ci: add surfpool integration workflow#253
Closed
shahan-khatchadourian-anchorage wants to merge 1 commit into
Closed
ci: add surfpool integration workflow#253shahan-khatchadourian-anchorage wants to merge 1 commit into
shahan-khatchadourian-anchorage wants to merge 1 commit into
Conversation
Runs surfpool_fuzz_all_idls.sh when the 'surfpool' label is applied to a PR. Applies 'surfpool-failure' label on failure, removes it on success. Requires HELIUS_API_KEY repo secret for reliable mainnet RPC access. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot started reviewing on behalf of
shahan-khatchadourian-anchorage
April 16, 2026 20:16
View session
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow to run Surfpool-based Solana integration fuzzing for PRs labeled surfpool, and automatically manage a surfpool-failure label based on the result.
Changes:
- Introduces
.github/workflows/surfpool-solana.ymlto run./scripts/surfpool_fuzz_all_idls.shwhen a PR has thesurfpoollabel. - Installs required tooling (Rust toolchain, protoc, surfpool), runs codegen, and executes the surfpool test script.
- Adds/removes the
surfpool-failurelabel depending on the test step outcome.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
|
Dependency check before this lands — none of the workflow's runtime prerequisites currently exist on
Net effect of merging as-is: workflow registers but never runs in practice (label gate). If anyone did hand-add a Recommend either:
Either way, also worth replacing the |
shahan-khatchadourian-anchorage
added a commit
that referenced
this pull request
May 8, 2026
The workflow toggles a `surfpool-failure` label on PRs. With the prior `if: contains(labels, 'surfpool')` guard, that toggle re-fires the workflow on the same PR (since the `surfpool` label is still present when the `surfpool-failure` label is added). Any other `labeled` event on a PR that happens to carry the `surfpool` label would also re-trigger unnecessarily. Match the pattern used in `.github/workflows/stagex.yml`: on `labeled` events only run when the label being added is `surfpool`; on other events (`opened`, `synchronize`, `reopened`) require the label to already be present. Addresses copilot review comment on #253 (which proposed the same guard); folded here so #253 can be closed with the workflow's review comments resolved on this PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
Author
|
Closing as superseded by #202. The workflow file is now part of #202 and has gone further than the original here:
No content from this branch is needed. 🤖 Generated with Claude Code |
prasanna-anchorage
pushed a commit
that referenced
this pull request
May 12, 2026
The workflow toggles a `surfpool-failure` label on PRs. With the prior `if: contains(labels, 'surfpool')` guard, that toggle re-fires the workflow on the same PR (since the `surfpool` label is still present when the `surfpool-failure` label is added). Any other `labeled` event on a PR that happens to carry the `surfpool` label would also re-trigger unnecessarily. Match the pattern used in `.github/workflows/stagex.yml`: on `labeled` events only run when the label being added is `surfpool`; on other events (`opened`, `synchronize`, `reopened`) require the label to already be present. Addresses copilot review comment on #253 (which proposed the same guard); folded here so #253 can be closed with the workflow's review comments resolved on this PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
prasanna-anchorage
pushed a commit
that referenced
this pull request
May 12, 2026
) * feat: add solana_test_utils crate with SurfpoolManager Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: add surfpool mainnet-fork integration test for Solana parser Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add idl-meta tool for Python-free IDL metadata extraction * refactor: replace python3 with idl-meta in fuzz_all_idls.sh * test: add surfpool_fuzz_all_idls.sh for mainnet-fork IDL testing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: update SurfpoolManager for current surfpool CLI - Use `surfpool start` subcommand with correct flags (--port, --ws-port, --rpc-url, --no-tui, --ci) instead of obsolete top-level flags - Remove ledger_path/reset_ledger config (not surfpool concepts) - Use multi_thread tokio runtime in tests (required by solana-rpc-client) - All 15 IDLs pass surfpool integration tests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci: add surfpool fuzz workflow gated on `surfpool` label Wires the existing `HELIUS_API_KEY` repo secret into a label-gated CI job that runs `scripts/surfpool_fuzz_all_idls.sh` against all 13 embedded IDLs. The Solana parser's `SurfpoolConfig::default()` already prefers `HELIUS_API_KEY` over the public mainnet endpoint, so passing the secret through the job env is sufficient -- no code changes required. Modelled on `fuzz-solana.yml` and `proptest-solana.yml`: label-gated to control RPC quota usage, caches `~/.cargo/bin/surfpool` to skip the ~minute-long install on subsequent runs, and tags the PR with `surfpool-failure` on a red run. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci(surfpool): pin surfpool to v1.1.1, skip fork PRs, harden install gate Addresses code review on the prior commit: 1. Pin surfpool to tag v1.1.1 (matches the version verified locally against the Helius mainnet fork) and key the cached binary on the pinned version. The previous cache used `src/Cargo.lock` hash, which is decoupled from surfpool's upstream and would silently pin CI to the first-cached binary indefinitely. Splitting the binary cache from the workspace cache also lets each invalidate independently. 2. Skip the job on fork PRs (head repo != base repo). Secrets are not passed to fork PRs, so HELIUS_API_KEY would be empty and the labeling step would lack `gh pr edit` permissions; both would silently fall back to flaky public mainnet and a no-op label step. 3. Use `surfpool --version` instead of `command -v surfpool` to gate reinstall. A corrupted cached binary (interrupted previous install, ABI mismatch after toolchain bump) is now detected and rebuilt. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(surfpool): unblock Tokio worker, surface test diagnostics, fix CI install Three fixes addressing outstanding review comments and the failing CI: 1. CI install command -- the `surfpool` package was renamed to `surfpool-cli` upstream, so `cargo install surfpool --tag v1.1.1` fails with "could not find `surfpool` ... with version `*`". Drop the package name argument so cargo uses the workspace's `default-members` (`crates/cli`), which produces the `surfpool` binary regardless of future package renames within the workspace. 2. `wait_ready` no longer blocks a Tokio worker. The synchronous `RpcClient::get_version()` is now dispatched via `spawn_blocking` and the inter-attempt delay uses `tokio::time::sleep` instead of `thread::sleep`. Without this, a stalled RPC could starve other tasks on the same multi-thread runtime. 3. `surfpool_fuzz_all_idls.sh` now prints the captured cargo output on failure (both the no-summary and `N failed` paths). Previously a red IDL row printed only `FAIL (...)` and the diagnostics were silently dropped, making CI failures hard to debug. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci(surfpool): pin to commit SHA instead of tag Tags are mutable -- a force-push could silently change what we install, and `--locked` only protects transitive deps (it uses the source's Cargo.lock; it does not lock the source commit). Pin to the SHA `v1.1.1` resolved to (d58df4c) so the install target is bit-for-bit reproducible. Cache key now keys on the rev. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci(surfpool): cap lints to warn during third-party install The toolchain action exports `RUSTFLAGS: -D warnings` by default, which made the `cargo install` step fail on a benign `unused_parens` lint in upstream `surfpool-gql` v1.1.1. Deny-warnings is the right policy for our own code but wrong for installing a third-party binary at a pinned revision -- whether it compiles cleanly under future rustc is not something we want CI to gate on. Set `RUSTFLAGS=--cap-lints=warn` for just the install step so upstream warnings stay warnings without affecting any subsequent step. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci(surfpool): use upstream prebuilt binary instead of cargo install Replaces the ~10-minute `cargo install` compile with a ~5-second curl of the upstream release asset. Pins the tarball's SHA256 in the workflow so a force-pushed release asset cannot silently change what we install. The binary is dropped into `~/.local/bin/` (added to `GITHUB_PATH` for subsequent steps). Cache is keyed on (version, sha256) so a checksum bump invalidates automatically. Drops `RUSTFLAGS=--cap-lints=warn` from the install step; that was only needed to work around upstream lint regressions during compile. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * ci(surfpool): guard against label-event re-trigger loops The workflow toggles a `surfpool-failure` label on PRs. With the prior `if: contains(labels, 'surfpool')` guard, that toggle re-fires the workflow on the same PR (since the `surfpool` label is still present when the `surfpool-failure` label is added). Any other `labeled` event on a PR that happens to carry the `surfpool` label would also re-trigger unnecessarily. Match the pattern used in `.github/workflows/stagex.yml`: on `labeled` events only run when the label being added is `surfpool`; on other events (`opened`, `synchronize`, `reopened`) require the label to already be present. Addresses copilot review comment on #253 (which proposed the same guard); folded here so #253 can be closed with the workflow's review comments resolved on this PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/surfpool-solana.ymltriggered by thesurfpoolPR labelsurfpool_fuzz_all_idls.shagainst all 15 embedded IDLssurfpool-failurelabel on failure, removes it on successHELIUS_API_KEYrepo secret for reliable mainnet RPC accessStacked on #202.
Test plan
surfpoollabel is applied to a PRsurfpool-failurelabel is applied/removed based on test outcomeHELIUS_API_KEYsecret is configured as a repo secret🤖 Generated with Claude Code