 'mainnet'"
exit 1
- name: Set deployment variables
run: |
# Network specific variables
if [ "${{ inputs.network }}" = "mainnet" ]; then
echo "IS_MAINNET=true" >> $GITHUB_ENV
else
echo "IS_MAINNET=false" >> $GITHUB_ENV
fi
# Set URLs and Keys based on network
if [ "${{ inputs.network }}" = "mainnet" ]; then
echo "DEPLOY_URL=${{ secrets.MAINNET_SOLANA_DEPLOY_URL }}" >> $GITHUB_ENV
echo "DEPLOYER_KEYPAIR=${{ secrets.MAINNET_DEPLOYER_KEYPAIR }}" >> $GITHUB_ENV
echo "MULTISIG=${{ secrets.MAINNET_MULTISIG }}" >> $GITHUB_ENV
echo "MULTISIG_VAULT=${{ secrets.MAINNET_MULTISIG_VAULT }}" >> $GITHUB_ENV
else
echo "DEPLOY_URL=${{ secrets.DEVNET_SOLANA_DEPLOY_URL }}" >> $GITHUB_ENV
echo "DEPLOYER_KEYPAIR=${{ secrets.DEVNET_DEPLOYER_KEYPAIR }}" >> $GITHUB_ENV
echo "MULTISIG=${{ secrets.DEVNET_MULTISIG }}" >> $GITHUB_ENV
echo "MULTISIG_VAULT=${{ secrets.DEVNET_MULTISIG_VAULT }}" >> $GITHUB_ENV
fi
- uses: solana-developers/github-actions/extract-versions@v0.2.5
if: inputs.override-solana-version == '' || inputs.override-anchor-version == ''
id: versions
- uses: solana-developers/github-actions/setup-all@v0.2.5
id: setup
with:
solana_version: ${{ inputs.override-solana-version != '' && inputs.override-solana-version || steps.versions.outputs.solana_version }}
anchor_version: ${{ inputs.override-anchor-version != '' && inputs.override-anchor-version || steps.versions.outputs.anchor_version }}
verify_version: ${{ env.SOLANA_VERIFY_VERSION }}
- name: Set Program Variables from Anchor.toml
if: steps.check-anchor.outputs.is_anchor == 'true'
run: |
PROGRAM="${{ inputs.program || 'transaction-example' }}"
PROGRAM_NAME=${PROGRAM//-/_}
echo "Looking for program ${PROGRAM_NAME} in Anchor.toml"
cat ./Anchor.toml
echo "Running toml command:"
~/.cargo/bin/toml get ./Anchor.toml programs.localnet.${PROGRAM_NAME} || true
PROGRAM_ID=$(~/.cargo/bin/toml get ./Anchor.toml programs.localnet.${PROGRAM_NAME} | tr -d '"')
echo "Program: $PROGRAM_ID"
echo "PROGRAM_NAME=${PROGRAM_NAME}" >> $GITHUB_ENV
echo "PROGRAM_ID=${PROGRAM_ID}" >> $GITHUB_ENV
- name: Set Program Variables from Cargo.toml
if: steps.check-anchor.outputs.is_anchor == 'false'
run: |
PROGRAM="${{ inputs.program || 'transaction-example' }}"
if [ -f "Cargo.toml" ]; then
echo "Found Cargo.toml, contents:"
cat Cargo.toml
# Extract library name from [lib] section
LIB_NAME=$(grep -A1 '^\[lib\]' Cargo.toml | grep 'name' | sed 's/.*= *"\(.*\)".*/\1/')
echo "Extracted library name: ${LIB_NAME}"
if [ -z "$LIB_NAME" ]; then
# Fallback to package name if no lib name found
LIB_NAME=$(grep -A1 '^\[package\]' Cargo.toml | grep 'name' | sed 's/.*= *"\(.*\)".*/\1/')
echo "No lib name found, using package name: ${LIB_NAME}"
fi
else
LIB_NAME="$PROGRAM"
echo "No Cargo.toml found, using program name: ${LIB_NAME}"
fi
PROGRAM_NAME="$LIB_NAME"
echo "Final program name: $PROGRAM_NAME"
echo "PROGRAM_NAME=${PROGRAM_NAME}" >> $GITHUB_ENV
# Get program ID from keypair
if [ ! -z "${{ secrets.PROGRAM_ADDRESS_KEYPAIR }}" ]; then
echo "${{ secrets.PROGRAM_ADDRESS_KEYPAIR }}" > program-keypair.json
PROGRAM_ID=$(solana-keygen pubkey program-keypair.json)
rm program-keypair.json
echo "Program ID from keypair: $PROGRAM_ID"
echo "PROGRAM_ID=${PROGRAM_ID}" >> $GITHUB_ENV
else
echo "Error: PROGRAM_ADDRESS_KEYPAIR is required for native programs"
exit 1
fi
- name: Extract Addresses from Keypairs
run: |
echo "Using network: ${{ inputs.network }}"
# Extract deployer addresses
if [ "${{ inputs.network }}" = "mainnet" ]; then
if [ -z "${{ secrets.MAINNET_DEPLOYER_KEYPAIR }}" ]; then
echo "Error: MAINNET_DEPLOYER_KEYPAIR is required"
exit 1
fi
echo "${{ secrets.MAINNET_DEPLOYER_KEYPAIR }}" > deployer-keypair.json
DEPLOYER_ADDRESS=$(solana-keygen pubkey deployer-keypair.json)
echo "Extracted mainnet deployer address: $DEPLOYER_ADDRESS"
echo "DEPLOYER_ADDRESS=$DEPLOYER_ADDRESS" >> $GITHUB_ENV
rm deployer-keypair.json
else
if [ -z "${{ secrets.DEVNET_DEPLOYER_KEYPAIR }}" ]; then
echo "Error: DEVNET_DEPLOYER_KEYPAIR is required"
exit 1
fi
echo "${{ secrets.DEVNET_DEPLOYER_KEYPAIR }}" > deployer-keypair.json
DEPLOYER_ADDRESS=$(solana-keygen pubkey deployer-keypair.json)
echo "Extracted devnet deployer address: $DEPLOYER_ADDRESS"
echo "DEPLOYER_ADDRESS=$DEPLOYER_ADDRESS" >> $GITHUB_ENV
rm deployer-keypair.json
fi
# Verify environment variable was set
if [ -z "$DEPLOYER_ADDRESS" ]; then
echo "Error: Failed to extract deployer address"
exit 1
fi
echo "Final DEPLOYER_ADDRESS from env: $DEPLOYER_ADDRESS"
- name: Set Override Program ID
if: inputs.override-program-id != ''
run: |
echo "Setting program ID override to: ${{ inputs.override-program-id }}"
echo "PROGRAM_ID=${{ inputs.override-program-id }}" >> $GITHUB_ENV
- name: Debug Initial Structure
run: |
echo "Current directory structure:"
pwd
ls -la
# Check for programs directory
if [ -d "programs" ]; then
echo "Programs directory:"
ls -la programs/
else
echo "No programs directory found (looking for program in src/)"
ls -la src/ || echo "No src directory found"
fi
# Check for Anchor.toml
if [ -f "Anchor.toml" ]; then
echo "Anchor.toml contents:"
cat Anchor.toml
else
echo "No Anchor.toml found (this is expected for native programs)"
fi
- name: Build Anchor
uses: solana-developers/github-actions/build-anchor@v0.2.5
if: steps.check-anchor.outputs.is_anchor == 'true'
with:
program: ${{ env.PROGRAM_NAME }}
features: ${{ inputs.features }}
- name: Build Verified
uses: solana-developers/github-actions/build-verified@v0.2.5
id: build-verified
with:
program: ${{ env.PROGRAM_NAME }}
features: ${{ inputs.features }}
- name: Create local artifacts directory
run: |
# Create directories
mkdir -p build-artifacts/so
mkdir -p build-artifacts/idl
# Check if source files exist
echo "Checking source files:"
ls -la ./target/deploy/
# Copy SO file
cp -v ./target/deploy/${{ env.PROGRAM_NAME }}.so build-artifacts/so/
# Check and copy IDL if it exists
if [ -f "./target/idl/${{ env.PROGRAM_NAME }}.json" ]; then
echo "Found IDL file:"
ls -la ./target/idl/
cp -v ./target/idl/${{ env.PROGRAM_NAME }}.json build-artifacts/idl/
echo "IDL file copied to: ./build-artifacts/idl/${{ env.PROGRAM_NAME }}.json"
else
echo "No IDL file found (this is expected for native programs)"
fi
# Check copied files
echo "Checking copied files:"
ls -la build-artifacts/so/
if [ -f 'build-artifacts/idl/${{ env.PROGRAM_NAME }}.json' ]; then
ls -la build-artifacts/idl/
fi
# Set permissions
chmod -R 777 build-artifacts/
echo "Artifacts copied to project directory at:"
echo "SO file: ./build-artifacts/so/${{ env.PROGRAM_NAME }}.so"
if [ -f "build-artifacts/idl/${{ env.PROGRAM_NAME }}.json" ]; then
echo "IDL file: ./build-artifacts/idl/${{ env.PROGRAM_NAME }}.json"
fi
- name: Store so files
if: ${{ !env.ACT }} # Only run on GitHub Actions, skip for local act runs
uses: actions/upload-artifact@v4
with:
name: ${{ env.PROGRAM_NAME }}-so
path: |
./target/deploy/${{ env.PROGRAM_NAME }}.so
- name: Store idl files
if: ${{ !env.ACT && hashFiles(format('./target/idl/{0}.json', env.PROGRAM_NAME)) != '' }}
uses: actions/upload-artifact@v4
with:
name: ${{ env.PROGRAM_NAME }}-idl
path: |
./target/idl/${{ env.PROGRAM_NAME }}.json
- name: Print Artifact Locations
run: |
echo "Artifacts stored locally at:"
echo "SO file: ./artifacts/build/${{ env.PROGRAM_NAME }}-so/target/deploy/${{ env.PROGRAM_NAME }}.so"
if [ -f "./target/idl/${{ env.PROGRAM_NAME }}.json" ]; then
echo "IDL file: ./artifacts/build/${{ env.PROGRAM_NAME }}-idl/target/idl/${{ env.PROGRAM_NAME }}.json"
fi
- name: Write Program Buffer
uses: ./.github/actions/solana/write-program-buffer
id: program-buffer
if: inputs.deploy
with:
program-id: ${{ env.PROGRAM_ID }}
program: ${{ env.PROGRAM_NAME }}
rpc-url: ${{ env.DEPLOY_URL }}
keypair: ${{ env.DEPLOYER_KEYPAIR }}
buffer-authority-address: ${{ inputs.use-squads == true && env.MULTISIG_VAULT || env.DEPLOYER_ADDRESS }}
priority-fee: ${{ inputs.priority-fee }}
- name: Write IDL Buffer
uses: ./.github/actions/solana/write-idl-buffer
id: idl-buffer
if: inputs.upload_idl
with:
program-id: ${{ env.PROGRAM_ID }}
program: ${{ env.PROGRAM_NAME }}
rpc-url: ${{ env.DEPLOY_URL }}
keypair: ${{ env.DEPLOYER_KEYPAIR }}
idl-authority: ${{ inputs.use-squads && env.MULTISIG_VAULT || env.DEPLOYER_ADDRESS }}
- name: Program Upgrade
uses: ./.github/actions/solana/program-upgrade
if: inputs.deploy && inputs.use-squads == false
with:
program-id: ${{ env.PROGRAM_ID }}
program: ${{ env.PROGRAM_NAME }}
buffer: ${{ steps.program-buffer.outputs.buffer }}
rpc-url: ${{ env.DEPLOY_URL }}
keypair: ${{ env.DEPLOYER_KEYPAIR }}
program-keypair: ${{ secrets.PROGRAM_ADDRESS_KEYPAIR }}
- name: IDL Upload
uses: solana-developers/github-actions/idl-upload@v0.2.5
if: inputs.upload_idl && inputs.use-squads == false
with:
program-id: ${{ env.PROGRAM_ID }}
rpc-url: ${{ env.DEPLOY_URL }}
keypair: ${{ env.DEPLOYER_KEYPAIR }}
idl-buffer: ${{ steps.idl-buffer.outputs.buffer }}
# Add small delay to ensure program buffer is finalized because sometimes verify can not find the deployed slot
- name: Wait for program buffer to finalize
if: inputs.use-squads == false
run: sleep 14
- name: Verify Build
uses: ./.github/actions/solana/verify-build
id: verify-build
if: inputs.verify
with:
program-id: ${{ env.PROGRAM_ID }}
program: ${{ env.PROGRAM_NAME }}
network: ${{ inputs.network }}
rpc-url: ${{ env.DEPLOY_URL }}
keypair: ${{ env.DEPLOYER_KEYPAIR }}
repo-url: ${{ github.server_url }}/${{ github.repository }}
commit-hash: ${{ github.sha }}
use-squads: ${{ inputs.use-squads }}
vault-address: ${{ env.MULTISIG_VAULT }}
- name: Create squads program upgrade transaction (set Idl buffer, verify pda, set program buffer)
if: inputs.deploy && inputs.use-squads
uses: solana-developers/squads-program-action@v0.3.0
with:
rpc: ${{ env.DEPLOY_URL }}
program: ${{ env.PROGRAM_ID }}
buffer: ${{ steps.program-buffer.outputs.buffer }}
idl-buffer: ${{ steps.idl-buffer.outputs.buffer }}
multisig: ${{ env.MULTISIG }}
keypair: ${{ env.DEPLOYER_KEYPAIR }}
priority-fee: ${{ inputs.priority-fee }}
vault-index: ${{ inputs.vault-index }}
pda-tx: ${{ steps.verify-build.outputs.pda_tx }}