This repository provides GitHub Actions for managing Solana program deployments and verification. It is highly recommended to use the squads integration for program deployments.
- ✅ Automated program builds
- ✅ Program verification against source code
- ✅ IDL buffer creation and uploads
- ✅ Squads multisig integration
- ✅ Program deploys for both devnet and mainnet
- ✅ Compute budget optimization
- ✅ Retry mechanisms for RPC failures
The easiest way to use the github actions is using one of the reusable workflows. You can also follow this Video Walkthrough
There are three examples:
Some of the actions of the build workflow require you to add secrets to your repository:
# Network RPC URLs
DEVNET_SOLANA_DEPLOY_URL= # Your devnet RPC URL - Recommended to use a payed RPC url
MAINNET_SOLANA_DEPLOY_URL= # Your mainnet RPC URL - Recommended to use a payed RPC url
# Deployment Keys
DEVNET_DEPLOYER_KEYPAIR= # Base58 encoded keypair for devnet
MAINNET_DEPLOYER_KEYPAIR= # Base58 encoded keypair for mainnet
PROGRAM_ADDRESS_KEYPAIR= # Keypair of the program address - Needed for initial deploy and for native programs to find the program address. Can also be overwritten in the workflow if you dont have the keypair.
# For Squads integration
MAINNET_MULTISIG= # Mainnet Squads multisig address
MAINNET_MULTISIG_VAULT= # Mainnet Squads vault addressCustomize the workflow to your needs!
-
setup-all: Comprehensive development environment setup- Installs and configures Solana CLI tools
- Sets up Anchor framework (if needed)
- Installs solana-verify for build verification
- Configures Node.js environment
- Handles caching for faster subsequent runs
- Inputs:
solana_version: Solana version to installanchor_version: Anchor version to installverify_version: solana-verify version to installnode_version: Node.js version to install
-
extract-versions: Automatically detects required versions- Extracts Solana version from Cargo.lock
- Detects Anchor version from Anchor.toml or Cargo.lock
- Provides fallback versions if not found
- Outputs:
solana_version: Detected Solana versionanchor_version: Detected Anchor version
build-verified: Builds program with verification support- Uses solana-verify for reproducible builds
- Supports both native and Anchor programs
- Handles feature flags and conditional compilation
- Inputs:
program: Program name to buildfeatures: Optional Cargo features to enable
-
write-program-buffer: Writes a buffer that will then later be set either from the provided keypair or from the squads multisig- Creates buffer for program deployment
- Set the buffer authority either to the provided keypair or to the squads multisig
- Supports priority fees for faster transactions
- Inputs:
program-id: Target program IDprogram: Program namerpc-url: Solana RPC endpointkeypair: Deployer keypairbuffer-authority-address: Authority for the bufferpriority-fee: Transaction priority fee
-
write-idl-buffer: Writes an Anchor IDL buffer that will then later be set either from the provided keypair or from the squads multisig- Creates IDL buffer
- Sets up IDL authority
- Prepares for IDL updates
- Inputs:
program-id: Program IDprogram: Program namerpc-url: Solana RPC endpointkeypair: Deployer keypairidl-authority: Authority for IDL updates
build-anchor: Specialized Anchor program builderprogram-upgrade: Handles the exteding of the program account in case the program is getting bigger and either sets the buffer or skips that in case of squads deployidl-upload: Either sets the IDL buffer or skips that in case of squads deployverify-build: Verifies on-chain programs match source using solana-verify andthe osec api
- Trigger verified build PDA upload
- Verify build remote trigger
- Support and test squads Verify
- Support and test squads IDL
- Support and test squads Program deploy
- Separate IDL and Program buffer action
- Remove deprecated cache functions
- Remove node-version from anchor build
- Skip anchor build when native program build
- Make verify build and anchor build in parallel
- Trigger release build on tag push
- Trigger devnet releases on develop branch?
- Make solana verify also work locally using cat
- Use keypairs to find deployer address to remove 2 secrets
- Add priority fees
- Add extend program if needed
- Bundle the needed TS scripts with the .github actions for easier copy paste
- Add running tests
- Research support for different test frameworks
- Add Codama support
- Add to solana helpers or mucho -> release
- Write guide and record video
There may the occasions where the release flow fails in between writing the program buffer and the program deploy in squads. In that case you may want to close a buffer that was already transferred authority to your multisig. You can do that using the following command:
solana program show --buffers --buffer-authority <You multisig vault address>
npx ts-node scripts/squad-closebuffer.ts \
--rpc "https://api.mainnet-beta.solana.com" \
--multisig "FJviNjW3L2u2kR4TPxzUNpfe2ZjrULCRhQwWEu3LGzny" \
--buffer "7SGJSG8aoZj39NeAkZvbUvsPDMRcUUrhRhPzgzKv7743" \
--keypair ~/.config/solana/id.json \
--program "BhV84MZrRnEvtWLdWMRJGJr1GbusxfVMHAwc3pq92g4z"- Fix extend program size check
- Remove compute unit price from program extend
- Fixed program size extraction in buffer write action
- Combined setup actions into a single
setup-allaction - Improved version management with override capabilities
- Added support for feature flags in builds and tests
- Enhanced caching strategy for faster builds
- Added version override inputs:
override-solana-versionoverride-anchor-version
- Added feature flags support for tests
- Added toml-cli caching
- Improved error handling in buffer management
- Removed individual setup actions in favor of
setup-all - Changed input parameter naming convention (using underscores instead of hyphens)
- Simplified build-verified action inputs
- Fixed version extraction logic
- Fixed cache key generation
- Fixed buffer authority handling
- Updated README with detailed action descriptions
- Added comprehensive input/output documentation
- Added buffer cleanup instructions