Skip to content

fix(solidity): integrate soldeer with yarn build#7529

Merged
paulbalaji merged 1 commit intomainfrom
pb/fix-soldeer
Dec 4, 2025
Merged

fix(solidity): integrate soldeer with yarn build#7529
paulbalaji merged 1 commit intomainfrom
pb/fix-soldeer

Conversation

@paulbalaji
Copy link
Collaborator

@paulbalaji paulbalaji commented Dec 4, 2025

Summary

Fixes yarn build + Docker builds being broken after #7480 (Soldeer migration) by integrating forge soldeer install into the turbo build pipeline.

  • fix: add deps:soldeer for the forge soldeer install
  • fix: add deps:soldeer as a dependency for solidity build step in turbo.json
  • driveby: trigger monorepo builds if changes made to yarn.lock and **/package.json
  • fix: Dockerfile now works after soldeer migration

Summary by CodeRabbit

  • Chores
    • Added an automated dependency-install step into the build so required tooling is installed before builds.
    • Build now runs this dependency step as a prerequisite, ensuring consistent build outputs.
    • CI workflow updated to trigger when dependency-related files change, ensuring dependency updates run in CI.
    • CI workflows now provision environment variables for turbo integration.
    • Container image updated to a Debian-slim base and expanded to include Foundry tooling and additional system packages.

✏️ Tip: You can customize this high-level summary in your review settings.

@changeset-bot
Copy link

changeset-bot bot commented Dec 4, 2025

⚠️ No Changeset found

Latest commit: a85832d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@paulbalaji paulbalaji enabled auto-merge December 4, 2025 10:55
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 4, 2025

📝 Walkthrough

Walkthrough

Adds a Soldeer install npm script and Turbo task, wires the Turbo task into the Solidity build, exposes TURBO_TOKEN/TURBO_TEAM as workflow env vars in several Action workflows, expands monorepo-docker workflow triggers for dependency files, and replaces the Docker base image and setup to install Foundry and extra system tooling.

Changes

Cohort / File(s) Summary
NPM scripts
solidity/package.json
Added script "deps:soldeer": "forge soldeer install". No other script or runtime logic changes.
Turbo task configuration
solidity/turbo.json
Added top-level task deps:soldeer with inputs foundry.toml, soldeer.lock and outputs dependencies/**; updated build task to dependOn ["deps:soldeer"].
GitHub Actions — workflow envs
.github/workflows/bytecode-analysis.yml, .github/workflows/static-analysis.yml, .github/workflows/storage-analysis.yml
Introduced TURBO_TOKEN and TURBO_TEAM environment variables sourced from secrets at top-level or job-level; no step logic changes.
GitHub Actions — workflow triggers
.github/workflows/monorepo-docker.yml
Expanded PR pruning/triggers to include yarn.lock and all package.json files so dependency-affecting changes trigger the workflow.
Docker image & build setup
Dockerfile
Switched base from node:20-alpine to node:20-slim; replaced apk usage with apt-get, added system packages, installed Foundry (forge) and adjusted PATH; copied more workspace/package files, runs yarn install and yarn build as part of image build.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

  • Dockerfile: verify package lists, caching, security (apt cleanup), Foundry install idempotency and PATH correctness.
  • Turbo task: confirm inputs/outputs paths and downstream task/CI interactions won't deadlock builds.
  • Workflows: ensure secrets usage scope is minimal and intended; check trigger patterns for false positives.
  • Package.json script: validate forge soldeer install runs in CI image and produced soldeer.lock/dependencies locations.

Possibly related PRs

Suggested reviewers

  • ltyu
  • yorhodes

Poem

A wee change in the forge and yarn,
Foundry wakes before the morn,
Turbo queues the dance just so,
CI keeps watch as locks all flow,
Docker hums and builds the morn ☘️

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The PR title 'fix(solidity): integrate soldeer with yarn build' directly describes the main objective: integrating soldeer dependency management into the yarn/turbo build pipeline to fix a regression.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check ✅ Passed The PR description covers all key template sections: describes what's included (soldeer integration fixes), includes drive-by changes (monorepo trigger updates), and explains testing approach.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch pb/fix-soldeer

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/workflows/monorepo-docker.yml (1)

17-19: Verify the PR trigger scope is intentional.

The addition of **/package.json will trigger the monorepo Docker build whenever any workspace's package.json changes (Solidity, TypeScript SDK, Rust, etc.), not just Solidity. While this makes sense if the Docker image includes all workspaces, it could lead to unnecessary rebuilds if the image only needs Solidity or specific workspaces.

A few questions:

  • Does the Docker image include all workspaces, or only specific ones (e.g., just typescript/infra)?
  • Should the pattern be narrowed to only the affected workspace(s), like solidity/package.json, to reduce unnecessary builds?
  • Does yarn.lock at the root sufficiently capture most dependency changes, making the **/package.json pattern redundant?

If this is intentional (e.g., Docker image bundles multiple workspaces), then the approach looks sound—just wanted to confirm the scope aligns with your goal.

If narrowing is desired, consider:

- solidity/package.json
- typescript/infra/package.json

Or keep it broad if all workspaces are bundled into the Docker image. Either way, a brief comment explaining why would be helpful for future maintainers.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between efc51232856eadecb3c858c5fba2ee88efc76db3 and d95c5b79b36ff18abdea18d2a1a77fbbed2d2a6e.

📒 Files selected for processing (1)
  • .github/workflows/monorepo-docker.yml (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings
Learnt from: paulbalaji
Repo: hyperlane-xyz/hyperlane-monorepo PR: 6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/testnet_config.json in future code reviews as requested by paulbalaji.
Learnt from: paulbalaji
Repo: hyperlane-xyz/hyperlane-monorepo PR: 6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/mainnet_config.json in future code reviews as requested by paulbalaji.
Learnt from: CR
Repo: hyperlane-xyz/hyperlane-monorepo PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:19:38.362Z
Learning: Use Turbo for building all workspaces in the monorepo; use workspace-specific build commands for individual components (Solidity with Hardhat + Forge, TypeScript SDK, Rust agents with Cargo)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (57)
  • GitHub Check: coverage-run
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-rebalancing-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-4)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-5)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-hook-updates)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-simple-updates)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-ownership-updates)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-ism-updates)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: cli-radix-e2e-matrix (warp-apply-route-extension)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: cli-radix-e2e-matrix (warp-deploy)
  • GitHub Check: cli-radix-e2e-matrix (warp-apply-ownership-updates)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: cli-radix-e2e-matrix (core-deploy)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: cli-install-test-run
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: aleo-sdk-e2e-run
  • GitHub Check: infra-test
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: lander-coverage
  • GitHub Check: lint-rs
  • GitHub Check: test-rs
  • GitHub Check: slither

@paulbalaji paulbalaji force-pushed the pb/fix-soldeer branch 5 times, most recently from c09db3a to 84a02e9 Compare December 4, 2025 11:30
@codecov
Copy link

codecov bot commented Dec 4, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (77524f7) to head (a85832d).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files
@@          Coverage Diff          @@
##            main   #7529   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files          1       1           
  Lines         14      14           
=====================================
  Misses        14      14           
Components Coverage Δ
core ∅ <ø> (∅)
hooks ∅ <ø> (∅)
isms ∅ <ø> (∅)
token ∅ <ø> (∅)
middlewares ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@paulbalaji paulbalaji changed the title fix: Add soldeer install to yarn build scripts build: Integrate Soldeer with yarn build Dec 4, 2025
@paulbalaji paulbalaji changed the title build: Integrate Soldeer with yarn build feat(solidity): integrate soldeer with yarn build Dec 4, 2025
@paulbalaji paulbalaji changed the title feat(solidity): integrate soldeer with yarn build fix(solidity): integrate soldeer with yarn build Dec 4, 2025
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d95c5b79b36ff18abdea18d2a1a77fbbed2d2a6e and 84a02e96e0e22cbcb6581eaf2a7af1849fec3fe3.

📒 Files selected for processing (4)
  • .github/workflows/bytecode-analysis.yml (1 hunks)
  • .github/workflows/static-analysis.yml (1 hunks)
  • .github/workflows/storage-analysis.yml (1 hunks)
  • Dockerfile (1 hunks)
✅ Files skipped from review due to trivial changes (1)
  • .github/workflows/storage-analysis.yml
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings
Learnt from: paulbalaji
Repo: hyperlane-xyz/hyperlane-monorepo PR: 6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/testnet_config.json in future code reviews as requested by paulbalaji.
Learnt from: paulbalaji
Repo: hyperlane-xyz/hyperlane-monorepo PR: 6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/mainnet_config.json in future code reviews as requested by paulbalaji.
Learnt from: CR
Repo: hyperlane-xyz/hyperlane-monorepo PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:19:38.362Z
Learning: Use Turbo for building all workspaces in the monorepo; use workspace-specific build commands for individual components (Solidity with Hardhat + Forge, TypeScript SDK, Rust agents with Cargo)
📚 Learning: 2025-11-24T17:19:38.362Z
Learnt from: CR
Repo: hyperlane-xyz/hyperlane-monorepo PR: 0
File: CLAUDE.md:0-0
Timestamp: 2025-11-24T17:19:38.362Z
Learning: Use Turbo for building all workspaces in the monorepo; use workspace-specific build commands for individual components (Solidity with Hardhat + Forge, TypeScript SDK, Rust agents with Cargo)

Applied to files:

  • .github/workflows/static-analysis.yml
📚 Learning: 2025-11-25T17:10:33.369Z
Learnt from: paulbalaji
Repo: hyperlane-xyz/hyperlane-monorepo PR: 7410
File: solidity/foundry.toml:8-8
Timestamp: 2025-11-25T17:10:33.369Z
Learning: In the hyperlane-xyz/hyperlane-monorepo repository, when using pnpm (instead of Yarn), Foundry's `allow_paths` in solidity/foundry.toml should be set to `["./node_modules"]` rather than `["../node_modules"]` because pnpm's default node_modules structure places dependencies locally in the workspace subdirectory, not requiring access to the parent directory's node_modules.

Applied to files:

  • Dockerfile
📚 Learning: 2025-08-13T16:53:55.163Z
Learnt from: paulbalaji
Repo: hyperlane-xyz/hyperlane-monorepo PR: 6891
File: typescript/infra/config/environments/mainnet3/funding.ts:22-22
Timestamp: 2025-08-13T16:53:55.163Z
Learning: In Hyperlane mainnet3 configs, funding.ts uses 'gcr.io/abacus-labs-dev/hyperlane-monorepo' docker image while agent.ts uses 'gcr.io/abacus-labs-dev/hyperlane-agent' docker image. These are different images with independent tag cycles, so tag consistency across them is not expected.

Applied to files:

  • Dockerfile
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
  • GitHub Check: aleo-sdk-e2e-run
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: test-rs
🔇 Additional comments (3)
Dockerfile (3)

10-13: Foundry install placement is smart for layer caching.

You've placed the Foundry setup early in the Dockerfile, before copying source files. That's the right call — if your source code changes, Foundry's cached layer won't rebuild. Just make sure that installation URL is stable and monitored for security updates, since it's pulling executable code from the network.


43-52: Build pipeline correctly wired with Turbo.

The solidity/turbo.json properly configures the deps:soldeer task to output ["dependencies/**"] and the build task explicitly depends on it, ensuring correct cache layering. The Dockerfile's yarn build invocation will execute these tasks in the correct order.


1-8: Image size trade-off: Alpine → Debian slim is a heavier lift.

Switching from node:20-alpine (tiny) to node:20-slim (Debian-based) adds weight to the final image — and that's before all those system dependencies. It's worth it though, since Alpine tends to have compatibility issues with tooling like Foundry and the build stack you're layering on. The image will be substantially larger, but that's the price of having a proper foundation to build on. The Foundry installation endpoint (https://foundry.paradigm.xyz) is the official installer, and the COPY pattern for individual package.json files before yarn install is solid for Docker layer caching.

@hyper-gonk
Copy link
Contributor

hyper-gonk bot commented Dec 4, 2025

🐳 Monorepo Docker Image Built Successfully

Image Tags:

gcr.io/abacus-labs-dev/hyperlane-monorepo:pr-7529
gcr.io/abacus-labs-dev/hyperlane-monorepo:a85832d-20251204-115616


# Install Foundry for solidity builds (early for layer caching)
RUN curl -L https://foundry.paradigm.xyz | bash
RUN /root/.foundry/bin/foundryup
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want to run against latest?

Copy link
Collaborator Author

@paulbalaji paulbalaji Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this gives us latest stable, which is probably fine? (the foundry ci action defaults to latest stable too)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually wasn't too hard to pin to a specific version everywhere #7531

@paulbalaji paulbalaji added this pull request to the merge queue Dec 4, 2025
Merged via the queue into main with commit ce85652 Dec 4, 2025
98 checks passed
@github-project-automation github-project-automation bot moved this from In Review to Done in Hyperlane Tasks Dec 4, 2025
@paulbalaji paulbalaji deleted the pb/fix-soldeer branch December 4, 2025 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

2 participants