feat: wip program upgrade CI (#141)

* feat: wip program upgrade CI * feat: upgrade anchor, solana, geyser * chore: fmt * ci: bump CI anchor version * ci: bump CI cargo version * fix: account for dedicated CLI multisig config field * lint: clippy * lint: clippy * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * ci: wip actions * cli: add idl patch command * ci: wip actions * chore: fmt * chore: fmt * ci: wip actions * ci: wip actions * ci: wip actions * fix: IDL patching * fix: rebase shenanigans * ci: switch to nightly * ci: switch to nightly * ci: switch to nightly * ci: switch to nightly * ci: ignore brick in workspace * ci: fuzzing * ci: fuzzing * ci: fuzzing * chore: format * ci: fuzzing * ci: fuzzing args * ci: wip actions * ci: wip actions * chore: lint * ci: wip actions * ci: wip actions * ci: wip actions * fix: ping madness * fix: lint * fix: lint
mrgnlabs · Jan 10, 2024 · eb7e804 · eb7e804
1 parent e3b2f7b
commit eb7e804
Show file tree

Hide file tree

Showing 53 changed files with 5,664 additions and 2,445 deletions.
diff --git a/.github/actions/build-program/action.yaml b/.github/actions/build-program/action.yaml
@@ -0,0 +1,31 @@
+name: "Anchor Build"
+description: "Anchor Build"
+inputs:
+  program_lib_name:
+    description: "The program to build"
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/cache@v2
+      name: Cache Cargo registry + index
+      id: cache-cargo-registry
+      with:
+        path: |
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+        key: cargo-${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Cache Anchor Build
+      uses: actions/cache@v2
+      id: cache-anchor-build
+      with:
+        path: |
+          ./target/
+        key: build-${{ runner.os }}-${{env.ANCHOR_CLI_VERSION}}-${{env.ANCHOR_SHA}}-v0002-${{ hashFiles('./programs/**/**', '**/Cargo.lock') }}-${{ inputs.program_lib_name }}
+
+    - run: ./scripts/build-program.sh ${{ inputs.program_lib_name }} mainnet
+      if: steps.cache-anchor-build.outputs.cache-hit != 'true'
+      shell: bash
diff --git a/.github/actions/build-verifiable-program/action.yaml b/.github/actions/build-verifiable-program/action.yaml
@@ -0,0 +1,42 @@
+name: "Build Verified"
+description: "Builds an Anchor Program using solana-verify"
+
+inputs:
+  program_lib_name:
+    description: "The program to build"
+    required: true
+  devnet:
+    description: "Whether to target devnet (fallback is mainnet)"
+    required: false
+    default: "false"
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/cache@v2
+      name: Cache Cargo registry + index
+      id: cache-cargo-registry
+      with:
+        path: |
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+        key: cargo-${{ runner.os }}-v0001-${{ hashFiles('**/Cargo.lock') }}
+
+    - uses: actions/cache@v2
+      name: Cache Solana Verify
+      id: cache-solana-verify
+      with:
+        path: |
+          ~/.cargo/bin/solana-verify
+        key: cargo-${{ runner.os }}-solana-verify
+
+    - run: cargo install solana-verify --git https://github.com/Ellipsis-Labs/solana-verifiable-build --rev 8f6f56908a0b0f35cb84d06f167c25c286ccf0ac
+      if: steps.cache-solana-verify.outputs.cache-hit != 'true'
+      shell: bash
+
+    - run: ./scripts/build-program-verifiable.sh ${{ inputs.program_lib_name }} ${{ inputs.devnet == 'true' && 'devnet' || 'mainnet' }}
+      shell: bash
+      env:
+        PROGRAM: ${{ inputs.program_lib_name }}
+
diff --git a/.github/actions/build-workspace/action.yaml b/.github/actions/build-workspace/action.yaml
@@ -0,0 +1,27 @@
+name: "Build Anchor Workspace"
+description: "Build Anchor Workspace"
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/cache@v2
+      name: Cache Cargo registry + index
+      id: cache-cargo-registry
+      with:
+        path: |
+          ~/.cargo/bin/
+          ~/.cargo/registry/index/
+          ~/.cargo/registry/cache/
+          ~/.cargo/git/db/
+        key: cargo-${{ runner.os }}-cargo-build-${{ hashFiles('**/Cargo.lock') }}
+
+    - name: Cache Anchor Build
+      uses: actions/cache@v2
+      id: cache-anchor-build
+      with:
+        path: |
+          ./target/
+        key: build-${{ runner.os }}-${{env.ANCHOR_CLI_VERSION}}-${{env.ANCHOR_SHA}}-v0002-${{ hashFiles('./programs/**/**', '**/Cargo.lock') }}-workspace
+
+    - run: ./scripts/build-workspace.sh
+      if: steps.cache-anchor-build.outputs.cache-hit != 'true'
+      shell: bash
diff --git a/.github/actions/deploy-buffers/action.yaml b/.github/actions/deploy-buffers/action.yaml
@@ -0,0 +1,140 @@
+name: "Uploads Program and IDL buffers"
+description: "Uploads program binary and IDL to buffer accounts"
+
+inputs:
+  program-lib-name:
+    description: "The program to build and upload"
+    required: true
+  program-id:
+    description: "The program ID to build and upload"
+    required: true
+  deployer-keypair:
+    description: "The keypair to use for deploys"
+    required: true
+  buffer-authority:
+    description: "The buffer authority to set"
+    required: true
+  rpc-endpoint:
+    description: "The RPC endpoint used for buffer uploads"
+    required: true
+
+outputs:
+  program-buffer-pubkey:
+    description: "The program buffer address"
+    value: ${{ steps.deploy-buffers-store.outputs.PROGRAM_BUFFER_PUBKEY }}
+  idl-buffer-pubkey:
+    description: "The idl buffer address."
+    value: ${{ steps.deploy-buffers-store.outputs.IDL_BUFFER_PUBKEY }}
+
+runs:
+  using: "composite"
+  steps:
+    - uses: ./.github/actions/setup-common/
+    - uses: ./.github/actions/setup-anchor/
+
+    - name: Dump deployer keypair to file for CLI use
+      run: echo "$DEPLOYER_KEYPAIR" > ./deployer-keypair.json && chmod 600 ./deployer-keypair.json
+      shell: bash
+      env:
+        DEPLOYER_KEYPAIR: ${{ inputs.deployer-keypair }}
+
+    - name: Generate keypair for program buffer
+      run: solana-keygen new --silent --outfile program-buffer-keypair --no-bip39-passphrase
+      shell: bash
+
+    - run: ls -l ./target/deploy/
+      shell: bash
+
+    - name: Deploy program buffer
+      if: steps.cache-buffer.outputs.cache-hit != 'true'
+      id: program-buffer-deploy
+      uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
+      with:
+        timeout_minutes: 30
+        max_attempts: 10
+        shell: bash
+        command: |
+          solana program write-buffer \
+            --buffer ./program-buffer-keypair \
+            --keypair ./deployer-keypair.json \
+            --url $RPC_ENDPOINT \
+            ./target/deploy/$PROGRAM_LIB_NAME.so \
+            > ./program-buffer.out
+      env:
+        RPC_ENDPOINT: ${{ inputs.rpc-endpoint }}
+        PROGRAM_LIB_NAME: ${{ inputs.program-lib-name }}
+
+    - name: IDL Buffer Deploy
+      uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
+      id: idl-buffer-deploy
+      if: steps.cache-buffer.outputs.cache-hit != 'true'
+      with:
+        timeout_minutes: 10
+        max_attempts: 50
+        shell: bash
+        command: |
+          ~/.cargo/bin/anchor idl write-buffer $PROGRAM_ID \
+            --filepath ./target/idl/$PROGRAM_LIB_NAME.json \
+            --provider.cluster $RPC_ENDPOINT \
+            --provider.wallet ./deployer-keypair.json \
+            > idl-buffer.out
+      env:
+        PROGRAM_ID: ${{ inputs.program-id }}
+        PROGRAM_LIB_NAME: ${{ inputs.program-lib-name }}
+        RPC_ENDPOINT: ${{ inputs.rpc-endpoint }}
+
+    - name: Buffer Deploy Store
+      shell: bash
+      id: deploy-buffers-store
+      run: |
+        echo "PROGRAM_BUFFER_PUBKEY=$(cat program-buffer.out | sed 's/Buffer: //g' | xargs echo -n)" >> $GITHUB_OUTPUT
+        echo "IDL_BUFFER_PUBKEY=$(cat idl-buffer.out | sed 's/Idl buffer created: //g' | xargs echo -n)" >> $GITHUB_OUTPUT
+
+    - run: echo "The program buffer is ${{ steps.deploy-buffers-store.outputs.PROGRAM_BUFFER_PUBKEY }}"
+      shell: bash
+    - run: echo "the IDL buffer is ${{ steps.deploy-buffers-store.outputs.IDL_BUFFER_PUBKEY }}"
+      shell: bash
+    - run: echo "the IDL is $(cat ./target/idl/$PROGRAM_LIB_NAME.json)"
+      shell: bash
+      env:
+        PROGRAM_LIB_NAME: ${{ inputs.program-lib-name }}
+
+    - name: Transfer IDL buffer to specified authority
+      uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
+      if: steps.cache-buffer.outputs.cache-hit != 'true'
+      with:
+        timeout_minutes: 10
+        max_attempts: 50
+        shell: bash
+        command: |
+          anchor idl set-authority $IDL_BUFFER_PUBKEY \
+            --provider.cluster $RPC_ENDPOINT \
+            --program-id $PROGRAM_ID \
+            --new-authority $AUTHORITY \
+            --provider.wallet ./deployer-keypair.json
+      env:
+        IDL_BUFFER_PUBKEY: ${{ steps.deploy-buffers-store.outputs.IDL_BUFFER_PUBKEY }}
+        AUTHORITY: ${{ inputs.buffer-authority }}
+        RPC_ENDPOINT: ${{ inputs.rpc-endpoint }}
+        PROGRAM_ID: ${{ inputs.program-id }}
+
+    - name: Transfer program buffer to specified authority
+      uses: nick-invision/retry@14672906e672a08bd6eeb15720e9ed3ce869cdd4
+      if: steps.cache-buffer.outputs.cache-hit != 'true'
+      with:
+        timeout_minutes: 10
+        max_attempts: 50
+        shell: bash
+        command: |
+          solana program set-buffer-authority $PROGRAM_BUFFER_PUBKEY \
+            --keypair ./deployer-keypair.json \
+            --new-buffer-authority $AUTHORITY \
+            --url $RPC_ENDPOINT
+      env:
+        PROGRAM_BUFFER_PUBKEY: ${{ steps.deploy-buffers-store.outputs.PROGRAM_BUFFER_PUBKEY }}
+        AUTHORITY: ${{ inputs.buffer-authority }}
+        RPC_ENDPOINT: ${{ inputs.rpc-endpoint }}
+
+    - run: rm ./deployer-keypair.json
+      shell: bash
+      if: always()
diff --git a/.github/actions/setup-anchor-cli/action.yaml b/.github/actions/setup-anchor-cli/action.yaml
@@ -0,0 +1,28 @@
+name: "Setup Anchor CLI"
+description: "Setup Anchor CLI"
+
+runs:
+  using: "composite"
+  steps:
+    - uses: ./.github/actions/setup-common/
+    - uses: ./.github/actions/setup-solana-cli/
+    - uses: actions/cache@v2
+      name: Cache Anchor Cli
+      id: cache-anchor-cli
+      with:
+        path: |
+          ~/.cargo/bin/anchor
+        key: anchor-cli-${{ runner.os }}-v0003-${{ env.ANCHOR_CLI_VERSION }}-${{ env.ANCHOR_SHA }}
+    - run: cargo install --git https://github.com/coral-xyz/anchor --tag "v$ANCHOR_CLI_VERSION" anchor-cli --locked
+      shell: bash
+      if: steps.cache-anchor-cli.outputs.cache-hit != 'true'
+    - uses: actions/cache@v2
+      name: Cache Toml Cli
+      id: cache-toml-cli
+      with:
+        path: |
+          ~/.cargo/bin/toml
+        key: toml-cli-${{ runner.os }}-v0002
+    - run: (cargo install toml-cli || true)
+      if: steps.cache-toml-cli.outputs.cache-hit != 'true'
+      shell: bash
diff --git a/.github/actions/setup-common/action.yaml b/.github/actions/setup-common/action.yaml
@@ -0,0 +1,17 @@
+name: "Setup common"
+description: "Setup common"
+runs:
+  using: "composite"
+  steps:
+      - run: sudo apt-get update
+        shell: bash
+      - run: sudo apt-get install -y pkg-config build-essential libudev-dev
+        shell: bash
+      - uses: actions-rs/toolchain@v1
+        name: Install minimal rust toolchain with clippy and rustfmt
+        with:
+          profile: minimal
+          toolchain: nightly
+          target: x86_64-unknown-linux-gnu
+          components: rustfmt, clippy
+          default: true
diff --git a/.github/actions/setup-solana-cli/action.yaml b/.github/actions/setup-solana-cli/action.yaml
@@ -0,0 +1,22 @@
+name: "Setup Solana CLI"
+description: "Setup Solana CLI"
+runs:
+  using: "composite"
+  steps:
+      - uses: actions/cache@v2
+        name: Cache Solana Tool Suite
+        id: cache-solana
+        with:
+          path: |
+            ~/.cache/solana/
+            ~/.local/share/solana/
+          key: solana-${{ runner.os }}-v0000-${{ env.SOLANA_CLI_VERSION }}
+      - run: sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_CLI_VERSION }}/install)"
+        shell: bash
+        if: steps.cache-solana.outputs.cache-hit != 'true'
+      - run: echo "/home/runner/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+        shell: bash
+      - run: solana-keygen new -s --no-bip39-passphrase --force
+        shell: bash
+      - run: solana config set --url localhost
+        shell: bash