fix: repair CI after soroban-sdk 22.0.0 upgrade#188
Merged
Conversation
Every push/PR has failed all CI checks for the last ~6 days since the soroban-sdk 22.0.0 dependency bump merged. This fixes the full chain of fallout: - Cargo.lock conflict: derive_arbitrary =1.4.2 vs soroban-sdk 22's ~1.3.0 requirement (drop the unused derive_arbitrary pin) - compliance-client's compliance dep was dev-only but used unconditionally (unresolved import on real builds) - u8 is no longer TryFromVal-able in soroban-sdk 22; switch compliance tier fields to u32 - leftover syntax error in treasury/src/lib.rs from a partial edit - test suite updated for signature changes (create_invoice, mark_paid, treasury.initialize, raise_dispute, block_address) introduced alongside the bump - soroban-sdk 22 testutils no longer accumulates events across separate top-level calls, and requires mock_all_auths_allowing_non_root_auth for auth checks nested inside cross-contract calls - fixed a real bug: batch_create_invoice didn't reject duplicate merchant nonces within the same batch, only against existing storage - two stale test assertions/expectations left over from earlier contract changes (rotation weight test, cancel-settlement panic message) - build.yml was missing the required toolchain input for dtolnay/rust-toolchain@master (immediate failure before checkout) - all three contract crates defaulted to the testutils feature, breaking release wasm builds; removed the default and added a size-optimized release profile so treasury (the largest contract) fits under the 64KB limit Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
The four workspace crates (compliance, invoice, treasury, tests) never set a license field, tripping cargo-deny's "unlicensed" check. Also allowlist Unicode-3.0 (unicode-ident's license, pulled in transitively) and ignore two unmaintained-status RustSec advisories (paste, derivative) that come from soroban-env-host's own ark-*/soroban-wasmi dependency tree and aren't actionable from this repo. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Every push/PR has failed all CI checks (Test, Lint, Format, WASM Build, Contract Size, Deny, Pre-commit, Coverage) for about the last 6 days, since the
soroban-sdk22.0.0 dependency bump merged without the fallout being fixed. This PR repairs the full chain:derive_arbitrary =1.4.2vs soroban-sdk 22's~1.3.0requirement — dropped the unused pincompliancedep wasdev-dependencies-only but used unconditionally insrc/lib.rs(unresolved import on real builds) — moved to[dependencies]u8no longer implementsTryFromVal— switched compliance tier fields tou32treasury/src/lib.rscreate_invoice,mark_paid,treasury.initialize,raise_dispute,block_address)require_auth()inside cross-contract calls now needsmock_all_auths_allowing_non_root_auth()batch_create_invoicedidn't reject duplicate merchant nonces within the same batch, only against existing storagebuild.ymlwas missing the requiredtoolchaininput fordtolnay/rust-toolchain@master, causing an immediate failure before checkout even completedtestutilsfeature, which pulls instd/serde_json/randand breakswasm32-unknown-unknownrelease builds; removed the default and added a size-optimized[profile.release]sotreasury(the largest contract, ~62.6KB) fits under the 64KB contract-size limitTest plan
cargo check --workspacecleancargo test --workspace— all suites passcargo fmt --all -- --checkcleancargo clippy --workspace -- -D warningscleancargo build --target wasm32-unknown-unknown --releasefor all 3 contracts, all under the 64KB size limitpre-commit run --all-filespassescargo-denylicense/advisory results manually (sandbox couldn't complete the advisory-db clone, but all new transitive deps use already-allowed licenses)🤖 Generated with Claude Code