From 7c1d53e253659d8806adc7fa10a268de7243fdf2 Mon Sep 17 00:00:00 2001 From: Keyvan Khademi Date: Wed, 3 Apr 2024 11:30:31 -0700 Subject: [PATCH] feat: add verifiable staking build script (#427) * feat: add script to build verifiable staking program A new script called build_verifiable_staking_program.sh has been added, along with a Dockerfile to build an image for the staking program. The script builds the image and the staking program using this image, placing the artifacts at a specified location and printing the sha256sum of the staking program. * fix: add /artifacts to .gitignore in staking directory The /artifacts line has been added to the .gitignore file within the staking directory. This change ensures that generated artifacts from the newly added build script and Dockerfile are not tracked by git. * fix: use the correct version of anchor and solana for verifiable build * chore: update docker file docs --- package-lock.json | 2 +- staking/.dockerignore | 1 + staking/.gitignore | 1 + staking/Dockerfile | 14 ++++++++++++++ .../build_verifiable_staking_program.sh | 18 ++++++++++++++++++ 5 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 staking/.dockerignore create mode 100644 staking/Dockerfile create mode 100755 staking/scripts/build_verifiable_staking_program.sh diff --git a/package-lock.json b/package-lock.json index 57274b1d..673da95a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -24001,7 +24001,7 @@ }, "staking": { "name": "@pythnetwork/staking", - "version": "2.1.0", + "version": "2.2.0", "license": "MIT", "dependencies": { "@coral-xyz/anchor": "^0.29.0", diff --git a/staking/.dockerignore b/staking/.dockerignore new file mode 100644 index 00000000..94143827 --- /dev/null +++ b/staking/.dockerignore @@ -0,0 +1 @@ +Dockerfile diff --git a/staking/.gitignore b/staking/.gitignore index 16a13b25..2d9ca5ae 100644 --- a/staking/.gitignore +++ b/staking/.gitignore @@ -7,3 +7,4 @@ node_modules lib .env snapshots +/artifacts diff --git a/staking/Dockerfile b/staking/Dockerfile new file mode 100644 index 00000000..744f56fc --- /dev/null +++ b/staking/Dockerfile @@ -0,0 +1,14 @@ +# +# Docker image to generate a deterministic build of the Pyth Staking Program +# program. This image extends projectserum/build which is based on backpackapp/build +# but with a specific version of the Solana CLI and Anchor CLI. +# + +FROM projectserum/build:v0.27.0@sha256:0e11aced57c448c7da9bf0a563a146398ac8b88f357b8fc2e1be314b42320686 + +WORKDIR /workspace + +COPY . . + +CMD ["bash", "-c", \ + "anchor build && cp target/deploy/staking.so /artifacts/staking.so"] diff --git a/staking/scripts/build_verifiable_staking_program.sh b/staking/scripts/build_verifiable_staking_program.sh new file mode 100755 index 00000000..2e581782 --- /dev/null +++ b/staking/scripts/build_verifiable_staking_program.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -euo pipefail + +# Root of the repository +REPO_ROOT=$(git rev-parse --show-toplevel) + +echo "Building the image for the staking program" +docker build --platform linux/x86_64 -t staking-build -f "$REPO_ROOT"/staking/Dockerfile "$REPO_ROOT"/staking + +echo "Building the staking program" +docker run --platform linux/x86_64 --rm -v "$REPO_ROOT"/staking/artifacts:/artifacts staking-build + +echo "Successfully built the staking program." +echo "The artifacts are available at $REPO_ROOT/staking/artifacts" + +CHECKSUM=$(sha256sum $REPO_ROOT/staking/artifacts/staking.so | awk '{print $1}') +echo "sha256sum of the staking program: $CHECKSUM"