Merge pull request #91 from solana-developers/master

v0.3.0

Author: ngundotra

.github/workflows/publish_all_dockerfiles.yaml

@@ -38,8 +38,7 @@ jobs:
     strategy:
       matrix: 
         version: ${{ fromJson(needs.detect_changes.outputs.versions )}}
-      fail-fast: false
-    name: Push Docker images to ghcr.io
+    name: Push Docker images to docker.io
     runs-on: ubuntu-latest
     permissions:
       packages: write
@@ -56,20 +55,16 @@ jobs:
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: |
-            ghcr.io/${{ github.repository }}
-
-      - name: lowercase github.repository_owner
-        run: |
-          echo "REPO_OWNER=`echo ${{github.repository_owner}} | tr '[:upper:]' '[:lower:]'`" >>${GITHUB_ENV}
+             docker.io/solanafoundation/solana-verifiable-build
 
       - name: Build and push Docker images
         id: push
@@ -80,14 +75,14 @@ jobs:
           push: true
           tags: |
             ${{ steps.meta.outputs.tags }}
-            ghcr.io/${{ env.REPO_OWNER }}/solana:${{ matrix.version }}
+            docker.io/solanafoundation/solana-verifiable-build:${{ matrix.version }}
           labels: |
             ${{ steps.meta.outputs.labels }}
             org.opencontainers.image.source=https://github.com/${{ github.repository }}
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ghcr.io/${{ env.REPO_OWNER }}/solana
+          subject-name: index.docker.io/solanafoundation/solana-verifiable-build
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true

.github/workflows/publish_dockerfile.yaml

@@ -1,4 +1,4 @@
-name: Publish Single Docker Image
+name: Publish Docker Image
 
 on:
   workflow_dispatch:
@@ -24,20 +24,16 @@ jobs:
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: docker.io
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: |
-            ghcr.io/${{ github.repository }}
-
-      - name: lowercase github.repository_owner
-        run: |
-          echo "REPO_OWNER=`echo ${{github.repository_owner}} | tr '[:upper:]' '[:lower:]'`" >>${GITHUB_ENV}
+            docker.io/solanafoundation/solana-verifiable-build
 
       - name: Build and push Docker images
         id: push
@@ -48,14 +44,14 @@ jobs:
           push: true
           tags: |
             ${{ steps.meta.outputs.tags }}
-            ghcr.io/${{ env.REPO_OWNER }}/solana:${{ github.event.inputs.version }}
+            docker.io/solanafoundation/solana-verifiable-build:${{ github.event.inputs.version }}
           labels: |
             ${{ steps.meta.outputs.labels }}
             org.opencontainers.image.source=https://github.com/${{ github.repository }}
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
-          subject-name: ghcr.io/${{ env.REPO_OWNER }}/solana
+          subject-name: index.docker.io/solanafoundation/solana-verifiable-build
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true

.github/workflows/test.yaml

@@ -0,0 +1,39 @@
+name: Run Integration Tests
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: Run Tests
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false # Continue with other tests even if one fails
+      matrix:
+        test_name:
+          - test_phoenix_v1
+          - test_squads_v3
+          - test_drift_v2
+          - test_marginfi_v2
+          - test_local_example
+          - test_verify_from_image
+          - test_games_preset
+          - test_agave_2_1
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Cache dependencies
+        uses: Swatinem/rust-cache@v2
+
+      - name: Build
+        run: cargo build
+
+      - name: Run ${{ matrix.test_name }}
+        run: cargo test ${{ matrix.test_name }} -- --nocapture

.github/workflows/update_whitelist.yaml

@@ -2,11 +2,15 @@ name: Update Docker Image Whitelist
 
 on:
   workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - 'docker/**'
 
 permissions:
   contents: write
   pull-requests: write
-  packages: read
 
 jobs:
   update-docker-image-whitelist:
@@ -37,9 +41,6 @@ jobs:
           uv sync --all-extras --dev
 
       - name: Run generate_dockerfiles.py
-        env:
-          USE_GHCR: "true"
-          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token  }}
         run: uv run update_image_whitelist.py
 
       - name: Create Pull Request

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "solana-verify"
-version = "0.2.14"
+version = "0.3.0"
 edition = "2021"
 description = "A CLI tool for building verifiable Solana programs"
 license = "MIT"
@@ -18,6 +18,7 @@ indicatif = "0.17.7"
 lazy_static = "1.4.0"
 pathdiff = "0.2.0" # missing in workspace
 reqwest = "0.11.23"
+regex = "1.11.1"
 serde = { version = "1.0.195", features = ["derive"] }
 serde_json = "1.0.111"
 sha256 = "1.1.1" # missing in workspace

Cargo.toml

@@ -51,7 +51,7 @@ If you're working in a repository with multiple programs, in order to build a sp
 solana-verify build --library-name $PROGRAM_LIB_NAME
 ```
 
-The string that's passed in must be the *lib* name and NOT the *package* name. These are usually the same, but the distinction is important.
+The string that's passed in must be the _lib_ name and NOT the _package_ name. These are usually the same, but the distinction is important.
 ![image](https://github.com/Ellipsis-Labs/solana-verifiable-build/assets/61092285/0427e88f-cc0f-465f-b2e9-747ea1b8d3af)
 
 (NOTE: These commands can take up to 30 minutes if you're running on an M1 Macbook Pro. This has to do with the architecture emulation required to ensure build determinism. For best performance, it is recommended to run builds on a Linux machine running x86)
@@ -105,8 +105,8 @@ solana-verify verify-from-repo -um --program-id PhoeNiXZ8ByJGLkxNfZRnkUfjvmuYqLR
 Final Output:
 
 ```
-Executable Program Hash from repo: 7c76ba11f8742d040b1a874d943c2096f1b3a48db14d2a5b411fd5dad5d1bc2d
-On-chain Program Hash: 7c76ba11f8742d040b1a874d943c2096f1b3a48db14d2a5b411fd5dad5d1bc2d
+Executable Program Hash from repo: 6877a5b732b3494b828a324ec846d526d962223959534dbaf4209e0da3b2d6a9
+On-chain Program Hash: 6877a5b732b3494b828a324ec846d526d962223959534dbaf4209e0da3b2d6a9
 Program hash matches ✅
 ```
 
@@ -143,28 +143,14 @@ Program hash matches ✅
 ### Marginfi V2
 
 ```
-solana-verify verify-from-repo -um --program-id MFv2hWf31Z9kbCa1snEPYctwafyhdvnV7FZnsebVacA https://github.com/mrgnlabs/marginfi-v2 --library-name marginfi -- --features mainnet-beta
+solana-verify verify-from-repo -um --program-id MFv2hWf31Z9kbCa1snEPYctwafyhdvnV7FZnsebVacA https://github.com/mrgnlabs/marginfi-v2 --commit-hash d33e649e415c354cc2a1e3c49131725552d69ba0 --library-name marginfi -- --features mainnet-beta
 ```
 
 Final Output:
 
 ```
-Executable Program Hash from repo: 7b37482dd6b2159932b5c2595bc6ce62cf6e587ae67f237c8152b802bf7d7bb8
-On-chain Program Hash: 7b37482dd6b2159932b5c2595bc6ce62cf6e587ae67f237c8152b802bf7d7bb8
-Program hash matches ✅
-```
-
-### Solend
-
-```
-solana-verify verify-from-repo -um --program-id So1endDq2YkqhipRh3WViPa8hdiSpxWy6z3Z6tMCpAo https://github.com/solendprotocol/solana-program-library --library-name solend_program -b ellipsislabs/solana:1.14.10 --bpf
-```
-
-Final Output:
-
-```
-Executable Program Hash from repo: f89a43677ab106d2e50d3c41b656d067b6142c02a2508caca1c11c0a963d3b17
-On-chain Program Hash: f89a43677ab106d2e50d3c41b656d067b6142c02a2508caca1c11c0a963d3b17
+Executable Program Hash from repo: 890d68f48f96991016222b1fcbc2cc81b8ef2dcbf280c44fe378c523c108fad5
+On-chain Program Hash: 890d68f48f96991016222b1fcbc2cc81b8ef2dcbf280c44fe378c523c108fad5
 Program hash matches ✅
 ```
 
@@ -213,7 +199,7 @@ Which will return the following hash:
 
 By default, this command will strip any trailing zeros away from the program executable and run the sha256 algorithm against it to compute the hash.
 
-To manually verify this program, one could run the following from the root of this repository, which builds a program from source code and computes a hash. *This command takes a long time because it is building the binary in a Docker container*
+To manually verify this program, one could run the following from the root of this repository, which builds a program from source code and computes a hash. _This command takes a long time because it is building the binary in a Docker container_
 
 ```
 solana-verify build $PWD/examples/hello_world

README.md

@@ -0,0 +1,14 @@
+FROM --platform=linux/amd64 rust@sha256:b33af7ffbb3bf98940f8326d9563ca403e315a33d9434303df76bdc325b0f5c4
+
+RUN apt-get update && apt-get install -qy git gnutls-bin curl
+
+# Download and modify the Solana install script to install the specified version
+RUN curl -sSfL "https://release.solana.com/v1.18.20/install" -o solana_install.sh && \
+    chmod +x solana_install.sh && \
+    sed -i "s/^SOLANA_INSTALL_INIT_ARGS=.*/SOLANA_INSTALL_INIT_ARGS=v1.10.1/" solana_install.sh && \
+    ./solana_install.sh && \
+    rm solana_install.sh
+
+ENV PATH="/root/.local/share/solana/install/active_release/bin:$PATH"
+WORKDIR /build
+CMD /bin/bash

docker/v1.10.1.Dockerfile

@@ -0,0 +1,14 @@
+FROM --platform=linux/amd64 rust@sha256:b33af7ffbb3bf98940f8326d9563ca403e315a33d9434303df76bdc325b0f5c4
+
+RUN apt-get update && apt-get install -qy git gnutls-bin curl
+
+# Download and modify the Solana install script to install the specified version
+RUN curl -sSfL "https://release.solana.com/v1.18.20/install" -o solana_install.sh && \
+    chmod +x solana_install.sh && \
+    sed -i "s/^SOLANA_INSTALL_INIT_ARGS=.*/SOLANA_INSTALL_INIT_ARGS=v1.10.10/" solana_install.sh && \
+    ./solana_install.sh && \
+    rm solana_install.sh
+
+ENV PATH="/root/.local/share/solana/install/active_release/bin:$PATH"
+WORKDIR /build
+CMD /bin/bash

docker/v1.10.10.Dockerfile

@@ -0,0 +1,14 @@
+FROM --platform=linux/amd64 rust@sha256:b33af7ffbb3bf98940f8326d9563ca403e315a33d9434303df76bdc325b0f5c4
+
+RUN apt-get update && apt-get install -qy git gnutls-bin curl
+
+# Download and modify the Solana install script to install the specified version
+RUN curl -sSfL "https://release.solana.com/v1.18.20/install" -o solana_install.sh && \
+    chmod +x solana_install.sh && \
+    sed -i "s/^SOLANA_INSTALL_INIT_ARGS=.*/SOLANA_INSTALL_INIT_ARGS=v1.10.11/" solana_install.sh && \
+    ./solana_install.sh && \
+    rm solana_install.sh
+
+ENV PATH="/root/.local/share/solana/install/active_release/bin:$PATH"
+WORKDIR /build
+CMD /bin/bash