Skip to content

fix(ci): unblock builds with solana-signature 3.4.1 and anchor 1.0.2#606

Open
dev-jodee wants to merge 8 commits into
mainfrom
fix/ci-five8-anchor
Open

fix(ci): unblock builds with solana-signature 3.4.1 and anchor 1.0.2#606
dev-jodee wants to merge 8 commits into
mainfrom
fix/ci-five8-anchor

Conversation

@dev-jodee

@dev-jodee dev-jodee commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Why CI on main is red

Two independent upstream-driven breakages, both from major releases pulled by loose version pins.

1. Native / ASM / Pinocchio — five8 1.0.0 breaks solana-signature 3.3.0

cargo test (host build) fails to compile:

error[E0277]: the trait bound `DecodeError: std::error::Error` is not satisfied
  five8::decode_64(s, &mut buf).map_err(SignatureError::from_source)?;
  • solana-signature 3.3.0 enters via the litesvm dev-dependency and declares five8 = "1.0.0".
  • five8 1.0.0 is #![no_std] and dropped the Error impl on DecodeError that 3.3.0's from_source requires → broken release.
  • The committed Cargo.lock pinned solana-signature 3.3.0, so CI stayed on the broken combo.

Fix: pin the lockfile to solana-signature 3.4.1 (fixes the usage; still uses five8 1.0.0). Compile-verified locally — the full litesvm/solana-svm stack builds and the DecodeError error is gone.

2. Anchor — CLI / lib version mismatch

Error: anchor-cli 1.0.0 (resolved from anchor-lang dep ...) is not installed.
  • Programs were split across anchor-lang 1.0.0-rc.5 (35 files) and 1.0.0 (15 files) after the rc migration + a dependabot bump.
  • The workflow still installed anchor-cli 0.32.1, so anchor build's exact CLI/lib match failed for every project.

Fix: standardize all 50 programs (anchor-lang + anchor-spl) and anchor.yml on anchor 1.0.2 (latest stable); drop the now-stale "pin to RC" comments. Lock resolves cleanly to anchor 1.0.2 with no conflicts; manifests TOML-validated. anchor build itself will be confirmed by CI here.

Changes

  • Cargo.lock: solana-signature 3.3.0 → 3.4.1, anchor-lang/anchor-* 1.0.0 → 1.0.2
  • 50 anchor Cargo.toml: anchor-lang/anchor-spl1.0.2
  • .github/workflows/anchor.yml: anchor-version 0.32.1 → 1.0.2

@dev-jodee
fix(ci): unblock builds with solana-signature 3.4.1 and anchor 1.0.2
d3e80b9 
Native/ASM/Pinocchio: solana-signature 3.3.0 (pulled via the litesvm
dev-dependency) depends on five8 1.0.0, which is no_std and dropped the
std::error::Error impl on DecodeError that 3.3.0's from_source requires,
so the host test build fails to compile. Pin the lockfile to
solana-signature 3.4.1, which fixes that usage.

Anchor: programs were split across anchor-lang 1.0.0-rc.5 and 1.0.0 while
the workflow still installed anchor-cli 0.32.1, so anchor build's
CLI/lib version check failed for every project. Standardize all programs
and the workflow on anchor 1.0.2.
@greptile-apps

greptile-apps Bot commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown

Greptile Summary

This PR unblocks CI by addressing two independent upstream breakages: pinning solana-signature to 3.4.1 (resolving the five8 1.0.0 / DecodeError: std::error::Error compile failure) and standardizing all 50 Anchor programs plus the workflow on anchor 1.0.2.

  • Cargo.lock / 50 Cargo.tomls: solana-signature 3.3.0 → 3.4.1; anchor-lang/anchor-spl unified at 1.0.2 (previously split across 1.0.0-rc.5, 1.0.0, and 1.0.2); sub-workspace lock files (tokens/nft-operations, tokens/token-fundraiser) regenerated to match.
  • .github/workflows/anchor.yml: bumps anchor-cli to 1.0.2, adds --ignore-keys to anchor build with a 3-attempt retry loop, inserts anchor keys sync to align ephemeral program IDs before testing, switches to --validator legacy for the legacy test-validator not present in CI, and adds CARGO_NET_RETRY/sparse-protocol env vars to reduce transient crate-fetch flakes.
  • basics/cross-program-invocation/anchor: commits program keypairs, updates declare_id!, Anchor.toml, and idls/lever.json to matching stable addresses so local development is consistent.

Confidence Score: 5/5

Safe to merge — changes are mechanical version bumps across 50 Cargo.toml files plus targeted CI workflow fixes with well-scoped blast radius.

All anchor-lang/anchor-spl declarations converge on 1.0.2, Cargo.lock checksums are consistent, and the two sub-workspace lock files are regenerated. The workflow additions (--ignore-keys, retry loop, keys sync, --validator legacy) directly address the stated Anchor 1.0 CLI/lib mismatch. No logic regressions were found; the only outstanding item is a cosmetic log message on the final retry attempt.

.github/workflows/anchor.yml is the most logic-dense file; the anchor keys sync call (line 164) still lacks error handling, but this was raised in a prior review thread.

Important Files Changed

Filename Overview
.github/workflows/anchor.yml Upgrades anchor-cli to 1.0.2, adds build retry loop with --ignore-keys, anchor keys sync call (no error handling), --validator legacy flag, and cargo network hardening env vars.
Cargo.lock Pins solana-signature 3.3.0 → 3.4.1 and bumps all anchor-* crates 1.0.0 → 1.0.2 with updated checksums.
basics/cross-program-invocation/anchor/target/deploy/hand-keypair.json Adds 64-byte ed25519 program keypair inside target/ (covered by .gitignore); enables stable local program IDs but models unsafe practice for learners.
tokens/nft-operations/anchor/Cargo.lock Sub-workspace lock file regenerated from 1.0.0-rc.5 to 1.0.2, consistent with the Cargo.toml bump.
tokens/token-fundraiser/anchor/Cargo.lock Sub-workspace lock file regenerated from 1.0.0-rc.5 to 1.0.2, consistent with the Cargo.toml bump.
basics/cross-program-invocation/anchor/idls/lever.json Updates the committed lever IDL address to match the newly generated stable program keypair (A6GUsa5E...).

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant GH as GitHub Actions
    participant AC as anchor CLI 1.0.2
    participant Cargo as Cargo (RETRY=10)
    participant Val as legacy validator

    GH->>AC: anchor build --ignore-keys (attempt 1..3)
    AC->>Cargo: fetch crates (sparse protocol)
    Cargo-->>AC: compiled .so + ephemeral keypairs
    AC-->>GH: "build_ok=true"

    GH->>AC: anchor keys sync
    AC-->>GH: declare_id! + Anchor.toml updated to ephemeral IDs

    GH->>Val: anchor test --validator legacy
    Val->>AC: (re)build with synced IDs
    AC-->>Val: deploy programs
    Val-->>GH: test results
Loading 
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant GH as GitHub Actions
    participant AC as anchor CLI 1.0.2
    participant Cargo as Cargo (RETRY=10)
    participant Val as legacy validator

    GH->>AC: anchor build --ignore-keys (attempt 1..3)
    AC->>Cargo: fetch crates (sparse protocol)
    Cargo-->>AC: compiled .so + ephemeral keypairs
    AC-->>GH: "build_ok=true"

    GH->>AC: anchor keys sync
    AC-->>GH: declare_id! + Anchor.toml updated to ephemeral IDs

    GH->>Val: anchor test --validator legacy
    Val->>AC: (re)build with synced IDs
    AC-->>Val: deploy programs
    Val-->>GH: test results
Loading

Reviews (8): Last reviewed commit: "style(ci): format committed keypair JSON..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed Jun 23, 2026
View reviewed changes
Comment thread tokens/nft-operations/anchor/programs/mint-nft/Cargo.toml
dev-jodee added 2 commits June 23, 2026 15:52
@dev-jodee
fix(ci): anchor build --ignore-keys, sync keys, legacy validator
2a6fe69 
Anchor 1.0 added a build-time check that declare_id! matches the program
keypair, and defaults anchor test to surfpool. No keypairs are committed
(CI generates ephemeral ones) and surfpool isn't installed, so both fail.
Build with --ignore-keys, run anchor keys sync to align declare_id!,
Anchor.toml and the IDL with the ephemeral keypair, and test against the
legacy solana-test-validator.
@dev-jodee
fix(ci): sync anchor sub-workspace lockfiles to anchor-lang 1.0.2
00f90c3 
token-fundraiser and nft-operations each have their own [workspace] and a
committed Cargo.lock that still pinned anchor-lang 1.0.0-rc.5. Regenerate
the anchor crate entries so the locks match the bumped manifests.
greptile-apps[bot]
greptile-apps Bot reviewed Jun 23, 2026
View reviewed changes
Comment thread .github/workflows/anchor.yml Outdated
dev-jodee added 4 commits June 23, 2026 16:24
@dev-jodee
fix(ci): clean+rebuild after keys sync so CPI IDLs carry synced address
be7cefa 
The cross-program-invocation example failed with AccountOwnedByWrongProgram:
hand uses declare_program!(lever), which bakes lever's IDL address into hand
at build time. anchor keys sync updates declare_id!/Anchor.toml but not the
IDLs, and a plain rebuild doesn't recompile hand (cargo can't see the IDL
proc-macro read as a file dependency). Run anchor clean (keeps keypairs)
before the rebuild, and anchor test --skip-build to deploy the synced
artifacts without rebuilding.
@dev-jodee
fix(ci): commit stable keypairs for cross-program-invocation example
d534244 
The two-program CPI example failed under ephemeral CI keys: hand uses
declare_program!(lever), baking lever's IDL address into hand at build
time. With keys regenerated/synced each run, hand's baked lever id drifted
from the deployed lever, so the power account failed hand's owner check
(AccountOwnedByWrongProgram). Commit fixed hand/lever keypairs (force-added
past the gitignored target/) and set declare_id!/Anchor.toml to match, so
the program ids are stable and consistent across build, IDL and deploy.

Reverts the clean/double-build/--skip-build workaround added earlier; the
committed keypairs fix the CPI case directly, so the simpler
build --ignore-keys -> keys sync -> test --validator legacy flow is enough.
@dev-jodee
fix(ci): update committed lever IDL address for CPI example
b727c3f 
declare_program!(lever) in hand reads basics/cross-program-invocation/anchor/idls/lever.json
at compile time, which still pinned the old lever id (E64F...). That baked
id never matched the deployed lever, so the power account failed hand's
owner check (AccountOwnedByWrongProgram). Point the committed IDL at the new
committed lever keypair so declare_id!, keypair, Anchor.toml and idls/lever.json all agree.
@dev-jodee
fix(ci): harden anchor build against transient crates.io index flakes
4d3e7cc 
cargo build-sbf intermittently fails its cargo metadata step with
'failed to get <crate> as a dependency' while updating the crates.io index,
flaking a random project each run. Force the sparse registry protocol, raise
CARGO_NET_RETRY, and retry anchor build up to 3 times.
greptile-apps[bot]
greptile-apps Bot reviewed Jun 23, 2026
View reviewed changes
Comment thread basics/cross-program-invocation/anchor/target/deploy/hand-keypair.json Outdated
@dev-jodee
style(ci): format committed keypair JSON for biome
a6e5ec6 
The repo's biome check lints all tracked files; the new committed program
keypairs need biome's JSON formatting. Whitespace-only — byte arrays and
derived pubkeys unchanged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dev-jodee