fix(ci): unblock builds with solana-signature 3.4.1 and anchor 1.0.2#606
Merged
Conversation
Greptile SummaryThis PR unblocks two independent CI breakages: it bumps
Confidence Score: 5/5Safe to merge — the changes are purely version pins and workflow fixes that unblock a broken main branch with no functional logic changes. All changes are mechanical version bumps (solana-signature 3.4.1, anchor 1.0.2) and CI workflow hardening. The Cargo.lock changes are consistent with the declared Cargo.toml versions, both sub-workspace lock files were regenerated, and the workflow logic is straightforward retry/flag plumbing. No application logic is altered. No files require special attention beyond the already-noted anchor.yml retry loop cosmetics. Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[CI Trigger] --> B{anchor.yml}
B --> C[pnpm install --frozen-lockfile]
C --> D{anchor build --ignore-keys\nattempt 1..3}
D -->|success| E[anchor keys sync]
D -->|all 3 fail| F[❌ build failed\nlog + exit 1]
E --> G[anchor test --validator legacy]
G -->|pass| H[✅ cleanup target/ node_modules/]
G -->|fail| I[❌ test failed\nlog + exit 1]
subgraph Cargo fix
J[solana-signature 3.3.0] -->|five8 1.0.0 breaks DecodeError| K[❌ compile error]
L[solana-signature 3.4.1] -->|fixes Error impl| M[✅ compiles]
end
subgraph Anchor fix
N[anchor-lang mixed\n1.0.0-rc.5 + 1.0.0] -->|CLI/lib mismatch| O[❌ anchor build fails]
P[anchor-lang 1.0.2\nuniform across 50 programs] --> Q[✅ CLI matches lib]
end
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
A[CI Trigger] --> B{anchor.yml}
B --> C[pnpm install --frozen-lockfile]
C --> D{anchor build --ignore-keys\nattempt 1..3}
D -->|success| E[anchor keys sync]
D -->|all 3 fail| F[❌ build failed\nlog + exit 1]
E --> G[anchor test --validator legacy]
G -->|pass| H[✅ cleanup target/ node_modules/]
G -->|fail| I[❌ test failed\nlog + exit 1]
subgraph Cargo fix
J[solana-signature 3.3.0] -->|five8 1.0.0 breaks DecodeError| K[❌ compile error]
L[solana-signature 3.4.1] -->|fixes Error impl| M[✅ compiles]
end
subgraph Anchor fix
N[anchor-lang mixed\n1.0.0-rc.5 + 1.0.0] -->|CLI/lib mismatch| O[❌ anchor build fails]
P[anchor-lang 1.0.2\nuniform across 50 programs] --> Q[✅ CLI matches lib]
end
Reviews (14): Last reviewed commit: "fix(ci): repair main CI (five8/wincode, ..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Main was red across the Native, ASM, Pinocchio and Anchor workflows. Native/Pinocchio/ASM dependency builds: - solana-signature 3.3.0 (via the litesvm dev-dependency) pulled five8 1.0.0, which is no_std and dropped DecodeError's Error impl, so host test builds failed to compile. Pin the lockfile to solana-signature 3.4.1. - 3.4.1 moved wincode to 0.5.x while solana-hash 4.2.0, solana-message 4.0.0 and solana-transaction 4.0.0 stayed on 0.4.x, splitting the graph across two wincode versions. Bump those three (4.4.0 / 4.1.0 / 4.1.0) so the graph resolves a single wincode 0.5.3. Anchor: - Programs were split across anchor-lang 1.0.0-rc.5 and 1.0.0 while the workflow installed anchor-cli 0.32.1. Standardize all programs and the workflow on anchor 1.0.2, and sync the two committed sub-workspace locks. - Build with --ignore-keys and run anchor keys sync for the ephemeral keypairs CI generates; run anchor test with --validator legacy since surfpool (the Anchor 1.0 default) is not installed. - cross-program-invocation: declare_program!(lever) bakes lever's IDL address into hand at build time, so ephemeral keys broke the CPI owner check. Commit stable hand/lever keypairs and align declare_id!, Anchor.toml and idls/lever.json. ASM: - Pin pnpm to 10.33.0 (unpinned latest fails CI with ERR_PNPM_IGNORED_BUILDS) and mark bufferutil/utf-8-validate as ignoredBuiltDependencies. CI hardening: - Force the sparse registry protocol, raise CARGO_NET_RETRY and retry anchor build to ride out transient crates.io index fetch failures. - Trigger the native/pinocchio/asm workflows on root Cargo.lock/Cargo.toml changes so dependency bumps actually exercise them (this gap is why the dependabot solana-* bumps broke main without being caught). Ignore basics/favorites/native: pre-existing failure where bankrun's runtime rejects an instruction the current build-sbf toolchain emits; tracked for a bankrun -> litesvm test migration.
dev-jodee
force-pushed
the
fix/ci-five8-anchor
branch
from
1e24ef4 to
17cb3ff
Compare
amilz
approved these changes
Jun 24, 2026
dev-jodee
added a commit
that referenced
this pull request
Jun 24, 2026
* chore(ci): drop redundant pnpm config from asm projects The pnpm 10.33.0 pin in the asm workflow is what fixes the ERR_PNPM_IGNORED_BUILDS failure (pinned pnpm treats ignored build scripts as a warning, not a hard error). The per-project pnpm.ignoredBuiltDependencies blocks only silenced the warning and did not fix CI, so remove them. * ci(anchor): drop anchor build retry loop The sparse registry protocol (CARGO_REGISTRIES_CRATES_IO_PROTOCOL) plus CARGO_NET_RETRY handle the transient crates.io index fetch failures at the cargo level, so the explicit 3x anchor build retry loop is redundant. * ci(anchor): drop redundant explicit anchor keys sync anchor test syncs program ids to the ephemeral keypair itself before building and deploying, so the separate anchor keys sync step is redundant. * refactor(anchor): stage cpi keypairs via pre_build hook The cross-program-invocation example needs stable hand/lever program ids (declare_program! bakes the lever address into hand). They were force-added into the gitignored target/deploy. Move them to a tracked keypairs/ dir and stage them into target/deploy with an Anchor.toml pre_build hook, so the ids stay stable without committing into an ignored path. * ci(anchor): verify cpi keypairs match Anchor.toml in pre_build The global anchor build --ignore-keys skips the keypair/declare_id check, so a drifted or missing committed keypair would only surface at test time. Have the pre_build hook assert each staged keypair's pubkey appears in Anchor.toml and fail the build loudly otherwise. * docs(ci): note anchor 1.0.x key-sync assumption in anchor test The reliance on anchor test syncing program ids itself is Anchor 1.0.x behavior; flag it so it gets re-verified when anchor-version is bumped. --------- Co-authored-by: Jo D <dev-jodee@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why CI on main is red
Two independent upstream-driven breakages, both from major releases pulled by loose version pins.
1. Native / ASM / Pinocchio —
five8 1.0.0breakssolana-signature 3.3.0cargo test(host build) fails to compile:solana-signature 3.3.0enters via thelitesvmdev-dependency and declaresfive8 = "1.0.0".five8 1.0.0is#![no_std]and dropped theErrorimpl onDecodeErrorthat3.3.0'sfrom_sourcerequires → broken release.Cargo.lockpinnedsolana-signature 3.3.0, so CI stayed on the broken combo.Fix: pin the lockfile to
solana-signature 3.4.1(fixes the usage; still usesfive8 1.0.0). Compile-verified locally — the fulllitesvm/solana-svm stack builds and theDecodeErrorerror is gone.2. Anchor — CLI / lib version mismatch
anchor-lang 1.0.0-rc.5(35 files) and1.0.0(15 files) after the rc migration + a dependabot bump.anchor-cli 0.32.1, soanchor build's exact CLI/lib match failed for every project.Fix: standardize all 50 programs (
anchor-lang+anchor-spl) andanchor.ymlonanchor 1.0.2(latest stable); drop the now-stale "pin to RC" comments. Lock resolves cleanly to anchor 1.0.2 with no conflicts; manifests TOML-validated.anchor builditself will be confirmed by CI here.Changes
Cargo.lock:solana-signature 3.3.0 → 3.4.1,anchor-lang/anchor-* 1.0.0 → 1.0.2Cargo.toml:anchor-lang/anchor-spl→1.0.2.github/workflows/anchor.yml:anchor-version 0.32.1 → 1.0.2