Align repo orchestration with solana-program conventions#79
Open
lorisleiva wants to merge 3 commits into
Open
Conversation
This PR replaces system's bespoke `vars.env` + hand-rolled `Makefile` + in-repo composite setup action + per-repo publish workflows with the converged `solana-program/*` orchestration: a `Makefile` modelled on `program-metadata`'s, thin CI wrappers that delegate to reusable workflows in `solana-program/actions`, and `Cargo.toml`'s `[workspace.metadata]` blocks as the single source of truth for the nightly toolchain and Solana CLI version. The reusable workflows bring uniform format/lint/test/docs/powerset gates for free, NPM provenance and `cargo semver-checks` for publishing, and eliminate the need to maintain per-repo orchestration. The JS client's `test-js-%` target stays LiteSVM-flavoured (no validator dance) and `codama.mjs` reads the nightly from the Makefile so the toolchain pin lives in exactly one place. Repo admins will need to provision the `vars.APP_ID` + `secrets.PRIVATE_KEY` GitHub App and the `prod` environment with an NPM Trusted Publisher before the next publish under these workflows.
This commit fixes the two CI gates that were left unhandled by the orchestration alignment: spellcheck and audit. The reusable workflow at `solana-program/actions/.github/workflows/main.yml@main` runs `make spellcheck` and `make audit` unconditionally on every push, so both targets need to be present and pass. The spellcheck target is now wired up the same way as in `program-metadata` and `stake`, with a `scripts/spellcheck.toml` config and a `scripts/solana.dic` dictionary seeded from the union of both reference repos. The audit ignore list has been replaced with the set of RUSTSEC IDs that system's wider transitive dependency tree triggers (all in the `solana-client` RPC / TLS / pubsub stack), captured from a local run against an upgraded `cargo-audit` that understands CVSS 4.0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR replaces system's bespoke
vars.env+ hand-rolledMakefile+ in-repo composite setup action + per-repo publish workflows with the convergedsolana-program/*orchestration: aMakefilemodelled onprogram-metadata's, thin CI wrappers that delegate to reusable workflows insolana-program/actions, andCargo.toml's[workspace.metadata]blocks as the single source of truth for the nightly toolchain and Solana CLI version. The reusable workflows bring uniform format/lint/test/docs/powerset gates for free, NPM provenance andcargo semver-checksfor publishing, and eliminate the need to maintain per-repo orchestration. The JS client'stest-js-%target stays LiteSVM-flavoured (no validator dance) andcodama.mjsreads the nightly from the Makefile so the toolchain pin lives in exactly one place. Repo admins will need to provision thevars.APP_ID+secrets.PRIVATE_KEYGitHub App and theprodenvironment with an NPM Trusted Publisher before the next publish under these workflows.