test(chunked): update tag-mapping tests for the 0x15/0x16 STARK tags #144
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| merge_group: | |
| # Lock the workflow to read-only by default. Individual jobs can | |
| # escalate via their own `permissions:` block when they actually need | |
| # write access — none of the current jobs do. | |
| permissions: | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| RUSTFLAGS: -D warnings | |
| jobs: | |
| docs-changes: | |
| name: docs changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| typo-check: ${{ steps.filter.outputs.typo-check }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Pinned to v3.0.2 commit (SHA verified via | |
| # `gh api repos/dorny/paths-filter/git/ref/tags/v3.0.2`). | |
| # Audit firms expect SHA pins for every third-party action | |
| # under the `audit-first` posture documented in SECURITY.md. | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| filters: | | |
| typo-check: | |
| - "**/*.md" | |
| - "docs/**" | |
| - "typos.toml" | |
| - ".github/workflows/ci.yml" | |
| typo-check: | |
| name: typos | |
| runs-on: ubuntu-latest | |
| needs: docs-changes | |
| if: github.event_name != 'pull_request' || needs.docs-changes.outputs.typo-check == 'true' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Pinned to v1.46.0 commit (SHA verified via | |
| # `gh api repos/crate-ci/typos/git/ref/tags/v1.46.0`). | |
| - uses: crate-ci/typos@6ac2ebd1b93eade61faf7e12688ad87a073fea59 # v1.46.0 | |
| fmt: | |
| name: rustfmt | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt | |
| - run: cargo fmt --all --check | |
| clippy: | |
| name: clippy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - uses: Swatinem/rust-cache@v2 | |
| # Layered clippy policy (see docs/lint-policy.md): | |
| # - correctness + suspicious → hard deny (real bugs). | |
| # - todo / unimplemented / panic-paths → hard deny (consensus risk). | |
| # - pedantic + nursery + cargo → warn at workspace level, visible in | |
| # the log but do NOT fail CI. Audit firms can read the lint log to | |
| # see what's suppressed and why. | |
| # | |
| # The blanket `-D warnings` would promote pedantic noise to error; | |
| # we deliberately list only the deny categories we actually want | |
| # to fail on. | |
| - run: | | |
| cargo clippy --workspace --all-features --all-targets -- \ | |
| -D clippy::correctness \ | |
| -D clippy::suspicious \ | |
| -D clippy::todo \ | |
| -D clippy::unimplemented | |
| test-host: | |
| name: tests (host) | |
| runs-on: ubuntu-latest | |
| env: | |
| # Needed by crates/mosaic-program/tests/verify_proof_sbf.rs; when | |
| # the SBF artifact is missing the test self-skips, so this env var | |
| # is only load-bearing in the test-sbf job below. | |
| BPF_OUT_DIR: ${{ github.workspace }}/target/deploy | |
| SBF_OUT_DIR: ${{ github.workspace }}/target/deploy | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo test --workspace --all-features | |
| test-sbf: | |
| name: tests (SBF integration) | |
| runs-on: ubuntu-latest | |
| needs: build-sbf | |
| env: | |
| BPF_OUT_DIR: ${{ github.workspace }}/target/deploy | |
| SBF_OUT_DIR: ${{ github.workspace }}/target/deploy | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Install Solana CLI | |
| run: | | |
| sh -c "$(curl -sSfL https://release.anza.xyz/v3.0.15/install)" | |
| echo "$HOME/.local/share/solana/install/active_release/bin" >> "$GITHUB_PATH" | |
| - name: Build SBF program | |
| run: cargo build-sbf --tools-version v1.52 --manifest-path crates/mosaic-program/Cargo.toml | |
| - name: Run SBF integration tests | |
| # verify_proof_sbf: 17 dispatch-arm tests (every ProofSystemId + | |
| # compressed path). cross_validator_determinism: 4 tests proving | |
| # identical verdict + CU across alt_bn128 FeatureSet personas | |
| # (T-5, issue #70). Both self-skip when the .so is absent; here | |
| # the build step above guarantees it exists, so they run for real. | |
| run: | | |
| cargo test -p mosaic-program --test verify_proof_sbf | |
| cargo test -p mosaic-program --test cross_validator_determinism | |
| cargo test -p mosaic-program --test chunked_handlers | |
| cargo test -p mosaic-program --test chunked_stark | |
| lock-guard: | |
| name: lockfile guard (SBF-critical pins) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # borsh 1.6.x's vec_from_reader (de/mod.rs:164) panics on the SBF | |
| # runtime — the program dies at ~1900 CU before any verification. | |
| # The whole SBF test + bench surface depends on borsh staying 1.5.x. | |
| # This guard fails loudly if a `cargo update` ever drifts it back. | |
| # See issue #88. | |
| - name: borsh must stay <1.6 (issue #88) | |
| run: | | |
| # The lock carries two borsh majors: a legacy 0.x (harmless, | |
| # pulled by an old solana crate) and the 1.x the mosaic program | |
| # actually serializes with. Check every 1.x entry is 1.5.x. | |
| vers="$(awk '/^name = "borsh"$/{getline; gsub(/version = "|"/,""); print}' Cargo.lock)" | |
| echo "borsh versions in Cargo.lock: $vers" | |
| bad=0; have_15=0 | |
| for v in $vers; do | |
| case "$v" in | |
| 1.5.*) have_15=1 ;; | |
| 1.*) echo "::error::borsh $v panics on the SBF runtime (issue #88) — pin to 1.5.x in Cargo.lock"; bad=1 ;; | |
| *) ;; # 0.x legacy line, irrelevant to SBF | |
| esac | |
| done | |
| if [ "$have_15" -ne 1 ]; then | |
| echo "::error::no borsh 1.5.x in Cargo.lock — the mosaic program needs the SBF-compatible 1.5.x line"; bad=1 | |
| fi | |
| exit $bad | |
| build-sbf: | |
| name: build-sbf | |
| runs-on: ubuntu-latest | |
| needs: lock-guard | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install Solana CLI | |
| run: | | |
| sh -c "$(curl -sSfL https://release.anza.xyz/v3.0.15/install)" | |
| echo "$HOME/.local/share/solana/install/active_release/bin" >> "$GITHUB_PATH" | |
| # platform-tools v1.52 ships rustc 1.89.0-dev; needed because some | |
| # transitive deps (constant_time_eq 0.4.x via blake3) require | |
| # edition2024, which the v1.51 default (rustc 1.84) cannot parse. | |
| # v1.52 also emits sBPF the solana-program-test 0.11.1 VM runs | |
| # correctly — newer tools (v1.54) mis-execute on that VM. | |
| - run: cargo build-sbf --tools-version v1.52 --manifest-path crates/mosaic-program/Cargo.toml | |
| - name: Verify SBF artifact | |
| run: | | |
| test -f target/deploy/mosaic_program.so | |
| file target/deploy/mosaic_program.so | grep -q "ELF 64-bit LSB" | |
| doc: | |
| name: rustdoc | |
| runs-on: ubuntu-latest | |
| env: | |
| RUSTDOCFLAGS: -D warnings --cfg docsrs | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@nightly | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo +nightly doc --workspace --no-deps --all-features | |
| msrv: | |
| name: msrv | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@1.85.0 | |
| - uses: Swatinem/rust-cache@v2 | |
| - run: cargo check --workspace --all-features |