Skip to content

Verifiable Release

Verifiable Release #6

name: Verifiable Release
on:
push:
tags:
['v*']
env:
APP_NAME: 'openbook_v2'
SOLANA_VERSION: '1.16.1'
ANCHOR_VERSION: '0.28.0'
jobs:
build:
name: Verifiable Release Artifacts
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: Cache dependencies
uses: Swatinem/rust-cache@v2
- name: Setup Anchor
run: |
cargo install --git https://github.com/coral-xyz/anchor --rev 4e5280be46d859ba1c57fabe4c3916bec742fd69 anchor-cli --locked --force
- name: Verifiable Build
run: |
anchor build --verifiable --docker-image backpackapp/build:v${{ env.ANCHOR_VERSION }} --solana-version ${{ env.SOLANA_VERSION }} -- --features enable-gpl
- name: Generate Checksum
run: |
echo "CHECKSUM=$(sha256sum ./target/verifiable/${{ env.APP_NAME }}.so | head -c 64)" >> $GITHUB_ENV
mv ./target/verifiable/${{ env.APP_NAME }}.so ./target/verifiable/${{ env.APP_NAME }}-${{ github.ref_name }}.so
# Complete supply chain inventory used for release
- name: Generate SBOM
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'cyclonedx'
output: '${{ env.APP_NAME }}-${{ github.ref_name }}-sbom.json'
- name: Update Release
id: create_release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ github.ref_name }}
name: ${{ github.ref_name }}
body: |
OpenBook V2 release: ${{ github.ref_name }}
Build sha256: ${{ env.CHECKSUM }}
GitHub commit: ${{ github.sha }}
files: |
./target/verifiable/${{ env.APP_NAME }}-${{ github.ref_name }}.so
./${{ env.APP_NAME }}-${{ github.ref_name }}-sbom.json