diff --git a/.github/workflows/contracts.yml b/.github/workflows/contracts.yml index 1e5643d..ba5158a 100644 --- a/.github/workflows/contracts.yml +++ b/.github/workflows/contracts.yml @@ -4,59 +4,62 @@ on: workflow_call: inputs: rust-toolchain: - description: 'Rust toolchain to use' - default: 'nightly' + description: "Rust toolchain to use" + default: "nightly" required: false type: string pip-mxpy-args: - description: 'pip mxpy install arguments' - default: 'multiversx-sdk-cli==v9.5.2' + description: "pip mxpy install arguments" + default: "multiversx-sdk-cli==v9.5.2" required: false type: string sc-meta-version: - description: 'multiversx-sc-meta version' - default: '' + description: "multiversx-sc-meta version" + default: "" required: false type: string mx-scenario-go-version: - description: 'sc-scenario-go version' - default: '' + description: "sc-scenario-go version" + default: "" required: false type: string path-to-sc-meta: - description: 'multiversx-sc-meta from local' - default: '' + description: "multiversx-sc-meta from local" + default: "" required: false type: string clippy-args: - description: 'cargo clippy arguments' - default: '--all-targets --all-features' + description: "cargo clippy arguments" + default: "--all-targets --all-features" required: false type: string enable-contracts-size-report: - description: 'Enable contracts size report' + description: "Enable contracts size report" default: true required: false type: boolean coverage-args: - description: 'sc-meta test-coverage arguments' - default: '--output ./coverage.md' + description: "sc-meta test-coverage arguments" + default: "--output ./coverage.md" required: false type: string binaryen-version: - description: 'binaryen (wasm-opt) version to use' - default: 'version_112' + description: "binaryen (wasm-opt) version to use" + default: "version_112" required: false type: string wabt-version: - description: 'wabt version to use' - default: '1.0.27-1' + description: "wabt version to use" + default: "1.0.27-1" required: false type: string secrets: token: - description: 'Github token' + description: "Github token" required: true + deploy-keys: + description: "Deploy SSH private keys" + required: false jobs: wasm_test: @@ -65,6 +68,14 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -110,17 +121,20 @@ jobs: - name: Build the wasm contracts env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: sc-meta all build --no-imports --target-dir $(pwd)/target --path . - name: Run the wasm tests env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: cargo test --features multiversx-sc-scenario/run-go-tests - name: Generate the contract report if: ${{ inputs.enable-contracts-size-report }} env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: | sc-meta all build-dbg --twiggy-paths --target-dir $(pwd)/target --path . mxpy contract report --skip-build --skip-twiggy --output-format json --output-file report.json @@ -178,8 +192,8 @@ jobs: if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository && inputs.enable-contracts-size-report }} with: issue-number: ${{ github.event.pull_request.number }} - comment-author: 'github-actions[bot]' - body-includes: 'Contract comparison' + comment-author: "github-actions[bot]" + body-includes: "Contract comparison" - name: Create or update the report comment uses: peter-evans/create-or-update-comment@v2 @@ -196,6 +210,14 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + - name: Install rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: @@ -224,6 +246,7 @@ jobs: - name: Run tests and generate report env: RUSTFLAGS: "" + CARGO_NET_GIT_FETCH_WITH_CLI: true run: | sc-meta test-coverage ${{ inputs.coverage-args }} @@ -256,6 +279,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + - uses: actions-rust-lang/setup-rust-toolchain@v1 with: toolchain: ${{ inputs.rust-toolchain }} @@ -263,8 +295,8 @@ jobs: - name: Run the rust tests env: RUSTFLAGS: "" - run: - cargo test + CARGO_NET_GIT_FETCH_WITH_CLI: true + run: cargo test clippy_check: name: Clippy linter check diff --git a/.github/workflows/reproducible-build.yml b/.github/workflows/reproducible-build.yml index 49e6031..8aeef79 100644 --- a/.github/workflows/reproducible-build.yml +++ b/.github/workflows/reproducible-build.yml @@ -9,7 +9,7 @@ on: description: Image multiversx/sdk-rust-contract-builder project_path: type: string - default: '.' + default: "." required: false description: A specific project path contract_name: @@ -27,7 +27,11 @@ on: description: Skip preliminary checks. Never set this in production! package_whole_project_src: type: boolean - description: Include all project files in the packaged source (*.source.json) + description: Include all project files in the packaged source (*.source.json) + secrets: + deploy-keys: + description: "Deploy SSH private keys" + required: false jobs: build: @@ -86,6 +90,42 @@ jobs: fetch-depth: 0 repository: ${{ env.GITHUB_REPOSITORY }} + - name: Setup Credentials + uses: webfactory/ssh-agent@v0.9.0 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + ssh-private-key: ${{ secrets.deploy-keys }} + + - name: Install rust + uses: actions-rust-lang/setup-rust-toolchain@v1 + env: + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + with: + toolchain: ${{ inputs.rust-toolchain }} + target: wasm32-unknown-unknown + + - name: Vendored dependencies (if private dependencies are used) + env: + CARGO_NET_GIT_FETCH_WITH_CLI: true + SUPER_SECRET: ${{ secrets.deploy-keys }} + if: ${{ env.SUPER_SECRET != '' }} + run: | + mkdir .cargo + shopt -s globstar + cargos=($(echo **/Cargo.toml)) + cargos_s=$(printf -- '-s %s ' "${cargos[@]}") + cargo vendor ${cargos_s} > .cargo/config.toml + + # Prevent mx-sdk-rust-contract-builder from bulding vendored dependencies + rm -f vendor/**/multiversx.json + + for checksum_file in **/.cargo-checksum.json; do + jq 'del(.files."multiversx.json")' "$checksum_file" > "$checksum_file.tmp" && mv "$checksum_file.tmp" "$checksum_file" + done + - name: Preliminary checks if: ${{ inputs.skip_preliminary_checks == false }} run: | @@ -110,7 +150,7 @@ jobs: else: logging.error(f"wasm/Cargo.lock file not found: {cargo_lock}") missing_cargo_lock = True - + if missing_cargo_lock: sys.exit(f"ERROR: One or more 'wasm/Cargo.lock' files are missing. They are essential for reproducible builds.") EOF @@ -120,16 +160,16 @@ jobs: - name: Download build script run: | wget https://raw.githubusercontent.com/multiversx/mx-sdk-rust-contract-builder/${{ inputs.image_tag }}/build_with_docker.py - + - name: Build contracts run: | flag_package_whole_project_src="" if ${{ inputs.package_whole_project_src }}; then flag_package_whole_project_src="--package-whole-project-src" fi - + python3 ./build_with_docker.py --no-docker-tty --image=multiversx/sdk-rust-contract-builder:${{ inputs.image_tag }} --project=${{ inputs.project_path }} --contract=${{ inputs.contract_name }} --output=/home/runner/work/output-from-docker ${flag_package_whole_project_src} - + - name: Save artifacts uses: actions/upload-artifact@v3 with: @@ -167,7 +207,7 @@ jobs: try: logging.info(f"Fetching existing release notes, if any, for repository = {repository}, tag = {ref_name} ...") - + request = urllib.request.urlopen(f"https://api.github.com/repos/{repository}/releases/tags/{ref_name}") data = json.loads(request.read()) existing_notes = data["body"]