Skip to content

Commit

Permalink
chore(docs): add manual allowlist check to promote runbook (#4034)
Browse files Browse the repository at this point in the history
  • Loading branch information
sesi200 authored Dec 11, 2024
1 parent eb478df commit 4722c29
Show file tree
Hide file tree
Showing 13 changed files with 1,036 additions and 739 deletions.
1,706 changes: 992 additions & 714 deletions Cargo.lock

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion deny.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ allow = [
"MIT",
"MPL-2.0",
"Zlib",
"Unicode-DFS-2016"
"Unicode-DFS-2016",
"Unicode-3.0",
]

deny = [
Expand Down
11 changes: 11 additions & 0 deletions docs/dfx-json-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -475,6 +475,7 @@
"optimize": {
"title": "Optimize Canister Wasm",
"description": "Invoke wasm level optimizations after building the canister. Optimization level can be set to \"cycles\" to optimize for cycle usage, \"size\" to optimize for binary size, or any of \"O4, O3, O2, O1, O0, Oz, Os\". Disabled by default. If this option is specified, the `shrink` option will be ignored.",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/WasmOptLevel"
Expand All @@ -497,6 +498,7 @@
"pullable": {
"title": "Pullable",
"description": "Defines required properties so that this canister is ready for `dfx deps pull` by other projects.",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/Pullable"
Expand All @@ -509,6 +511,7 @@
"remote": {
"title": "Remote Configuration",
"description": "Used to mark the canister as 'remote' on certain networks.",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/ConfigCanistersCanisterRemote"
Expand Down Expand Up @@ -537,6 +540,7 @@
"tech_stack": {
"title": "Tech Stack",
"description": "Defines the tech stack used to build this canister.",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/TechStack"
Expand Down Expand Up @@ -668,6 +672,7 @@
"nodes": {
"title": "Available Nodes",
"description": "Addresses of nodes to connect to (in case discovery from seeds is not possible/sufficient).",
"default": null,
"type": [
"array",
"null"
Expand Down Expand Up @@ -947,6 +952,7 @@
"compute_allocation": {
"title": "Compute Allocation",
"description": "Must be a number between 0 and 100, inclusively. It indicates how much compute power should be guaranteed to this canister, expressed as a percentage of the maximum compute power that a single canister can allocate.",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/PossiblyStr_for_uint64"
Expand All @@ -959,6 +965,7 @@
"freezing_threshold": {
"title": "Freezing Threshold",
"description": "Freezing threshould of the canister, measured in seconds. Valid inputs are numbers (seconds) or strings parsable by humantime (e.g. \"15days 2min 2s\").",
"default": null,
"type": [
"string",
"null"
Expand All @@ -967,6 +974,7 @@
"log_visibility": {
"title": "Log Visibility",
"description": "Specifies who is allowed to read the canister's logs.\n\nCan be \"public\", \"controllers\" or \"allowed_viewers\" with a list of principals.",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/CanisterLogVisibility"
Expand All @@ -979,6 +987,7 @@
"memory_allocation": {
"title": "Memory Allocation",
"description": "Maximum memory (in bytes) this canister is allowed to occupy. Can be specified as an integer, or as an SI unit string (e.g. \"4KB\", \"2 MiB\")",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/Byte"
Expand All @@ -991,6 +1000,7 @@
"reserved_cycles_limit": {
"title": "Reserved Cycles Limit",
"description": "Specifies the upper limit of the canister's reserved cycles balance.\n\nReserved cycles are cycles that the system sets aside for future use by the canister. If a subnet's storage exceeds 450 GiB, then every time a canister allocates new storage bytes, the system sets aside some amount of cycles from the main balance of the canister. These reserved cycles will be used to cover future payments for the newly allocated bytes. The reserved cycles are not transferable and the amount of reserved cycles depends on how full the subnet is.\n\nA setting of 0 means that the canister will trap if it tries to allocate new storage while the subnet's memory usage exceeds 450 GiB.",
"default": null,
"type": [
"integer",
"null"
Expand All @@ -1001,6 +1011,7 @@
"wasm_memory_limit": {
"title": "Wasm Memory Limit",
"description": "Specifies a soft limit (in bytes) on the Wasm memory usage of the canister.\n\nUpdate calls, timers, heartbeats, installs, and post-upgrades fail if the Wasm memory usage exceeds this limit. The main purpose of this setting is to protect against the case when the canister reaches the hard 4GiB limit.\n\nMust be a number of bytes between 0 and 2^48 (i.e. 256 TiB), inclusive. Can be specified as an integer, or as an SI unit string (e.g. \"4KB\", \"2 MiB\")",
"default": null,
"anyOf": [
{
"$ref": "#/definitions/Byte"
Expand Down
1 change: 1 addition & 0 deletions docs/networks-json-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
"nodes": {
"title": "Available Nodes",
"description": "Addresses of nodes to connect to (in case discovery from seeds is not possible/sufficient).",
"default": null,
"type": [
"array",
"null"
Expand Down
30 changes: 17 additions & 13 deletions docs/process/release.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,9 @@ Once the beta releases are ready to be promoted:
## Stage 4: Draft PRs to prepare for promotion - day 3
All following PRs should be created as "draft".
The following three PRs should be created as "draft". Obtain approval, but do not merge them yet.
Obtain approval, but do not merge them yet.
The fourth PR (the one that updates the Motoko playground whitelist) needs to be merged and deployed before moving on to the next stage.
### Promote the release in [sdk](https://github.com/dfinity/sdk)
Expand All @@ -79,6 +79,7 @@ Obtain approval, but do not merge them yet.
- Set `.tags.latest` to the new dfx version;
- Remove the beta releases from the `versions` array;
1. Open a PR from this branch to `master`;
1. Obtain approval, but do not merge this PR yet.
[Sample PR](https://github.com/dfinity/sdk/pull/3491)
Expand All @@ -90,42 +91,45 @@ Obtain approval, but do not merge them yet.
1. Change to the sdk submodule: `cd submodules/sdk`
1. Checkout the release branch, e.g. `git checkout release-0.18.0`
1. Go back to project root and commit the submodule change.
- Obtain approval, but do not merge this PR yet.
[Sample PR](https://github.com/dfinity/portal/pull/2330)
### Update the [examples](https://github.com/dfinity/examples) default dfx
- Modify `DFX_VERSION` in these two files:
- [provision-darwin.sh](https://github.com/dfinity/examples/blob/master/.github/workflows/provision-darwin.sh)
- [provision-linux.sh](https://github.com/dfinity/examples/blob/master/.github/workflows/provision-linux.sh)
- Obtain approval, but do not merge this PR yet.
[Sample PR](https://github.com/dfinity/examples/pull/704)
### Update the [motoko-playground][motoko-playground] frontend canister hash whitelist
- Click the "Run workflow" button on the [Broadcast Frontend Hash page](https://github.com/dfinity/sdk/actions/workflows/broadcast-frontend-hash.yml).
- Fill "Release version of dfx" with the version of this release.
- The workflow will create a PR in the [motoko-playground][motoko-playground] repo.
- Merge and deploy this PR before the next stage.
[Sample PR](https://github.com/dfinity/motoko-playground/pull/217)
[motoko-playground]: https://github.com/dfinity/motoko-playground
### Update the [examples](https://github.com/dfinity/examples) default dfx
Modify `DFX_VERSION` in these two files:
- [provision-darwin.sh](https://github.com/dfinity/examples/blob/master/.github/workflows/provision-darwin.sh)
- [provision-linux.sh](https://github.com/dfinity/examples/blob/master/.github/workflows/provision-linux.sh)
[Sample PR](https://github.com/dfinity/examples/pull/704)
## Stage 5: Promote the release - day 4
* Precondition: Make sure `dfx deploy --playground` works with a project created by `dfx new`. This makes sure that the asset canister wasm is properly allowlisted in the playground backend.
### Update the GitHub release
- Unset the "Pre-release" flag
- Set the "Latest" flag
### Merge PRs
Merge all 4 PRs created in the previous stage:
Merge all 3 PRs created in the previous stage that have not been merged yet:
- Promote the release
- Update the portal
- Update the motoko-playground
- Update the examples
### Post to the forum
Expand Down
2 changes: 1 addition & 1 deletion e2e/tests-dfx/assetscanister.bash
Original file line number Diff line number Diff line change
Expand Up @@ -1056,7 +1056,7 @@ CHERRIES" "$stdout"
assert_command dfx canister call --query e2e_project_frontend get '(record{key="/logo.png";accept_encodings=vec{"identity"}})'
assert_match 'content_type = "image/png"'
assert_command dfx canister call --query e2e_project_frontend get '(record{key="/index.js";accept_encodings=vec{"identity"}})'
assert_match 'content_type = "application/javascript"'
assert_match 'content_type = "text/javascript"'
assert_command dfx canister call --query e2e_project_frontend get '(record{key="/sample-asset.txt";accept_encodings=vec{"identity"}})'
assert_match 'content_type = "text/plain"'
assert_command dfx canister call --query e2e_project_frontend get '(record{key="/main.css";accept_encodings=vec{"identity"}})'
Expand Down
4 changes: 2 additions & 2 deletions e2e/tests-icx-asset/icx-asset.bash
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ icx_asset_upload() {
icx_asset_list

assert_match "sample-asset.txt.*text/plain.*identity"
assert_match "notreally.js.*application/javascript.*gzip"
assert_match "notreally.js.*application/javascript.*identity"
assert_match "notreally.js.*text/javascript.*gzip"
assert_match "notreally.js.*text/javascript.*identity"
}

@test "creates new files" {
Expand Down
2 changes: 1 addition & 1 deletion rust-toolchain.toml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
[toolchain]
channel = "1.76.0"
channel = "1.78.0"
components = ["rustfmt", "clippy"]
targets = ["wasm32-unknown-unknown"]
2 changes: 1 addition & 1 deletion src/canisters/frontend/ic-asset/src/asset/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@ impl AssetConfig {
}

if other.encodings.is_some() {
self.encodings = other.encodings.clone();
self.encodings.clone_from(&other.encodings);
}

if other.security_policy.is_some() {
Expand Down
2 changes: 1 addition & 1 deletion src/dfx/src/lib/deps/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ pub fn get_pull_canister_or_principal(
let p = Principal::from_text(canister).with_context(||
format!("{canister} is not a valid Principal nor a `type: pull` canister specified in dfx.json")
)?;
if pulled_json.canisters.get(&p).is_none() {
if !pulled_json.canisters.contains_key(&p) {
bail!("Could not find {} in pulled.json", &p);
}
Ok(p)
Expand Down
8 changes: 5 additions & 3 deletions src/dfx/src/lib/deps/pull/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -173,9 +173,11 @@ async fn download_and_generate_pulled_canister(
let dfx_metadata_str = get_metadata_as_string(&module, DFX, &wasm_path)?;
let dfx_metadata: DfxMetadata = serde_json::from_str(&dfx_metadata_str)?;
let pullable = dfx_metadata.get_pullable()?;
pulled_canister.dependencies = pullable.dependencies.clone();
pulled_canister.init_guide = pullable.init_guide.clone();
pulled_canister.init_arg = pullable.init_arg.clone();
pulled_canister
.dependencies
.clone_from(&pullable.dependencies);
pulled_canister.init_guide.clone_from(&pullable.init_guide);
pulled_canister.init_arg.clone_from(&pullable.init_arg);

Ok(pulled_canister)
}
Expand Down
2 changes: 1 addition & 1 deletion src/dfx/src/lib/environment.rs
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ pub trait Environment {
}

// Explicit lifetimes are actually needed for mockall to work properly.
#[allow(clippy::needless_lifetimes)]
#[allow(clippy::needless_lifetimes, unused)]
fn log<'a>(&self, record: &Record<'a>) {
self.get_logger().log(record);
}
Expand Down
2 changes: 1 addition & 1 deletion src/dfx/src/lib/manifest.rs
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ pub fn get_latest_version(
.tags
.get("latest")
.ok_or_else(|| error_invalid_data!("expected field 'latest' in 'tags'"))
.map(|v| v.clone())
.cloned()
}

#[cfg(test)]
Expand Down

0 comments on commit 4722c29

Please sign in to comment.