[MTG-237] ci cd

.cargo/audit.toml

@@ -0,0 +1,10 @@
+[advisories]
+# Ignore unfixable vulnerabilities for now. In new solana version
+#  it will be fixed.
+ignore = ["RUSTSEC-2024-0344", "RUSTSEC-2022-0093"]
+
+[output]
+deny = [] # exit on error if unmaintained dependencies are found
+format = "terminal" # "terminal" (human-readable report) or "json"
+quiet = true # Only print information on error
+show_tree = true # Show inverse dependency trees along with advisories (default: true)

.github/workflows/ci-cargo-audit.yml

@@ -0,0 +1,40 @@
+name: Cargo Audit
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+  # Allowing manual runs with ability to choose branch
+  workflow_dispatch:
+
+  # Optimisation option by targeting direct paths to only scan when there are changes to dependencies in the push/PR
+  #  push:
+  #    paths:
+  #      - 'Cargo.toml'
+  #      - 'Cargo.lock'
+  #  pull_request:
+  #    paths:
+  #      - 'Cargo.toml'
+  #      - 'Cargo.lock'
+
+  # Example of running scheduled scans at 6AM UTC every Monday to regularly check for vulnerable dependencies
+  #  schedule:
+  #  - cron: '0 6 * * 1'
+
+jobs:
+  Cargo-audit:
+    name: Cargo Vulnerability Scanner
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Cargo Audit
+        uses: actions-rs/[email protected]
+        with:
+          crate: cargo-audit
+          version: latest
+
+      - name: Run Cargo Audit
+        run: cargo audit -c always

.github/workflows/ci-lint-test.yml

@@ -0,0 +1,76 @@
+name: Lint and Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+  SOLANA_VERSION: "1.18.9"
+  RUST_TOOLCHAIN: "1.78.0"
+
+defaults:
+  run:
+    working-directory: ./
+
+jobs:
+  lint:
+    name: Linter
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust nightly
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
+          components: rustfmt, clippy
+          cache: true
+
+      - name: Run fmt
+        run: cargo fmt -- --check
+
+      - name: Run clippy
+        run: cargo clippy --all-targets --all-features --workspace --exclude rewards -- -D warnings
+
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Linux dependencies
+        run: sudo apt-get update && sudo apt-get install -y pkg-config build-essential libudev-dev
+
+      - name: Install Rust nightly
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: ${{ env.RUST_TOOLCHAIN }}
+          cache: true
+
+      - name: Cache Solana binaries
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/solana
+          key: ${{ runner.os }}-${{ env.RUST_TOOLCHAIN }}
+
+      - name: Install Solana
+        run: |
+          sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
+          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
+          export PATH="$HOME/.local/share/solana/install/active_release/bin:$PATH"
+          solana --version
+          echo "Generating keypair..."
+          solana-keygen new -o "$HOME/.config/solana/id.json" --no-passphrase --silent
+
+      - name: Switch toolchain
+        run: |
+          rustup override set ${{ env.RUST_TOOLCHAIN }}
+          solana-install init ${{ env.SOLANA_VERSION }}
+
+      - name: Run tests
+        run: cargo test-bpf

README.md

@@ -0,0 +1,18 @@
+# Development Setup
+
+## Rust
+* Built and developed using - Rust stable(`rustc 1.78.0`) or higher.
+* If you are working on both `staking` and `rewards` contracts use: </br>
+  `rustup override set <toolchain>` to get rid of manual version switching.
+
+## Solana
+* Built and developed using - Solana version `1.18.9` or higher.
+* To switch Solana version use - `solana-install init <VERSION>`.
+
+## Build and Test
+* To build contract use `cargo build-bpf`.
+* Run Rust based tests use - `cargo test-bpf`.
+
+## Formating and Linting
+* Run `cargo clippy --all-targets --all-features --workspace -- -D warnings` before pushing your changes.
+* Run `cargo +nightly fmt` before pushing your changes.

clients/rust/tests/create.rs

@@ -1,12 +1,7 @@
 #![cfg(feature = "test-sbf")]
 
-use borsh::BorshDeserialize;
 // use rewards::{accounts::MyAccount, instructions::CreateBuilder};
-use solana_program_test::{tokio, ProgramTest};
-use solana_sdk::{
-    signature::{Keypair, Signer},
-    transaction::Transaction,
-};
+use solana_program_test::tokio;
 
 #[tokio::test]
 async fn create() {
@@ -16,7 +11,7 @@ async fn create() {
 
     // Given a new keypair.
 
-    let address = Keypair::new();
+    // let address = Keypair::new();
 
     // let ix = CreateBuilder::new()
     //     .address(address.pubkey())

programs/rewards/src/instructions/initialize_pool.rs

@@ -61,7 +61,7 @@ impl<'a, 'b> InitializePoolContext<'a, 'b> {
         assert_uninitialized(self.reward_vault)?;
 
         let (reward_pool_pubkey, pool_bump) =
-            find_reward_pool_program_address(program_id, &self.deposit_authority.key);
+            find_reward_pool_program_address(program_id, self.deposit_authority.key);
         assert_account_key(self.reward_pool, &reward_pool_pubkey)?;
 
         let reward_pool_seeds = &[

programs/rewards/tests/rewards/utils.rs

@@ -280,7 +280,7 @@ impl TestRewards {
                 &self.reward_pool,
             )],
             Some(&context.payer.pubkey()),
-            &[&context.payer, &self.deposit_authority, &mining_owner],
+            &[&context.payer, &self.deposit_authority, mining_owner],
             context.last_blockhash,
         );