diff --git a/.github/workflows/anchor-test.yaml b/.github/workflows/anchor-test.yaml index 66fb3c197..0c7ec4451 100644 --- a/.github/workflows/anchor-test.yaml +++ b/.github/workflows/anchor-test.yaml @@ -8,7 +8,7 @@ on: jobs: run-anchor-test: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/anchor-test@v2.1 diff --git a/.github/workflows/deploy-buffer.yaml b/.github/workflows/deploy-buffer.yaml index 3695f1534..f08b04a4f 100644 --- a/.github/workflows/deploy-buffer.yaml +++ b/.github/workflows/deploy-buffer.yaml @@ -15,11 +15,36 @@ on: description: 'RPC URL' required: true type: string + program_executable_data: + required: true + type: string + description: "The program executable data address" + default: "H5rxQS4BGc77552Da6aDDNH2G7HCpC1fUxyeuDpwEQK4" + multisig_pda: + required: true + type: string + description: "The multisig pda to set as buffer authority" + default: "J5wHJwmkyhx1rnn7xeYyUVKYgCvDPwGJz4h44WE6cHCJ" + multisig_vault_index: + required: true + type: string + description: "Index of the multisig vault executing the upgrade" + default: "0" + multisig-vault-address: + required: true + type: string + description: "Address of the multisig vault executing the upgrade" + default: "ALxsUozu7d8ibng4k3aF9CPj1VGPGt8ZRogbpUwYsZkq" + spill_address: + required: true + type: string + description: "Spill address to recoup funds from buffers" + default: "2SG7fCnreQ9wHoqQC7U6pfDN2rYmBqExKuqcGR3StrZW" jobs: deploy-buffer: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/setup-anchor@v3 @@ -38,4 +63,61 @@ jobs: timeout_minutes: 30 max_attempts: 10 shell: bash - command: solana program write-buffer --max-sign-attempts 50 --with-compute-unit-price 100 --use-rpc --buffer ./buffer-keypair ./verifiable-builds/${{ inputs.program_name }}.so -u $NETWORK \ No newline at end of file + command: solana program write-buffer --max-sign-attempts 50 --with-compute-unit-price 100 --use-rpc --buffer ./buffer-keypair ./verifiable-builds/${{ inputs.program_name }}.so -u ${{ inputs.rpc_url }} > ./buffer.out + - name: IDL Buffer Deploy + uses: nick-invision/retry@v2 + id: idl-buffer-deploy + with: + timeout_minutes: 30 + max_attempts: 10 + shell: bash + command: anchor idl write-buffer ${{ inputs.program_id }} --filepath ./verifiable-builds/${{ inputs.program_name }}.json --provider.cluster ${{ inputs.rpc_url }} --provider.wallet ./deploy-keypair.json > idl-buffer.out + - name: Buffer Deploy Store + shell: bash + id: buffer-deploy-store + run: | + echo "BUFFER=$(cat buffer.out | sed 's/Buffer: //g' | xargs echo -n)" >> $GITHUB_OUTPUT + echo "IDL_BUFFER=$(cat idl-buffer.out | grep -oE '[1-9A-HJ-NP-Za-km-z]{32,44}$' | xargs echo -n)" >> $GITHUB_OUTPUT + - run: echo "The buffer is ${{ steps.buffer-deploy-store.outputs.BUFFER }}" + shell: bash + - run: echo "the idl buffer is ${{ steps.buffer-deploy-store.outputs.IDL_BUFFER }}" + shell: bash + - name: Transfer idl buffer to authority + uses: nick-invision/retry@v2 + if: steps.cache-buffer.outputs.cache-hit != 'true' + with: + timeout_minutes: 10 + max_attempts: 20 + shell: bash + command: anchor idl set-authority $IDL_BUFFER --provider.cluster $NETWORK --program-id $PROGRAM_ID --new-authority $AUTHORITY --provider.wallet ./deploy-keypair.json + env: + IDL_BUFFER: ${{ steps.buffer-deploy-store.outputs.IDL_BUFFER }} + AUTHORITY: ${{ inputs.buffer-authority }} + NETWORK: ${{ inputs.network }} + PROGRAM_ID: ${{ inputs.program-id }} + - name: Transfer program buffer to authority + uses: nick-invision/retry@v2 + if: steps.cache-buffer.outputs.cache-hit != 'true' + with: + timeout_minutes: 10 + max_attempts: 20 + shell: bash + command: solana program set-buffer-authority $BUFFER -k ./deploy-keypair.json --new-buffer-authority $AUTHORITY -u $NETWORK + env: + BUFFER: ${{ steps.buffer-deploy-store.outputs.BUFFER }} + AUTHORITY: ${{ inputs.buffer-authority }} + NETWORK: ${{ inputs.network }} + - name: Set upgrade authority to Squads multisig + uses: metaDAOproject/squads-v4-program-upgrade@1.0.0 + with: + network-url: ${{ inputs.rpc_url }} + multisig-pda: ${{ inputs.multisig_pda }} + multisig-vault-index: ${{ inputs.multisig_vault_index }} + multisig-vault-address: ${{ inputs.multisig_vault_address }} + program-id: ${{ inputs.program_id }} + buffer: "${{ steps.buffer-deploy-store.outputs.BUFFER }}" + spill-address: ${{ inputs.spill_address }} + name: "Test Upgrade" + executable-data: ${{ inputs.program_executable_data }} + keypair: ${{ secrets.DEPLOYER_KEYPAIR }} + idl-buffer: "${{ steps.buffer-deploy-store.outputs.IDL_BUFFER }}" \ No newline at end of file diff --git a/.github/workflows/generate-verifiable-builds.yaml b/.github/workflows/generate-verifiable-builds.yaml index e3dcc6670..e04e5c8e0 100644 --- a/.github/workflows/generate-verifiable-builds.yaml +++ b/.github/workflows/generate-verifiable-builds.yaml @@ -8,7 +8,7 @@ on: jobs: generate-verifiable-autocrat: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/anchor-verifiable-build@v0.2 @@ -18,13 +18,14 @@ jobs: solana-cli-version: '1.17.16' - run: 'git pull --rebase' - run: cp target/deploy/autocrat.so ./verifiable-builds + - run: cp target/idl/autocrat.json ./verifiable-builds - name: Commit verifiable build back to mainline uses: EndBug/add-and-commit@v9.1.4 with: default_author: github_actions message: 'Update autocrat verifiable build' generate-verifiable-vault: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/anchor-verifiable-build@v0.2 @@ -35,13 +36,14 @@ jobs: features: 'production' - run: 'git pull --rebase' - run: cp target/deploy/conditional_vault.so ./verifiable-builds + - run: cp target/idl/conditional_vault.json ./verifiable-builds - name: Commit verifiable build back to mainline uses: EndBug/add-and-commit@v9.1.4 with: default_author: github_actions message: 'Update conditional_vault verifiable build' generate-verifiable-amm: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/anchor-verifiable-build@v0.2 @@ -51,13 +53,14 @@ jobs: solana-cli-version: '1.17.16' - run: 'git pull --rebase' - run: cp target/deploy/amm.so ./verifiable-builds + - run: cp target/idl/amm.json ./verifiable-builds - name: Commit verifiable build back to mainline uses: EndBug/add-and-commit@v9.1.4 with: default_author: github_actions message: 'Update amm verifiable build' generate-verifiable-launchpad: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/anchor-verifiable-build@v0.2 @@ -68,6 +71,7 @@ jobs: features: 'production' - run: 'git pull --rebase' - run: cp target/deploy/launchpad.so ./verifiable-builds + - run: cp target/idl/launchpad.json ./verifiable-builds - name: Commit verifiable build back to mainline uses: EndBug/add-and-commit@v9.1.4 with: diff --git a/.github/workflows/verify-build.yaml b/.github/workflows/verify-build.yaml index bc8499d87..8dba80a52 100644 --- a/.github/workflows/verify-build.yaml +++ b/.github/workflows/verify-build.yaml @@ -22,7 +22,7 @@ on: jobs: verify-build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 - uses: metadaoproject/setup-anchor@v2