From 3dd7f60cbcccd5bdbb78e1b8b4ab12ea92aba073 Mon Sep 17 00:00:00 2001 From: highonhopium Date: Thu, 13 Feb 2025 15:22:10 +0000 Subject: [PATCH] adding flakehub --- .github/workflows/deploy-subgraph.yaml | 9 ++++-- .github/workflows/git-clean.yaml | 7 ++++- .github/workflows/manual-package-release.yml | 31 ++++++++++++-------- .github/workflows/manual-rs-release.yml | 11 +++++-- .github/workflows/manual-sol-artifacts.yaml | 15 ++++++---- .github/workflows/rainix.yaml | 9 ++++-- .github/workflows/tauri-release.yml | 7 +++-- .github/workflows/tauri.yaml | 9 ++++-- .github/workflows/test-subgraph.yml | 9 ++++-- .github/workflows/test-ui-components.yaml | 7 ++++- .github/workflows/test-webapp.yaml | 7 ++++- .github/workflows/vercel-preview.yaml | 7 ++++- .github/workflows/vercel-prod.yaml | 7 ++++- 13 files changed, 99 insertions(+), 36 deletions(-) diff --git a/.github/workflows/deploy-subgraph.yaml b/.github/workflows/deploy-subgraph.yaml index ad37b1e29..cb784e56e 100644 --- a/.github/workflows/deploy-subgraph.yaml +++ b/.github/workflows/deploy-subgraph.yaml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: network: - description: 'Network to deploy to' + description: "Network to deploy to" required: true type: choice options: @@ -23,6 +23,9 @@ on: jobs: deploy: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -31,7 +34,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: nix develop -c rainix-sol-prelude diff --git a/.github/workflows/git-clean.yaml b/.github/workflows/git-clean.yaml index 09bfead6c..b5df6431d 100644 --- a/.github/workflows/git-clean.yaml +++ b/.github/workflows/git-clean.yaml @@ -7,6 +7,9 @@ concurrency: jobs: git-clean: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -15,7 +18,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main # Build metas etc. required to do a correct pointer build. - run: ./pointers.sh diff --git a/.github/workflows/manual-package-release.yml b/.github/workflows/manual-package-release.yml index 3e4dd76f6..bc2ef995c 100644 --- a/.github/workflows/manual-package-release.yml +++ b/.github/workflows/manual-package-release.yml @@ -3,21 +3,24 @@ on: workflow_dispatch: inputs: version-level: - description: 'Select Version Level' + description: "Select Version Level" required: true type: choice options: - - alpha # Increase the alpha pre-version (x.y.z-alpha.M) - - beta # Increase the beta pre-version (x.y.z-beta.M) - - patch # Increase the patch version (x.y.z) - - minor # Increase the minor version (x.y.0) - - major # Increase the major version (x.0.0) + - alpha # Increase the alpha pre-version (x.y.z-alpha.M) + - beta # Increase the beta pre-version (x.y.z-beta.M) + - patch # Increase the patch version (x.y.z) + - minor # Increase the minor version (x.y.0) + - major # Increase the major version (x.0.0) - release # Remove the pre-version, ie remove alpha/beta/rc (x.y.z) - - rc # Increase the rc pre-version (x.y.z-rc.M) + - rc # Increase the rc pre-version (x.y.z-rc.M) jobs: release: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read env: DEPLOYMENT_KEY: ${{ github.ref == 'refs/heads/main' && secrets.PRIVATE_KEY || secrets.PRIVATE_KEY_DEV }} DEPLOY_METABOARD_ADDRESS: ${{ vars.CI_DEPLOY_SEPOLIA_METABOARD_ADDRESS }} @@ -36,14 +39,16 @@ jobs: with: ssh-key: ${{ secrets.PUBLISH_PRIVATE_KEY }} - - uses: DeterminateSystems/nix-installer-action@v4 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + - uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - name: Install NodeJS v22 uses: actions/setup-node@v4 with: node-version: 22 - cache: 'npm' + cache: "npm" - run: nix develop -c rainix-sol-prelude working-directory: lib/rain.interpreter @@ -56,7 +61,7 @@ jobs: - run: nix develop -c rainix-sol-prelude - run: nix develop -c rainix-rs-prelude - run: nix develop -c raindex-prelude - + - name: Test JS/TS Binding 1/2 run: nix develop -c rainix-wasm-test @@ -88,7 +93,7 @@ jobs: # Push the commit to remote - name: Push Changes To Remote - run: | + run: | git push origin git push -u origin ${{ env.NEW_VERSION }} env: @@ -118,4 +123,4 @@ jobs: name: Package Release ${{ env.NEW_VERSION }} files: orderbook_npm_package_${{ env.NEW_VERSION }}.tgz env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/manual-rs-release.yml b/.github/workflows/manual-rs-release.yml index a5192653d..bfd080c96 100644 --- a/.github/workflows/manual-rs-release.yml +++ b/.github/workflows/manual-rs-release.yml @@ -4,13 +4,18 @@ on: [workflow_dispatch] jobs: release: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - uses: actions/checkout@v4 with: fetch-depth: 0 submodules: recursive - - uses: DeterminateSystems/nix-installer-action@v4 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + - uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - - run: nix develop --command cargo release --workspace \ No newline at end of file + - run: nix develop --command cargo release --workspace diff --git a/.github/workflows/manual-sol-artifacts.yaml b/.github/workflows/manual-sol-artifacts.yaml index ca9cc220a..4d8f61581 100644 --- a/.github/workflows/manual-sol-artifacts.yaml +++ b/.github/workflows/manual-sol-artifacts.yaml @@ -3,7 +3,7 @@ on: workflow_dispatch: inputs: network: - description: 'Network to deploy to' + description: "Network to deploy to" required: true type: choice options: @@ -23,7 +23,7 @@ on: - matchain suite: - description: 'Suite to deploy' + description: "Suite to deploy" required: true type: choice options: @@ -36,6 +36,9 @@ on: jobs: deploy: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read steps: - run: | network=${{ inputs.network }} @@ -54,7 +57,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: nix develop -c rainix-sol-prelude - run: nix develop -c rainix-rs-prelude @@ -64,7 +69,7 @@ jobs: run: nix develop -c rainix-sol-artifacts env: DEPLOYMENT_SUITE: ${{ inputs.suite }} - DEPLOY_BROADCAST: '1' + DEPLOY_BROADCAST: "1" DEPLOYMENT_KEY: ${{ github.ref == 'refs/heads/main' && secrets.PRIVATE_KEY || secrets.PRIVATE_KEY_DEV }} ETH_RPC_URL: ${{ secrets[env.rpc_secret_name] || vars[env.rpc_secret_name] || '' }} ETHERSCAN_API_KEY: ${{ secrets[env.etherscan_api_key_secret_name] || vars[env.etherscan_api_key_secret_name] || ''}} @@ -73,4 +78,4 @@ jobs: DEPLOY_VERIFIER_URL: ${{ secrets[env.verifier_url_secret_name] || vars[env.verifier_url_secret_name] || '' }} DEPLOY_METABOARD_ADDRESS: ${{ secrets[env.metaboard_address_secret_name] || vars[env.metaboard_address_secret_name] || '' }} DEPLOY_ROUTE_PROCESSOR_4_ADDRESS: ${{ secrets[env.route_processor_4_address_secret_name] || vars[env.route_processor_4_address_secret_name] || '' }} - DEPLOY_RAINDEX_ADDRESS: ${{ secrets[env.raindex_address_secret_name] || vars[env.raindex_address_secret_name] || '' }} \ No newline at end of file + DEPLOY_RAINDEX_ADDRESS: ${{ secrets[env.raindex_address_secret_name] || vars[env.raindex_address_secret_name] || '' }} diff --git a/.github/workflows/rainix.yaml b/.github/workflows/rainix.yaml index 003160060..f92d308c4 100644 --- a/.github/workflows/rainix.yaml +++ b/.github/workflows/rainix.yaml @@ -7,6 +7,9 @@ concurrency: jobs: standard-tests: + permissions: + id-token: write + contents: read strategy: matrix: os: [ubuntu-latest, macos-latest] @@ -76,8 +79,10 @@ jobs: df -h - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v4 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./pointers.sh diff --git a/.github/workflows/tauri-release.yml b/.github/workflows/tauri-release.yml index a84fcc80c..3d4cdaa8d 100644 --- a/.github/workflows/tauri-release.yml +++ b/.github/workflows/tauri-release.yml @@ -9,6 +9,7 @@ on: jobs: publish-tauri: permissions: + id-token: write contents: write strategy: fail-fast: false @@ -62,8 +63,10 @@ jobs: submodules: recursive fetch-depth: 0 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v4 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./prep-all.sh env: diff --git a/.github/workflows/tauri.yaml b/.github/workflows/tauri.yaml index 0ec52c345..e65bcc63f 100644 --- a/.github/workflows/tauri.yaml +++ b/.github/workflows/tauri.yaml @@ -7,6 +7,9 @@ concurrency: jobs: build-tauri: + permissions: + id-token: write + contents: read strategy: fail-fast: ${{ github.ref != 'refs/heads/main' }} matrix: @@ -61,8 +64,10 @@ jobs: submodules: recursive fetch-depth: 0 - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v4 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./prep-all.sh env: diff --git a/.github/workflows/test-subgraph.yml b/.github/workflows/test-subgraph.yml index 577e4cff4..94010b798 100644 --- a/.github/workflows/test-subgraph.yml +++ b/.github/workflows/test-subgraph.yml @@ -7,6 +7,9 @@ concurrency: jobs: test: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest steps: @@ -17,8 +20,10 @@ jobs: submodules: recursive - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v4 - - uses: DeterminateSystems/magic-nix-cache-action@v2 + uses: DeterminateSystems/nix-installer-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - name: Build subgraph run: nix develop -c subgraph-build diff --git a/.github/workflows/test-ui-components.yaml b/.github/workflows/test-ui-components.yaml index ed78f1f04..621ec669b 100644 --- a/.github/workflows/test-ui-components.yaml +++ b/.github/workflows/test-ui-components.yaml @@ -7,6 +7,9 @@ concurrency: jobs: test: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest env: COMMIT_SHA: ${{ github.sha }} @@ -17,7 +20,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./prep-all.sh env: diff --git a/.github/workflows/test-webapp.yaml b/.github/workflows/test-webapp.yaml index 013e8f5f3..19d9b13b7 100644 --- a/.github/workflows/test-webapp.yaml +++ b/.github/workflows/test-webapp.yaml @@ -7,6 +7,9 @@ concurrency: jobs: test: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest env: COMMIT_SHA: ${{ github.sha }} @@ -17,7 +20,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./prep-all.sh env: diff --git a/.github/workflows/vercel-preview.yaml b/.github/workflows/vercel-preview.yaml index f329c304a..2b2bf294d 100644 --- a/.github/workflows/vercel-preview.yaml +++ b/.github/workflows/vercel-preview.yaml @@ -13,6 +13,9 @@ concurrency: jobs: Deploy-Preview: runs-on: ubuntu-latest + permissions: + id-token: write + contents: read env: COMMIT_SHA: ${{ github.sha }} steps: @@ -22,7 +25,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./prep-all.sh env: diff --git a/.github/workflows/vercel-prod.yaml b/.github/workflows/vercel-prod.yaml index f8cf878ab..c2cc88e12 100644 --- a/.github/workflows/vercel-prod.yaml +++ b/.github/workflows/vercel-prod.yaml @@ -8,6 +8,9 @@ on: - main jobs: Deploy-Preview: + permissions: + id-token: write + contents: read runs-on: ubuntu-latest env: COMMIT_SHA: ${{ github.sha }} @@ -18,7 +21,9 @@ jobs: fetch-depth: 0 - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + with: + determinate: true + - uses: DeterminateSystems/flakehub-cache-action@main - run: ./prep-all.sh env: