From 0b3759f1fd6912ea290ab647e86b956933049bd8 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Fri, 3 Oct 2025 13:18:50 +0200 Subject: [PATCH 01/22] Try smoke test --- .github/workflows/smoke-test.yml | 102 ++++++++++++++++++++++++++++ packages/cre-sdk-examples/README.md | 4 +- 2 files changed, 104 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/smoke-test.yml diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml new file mode 100644 index 0000000..b7b9e4f --- /dev/null +++ b/.github/workflows/smoke-test.yml @@ -0,0 +1,102 @@ +name: Smoke Test +permissions: + contents: read + +on: + issue_comment: + types: [created] + +jobs: + full-checks: + runs-on: ubuntu-latest + if: > + github.event_name == 'issue_comment' && + github.event.issue.pull_request && + contains(github.event.comment.body, '#smoke-test') + + steps: + - name: Checkout code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + submodules: recursive + token: ${{ secrets.GITHUB_TOKEN }} + # For PR comments, checkout the PR head ref + ref: ${{ github.event_name == 'issue_comment' && format('refs/pull/{0}/head', github.event.issue.number) || github.ref }} + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y make zsh curl libclang-dev git build-essential + + - name: Install asdf and toolchain from .tool-versions + run: | + # Install asdf + git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.14.0 + + # Make asdf available to subsequent steps without re-sourcing + echo "$HOME/.asdf/bin" >> $GITHUB_PATH + echo "$HOME/.asdf/shims" >> $GITHUB_PATH + + # Init asdf + source ~/.asdf/asdf.sh + + # Add plugins required for the project + asdf plugin add bun + asdf plugin add golang + asdf plugin add rust + asdf plugin add nodejs + + # Install all versions pinned in .tool-versions + asdf install + asdf reshim + + # Add Rust target for WASM (asdf-rust uses rustup under the hood) + rustup target add wasm32-wasip1 + + - name: Install dependencies + run: bun install + + - name: Run full checks + run: bun full-checks + + - name: Download and install cre-cli + run: | + # Download cre-cli from the specified release + curl -L -o cre-cli.tar.gz "https://github.com/smartcontractkit/cre-cli/releases/download/v0.6.1-alpha.0/cre-cli_0.6.1-alpha.0_linux_amd64.tar.gz" + + # Extract and install + tar -xzf cre-cli.tar.gz + sudo mv cre /usr/local/bin/ + + # Verify installation + cre --version + + - name: Setup CRE SDK examples + run: | + cd packages/cre-sdk-examples + bunx cre-setup + + - name: Simulate Hello World workflow + run: | + cd packages/cre-sdk-examples + cre workflow simulate ./src/workflows/hello-world --target local-simulation + + - name: Simulate Http Fetch workflow + run: | + cd packages/cre-sdk-examples + cre workflow simulate ./src/workflows/http-fetch --target local-simulation + + - name: Simulate On Chain Read workflow + run: | + cd packages/cre-sdk-examples + cre workflow simulate ./src/workflows/on-chain --target local-simulation + + - name: Simulate On Chain Write workflow + run: | + cd packages/cre-sdk-examples + cre workflow simulate ./src/workflows/on-chain-write --target local-simulation + + - name: Simulate Proof of Reserve workflow + run: | + cd packages/cre-sdk-examples + cre workflow simulate ./src/workflows/proof-of-reserve --target local-simulation --secrets ../../../secrets.yaml diff --git a/packages/cre-sdk-examples/README.md b/packages/cre-sdk-examples/README.md index 957fb82..34a4ee2 100644 --- a/packages/cre-sdk-examples/README.md +++ b/packages/cre-sdk-examples/README.md @@ -49,13 +49,13 @@ cre workflow simulate ./src/workflows/on-chain --target local-simulation [On Chain Write workflow](https://github.com/smartcontractkit/cre-sdk-typescript/blob/main/packages/cre-sdk-examples/src/workflows/on-chain-write/index.ts): ```zsh -cre workflow simulate ./src/workflows/on-chain-write --target local-simulation --broadcast +cre workflow simulate ./src/workflows/on-chain-write --target local-simulation ``` [Proof of Reserve workflow](https://github.com/smartcontractkit/cre-sdk-typescript/blob/main/packages/cre-sdk-examples/src/workflows/proof-of-reserve/index.ts): ```zsh -cre workflow simulate ./src/workflows/proof-of-reserve --target local-simulation --broadcast --secrets ../../../secrets.yaml +cre workflow simulate ./src/workflows/proof-of-reserve --target local-simulation --secrets ../../../secrets.yaml ``` ## Testing workflow compilation only From 55d0cf02200a8a1f1b9f40bec22c0f43e69fbe4b Mon Sep 17 00:00:00 2001 From: Ernest Nowacki <124677192+ernest-nowacki@users.noreply.github.com> Date: Fri, 3 Oct 2025 13:43:39 +0200 Subject: [PATCH 02/22] Potential fix for code scanning alert no. 17: Cache Poisoning via execution of untrusted code Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/smoke-test.yml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index b7b9e4f..f2bfd9e 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -3,16 +3,14 @@ permissions: contents: read on: - issue_comment: - types: [created] + pull_request: + branches: [main] jobs: full-checks: runs-on: ubuntu-latest - if: > - github.event_name == 'issue_comment' && - github.event.issue.pull_request && - contains(github.event.comment.body, '#smoke-test') + # The job runs for all pull_requests to main + # Optionally, add filters using PR title/body if stricter matching desired steps: - name: Checkout code @@ -21,7 +19,7 @@ jobs: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} # For PR comments, checkout the PR head ref - ref: ${{ github.event_name == 'issue_comment' && format('refs/pull/{0}/head', github.event.issue.number) || github.ref }} + # For PR, actions/checkout will automatically checkout the PR head - name: Install system dependencies run: | From b6801a63a388d842db10965d8a3f114539bee6b2 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Fri, 3 Oct 2025 14:03:20 +0200 Subject: [PATCH 03/22] Update workflow to fix downloading cre cli --- .github/workflows/smoke-test.yml | 52 ++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index f2bfd9e..87fc000 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -57,16 +57,50 @@ jobs: - name: Run full checks run: bun full-checks - - name: Download and install cre-cli + - name: Download and install cre-cli (ubuntu-latest) + env: + CRE_CLI_TAG: v0.6.1-alpha.0 run: | - # Download cre-cli from the specified release - curl -L -o cre-cli.tar.gz "https://github.com/smartcontractkit/cre-cli/releases/download/v0.6.1-alpha.0/cre-cli_0.6.1-alpha.0_linux_amd64.tar.gz" - - # Extract and install - tar -xzf cre-cli.tar.gz - sudo mv cre /usr/local/bin/ - - # Verify installation + set -euo pipefail + + # Map runner arch to release naming + case "$(uname -m)" in + x86_64|amd64) ARCH=amd64 ;; + aarch64|arm64) ARCH=arm64 ;; + *) echo "Unsupported arch: $(uname -m)"; exit 1 ;; + esac + + ASSET="cre_linux_${ARCH}.tar.gz" + BASE_URL="https://github.com/smartcontractkit/cre-cli/releases/download/${CRE_CLI_TAG}" + + echo "Downloading ${ASSET} and checksums.txt from ${CRE_CLI_TAG}..." + curl -fL --retry 3 -o "${ASSET}" "${BASE_URL}/${ASSET}" + curl -fL --retry 3 -o checksums.txt "${BASE_URL}/checksums.txt" + + echo "Verifying checksum..." + # checksums.txt contains lines like: " " + grep " ${ASSET}$" checksums.txt > sha_line.txt + if [ ! -s sha_line.txt ]; then + echo "No checksum entry for ${ASSET}"; exit 1 + fi + sha256sum -c sha_line.txt + + echo "Extracting..." + tar -xzf "${ASSET}" + + # Find the 'cre' binary (tarball is expected to contain it at top-level) + BIN="./cre" + if [ ! -f "$BIN" ]; then + BIN="$(tar -tzf "${ASSET}" | grep -E '/?cre$' | head -n1 || true)" + [ -z "$BIN" ] && { echo "Could not locate 'cre' in archive"; exit 1; } + tar -xzf "${ASSET}" "$BIN" + fi + + echo "Installing to /usr/local/bin..." + sudo mv ${BIN:-./cre} /usr/local/bin/cre + sudo chmod +x /usr/local/bin/cre + + echo "Installed version:" cre --version - name: Setup CRE SDK examples From 791b8745bc2188dc6e02943f8a94ae7c4115eacc Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Fri, 3 Oct 2025 14:13:25 +0200 Subject: [PATCH 04/22] Add better triggering --- .github/workflows/smoke-test.yml | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 87fc000..15b028c 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -1,25 +1,43 @@ name: Smoke Test permissions: contents: read + # optional but nice if you later want to react/post: pull-requests: write, issues: write on: pull_request: branches: [main] + issue_comment: + types: [created] # run when a new comment is added jobs: - full-checks: + smoke-test: runs-on: ubuntu-latest - # The job runs for all pull_requests to main - # Optionally, add filters using PR title/body if stricter matching desired + + # Run for normal PRs, OR when a PR comment contains '#smoke-test' + if: > + github.event_name == 'pull_request' || + (github.event_name == 'issue_comment' && + github.event.issue.pull_request != null && + contains(github.event.comment.body, '#smoke-test')) steps: - - name: Checkout code + # Checkout for regular PR trigger + - name: Checkout code (pull_request) + if: github.event_name == 'pull_request' + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + submodules: recursive + token: ${{ secrets.GITHUB_TOKEN }} + + # Checkout for comment trigger: use the PR head ref + - name: Checkout code (issue_comment on PR) + if: github.event_name == 'issue_comment' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} - # For PR comments, checkout the PR head ref - # For PR, actions/checkout will automatically checkout the PR head + # This checks out the PR head SHA for PR number in the comment event + ref: refs/pull/${{ github.event.issue.number }}/head - name: Install system dependencies run: | @@ -57,7 +75,7 @@ jobs: - name: Run full checks run: bun full-checks - - name: Download and install cre-cli (ubuntu-latest) + - name: Download and install cre-cli (ubuntu-latest) env: CRE_CLI_TAG: v0.6.1-alpha.0 run: | From 0e1d8a9d65d22c55a0e0c1635c9ea183ee98d42b Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Fri, 3 Oct 2025 14:24:16 +0200 Subject: [PATCH 05/22] fix on comment issue --- .github/workflows/smoke-test.yml | 68 ++++++++++++++++---------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 15b028c..e711dc6 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -1,44 +1,25 @@ name: Smoke Test permissions: contents: read - # optional but nice if you later want to react/post: pull-requests: write, issues: write on: pull_request: branches: [main] - issue_comment: - types: [created] # run when a new comment is added jobs: smoke-test: runs-on: ubuntu-latest - # Run for normal PRs, OR when a PR comment contains '#smoke-test' - if: > - github.event_name == 'pull_request' || - (github.event_name == 'issue_comment' && - github.event.issue.pull_request != null && - contains(github.event.comment.body, '#smoke-test')) + # Run for pull requests targeting main branch + if: github.event_name == 'pull_request' steps: - # Checkout for regular PR trigger - - name: Checkout code (pull_request) - if: github.event_name == 'pull_request' + - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} - # Checkout for comment trigger: use the PR head ref - - name: Checkout code (issue_comment on PR) - if: github.event_name == 'issue_comment' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - submodules: recursive - token: ${{ secrets.GITHUB_TOKEN }} - # This checks out the PR head SHA for PR number in the comment event - ref: refs/pull/${{ github.event.issue.number }}/head - - name: Install system dependencies run: | sudo apt-get update @@ -46,8 +27,9 @@ jobs: - name: Install asdf and toolchain from .tool-versions run: | - # Install asdf - git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.14.0 + # Install asdf with specific version and verification + ASDF_VERSION="v0.14.0" + git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch "$ASDF_VERSION" --depth 1 # Make asdf available to subsequent steps without re-sourcing echo "$HOME/.asdf/bin" >> $GITHUB_PATH @@ -56,11 +38,11 @@ jobs: # Init asdf source ~/.asdf/asdf.sh - # Add plugins required for the project - asdf plugin add bun - asdf plugin add golang - asdf plugin add rust - asdf plugin add nodejs + # Add plugins required for the project with verification + asdf plugin add bun || echo "bun plugin already exists" + asdf plugin add golang || echo "golang plugin already exists" + asdf plugin add rust || echo "rust plugin already exists" + asdf plugin add nodejs || echo "nodejs plugin already exists" # Install all versions pinned in .tool-versions asdf install @@ -81,6 +63,11 @@ jobs: run: | set -euo pipefail + # Validate tag format to prevent injection + if [[ ! "$CRE_CLI_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then + echo "Invalid tag format: $CRE_CLI_TAG"; exit 1 + fi + # Map runner arch to release naming case "$(uname -m)" in x86_64|amd64) ARCH=amd64 ;; @@ -92,8 +79,13 @@ jobs: BASE_URL="https://github.com/smartcontractkit/cre-cli/releases/download/${CRE_CLI_TAG}" echo "Downloading ${ASSET} and checksums.txt from ${CRE_CLI_TAG}..." - curl -fL --retry 3 -o "${ASSET}" "${BASE_URL}/${ASSET}" - curl -fL --retry 3 -o checksums.txt "${BASE_URL}/checksums.txt" + # Use more secure curl options + curl -fsSL --retry 3 --retry-delay 2 --max-time 300 \ + --proto '=https' --tlsv1.2 \ + -o "${ASSET}" "${BASE_URL}/${ASSET}" + curl -fsSL --retry 3 --retry-delay 2 --max-time 300 \ + --proto '=https' --tlsv1.2 \ + -o checksums.txt "${BASE_URL}/checksums.txt" echo "Verifying checksum..." # checksums.txt contains lines like: " " @@ -104,19 +96,25 @@ jobs: sha256sum -c sha_line.txt echo "Extracting..." - tar -xzf "${ASSET}" + # Extract with restricted permissions + tar -xzf "${ASSET}" --no-same-owner --no-same-permissions # Find the 'cre' binary (tarball is expected to contain it at top-level) BIN="./cre" if [ ! -f "$BIN" ]; then BIN="$(tar -tzf "${ASSET}" | grep -E '/?cre$' | head -n1 || true)" [ -z "$BIN" ] && { echo "Could not locate 'cre' in archive"; exit 1; } - tar -xzf "${ASSET}" "$BIN" + tar -xzf "${ASSET}" "$BIN" --no-same-owner --no-same-permissions + fi + + # Validate binary before installation + if [ ! -x "$BIN" ]; then + chmod +x "$BIN" fi echo "Installing to /usr/local/bin..." - sudo mv ${BIN:-./cre} /usr/local/bin/cre - sudo chmod +x /usr/local/bin/cre + sudo mv "${BIN:-./cre}" /usr/local/bin/cre + sudo chmod 755 /usr/local/bin/cre echo "Installed version:" cre --version From b086e1df0ac8b0d65d53b43f3d630baddd68eba5 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Fri, 3 Oct 2025 14:42:37 +0200 Subject: [PATCH 06/22] Smoke test again --- .github/workflows/smoke-test.yml | 71 ++++++++++++++------------------ 1 file changed, 32 insertions(+), 39 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index e711dc6..a67deb4 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -57,63 +57,56 @@ jobs: - name: Run full checks run: bun full-checks - - name: Download and install cre-cli (ubuntu-latest) + - name: Download and install cre-cli (ubuntu-latest, robust) env: CRE_CLI_TAG: v0.6.1-alpha.0 + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | set -euo pipefail - # Validate tag format to prevent injection - if [[ ! "$CRE_CLI_TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then - echo "Invalid tag format: $CRE_CLI_TAG"; exit 1 - fi - - # Map runner arch to release naming + # Resolve arch used by release assets case "$(uname -m)" in x86_64|amd64) ARCH=amd64 ;; aarch64|arm64) ARCH=arm64 ;; *) echo "Unsupported arch: $(uname -m)"; exit 1 ;; esac + mkdir -p cre-dl + cd cre-dl + + # Download the exact asset + checksums via GitHub CLI ASSET="cre_linux_${ARCH}.tar.gz" - BASE_URL="https://github.com/smartcontractkit/cre-cli/releases/download/${CRE_CLI_TAG}" - - echo "Downloading ${ASSET} and checksums.txt from ${CRE_CLI_TAG}..." - # Use more secure curl options - curl -fsSL --retry 3 --retry-delay 2 --max-time 300 \ - --proto '=https' --tlsv1.2 \ - -o "${ASSET}" "${BASE_URL}/${ASSET}" - curl -fsSL --retry 3 --retry-delay 2 --max-time 300 \ - --proto '=https' --tlsv1.2 \ - -o checksums.txt "${BASE_URL}/checksums.txt" - - echo "Verifying checksum..." - # checksums.txt contains lines like: " " - grep " ${ASSET}$" checksums.txt > sha_line.txt - if [ ! -s sha_line.txt ]; then - echo "No checksum entry for ${ASSET}"; exit 1 - fi + echo "Fetching ${ASSET} from ${CRE_CLI_TAG}…" + gh release download "${CRE_CLI_TAG}" \ + --repo smartcontractkit/cre-cli \ + --pattern "${ASSET}" --pattern "checksums.txt" --clobber + + # Sanity check: files exist + ls -l "${ASSET}" checksums.txt + + echo "Verifying SHA256…" + # Extract the checksum line robustly (allow tabs or spaces) + awk -v f="${ASSET}" ' + $2==f || $NF==f {print $0; found=1} + END{ if(!found) exit 1 } + ' checksums.txt > sha_line.txt || { + echo "No checksum entry for ${ASSET} in checksums.txt"; cat checksums.txt; exit 1; + } + sha256sum -c sha_line.txt - echo "Extracting..." - # Extract with restricted permissions + echo "Extracting archive…" tar -xzf "${ASSET}" --no-same-owner --no-same-permissions - # Find the 'cre' binary (tarball is expected to contain it at top-level) - BIN="./cre" - if [ ! -f "$BIN" ]; then - BIN="$(tar -tzf "${ASSET}" | grep -E '/?cre$' | head -n1 || true)" - [ -z "$BIN" ] && { echo "Could not locate 'cre' in archive"; exit 1; } - tar -xzf "${ASSET}" "$BIN" --no-same-owner --no-same-permissions - fi - - # Validate binary before installation - if [ ! -x "$BIN" ]; then - chmod +x "$BIN" + # Locate binary (top-level or inside a folder) + BIN_PATH="$(find . -maxdepth 2 -type f -name 'cre' -print -quit)" + if [ -z "${BIN_PATH}" ]; then + echo "Could not locate 'cre' binary after extraction"; exit 1 fi + chmod +x "${BIN_PATH}" - echo "Installing to /usr/local/bin..." - sudo mv "${BIN:-./cre}" /usr/local/bin/cre + echo "Installing to /usr/local/bin…" + sudo mv "${BIN_PATH}" /usr/local/bin/cre sudo chmod 755 /usr/local/bin/cre echo "Installed version:" From ae20ed9eb9496a43c2d26ae05c682728f187dc34 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Fri, 3 Oct 2025 14:50:31 +0200 Subject: [PATCH 07/22] Use proper binary name structure --- .github/workflows/smoke-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index a67deb4..27d23bd 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -75,7 +75,7 @@ jobs: cd cre-dl # Download the exact asset + checksums via GitHub CLI - ASSET="cre_linux_${ARCH}.tar.gz" + ASSET="cre_${CRE_CLI_TAG}_linux_${ARCH}.tar.gz" echo "Fetching ${ASSET} from ${CRE_CLI_TAG}…" gh release download "${CRE_CLI_TAG}" \ --repo smartcontractkit/cre-cli \ From 3d38a417648970e4fa0ed610c375fe4adbfe57cf Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 12:10:56 +0200 Subject: [PATCH 08/22] Rework smoke test action to start small --- .github/workflows/smoke-test.yml | 146 ++++--------------------------- 1 file changed, 18 insertions(+), 128 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 27d23bd..07c6d70 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -1,143 +1,33 @@ -name: Smoke Test -permissions: - contents: read +name: smoke-test on: pull_request: branches: [main] jobs: - smoke-test: + test: runs-on: ubuntu-latest - # Run for pull requests targeting main branch - if: github.event_name == 'pull_request' + defaults: + run: + shell: zsh {0} steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - submodules: recursive - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Install system dependencies - run: | - sudo apt-get update - sudo apt-get install -y make zsh curl libclang-dev git build-essential - - - name: Install asdf and toolchain from .tool-versions - run: | - # Install asdf with specific version and verification - ASDF_VERSION="v0.14.0" - git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch "$ASDF_VERSION" --depth 1 - - # Make asdf available to subsequent steps without re-sourcing - echo "$HOME/.asdf/bin" >> $GITHUB_PATH - echo "$HOME/.asdf/shims" >> $GITHUB_PATH + - uses: actions/checkout@v4 - # Init asdf - source ~/.asdf/asdf.sh - - # Add plugins required for the project with verification - asdf plugin add bun || echo "bun plugin already exists" - asdf plugin add golang || echo "golang plugin already exists" - asdf plugin add rust || echo "rust plugin already exists" - asdf plugin add nodejs || echo "nodejs plugin already exists" - - # Install all versions pinned in .tool-versions - asdf install - asdf reshim + - name: Setup Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: latest - # Add Rust target for WASM (asdf-rust uses rustup under the hood) - rustup target add wasm32-wasip1 + - name: Cache Bun dependencies + uses: actions/cache@v4 + with: + path: ~/.bun/install/cache + key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} - name: Install dependencies - run: bun install - - - name: Run full checks - run: bun full-checks - - - name: Download and install cre-cli (ubuntu-latest, robust) - env: - CRE_CLI_TAG: v0.6.1-alpha.0 - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -euo pipefail - - # Resolve arch used by release assets - case "$(uname -m)" in - x86_64|amd64) ARCH=amd64 ;; - aarch64|arm64) ARCH=arm64 ;; - *) echo "Unsupported arch: $(uname -m)"; exit 1 ;; - esac - - mkdir -p cre-dl - cd cre-dl - - # Download the exact asset + checksums via GitHub CLI - ASSET="cre_${CRE_CLI_TAG}_linux_${ARCH}.tar.gz" - echo "Fetching ${ASSET} from ${CRE_CLI_TAG}…" - gh release download "${CRE_CLI_TAG}" \ - --repo smartcontractkit/cre-cli \ - --pattern "${ASSET}" --pattern "checksums.txt" --clobber - - # Sanity check: files exist - ls -l "${ASSET}" checksums.txt - - echo "Verifying SHA256…" - # Extract the checksum line robustly (allow tabs or spaces) - awk -v f="${ASSET}" ' - $2==f || $NF==f {print $0; found=1} - END{ if(!found) exit 1 } - ' checksums.txt > sha_line.txt || { - echo "No checksum entry for ${ASSET} in checksums.txt"; cat checksums.txt; exit 1; - } - - sha256sum -c sha_line.txt - - echo "Extracting archive…" - tar -xzf "${ASSET}" --no-same-owner --no-same-permissions - - # Locate binary (top-level or inside a folder) - BIN_PATH="$(find . -maxdepth 2 -type f -name 'cre' -print -quit)" - if [ -z "${BIN_PATH}" ]; then - echo "Could not locate 'cre' binary after extraction"; exit 1 - fi - chmod +x "${BIN_PATH}" - - echo "Installing to /usr/local/bin…" - sudo mv "${BIN_PATH}" /usr/local/bin/cre - sudo chmod 755 /usr/local/bin/cre - - echo "Installed version:" - cre --version - - - name: Setup CRE SDK examples - run: | - cd packages/cre-sdk-examples - bunx cre-setup - - - name: Simulate Hello World workflow - run: | - cd packages/cre-sdk-examples - cre workflow simulate ./src/workflows/hello-world --target local-simulation - - - name: Simulate Http Fetch workflow - run: | - cd packages/cre-sdk-examples - cre workflow simulate ./src/workflows/http-fetch --target local-simulation - - - name: Simulate On Chain Read workflow - run: | - cd packages/cre-sdk-examples - cre workflow simulate ./src/workflows/on-chain --target local-simulation - - - name: Simulate On Chain Write workflow - run: | - cd packages/cre-sdk-examples - cre workflow simulate ./src/workflows/on-chain-write --target local-simulation + run: bun install --frozen-lockfile - - name: Simulate Proof of Reserve workflow - run: | - cd packages/cre-sdk-examples - cre workflow simulate ./src/workflows/proof-of-reserve --target local-simulation --secrets ../../../secrets.yaml + - name: Lint + run: bun run lint From 79ab9d2af956b17603fa4db25b8c847f25768ec4 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 12:20:58 +0200 Subject: [PATCH 09/22] Install zsh --- .github/workflows/smoke-test.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 07c6d70..f946c12 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -15,6 +15,20 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Install zsh + run: | + sudo apt-get update + sudo apt-get install -y zsh + + # Add it to /etc/shells if missing + if ! grep -q "^$(which zsh)$" /etc/shells; then + echo "$(which zsh)" | sudo tee -a /etc/shells + fi + + # Change the default shell for the current user + sudo chsh -s "$(which zsh)" $USER + # Use bash or sh for this step, because zsh isn't set yet + shell: bash {0} - name: Setup Bun uses: oven-sh/setup-bun@v2 with: From a6b4586aa365d5be455259326967a5250e8ecca7 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 12:23:00 +0200 Subject: [PATCH 10/22] Specifically state permissions and pin bun install action to commit --- .github/workflows/smoke-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index f946c12..4873618 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -1,5 +1,8 @@ name: smoke-test +permissions: + contents: read + on: pull_request: branches: [main] @@ -30,7 +33,7 @@ jobs: # Use bash or sh for this step, because zsh isn't set yet shell: bash {0} - name: Setup Bun - uses: oven-sh/setup-bun@v2 + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 with: bun-version: latest From a12083f6f3267c02b5e63fad05418da0aca6b02e Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 12:31:35 +0200 Subject: [PATCH 11/22] Add full checks now instead of just lint --- .github/workflows/smoke-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 4873618..3643677 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -46,5 +46,5 @@ jobs: - name: Install dependencies run: bun install --frozen-lockfile - - name: Lint - run: bun run lint + - name: Full checks + run: bun full-checks From 4d646ba6d9578f3f5edf45e06dc757c7b10588d3 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 12:38:17 +0200 Subject: [PATCH 12/22] Add rust toolchain installation --- .github/workflows/smoke-test.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 3643677..682e848 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -32,6 +32,15 @@ jobs: sudo chsh -s "$(which zsh)" $USER # Use bash or sh for this step, because zsh isn't set yet shell: bash {0} + + # Install Rust + add wasm32-wasip1 target + - name: Setup Rust (stable) with wasm target + uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c + with: + toolchain: stable + target: wasm32-wasip1 + override: true + - name: Setup Bun uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 with: From 206f42eae748b366cd5c6fbb041d5f0964ada66f Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 12:45:06 +0200 Subject: [PATCH 13/22] Make sure we do check out the submodules too --- .github/workflows/smoke-test.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 682e848..ac043f2 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -16,7 +16,11 @@ jobs: shell: zsh {0} steps: - - uses: actions/checkout@v4 + - name: Checkout code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + submodules: recursive + token: ${{ secrets.GITHUB_TOKEN }} - name: Install zsh run: | From e1a2f09af9092a51895063503f1daa5efec0ad98 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 13:09:41 +0200 Subject: [PATCH 14/22] Try installing CRE CLI and see if it would work on the CI --- .github/workflows/smoke-test.yml | 48 +++++++++++++++++++------------- scripts/setup-cre-cli.sh | 38 +++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 20 deletions(-) create mode 100644 scripts/setup-cre-cli.sh diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index ac043f2..e2b65db 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -37,27 +37,35 @@ jobs: # Use bash or sh for this step, because zsh isn't set yet shell: bash {0} - # Install Rust + add wasm32-wasip1 target - - name: Setup Rust (stable) with wasm target - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c - with: - toolchain: stable - target: wasm32-wasip1 - override: true + # # Install Rust + add wasm32-wasip1 target + # - name: Setup Rust (stable) with wasm target + # uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c + # with: + # toolchain: stable + # target: wasm32-wasip1 + # override: true - - name: Setup Bun - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 - with: - bun-version: latest + # - name: Setup Bun + # uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 + # with: + # bun-version: latest - - name: Cache Bun dependencies - uses: actions/cache@v4 - with: - path: ~/.bun/install/cache - key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} + # - name: Cache Bun dependencies + # uses: actions/cache@v4 + # with: + # path: ~/.bun/install/cache + # key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} - - name: Install dependencies - run: bun install --frozen-lockfile + # - name: Install dependencies + # run: bun install --frozen-lockfile + + # - name: Full checks + # run: bun full-checks + + - name: Install CRE CLI + run: | + chmod +x scripts/setup-cre-cli.sh + sudo scripts/setup-cre-cli.sh - - name: Full checks - run: bun full-checks + - name: Verify CRE CLI installation + run: cre version diff --git a/scripts/setup-cre-cli.sh b/scripts/setup-cre-cli.sh new file mode 100644 index 0000000..789d4c3 --- /dev/null +++ b/scripts/setup-cre-cli.sh @@ -0,0 +1,38 @@ +#!/bin/zsh + +# Exit on any error +set -e + +# Configuration +VERSION="v0.6.2-alpha" +PLATFORM="linux_arm64" +FILENAME="cre_${PLATFORM}.tar.gz" +BINARY_NAME="cre_${VERSION}_${PLATFORM}" +DOWNLOAD_URL="https://github.com/smartcontractkit/cre-cli/releases/download/${VERSION}/${FILENAME}" +INSTALL_DIR="/usr/local/bin" + +# Create temporary directory +TMP_DIR=$(mktemp -d) +trap "rm -rf ${TMP_DIR}" EXIT + +echo "Downloading CRE CLI ${VERSION} for ${PLATFORM}..." +curl -L -o "${TMP_DIR}/${FILENAME}" "${DOWNLOAD_URL}" + +echo "Extracting archive..." +tar -xzf "${TMP_DIR}/${FILENAME}" -C "${TMP_DIR}" + +echo "Setting up binary..." +mv "${TMP_DIR}/${BINARY_NAME}" "${TMP_DIR}/cre" +chmod +x "${TMP_DIR}/cre" + +echo "Installing to ${INSTALL_DIR}..." +# Use sudo if not running as root and installing to /usr/local/bin +if [ -w "${INSTALL_DIR}" ]; then + mv "${TMP_DIR}/cre" "${INSTALL_DIR}/cre" +else + sudo mv "${TMP_DIR}/cre" "${INSTALL_DIR}/cre" +fi + +echo "CRE CLI installed successfully!" +echo "Verifying installation..." +cre --version || echo "Note: You may need to add ${INSTALL_DIR} to your PATH" From 38b0bba8c0b6afd73fe45e9b25894f69f8131779 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 13:18:07 +0200 Subject: [PATCH 15/22] Change the version we use for ubuntu-latest --- scripts/setup-cre-cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup-cre-cli.sh b/scripts/setup-cre-cli.sh index 789d4c3..24e1770 100644 --- a/scripts/setup-cre-cli.sh +++ b/scripts/setup-cre-cli.sh @@ -5,7 +5,7 @@ set -e # Configuration VERSION="v0.6.2-alpha" -PLATFORM="linux_arm64" +PLATFORM="linux_amd64" FILENAME="cre_${PLATFORM}.tar.gz" BINARY_NAME="cre_${VERSION}_${PLATFORM}" DOWNLOAD_URL="https://github.com/smartcontractkit/cre-cli/releases/download/${VERSION}/${FILENAME}" From 7ace272fce3b8af0e37da5c30f46aa8e9e727894 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 13:23:23 +0200 Subject: [PATCH 16/22] Simulate the hello world workflow --- .github/workflows/smoke-test.yml | 53 +++++++++++++++++--------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index e2b65db..43eec0c 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -37,30 +37,30 @@ jobs: # Use bash or sh for this step, because zsh isn't set yet shell: bash {0} - # # Install Rust + add wasm32-wasip1 target - # - name: Setup Rust (stable) with wasm target - # uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c - # with: - # toolchain: stable - # target: wasm32-wasip1 - # override: true - - # - name: Setup Bun - # uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 - # with: - # bun-version: latest - - # - name: Cache Bun dependencies - # uses: actions/cache@v4 - # with: - # path: ~/.bun/install/cache - # key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} - - # - name: Install dependencies - # run: bun install --frozen-lockfile - - # - name: Full checks - # run: bun full-checks + # Install Rust + add wasm32-wasip1 target + - name: Setup Rust (stable) with wasm target + uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c + with: + toolchain: stable + target: wasm32-wasip1 + override: true + + - name: Setup Bun + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 + with: + bun-version: latest + + - name: Cache Bun dependencies + uses: actions/cache@v4 + with: + path: ~/.bun/install/cache + key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} + + - name: Install dependencies + run: bun install --frozen-lockfile + + - name: Full checks + run: bun full-checks - name: Install CRE CLI run: | @@ -69,3 +69,8 @@ jobs: - name: Verify CRE CLI installation run: cre version + + - name: Simulate hello-world workflow + run: | + cd packages/cre-sdk-examples + cre workflow simulate ./src/workflows/hello-world From 0d2bce9059ba56f13ab5f76213759386d6077bd4 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 13:39:58 +0200 Subject: [PATCH 17/22] Add a step to setup env variables --- .github/workflows/smoke-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 43eec0c..9f29624 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -73,4 +73,5 @@ jobs: - name: Simulate hello-world workflow run: | cd packages/cre-sdk-examples + cp .env.example .env cre workflow simulate ./src/workflows/hello-world From d8cfeddc118a76584db889b450f559599cd55883 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 14:47:29 +0200 Subject: [PATCH 18/22] Add proper key to simulate workflow using headless --- .github/workflows/smoke-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 9f29624..b88b1a7 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -74,4 +74,4 @@ jobs: run: | cd packages/cre-sdk-examples cp .env.example .env - cre workflow simulate ./src/workflows/hello-world + CRE_API_KEY=${{ secrets.CRE_CLI_API_KEY }} cre workflow simulate ./src/workflows/hello-world From 6d0e6584400afd6d8065bf26020990bbe70a4b35 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 15:00:14 +0200 Subject: [PATCH 19/22] Add actual expectations --- .github/workflows/smoke-test.yml | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index b88b1a7..cbb77bc 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -74,4 +74,34 @@ jobs: run: | cd packages/cre-sdk-examples cp .env.example .env - CRE_API_KEY=${{ secrets.CRE_CLI_API_KEY }} cre workflow simulate ./src/workflows/hello-world + CRE_API_KEY=${{ secrets.CRE_CLI_API_KEY }} cre workflow simulate ./src/workflows/hello-world > simulation_output.txt 2>&1 + cat simulation_output.txt + + # Validate expected outputs + echo "Validating simulation output..." + + if ! grep -q "\[USER LOG\] Hello world! Workflow triggered." simulation_output.txt; then + echo "❌ ERROR: Expected '[USER LOG] Hello world! Workflow triggered.' not found" + exit 1 + fi + echo "✓ Found: [USER LOG] Hello world! Workflow triggered." + + if ! grep -q 'Workflow Simulation Result:' simulation_output.txt; then + echo "❌ ERROR: Expected 'Workflow Simulation Result:' not found" + exit 1 + fi + echo "✓ Found: Workflow Simulation Result:" + + if ! grep -q '"Hello world!"' simulation_output.txt; then + echo "❌ ERROR: Expected '\"Hello world!\"' not found" + exit 1 + fi + echo "✓ Found: \"Hello world!\"" + + if ! grep -q "Execution finished signal received" simulation_output.txt; then + echo "❌ ERROR: Expected 'Execution finished signal received' not found" + exit 1 + fi + echo "✓ Found: Execution finished signal received" + + echo "✅ All validation checks passed!" From c2dd4fe61f610c7d826e869eb649ffbe93492d0f Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 15:06:46 +0200 Subject: [PATCH 20/22] Try improving validation step to properly match expected outcome --- .github/workflows/smoke-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index cbb77bc..3d670f2 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -80,7 +80,7 @@ jobs: # Validate expected outputs echo "Validating simulation output..." - if ! grep -q "\[USER LOG\] Hello world! Workflow triggered." simulation_output.txt; then + if ! grep -q "USER LOG.*Hello world! Workflow triggered" simulation_output.txt; then echo "❌ ERROR: Expected '[USER LOG] Hello world! Workflow triggered.' not found" exit 1 fi From dc04971fe719f24adbaa45a1832820dab8556d8b Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 15:21:46 +0200 Subject: [PATCH 21/22] Make CRE CLI simulation part of CI checks --- .github/workflows/ci.yml | 102 +++++++++++++++++++++-------- .github/workflows/smoke-test.yml | 107 ------------------------------- 2 files changed, 77 insertions(+), 132 deletions(-) delete mode 100644 .github/workflows/smoke-test.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad76fe9..ffdcbfc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,9 +9,13 @@ on: branches: [main] jobs: - full-checks: + test: runs-on: ubuntu-latest + defaults: + run: + shell: zsh {0} + steps: - name: Checkout code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -19,38 +23,86 @@ jobs: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} - - name: Install system dependencies + - name: Install zsh run: | sudo apt-get update - sudo apt-get install -y make zsh curl libclang-dev git build-essential - - - name: Install asdf and toolchain from .tool-versions - run: | - # Install asdf - git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.14.0 + sudo apt-get install -y zsh - # Make asdf available to subsequent steps without re-sourcing - echo "$HOME/.asdf/bin" >> $GITHUB_PATH - echo "$HOME/.asdf/shims" >> $GITHUB_PATH + # Add it to /etc/shells if missing + if ! grep -q "^$(which zsh)$" /etc/shells; then + echo "$(which zsh)" | sudo tee -a /etc/shells + fi - # Init asdf - source ~/.asdf/asdf.sh + # Change the default shell for the current user + sudo chsh -s "$(which zsh)" $USER + # Use bash or sh for this step, because zsh isn't set yet + shell: bash {0} - # Add plugins required for the project - asdf plugin add bun - asdf plugin add golang - asdf plugin add rust - asdf plugin add nodejs + # Install Rust + add wasm32-wasip1 target + - name: Setup Rust (stable) with wasm target + uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c + with: + toolchain: stable + target: wasm32-wasip1 + override: true - # Install all versions pinned in .tool-versions - asdf install - asdf reshim + - name: Setup Bun + uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 + with: + bun-version: latest - # Add Rust target for WASM (asdf-rust uses rustup under the hood) - rustup target add wasm32-wasip1 + - name: Cache Bun dependencies + uses: actions/cache@v4 + with: + path: ~/.bun/install/cache + key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} - name: Install dependencies - run: bun install + run: bun install --frozen-lockfile - - name: Run full checks + - name: Full checks run: bun full-checks + + - name: Install CRE CLI + run: | + chmod +x scripts/setup-cre-cli.sh + sudo scripts/setup-cre-cli.sh + + - name: Verify CRE CLI installation + run: cre version + + - name: Simulate hello-world workflow + run: | + cd packages/cre-sdk-examples + cp .env.example .env + CRE_API_KEY=${{ secrets.CRE_CLI_API_KEY }} cre workflow simulate ./src/workflows/hello-world > simulation_output.txt 2>&1 + cat simulation_output.txt + + # Validate expected outputs + echo "Validating simulation output..." + + if ! grep -q "USER LOG.*Hello world! Workflow triggered" simulation_output.txt; then + echo "❌ ERROR: Expected '[USER LOG] Hello world! Workflow triggered.' not found" + exit 1 + fi + echo "✓ Found: [USER LOG] Hello world! Workflow triggered." + + if ! grep -q 'Workflow Simulation Result:' simulation_output.txt; then + echo "❌ ERROR: Expected 'Workflow Simulation Result:' not found" + exit 1 + fi + echo "✓ Found: Workflow Simulation Result:" + + if ! grep -q '"Hello world!"' simulation_output.txt; then + echo "❌ ERROR: Expected '\"Hello world!\"' not found" + exit 1 + fi + echo "✓ Found: \"Hello world!\"" + + if ! grep -q "Execution finished signal received" simulation_output.txt; then + echo "❌ ERROR: Expected 'Execution finished signal received' not found" + exit 1 + fi + echo "✓ Found: Execution finished signal received" + + echo "✅ All validation checks passed!" diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml deleted file mode 100644 index 3d670f2..0000000 --- a/.github/workflows/smoke-test.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: smoke-test - -permissions: - contents: read - -on: - pull_request: - branches: [main] - -jobs: - test: - runs-on: ubuntu-latest - - defaults: - run: - shell: zsh {0} - - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - submodules: recursive - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Install zsh - run: | - sudo apt-get update - sudo apt-get install -y zsh - - # Add it to /etc/shells if missing - if ! grep -q "^$(which zsh)$" /etc/shells; then - echo "$(which zsh)" | sudo tee -a /etc/shells - fi - - # Change the default shell for the current user - sudo chsh -s "$(which zsh)" $USER - # Use bash or sh for this step, because zsh isn't set yet - shell: bash {0} - - # Install Rust + add wasm32-wasip1 target - - name: Setup Rust (stable) with wasm target - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c - with: - toolchain: stable - target: wasm32-wasip1 - override: true - - - name: Setup Bun - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2 - with: - bun-version: latest - - - name: Cache Bun dependencies - uses: actions/cache@v4 - with: - path: ~/.bun/install/cache - key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} - - - name: Install dependencies - run: bun install --frozen-lockfile - - - name: Full checks - run: bun full-checks - - - name: Install CRE CLI - run: | - chmod +x scripts/setup-cre-cli.sh - sudo scripts/setup-cre-cli.sh - - - name: Verify CRE CLI installation - run: cre version - - - name: Simulate hello-world workflow - run: | - cd packages/cre-sdk-examples - cp .env.example .env - CRE_API_KEY=${{ secrets.CRE_CLI_API_KEY }} cre workflow simulate ./src/workflows/hello-world > simulation_output.txt 2>&1 - cat simulation_output.txt - - # Validate expected outputs - echo "Validating simulation output..." - - if ! grep -q "USER LOG.*Hello world! Workflow triggered" simulation_output.txt; then - echo "❌ ERROR: Expected '[USER LOG] Hello world! Workflow triggered.' not found" - exit 1 - fi - echo "✓ Found: [USER LOG] Hello world! Workflow triggered." - - if ! grep -q 'Workflow Simulation Result:' simulation_output.txt; then - echo "❌ ERROR: Expected 'Workflow Simulation Result:' not found" - exit 1 - fi - echo "✓ Found: Workflow Simulation Result:" - - if ! grep -q '"Hello world!"' simulation_output.txt; then - echo "❌ ERROR: Expected '\"Hello world!\"' not found" - exit 1 - fi - echo "✓ Found: \"Hello world!\"" - - if ! grep -q "Execution finished signal received" simulation_output.txt; then - echo "❌ ERROR: Expected 'Execution finished signal received' not found" - exit 1 - fi - echo "✓ Found: Execution finished signal received" - - echo "✅ All validation checks passed!" From d84f7f100dd5701c0c7cc34252df5907d9c1d5b1 Mon Sep 17 00:00:00 2001 From: ernest-nowacki Date: Wed, 8 Oct 2025 15:58:38 +0200 Subject: [PATCH 22/22] Restore full-checks as a name to pass the required checks --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ffdcbfc..c6b2294 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: branches: [main] jobs: - test: + full-checks: runs-on: ubuntu-latest defaults: