Skip to content

ci: commit Cargo.lock to pin ed25519-dalek and unbreak main#1929

Merged
salaheldinsoliman merged 2 commits into
hyperledger-solang:mainfrom
salaheldinsoliman:ci/commit-cargo-lock
Jul 7, 2026
Merged

ci: commit Cargo.lock to pin ed25519-dalek and unbreak main#1929
salaheldinsoliman merged 2 commits into
hyperledger-solang:mainfrom
salaheldinsoliman:ci/commit-cargo-lock

Conversation

@salaheldinsoliman

@salaheldinsoliman salaheldinsoliman commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Fix

Commit the workspace Cargo.lock (pinned to ed25519-dalek 2.2.0, which drops the entire broken 3.0.0 chain: rand_core 0.10, curve25519-dalek 5.0, signature 3.0, sha2 0.11). This makes builds reproducible and immune to upstream semver-compatible drift.

  • Un-ignore the lock in both .gitignore and .dockerignore. The .dockerignore entry is essential — otherwise the Container Image build strips the lock and re-resolves to the broken version.
  • Nested integration-test lockfiles stay ignored via !/Cargo.lock.

Committing Cargo.lock is the standard recommendation for a binary/application crate and prevents this whole class of CI breakage going forward.

🤖 Generated with Claude Code

soroban-env-host 23.0.1 fails to compile against the newly released
ed25519-dalek 3.0.0: its `SigningKey::generate(&mut ChaCha20Rng)` no
longer satisfies 3.0.0's redefined `CryptoRng` bound (E0277).

Because Cargo.lock was git-ignored, CI re-resolved dependencies to
"latest compatible" on every run and pulled ed25519-dalek 3.0.0 into
soroban-env-host, breaking cargo clippy, the llvm-cov build, the
library/binary tests, the Soroban Rust tests, and the Container Image
build (which runs `cargo build --release` in Docker).

Commit the workspace Cargo.lock (pinned to ed25519-dalek 2.2.0) so
builds are reproducible and immune to upstream semver-compatible drift.
Un-ignore it in both .gitignore and .dockerignore -- the .dockerignore
entry is required, otherwise the container build would strip the lock
and re-resolve to the broken version. Nested integration-test lockfiles
stay ignored via `!/Cargo.lock`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>
The extension test runner globs `**/**.test.js` from the vscode/ root,
which also matches stray *.test.js files shipped inside node_modules
(e.g. gensync/test/index.test.js). Mocha then require()s them while
loading and aborts the entire run before any real test executes:

    Error: Cannot find module 'util.promisify'
    - vscode/node_modules/gensync/test/index.test.js

This makes the "Visual Code Extension" CI job fail as soon as it is
unblocked (it had been skipped while Linux x86-64 was red). Restrict
the glob to the extension's own compiled tests by ignoring
node_modules; all 13 extension tests then pass.

Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>
@salaheldinsoliman salaheldinsoliman merged commit abd489e into hyperledger-solang:main Jul 7, 2026
8 checks passed
salaheldinsoliman added a commit that referenced this pull request Jul 7, 2026
Cuts the **v0.3.5 "Luxor"** release.

## Contents
- Bump `solang` to 0.3.5 (`Cargo.toml`), the VS Code extension to 0.3.5,
and the version references in `docs/installing.rst` /
`docs/extension.rst`.
- New `## v0.3.5 Luxor` section in `CHANGELOG.md` and
`vscode/CHANGELOG.md`.
- Refreshed `Cargo.lock`.

`solang-parser` intentionally **stays at 0.3.5**: its only change since
v0.3.4 is an inert clippy allow, 0.3.5 is already published, and
`solang` consumes the published `solang-forge-fmt 0.2.0` (which depends
on registry `solang-parser 0.3.5`) — so no parser republish is needed
and the lock keeps its validated structure.

## Depends on / includes the CI reproducibility fixes (#1929)
The release build only succeeds with the dependency fix, so this branch
is built on top of it. The first two commits are the same ones in #1929:
- `ci: commit Cargo.lock to pin ed25519-dalek and unbreak main` — a
newly-released `ed25519-dalek 3.0.0` broke `soroban-env-host`
compilation; committing `Cargo.lock` (un-ignored in `.gitignore` and
`.dockerignore`) pins it to 2.2.0 and makes CI/release builds
reproducible.
- `fix(vscode): exclude node_modules from test-suite glob` — the
extension test runner was collecting stray `*.test.js` files from
`node_modules` and aborting.

If #1929 is merged first, only the `Release 0.3.5 Luxor` commit remains
in this diff.

## Highlights since v0.3.4
- **Soroban**: `string`/`bytes`/`bytesN`, structs, (u)int256, dynamic
memory arrays, vectors-as-`VecObject`s in storage, integer width
rounding, `contract_event`-based events, and a `pause` example.
- **codegen**: large internal refactor introducing a `TargetCodegen`
trait and relocating the Solana/Polkadot/Soroban backends under
`src/codegen/targets/` (plus an `EvmTarget` scaffold).
- Toolchain moved to Rust 1.90; inkwell bumped to 0.5.0.

See `CHANGELOG.md` for the full, attributed list.

Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant