ci: commit Cargo.lock to pin ed25519-dalek and unbreak main#1929
Merged
salaheldinsoliman merged 2 commits intoJul 7, 2026
Merged
Conversation
soroban-env-host 23.0.1 fails to compile against the newly released ed25519-dalek 3.0.0: its `SigningKey::generate(&mut ChaCha20Rng)` no longer satisfies 3.0.0's redefined `CryptoRng` bound (E0277). Because Cargo.lock was git-ignored, CI re-resolved dependencies to "latest compatible" on every run and pulled ed25519-dalek 3.0.0 into soroban-env-host, breaking cargo clippy, the llvm-cov build, the library/binary tests, the Soroban Rust tests, and the Container Image build (which runs `cargo build --release` in Docker). Commit the workspace Cargo.lock (pinned to ed25519-dalek 2.2.0) so builds are reproducible and immune to upstream semver-compatible drift. Un-ignore it in both .gitignore and .dockerignore -- the .dockerignore entry is required, otherwise the container build would strip the lock and re-resolve to the broken version. Nested integration-test lockfiles stay ignored via `!/Cargo.lock`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>
5ededea to
b442f34
Compare
The extension test runner globs `**/**.test.js` from the vscode/ root,
which also matches stray *.test.js files shipped inside node_modules
(e.g. gensync/test/index.test.js). Mocha then require()s them while
loading and aborts the entire run before any real test executes:
Error: Cannot find module 'util.promisify'
- vscode/node_modules/gensync/test/index.test.js
This makes the "Visual Code Extension" CI job fail as soon as it is
unblocked (it had been skipped while Linux x86-64 was red). Restrict
the glob to the extension's own compiled tests by ignoring
node_modules; all 13 extension tests then pass.
Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>
Merged
salaheldinsoliman
added a commit
that referenced
this pull request
Jul 7, 2026
Cuts the **v0.3.5 "Luxor"** release. ## Contents - Bump `solang` to 0.3.5 (`Cargo.toml`), the VS Code extension to 0.3.5, and the version references in `docs/installing.rst` / `docs/extension.rst`. - New `## v0.3.5 Luxor` section in `CHANGELOG.md` and `vscode/CHANGELOG.md`. - Refreshed `Cargo.lock`. `solang-parser` intentionally **stays at 0.3.5**: its only change since v0.3.4 is an inert clippy allow, 0.3.5 is already published, and `solang` consumes the published `solang-forge-fmt 0.2.0` (which depends on registry `solang-parser 0.3.5`) — so no parser republish is needed and the lock keeps its validated structure. ## Depends on / includes the CI reproducibility fixes (#1929) The release build only succeeds with the dependency fix, so this branch is built on top of it. The first two commits are the same ones in #1929: - `ci: commit Cargo.lock to pin ed25519-dalek and unbreak main` — a newly-released `ed25519-dalek 3.0.0` broke `soroban-env-host` compilation; committing `Cargo.lock` (un-ignored in `.gitignore` and `.dockerignore`) pins it to 2.2.0 and makes CI/release builds reproducible. - `fix(vscode): exclude node_modules from test-suite glob` — the extension test runner was collecting stray `*.test.js` files from `node_modules` and aborting. If #1929 is merged first, only the `Release 0.3.5 Luxor` commit remains in this diff. ## Highlights since v0.3.4 - **Soroban**: `string`/`bytes`/`bytesN`, structs, (u)int256, dynamic memory arrays, vectors-as-`VecObject`s in storage, integer width rounding, `contract_event`-based events, and a `pause` example. - **codegen**: large internal refactor introducing a `TargetCodegen` trait and relocating the Solana/Polkadot/Soroban backends under `src/codegen/targets/` (plus an `EvmTarget` scaffold). - Toolchain moved to Rust 1.90; inkwell bumped to 0.5.0. See `CHANGELOG.md` for the full, attributed list. Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix
Commit the workspace
Cargo.lock(pinned toed25519-dalek 2.2.0, which drops the entire broken 3.0.0 chain:rand_core 0.10,curve25519-dalek 5.0,signature 3.0,sha2 0.11). This makes builds reproducible and immune to upstream semver-compatible drift..gitignoreand.dockerignore. The.dockerignoreentry is essential — otherwise the Container Image build strips the lock and re-resolves to the broken version.!/Cargo.lock.Committing
Cargo.lockis the standard recommendation for a binary/application crate and prevents this whole class of CI breakage going forward.🤖 Generated with Claude Code