From 2ccf279554d52e7b7f8e4df14f63aa11493a17fa Mon Sep 17 00:00:00 2001 From: Rami Vignolo Date: Fri, 10 May 2024 16:50:14 -0300 Subject: [PATCH 1/5] feat: :sparkles: add private repositories support (#1) --- .github/workflows/contracts.yml | 81 +++++++++++++++++------- .github/workflows/reproducible-build.yml | 32 ++++++++-- 2 files changed, 83 insertions(+), 30 deletions(-) diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 728951a..f63bcce 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -4,54 +4,62 @@ on: workflow_call: inputs: rust-toolchain: - description: 'Rust toolchain to use' - default: 'nightly' + description: "Rust toolchain to use" + default: "nightly" required: false type: string pip-mxpy-args: - description: 'pip mxpy install arguments' - default: 'multiversx-sdk-cli==v9.5.2' + description: "pip mxpy install arguments" + default: "multiversx-sdk-cli==v9.5.2" required: false type: string sc-meta-version: - description: 'multiversx-sc-meta version' - default: '' + description: "multiversx-sc-meta version" + default: "" required: false type: string mx-scenario-go-version: - description: 'sc-scenario-go version' - default: '' + description: "sc-scenario-go version" + default: "" required: false type: string path-to-sc-meta: - description: 'multiversx-sc-meta from local' - default: '' + description: "multiversx-sc-meta from local" + default: "" required: false type: string clippy-args: - description: 'cargo clippy arguments' - default: '--all-targets --all-features' + description: "cargo clippy arguments" + default: "--all-targets --all-features" required: false type: string coverage-args: - description: 'sc-meta test-coverage arguments' - default: '--output ./coverage.md' + description: "sc-meta test-coverage arguments" + default: "--output ./coverage.md" required: false type: string binaryen-version: - description: 'binaryen (wasm-opt) version to use' - default: 'version_112' + description: "binaryen (wasm-opt) version to use" + default: "version_112" required: false type: string wabt-version: - description: 'wabt version to use' - default: '1.0.27-1' + description: "wabt version to use" + default: "1.0.27-1" required: false type: string + has-private-dependencies: + description: "Project has private dependencies" + default: false + required: false + type: boolean secrets: token: - description: 'Github token' + description: "Github token" required: true + ssh-private-key: + description: "SSH private key" + required: false jobs: wasm_test: @@ -60,6 +68,15 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + if: inputs.has-private-dependencies + with: + ssh-private-key: ${{ secrets.ssh-private-key }} + + - name: Clone submodules + run: git submodule update --init --recursive --remote + - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -171,8 +188,8 @@ jobs: if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository with: issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: 'Contract comparison' + comment-author: "github-actions[bot]" + body-includes: "Contract comparison" - name: Create or update the report comment uses: peter-evans/create-or-update-comment@v2 @@ -189,6 +206,15 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + if: inputs.has-private-dependencies + with: + ssh-private-key: ${{ secrets.ssh-private-key }} + + - name: Clone submodules + run: git submodule update --init --recursive --remote + - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -249,6 +275,16 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + if: inputs.has-private-dependencies + with: + ssh-private-key: ${{ secrets.ssh-private-key }} + + - name: Clone submodules + run: git submodule update --init --recursive --remote + - uses: actions-rust-lang/setup-rust-toolchain@v1 with: toolchain: ${{ inputs.rust-toolchain }} @@ -256,8 +292,7 @@ jobs: - name: Run the rust tests env: RUSTFLAGS: "" - run: - cargo test + run: cargo test clippy_check: name: Clippy linter check diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 49e6031..702799c 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -9,7 +9,7 @@ on: description: Image multiversx/sdk-rust-contract-builder project_path: type: string - default: '.' + default: "." required: false description: A specific project path contract_name: @@ -27,7 +27,16 @@ on: description: Skip preliminary checks. Never set this in production! package_whole_project_src: type: boolean - description: Include all project files in the packaged source (*.source.json) + description: Include all project files in the packaged source (*.source.json) + has-private-dependencies: + description: "Project has private dependencies" + default: false + required: false + type: boolean + secrets: + ssh-private-key: + description: "SSH private key" + required: false jobs: build: @@ -86,6 +95,15 @@ jobs: fetch-depth: 0 repository: ${{ env.GITHUB_REPOSITORY }} + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + if: inputs.has-private-dependencies + with: + ssh-private-key: ${{ secrets.ssh-private-key }} + + - name: Clone submodules + run: git submodule update --init --recursive --remote + - name: Preliminary checks if: ${{ inputs.skip_preliminary_checks == false }} run: | @@ -110,7 +128,7 @@ jobs: else: logging.error(f"wasm/Cargo.lock file not found: {cargo_lock}") missing_cargo_lock = True - + if missing_cargo_lock: sys.exit(f"ERROR: One or more 'wasm/Cargo.lock' files are missing. They are essential for reproducible builds.") EOF @@ -120,16 +138,16 @@ jobs: - name: Download build script run: | wget https://raw.githubusercontent.com/multiversx/mx-sdk-rust-contract-builder/${{ inputs.image_tag }}/build_with_docker.py - + - name: Build contracts run: | flag_package_whole_project_src="" if ${{ inputs.package_whole_project_src }}; then flag_package_whole_project_src="--package-whole-project-src" fi - + python3 ./build_with_docker.py --no-docker-tty --image=multiversx/sdk-rust-contract-builder:${{ inputs.image_tag }} --project=${{ inputs.project_path }} --contract=${{ inputs.contract_name }} --output=/home/runner/work/output-from-docker ${flag_package_whole_project_src} - + - name: Save artifacts uses: actions/upload-artifact@v3 with: @@ -167,7 +185,7 @@ jobs: try: logging.info(f"Fetching existing release notes, if any, for repository = {repository}, tag = {ref_name} ...") - + request = urllib.request.urlopen(f"https://api.github.com/repos/{repository}/releases/tags/{ref_name}") data = json.loads(request.read()) existing_notes = data["body"] From edc6ed2c89d2c9a2241d4588de17d17c5aa221c8 Mon Sep 17 00:00:00 2001 From: Rami Vignolo Date: Thu, 16 May 2024 17:18:13 -0300 Subject: [PATCH 2/5] =?UTF-8?q?feat:=20=E2=9C=A8=20=20add=20support=20for?= =?UTF-8?q?=20multiple=20private=20repos=20(#2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: :sparkles: try support for multiple private repositories * fix: :bug: try one pk only * feat: :sparkles: use multiple keys * feat: :sparkles: add admin module pk * fix: :bug: some fixes * try one key * revert: :rewind: simpler approach * feat: :sparkles: add CARGO_NET_GIT_FETCH_WITH_CLI env * revert: :green_heart: try something out * feat: :sparkles: use deploy keys * feat: :sparkles: add cargo vendor * fix: :bug: add CARGO_NET_GIT_FETCH_WITH_CLI at reproducible build * fix: :bug: do not compile vendor directories * fix: :bug: minor fix * fix: * fix: :fire: avoid jq install --- .github/workflows/contracts.yml | 39 +++++++++++++++--------- .github/workflows/reproducible-build.yml | 39 +++++++++++++++++++++--- 2 files changed, 59 insertions(+), 19 deletions(-) diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index f63bcce..2829658 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -57,8 +57,14 @@ on: token: description: "Github token" required: true - ssh-private-key: - description: "SSH private key" + hatom-protocol-deploy-pk: + description: "Hatom Protocol Deploy SSH private key" + required: false + hatom-ush-minter-deploy-pk: + description: "Hatom USH Minter Deploy SSH private key" + required: false + hatom-admin-module-deploy-pk: + description: "Hatom Admin Module Deploy SSH private key" required: false jobs: @@ -72,10 +78,10 @@ jobs: uses: webfactory/ssh-agent@v0.9.0 if: inputs.has-private-dependencies with: - ssh-private-key: ${{ secrets.ssh-private-key }} - - - name: Clone submodules - run: git submodule update --init --recursive --remote + ssh-private-key: | + ${{ secrets.hatom-protocol-deploy-pk }} + ${{ secrets.hatom-ush-minter-deploy-pk }} + ${{ secrets.hatom-admin-module-deploy-pk }} - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -122,16 +128,19 @@ jobs: - name: Build the wasm contracts env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: sc-meta all build --no-imports --target-dir $(pwd)/target --path . - name: Run the wasm tests env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: cargo test --features multiversx-sc-scenario/run-go-tests - name: Generate the contract report env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: | sc-meta all build-dbg --twiggy-paths --target-dir $(pwd)/target --path . mxpy contract report --skip-build --skip-twiggy --output-format json --output-file report.json @@ -210,10 +219,10 @@ jobs: uses: webfactory/ssh-agent@v0.9.0 if: inputs.has-private-dependencies with: - ssh-private-key: ${{ secrets.ssh-private-key }} - - - name: Clone submodules - run: git submodule update --init --recursive --remote + ssh-private-key: | + ${{ secrets.hatom-protocol-deploy-pk }} + ${{ secrets.hatom-ush-minter-deploy-pk }} + ${{ secrets.hatom-admin-module-deploy-pk }} - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -243,6 +252,7 @@ jobs: - name: Run tests and generate report env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: | sc-meta test-coverage ${{ inputs.coverage-args }} @@ -280,10 +290,10 @@ jobs: uses: webfactory/ssh-agent@v0.9.0 if: inputs.has-private-dependencies with: - ssh-private-key: ${{ secrets.ssh-private-key }} - - - name: Clone submodules - run: git submodule update --init --recursive --remote + ssh-private-key: | + ${{ secrets.hatom-protocol-deploy-pk }} + ${{ secrets.hatom-ush-minter-deploy-pk }} + ${{ secrets.hatom-admin-module-deploy-pk }} - uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -292,6 +302,7 @@ jobs: - name: Run the rust tests env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: cargo test clippy_check: diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 702799c..67528c4 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -34,8 +34,14 @@ on: required: false type: boolean secrets: - ssh-private-key: - description: "SSH private key" + hatom-protocol-deploy-pk: + description: "Hatom Protocol Deploy SSH private key" + required: false + hatom-ush-minter-deploy-pk: + description: "Hatom USH Minter Deploy SSH private key" + required: false + hatom-admin-module-deploy-pk: + description: "Hatom Admin Module Deploy SSH private key" required: false jobs: @@ -99,10 +105,33 @@ jobs: uses: webfactory/ssh-agent@v0.9.0 if: inputs.has-private-dependencies with: - ssh-private-key: ${{ secrets.ssh-private-key }} + ssh-private-key: | + ${{ secrets.hatom-protocol-deploy-pk }} + ${{ secrets.hatom-ush-minter-deploy-pk }} + ${{ secrets.hatom-admin-module-deploy-pk }} + + - name: Install rust + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: ${{ inputs.rust-toolchain }} + target: wasm32-unknown-unknown - - name: Clone submodules - run: git submodule update --init --recursive --remote + - name: Fetch all packages + run: | + mkdir .cargo + shopt -s globstar + cargos=($(echo **/Cargo.toml)) + cargos_s=$(printf -- '-s %s ' "${cargos[@]}") + cargo vendor ${cargos_s} > .cargo/config.toml + + # Prevent mx-sdk-rust-contract-builder from bulding vendored dependencies + rm -f vendor/**/multiversx.json + + for checksum_file in **/.cargo-checksum.json; do + jq 'del(.files."multiversx.json")' "$checksum_file" > "$checksum_file.tmp" && mv "$checksum_file.tmp" "$checksum_file" + done + env: + CARGO_NET_GIT_FETCH_WITH_CLI: true - name: Preliminary checks if: ${{ inputs.skip_preliminary_checks == false }} From fb75097cb9d3f389cf071146d9d61ae2b5a1e057 Mon Sep 17 00:00:00 2001 From: Rami Vignolo Date: Fri, 17 May 2024 12:09:14 -0300 Subject: [PATCH 3/5] feat: :construction: try deploy keys as unique var (#3) * feat: :construction: try deploy keys as unique var * feat: :zap: remove private dependencies input var * fix: :bug: final fixes --- .github/workflows/contracts.yml | 42 ++++++++---------------- .github/workflows/reproducible-build.yml | 32 +++++++----------- 2 files changed, 25 insertions(+), 49 deletions(-) diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 2829658..98eee45 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -48,23 +48,12 @@ on: default: "1.0.27-1" required: false type: string - has-private-dependencies: - description: "Project has private dependencies" - default: false - required: false - type: boolean secrets: token: description: "Github token" required: true - hatom-protocol-deploy-pk: - description: "Hatom Protocol Deploy SSH private key" - required: false - hatom-ush-minter-deploy-pk: - description: "Hatom USH Minter Deploy SSH private key" - required: false - hatom-admin-module-deploy-pk: - description: "Hatom Admin Module Deploy SSH private key" + deploy-keys: + description: "Deploy SSH private keys" required: false jobs: @@ -76,12 +65,11 @@ jobs: - name: Setup Credentials uses: webfactory/ssh-agent@v0.9.0 - if: inputs.has-private-dependencies + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} with: - ssh-private-key: | - ${{ secrets.hatom-protocol-deploy-pk }} - ${{ secrets.hatom-ush-minter-deploy-pk }} - ${{ secrets.hatom-admin-module-deploy-pk }} + ssh-private-key: ${{ secrets.deploy-keys }} - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -217,12 +205,11 @@ jobs: - name: Setup Credentials uses: webfactory/ssh-agent@v0.9.0 - if: inputs.has-private-dependencies + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} with: - ssh-private-key: | - ${{ secrets.hatom-protocol-deploy-pk }} - ${{ secrets.hatom-ush-minter-deploy-pk }} - ${{ secrets.hatom-admin-module-deploy-pk }} + ssh-private-key: ${{ secrets.deploy-keys }} - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -288,12 +275,11 @@ jobs: - name: Setup Credentials uses: webfactory/ssh-agent@v0.9.0 - if: inputs.has-private-dependencies + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} with: - ssh-private-key: | - ${{ secrets.hatom-protocol-deploy-pk }} - ${{ secrets.hatom-ush-minter-deploy-pk }} - ${{ secrets.hatom-admin-module-deploy-pk }} + ssh-private-key: ${{ secrets.deploy-keys }} - uses: actions-rust-lang/setup-rust-toolchain@v1 with: diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 67528c4..72bfa4d 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -28,20 +28,9 @@ on: package_whole_project_src: type: boolean description: Include all project files in the packaged source (*.source.json) - has-private-dependencies: - description: "Project has private dependencies" - default: false - required: false - type: boolean secrets: - hatom-protocol-deploy-pk: - description: "Hatom Protocol Deploy SSH private key" - required: false - hatom-ush-minter-deploy-pk: - description: "Hatom USH Minter Deploy SSH private key" - required: false - hatom-admin-module-deploy-pk: - description: "Hatom Admin Module Deploy SSH private key" + deploy-keys: + description: "Deploy SSH private keys" required: false jobs: @@ -103,12 +92,11 @@ jobs: - name: Setup Credentials uses: webfactory/ssh-agent@v0.9.0 - if: inputs.has-private-dependencies + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} with: - ssh-private-key: | - ${{ secrets.hatom-protocol-deploy-pk }} - ${{ secrets.hatom-ush-minter-deploy-pk }} - ${{ secrets.hatom-admin-module-deploy-pk }} + ssh-private-key: ${{ secrets.deploy-keys }} - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -116,7 +104,11 @@ jobs: toolchain: ${{ inputs.rust-toolchain }} target: wasm32-unknown-unknown - - name: Fetch all packages + - name: Vendored dependencies (if private dependencies are used) + env: + CARGO_NET_GIT_FETCH_WITH_CLI: true + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} run: | mkdir .cargo shopt -s globstar @@ -130,8 +122,6 @@ jobs: for checksum_file in **/.cargo-checksum.json; do jq 'del(.files."multiversx.json")' "$checksum_file" > "$checksum_file.tmp" && mv "$checksum_file.tmp" "$checksum_file" done - env: - CARGO_NET_GIT_FETCH_WITH_CLI: true - name: Preliminary checks if: ${{ inputs.skip_preliminary_checks == false }} From f59e9833463087ab89fdb7dc52c55ac6b251737f Mon Sep 17 00:00:00 2001 From: Rami Vignolo Date: Fri, 17 May 2024 12:15:03 -0300 Subject: [PATCH 4/5] fix: :art: format desc (#4) --- .github/workflows/contracts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index c71f56e..ba5158a 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -34,7 +34,7 @@ on: required: false type: string enable-contracts-size-report: - description: 'Enable contracts size report' + description: "Enable contracts size report" default: true required: false type: boolean From 94294c5fa29331bc99e170a48a9c218856e777b2 Mon Sep 17 00:00:00 2001 From: Rami Vignolo Date: Mon, 20 May 2024 12:09:27 -0300 Subject: [PATCH 5/5] fix: :bug: no need to install rust if no private dependencies (#5) --- .github/workflows/reproducible-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 72bfa4d..8aeef79 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -100,6 +100,9 @@ jobs: - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} with: toolchain: ${{ inputs.rust-toolchain }} target: wasm32-unknown-unknown