{"id":29880300,"url":"https://github.com/solana-developers/github-workflows","last_synced_at":"2025-07-31T09:40:54.900Z","repository":{"id":275938131,"uuid":"927628860","full_name":"solana-developers/github-workflows","owner":"solana-developers","description":"A reusable workflow to build anchor and native programs, upload IDL, verify and support squads multisig","archived":false,"fork":false,"pushed_at":"2025-07-26T00:13:43.000Z","size":66,"stargazers_count":18,"open_issues_count":1,"forks_count":6,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-26T07:18:45.614Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/solana-developers.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-05T09:23:46.000Z","updated_at":"2025-07-26T00:13:29.000Z","dependencies_parsed_at":"2025-07-26T02:12:00.551Z","dependency_job_id":"8e20582f-6474-40e2-b50d-7eb3792d81ae","html_url":"https://github.com/solana-developers/github-workflows","commit_stats":null,"previous_names":["woody4618/github-action-workflow","solana-developers/github-workflows"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/solana-developers/github-workflows","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/solana-developers%2Fgithub-workflows","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/solana-developers%2Fgithub-workflows/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/solana-developers%2Fgithub-workflows/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/solana-developers%2Fgithub-workflows/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/solana-developers","download_url":"https://codeload.github.com/solana-developers/github-workflows/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/solana-developers%2Fgithub-workflows/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268017357,"owners_count":24181669,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-31T02:00:08.723Z","response_time":66,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-31T09:40:53.096Z","updated_at":"2025-07-31T09:40:54.855Z","avatar_url":"https://github.com/solana-developers.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"## Reusable Github workflow to build, deploy and verify solana programs and IDLs\n\nThis repository provides GitHub workflows that automatically build, verify, and deploy solana programs including their IDL uploads.\nThese workflows use the [solana developers github actions](https://github.com/solana-developers/github-actions) and combine them into an easy to use workflow. \nThere is also squads multisig support which is highly recommended to be used.\nFor the workflow you just need to set `use-squads` to true and add the needed secrets to use the [squads program action](https://github.com/solana-developers/squads-program-action) automatically.\n\n### Features\n\n- ✅ Automated program builds\n- ✅ Program verification against source code\n- ✅ IDL buffer creation and uploads\n- ✅ Squads multisig integration\n- ✅ Program deploys for both devnet and mainnet\n- ✅ Compute budget optimization\n- ✅ Retry mechanisms for RPC failures\n- ✅ Running anchor tests\n- ✅ Caching for faster reruns for all installs\n- ✅ Extend program automatically\n  \n### How to use\n\nEasiest is to follow this [Video Guide](https://youtu.be/h-ngRgWW_IM). \n\nCreate a Solana Program. Either a [native program](https://solana.com/de/developers/guides/getstarted/local-rust-hello-world) and an [anchor program](https://www.anchor-lang.com/docs/quickstart/local). The program with the `anchor.toml` and/or `cargo.toml` need to be in the root of your repository for these workflows to work out of the box.\n\n```yaml\nname: Devnet Build and Deploy\n\non:\n  workflow_dispatch:\n    inputs:\n      priority_fee:\n        description: \"Priority fee for transactions\"\n        required: true\n        default: \"300000\"\n        type: string\n\njobs:\n  build:\n    uses: solana-developers/github-workflows/.github/workflows/reusable-build.yaml@v0.2.9\n    with:\n      program: \"hello_world\"\n      program-id: \"YOUR_PROGRAM_ID\"\n      network: \"devnet\"\n      deploy: true\n      upload_idl: true\n      verify: false\n      use-squads: false\n      priority-fee: ${{ github.event.inputs.priority_fee }}\n    secrets:\n      DEVNET_SOLANA_DEPLOY_URL: ${{ secrets.DEVNET_SOLANA_DEPLOY_URL }}\n      DEVNET_DEPLOYER_KEYPAIR: ${{ secrets.DEVNET_DEPLOYER_KEYPAIR }}\n      PROGRAM_ADDRESS_KEYPAIR: ${{ secrets.PROGRAM_ADDRESS_KEYPAIR }}\n```\n\nOr for mainnet with source code verification and squads integration:\n\n```yaml\nname: Release to mainnet with IDL and verify\n\non:\n  workflow_dispatch:\n    inputs:\n      priority_fee:\n        description: \"Priority fee for transactions\"\n        required: true\n        default: \"300000\"\n        type: string\n\njobs:\n  build:\n    uses: solana-developers/github-workflows/.github/workflows/reusable-build.yaml@v0.2.9\n    with:\n      program: \"transaction_example\"\n      program-id: \"YOUR_PROGRAM_ID\"\n      network: \"mainnet\"\n      deploy: true\n      upload_idl: true\n      verify: true\n      use-squads: true\n      priority-fee: ${{ github.event.inputs.priority_fee }}\n\n    secrets:\n      MAINNET_SOLANA_DEPLOY_URL: ${{ secrets.MAINNET_SOLANA_DEPLOY_URL }}\n      MAINNET_DEPLOYER_KEYPAIR: ${{ secrets.MAINNET_DEPLOYER_KEYPAIR }}\n      PROGRAM_ADDRESS_KEYPAIR: ${{ secrets.PROGRAM_ADDRESS_KEYPAIR }}\n      MAINNET_MULTISIG: ${{ secrets.MAINNET_MULTISIG }}\n      MAINNET_MULTISIG_VAULT: ${{ secrets.MAINNET_MULTISIG_VAULT }}\n```\n\nThere are three examples:\n\n- [Anchor Program](https://github.com/Woody4618/anchor-github-action-example)\n- [Native Program](https://github.com/Woody4618/native-solana-github-action-example)\n- [Anchor Program using Squads](https://github.com/Woody4618/workflow-tutorial) \n\n### Required Secrets for specific actions\n\nSome of the options of the build workflow require you to add secrets to your repository:\n\n```bash\n# Network RPC URLs\nDEVNET_SOLANA_DEPLOY_URL=   # Your devnet RPC URL - Recommended to use a payed RPC url\nMAINNET_SOLANA_DEPLOY_URL=  # Your mainnet RPC URL - Recommended to use a payed RPC url\n\n# Deployment Keys\nDEVNET_DEPLOYER_KEYPAIR=    # Keypaig in the format of byte array [3, 45, 23, ...]\nMAINNET_DEPLOYER_KEYPAIR=   # Keypaig in the format of byte array [3, 45, 23, ...]\n\nPROGRAM_ADDRESS_KEYPAIR=    # Keypair of the program address - Needed for initial deploy and for native programs to find the program address. Can also be overwritten in the workflow if you dont have the keypair.\n\n# For Squads integration (There is sadly no devnet squads ui)\nMAINNET_MULTISIG=          # Mainnet Squads multisig address\nMAINNET_MULTISIG_VAULT=    # Mainnet Squads vault address\n```\n\nThis is how you can run anchor tests everytime tests or the program changed on push: \n\n```yaml\nname: Anchor Tests\n\non:\n  push:\n    branches: [main]\n    paths:\n      - \"programs/**\"\n      - \"tests/**\"\n      - \"Anchor.toml\"\n      - \"Cargo.toml\"\n      - \"Cargo.lock\"\n  workflow_dispatch:\n    inputs:\n      program:\n        description: \"Program to test\"\n        required: true\n        default: \"transaction_example\"\n\njobs:\n  test:\n    uses: solana-developers/github-workflows/.github/workflows/test.yaml@v0.2.9\n    with:\n      program: ${{ 'transaction_example' }}\n```\n\n### Extend and automate\n\nYou can easily extend or change your workflow. For example run the build workflow automatically on every push to a development branch.\n\n```bash\n  push:\n    branches:\n      - develop\n      - dev\n      - development\n    paths:\n      - 'programs/**'\n      - 'Anchor.toml'\n      - 'Cargo.toml'\n      - 'Cargo.lock'\n```\n\nOr run a new release to mainnet on every tag push for example.\n\n```bash\n  push:\n    tags:\n      - 'v*'\n```\n\nOr you can setup a matrix build for multiple programs and networks.\nCustomize the workflow to your needs!\n\n## How to setup Squads integration:\n\nIn general its recommended to use the [Squads Multisig](https://docs.squads.so/main/getting-started/create-a-squad) or any other multisig plattform to manage your programs.\nIt makes your program deployments more secure and is considered good practice.\n\n1. Setup a new squad in [Squads](https://v4.squads.so/squads/) then transfer your program authority to the squad.\n\n\u003cimg width=\"1345\" alt=\"image\" src=\"https://github.com/user-attachments/assets/c1b9d003-806f-4389-bf4c-3275f180f479\" /\u003e\n\n\n2. Add your local keypair to the squad as a member (At least needs to have voter permissions) so that it can propose transactions. And also add that keypair as a github secret.\n   To run it locally add the following to your .secrets file:\n\n```bash\nDEVNET_DEPLOYER_KEYPAIR=\nMAINNET_DEPLOYER_KEYPAIR=\n```\n\n\u003cimg width=\"832\" alt=\"image\" src=\"https://github.com/user-attachments/assets/492eee0c-48d0-4748-838e-849d7b91f773\" /\u003e\n\n\n2. Add the multisig information to your `.secrets` file if you want to run it locally or add them to your github action secrets (Not workflow secrets) if you want to run it in github actions:\n\n\u003cimg width=\"1384\" alt=\"image\" src=\"https://github.com/user-attachments/assets/8bb62dab-d17b-4163-be0f-52ce51affc32\" /\u003e\n\n\n```bash\nDEVNET_MULTISIG=        # Sadly at the time of writing squads V4 does not support devnet\nDEVNET_MULTISIG_VAULT=  # Sadly at the time of writing squads V4 does not support devnet\nMAINNET_MULTISIG=\nMAINNET_MULTISIG_VAULT=\n```\n\nWhere Multisig vault is the address you can find on the top left corner in the [Squads Dachboard](https://v4.squads.so/squads/)\nThe MULTISIG is the address of the multisig you want to use this one you can find the the settings. Its a bit more hidden so that people dont accidentally use it as program upgrade authority.\n\n\u003cimg width=\"1735\" alt=\"image\" src=\"https://github.com/user-attachments/assets/34584a9a-62b9-42c9-a6c4-4e4bf99e6631\" /\u003e\n\nWhat this workflow will do is write a program and an IDL buffer for your program and then propose a transaction that you can approve in the Squads UI.\n\nOnce the build was successful you can see the program upgrade transaction in your squads ui: \n\n\u003cimg width=\"1836\" alt=\"image\" src=\"https://github.com/user-attachments/assets/fde50e11-00b8-4c3b-923f-f18029edacdf\" /\u003e\n\n\n### Additional step for verification when using squads\n\nThe verification process with Osec API will start automatically as soon as you submitted the transaction in squads that wrote the Verify PDA. \n\nIf it does not show as verified in the explorer after a while you can use this command to see the proggress of the verification or trigger a new run if it did not trigger automatcally: \n\n```bash\nsolana-verify remote submit-job --program-id \u003cyourProgramId\u003e  --uploader \u003cyourSquadVaultAddress\u003e\n```\n\n\nClose Buffer:\n\nIn case your workflow fails and the buffer was already created and transfered to your squads vault you can close that buffer using this [script](https://github.com/solana-developers/github-actions?tab=readme-ov-file#close-buffer-in-case-of-failure). \n\n\n### Running the actions locally (optional)\n\nIf you for some reason want to run the actions locally you can do so with the following commands using the act command.\n\nFollow the instructions [here](https://nektosact.com/installation/index.html) to install act.\n\n1. Build\n\nYou need to copy the workflow file to your local `.github/workflows` directory because act does not support reusable workflows.\nJust pick the parameters you want. This is using act to run the workflow locally. Good for testing or if you dont want to install anything because this is running in docker and outputs the build artifacts as well.\n\n```bash\nact -W .github/workflows/reusable-build.yaml \\\n --container-architecture linux/amd64 \\\n --secret-file .secrets \\\n workflow_dispatch \\\n --input program=transaction-example \\\n --input network=devnet \\\n --input deploy=true \\\n --input upload_idl=true \\\n --input verify=true \\\n --input use-squads=false\n```\n\n2. Run anchor tests\n\nNote: The anchor tests use solana-test-validator which does not work in act docker container on mac because of AVX dependency. Either run them in github, locally without docker or open PR to fix it. I couldnt find a nice way to make local-test-validator run in act.\nYou can adjust the workflow to run your specific tests as well.\n\n```bash\nact -W .github/workflows/test.yaml \\\n --container-architecture linux/amd64 \\\n --secret-file .secrets \\\n workflow_dispatch \\\n --input program=transaction-example\n```\n\n\n## 📝 Todo List\n\n### Program Verification\n\n- [x] Trigger verified build PDA upload\n- [x] Verify build remote trigger\n- [x] Support and test squads Verify\n- [x] Support and test squads IDL\n- [x] Support and test squads Program deploy\n\n### Action Improvements\n\n- [x] Separate IDL and Program buffer action\n- [x] Remove deprecated cache functions\n- [x] Remove node-version from anchor build\n- [x] Skip anchor build when native program build\n- [ ] Make verify build and anchor build in parallel\n- [x] Trigger release build on tag push\n- [x] Trigger devnet releases on develop branch?\n- [x] Make solana verify also work locally using cat\n- [x] Use keypairs to find deployer address to remove 2 secrets\n- [x] Add priority fees\n- [x] Add extend program if needed\n- [x] Bundle the needed TS scripts with the .github actions for easier copy paste\n\n### Testing \u0026 Integration\n\n- [x] Add running tests\n  - Research support for different test frameworks\n- [ ] Add Codama support\n- [ ] Add to solana helpers or mucho -\u003e release\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsolana-developers%2Fgithub-workflows","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsolana-developers%2Fgithub-workflows","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsolana-developers%2Fgithub-workflows/lists"}