Update dependencies to threshold-network and keep-network projects
#212
Conversation
michalinacienciala
force-pushed
the
ci-update-dependencies
branch
from
e9353f6
to
2ec3621
Compare
There was a couple of changes in the project dependencies that requuired change of the configuration of `package.json` and `contracts.yml`: 1. `coverage-pools` became dependent on `@threshold-network/solidity-contracts` package. This was already reflected in the `package.json`, but not in the CI. 2. Version of the `@threshold-network/solidity-contracts` got bumped up to `1.2.0-dev.x`, which needed to be reflected in `package.json` 3. We started to prepare our projects for deployment on the `goerli` testnet. This means that we will (or already did) publish packages with the `-goerli` suffix. In order to use the `-dev` suffixed packages in the `NPM` workflow we need to update the semver ranges so that the versions could be resolved to the desired packages.
michalinacienciala
force-pushed
the
ci-update-dependencies
branch
from
2ec3621
to
7bbb6f6
Compare
|
In https://github.com/keep-network/coverage-pools/actions/runs/2655950601 I'm verifying if the changes help for the ropsten deployment problem |
Unfortunately, now builds fails with |
Deployer account needed a top-up. Verifying again after sending some ETH: https://github.com/keep-network/coverage-pools/actions/runs/2655950601. |
michalinacienciala
force-pushed
the
ci-update-dependencies
branch
3 times, most recently
from
c4928e6
to
7bbb6f6
Compare
Back to coverage-pools/contracts/AssetPool.sol Lines 146 to 156 in 31d3af2 |
package.json
Outdated
| "@thesis/solidity-contracts": "github:thesis/solidity-contracts#4985bcf", | ||
| "@threshold-network/solidity-contracts": ">1.1.0-dev <1.1.0-ropsten", | ||
| "@threshold-network/solidity-contracts": ">1.2.0-dev <1.2.0-goerli", |
There was a problem hiding this comment.
Could we use development tag?
| "@threshold-network/solidity-contracts": ">1.2.0-dev <1.2.0-goerli", | |
| "@threshold-network/solidity-contracts": "development", |
Same for other dependencies.
We now tag the `@threshold-network/solidity-contracts` package containing contracts meant for develoment with `development` tag. We can use it in the `package.json` to refer to the latest package meant for development.
We're adding a step that configures git to use `https://` protocol instead of `git://` when downloading files. We need this step because the `@keep-network/tbtc` which we update in next steps has a dependency to `@summa-tx/relay-sol@2.0.2` package, which downloads one of its sub-dependencies via unathenticated `git://` protocol. That protocol is no longer supported. See https://github.blog/2021-09-01-improving-git-protocol-security-github/. We also manually change the unauthenticated git protocol used for this sub-dependency in the `package.lock`.
| @@ -87,12 +114,14 @@ jobs: | |||
| query: | | |||
| keep-core-contracts-version = github.com/keep-network/keep-core/solidity-v1#version | |||
| tbtc-contracts-version = github.com/keep-network/tbtc/solidity#version | |||
| solidity-contracts-version = github.com/threshold-network/solidity-contracts#version | |||
There was a problem hiding this comment.
| solidity-contracts-version = github.com/threshold-network/solidity-contracts#version | |
| threshold-contracts-version = github.com/threshold-network/solidity-contracts#version |
|
|
||
| - name: Resolve latest contracts | ||
| run: | | ||
| yarn upgrade \ | ||
| @keep-network/keep-core@${{ steps.upstream-builds-query.outputs.keep-core-contracts-version }} \ | ||
| @keep-network/tbtc@${{ steps.upstream-builds-query.outputs.tbtc-contracts-version }} | ||
| @keep-network/tbtc@${{ steps.upstream-builds-query.outputs.tbtc-contracts-version }} \ | ||
| @threshold-network/solidity-contracts@${{ steps.upstream-builds-query.outputs.solidity-contracts-version }} |
There was a problem hiding this comment.
| @threshold-network/solidity-contracts@${{ steps.upstream-builds-query.outputs.solidity-contracts-version }} | |
| @threshold-network/solidity-contracts@${{ steps.upstream-builds-query.outputs.threshold-contracts-version }} |
| "@keep-network/keep-core": ">1.8.0-dev <1.8.0-goerli", | ||
| "@keep-network/tbtc": ">1.1.2-dev <1.1.2-goerli", |
There was a problem hiding this comment.
Could we use the development tag here as well?
| "@keep-network/keep-core": ">1.8.0-dev <1.8.0-goerli", | |
| "@keep-network/tbtc": ">1.1.2-dev <1.1.2-goerli", | |
| "@keep-network/keep-core": "development", | |
| "@keep-network/tbtc": "development", |
| - name: Configure git to don't use unauthenticated protocol | ||
| shell: bash | ||
| run: git config --global url."https://".insteadOf git:// | ||
|
|
||
| - name: Resolve latest contracts | ||
| run: | | ||
| yarn upgrade \ |
There was a problem hiding this comment.
Let's pin to exact dependencies versions. (see keep-network/keep-core#3083 for explaination)
| yarn upgrade \ | |
| yarn upgrade --exact \ |
There was a couple of changes in the project dependencies that requuired
change of the configuration of
package.jsonandcontracts.yml:coverage-poolsbecame dependent on@threshold-network/solidity-contractspackage. This was alreadyreflected in the
package.json, but not in the CI.@threshold-network/solidity-contractsgot bumped upto
1.2.0-dev.x, which needed to be reflected inpackage.jsongoerlitestnet. This means that we will (or already did) publish packages
with the
-goerlisuffix. In order to use the-devsuffixedpackages in the
NPMworkflow we need to update the semver ranges sothat the versions could be resolved to the desired packages.
I hope that those changes will help with the problem with deployment of
coverage-poolson ropsten (https://github.com/keep-network/coverage-pools/runs/7299602405?check_suite_focus=true).