-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NEP-330 extension: Build details extension #533
Conversation
Thank you @Canvinus for submitting this NEP. As a moderator, I reviewed this NEP and it meets the proposed template guidelines. I am moving this NEP to the REVIEW stage and would like to ask the @near/wg-contract-standards working group members to assign 2 Technical Reviewers to complete a technical review (see expectations below). Just for clarity, Technical Reviewers play a crucial role in scaling NEAR ecosystem as they provide their in-depth expertise in the niche topic while work group members can stay on guard of the NEAR ecosystem. The discussions may get too deep and it would be inefficient for each WG member to dive into every single comment, so NEAR Developer Governance designed this process that includes subject matter experts helping us to scale by writing a summary with the raised concerns and how they were addressed. Technical Review Guidelines
Technical Summary guidelines:
Here is a nice example and a template for your convenience:
Please tag the @near/nep-moderators once you are done, so we can move this NEP to the voting stage. Thanks again. |
This looks useful. Any thoughts on adding
Having a field that might be one thing or something else is not super clear IMO. I personally have added I guess a downside here is that it wouldn't be backwards-compatible in instances where the |
I totally agree with that point, @lachlanglen. I've just tried to retain as much as possible from previous contributors and ensure compatibility with already deployed contracts that have the metadata. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was originally suggesting this NEP extension, so I, obviously support it. I would love to hear if there are other opinions from other WG members cc @fadeevab @robert-zaremba
@Canvinus Thank you for the NEP! (+@frol +@lachlanglen) Allow me to share my overall perception:
Finally, let me share my thoughts about flattening the structure as a matter of discussion: type ContractSourceMetadata = {
version: string, // it could be mandatory, e.g. version is mandatory for publishing Rust crates, NPM packages
source: string|null, // it could be the full path, e.g. https://github.com/my/repo/contract/src, in this case the `contract_path` is redundant
commit: Hash|Tag|null, // commit "bf48943..." or "v0.1.0" tag (@lachlanglen)
build: string|null, // build command or link to CI/CD build/release
standards: Standard[]|null,
} |
@fadeevab That is why @Canvinus I am not completely sold on your naming, but I would love to hear other opinions since I am obviously biased. I tried to keep the naming generic enough to allow some other solutions but Docker for env, and other solutions besides GitHub or even git (ipfs, tarball on s3, etc).
That would be a breaking change for NEP-330, and I don't see a good argument for that. If someone does not want to expose the version, it is up to them. It is really designed to be flexible. It is not a requirement to have this metadata to deploy your contract on the chain, right? |
I didn't realize that:
(And right, Suggestions:
☝I see that the NEP is biased toward defining build environments via public docker images.
Here I saw that the NEP is on the review and my thoughts were that the NEP is not already adopted. Need to update the README's table.
There is a case when the whole The bottom line is that the NEP can be improved with more clarification and examples. P.S.: On a side note, I once had in my experience that a compiler attached a timestamp into a binary, so the digest never was the same. I'm not sure it's true nowadays for |
/// Reference to a reproducible build environment, e.g. Docker image reference:
/// "docker.io/sourcescan/cargo-near:0.6.0"
build_environment_ref: Option<String>, @frol, I think we should also check if a Docker image is the right one by using its digest. So, we could suggest using the image's "digest" instead of its "tag" by default. For example, Also this won't be a problem by pulling via digest:
|
@fadeevab, would having a "source_code_snapshot" string field as the source for the CI/CD release, along with a "build_environment_ref" as a string field that could point to the commit of that published release, meet your requirements? |
@Canvinus I think I could use the |
Let's use |
@fadeevab I think it's good to keep both |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Recommendation
This pull request is an improvement to the NEP-330 v1.1.0 and I lean to approve it once the small concerns listed below are resolved.
Concerns
- let's be more specific about optional and required fields. For example, if using a version control system (git...) then
version
must be required. - be more specific about version and link - I suggest to add more examples (made few suggestions).
- solve naming. Suggestions: env_image -> container, build_details -> build_info
Co-authored-by: Alexander Fadeev <[email protected]>
Co-authored-by: Robert Zaremba <[email protected]>
Co-authored-by: Robert Zaremba <[email protected]>
Co-authored-by: Robert Zaremba <[email protected]>
Co-authored-by: Robert Zaremba <[email protected]>
Recommendation@near/wg-contract-standards As the Contract Standards WG member, I lean towards approving this NEP extension after resolving the concerns in the table below. BenefitsThe standard extension effectively adds a type ContractSourceMetadata = {
version: string|null,
link: string|null,
standards: Standard[]|null,
+ build_info: BuildInfo|null, // optional, details required for contract WASM reproducibility.
} The NEP provides examples of how the fields of Concerns
[1]: Should be completed within the issue near/cargo-near-new-project-template#9 |
Recommendation@near/wg-contract-standards As the Contract Standards WG member, I lean towards approving this NEP extension after resolving the Cargo.lock suggestion form @fadeevab Concerns
|
NEP Status (Updated by NEP Moderators)Status: Approved SME reviews:
Contract Standards Work Group voting indications (❔ | 👍 | 👎 ): |
@victorchimakanu we still have unfinished Cargo.lock issue #533 (comment) @Canvinus what's the status?.. |
@Canvinus @frol Agree! I created a tracking issue near/cargo-near-new-project-template#9 (don't forget it!), let's move forward with this NEP |
As the moderator, I would like to thank the author @Canvinus and @alexzinin for submitting this NEP, and the NEAR contracts standards work group members for their reviews. Based on the voting indications above, it seems like this proposal is close to a decision. We are therefore scheduling the Fifth Contract standards Work group meeting next week, where this NEP can enter the final voting stage. Anyone can discuss the technical details by adding your comments to this discussion. And join the call to learn about the final decision and how to get more involved.” Meeting InfoNEP Discussion: NEP-330 |
@Canvinus It makes sense to fix a linter error |
|
Oh, right :) Usually, a markdown formatter in VS Code fixes 99% of those issues for me, e.g. placing spaces around headers. I guess, you should try. |
Thank you to everyone who attended the Contract Standards Working Group meeting today! The working group members reviewed the NEP and reached the following consensus: Status: Approved (Meeting Recording: https://youtu.be/JQu8tObzhlM)
@Canvinus Thank you for championing the extension to NEP-330 @fadeevab @robert-zaremba Thank you for all the review! Next steps:
|
NEP-330: Source Metadata
1.2.0 - Build Details Extension
Overview
This update introduces build details to the contract metadata, containing necessary information about how the contract was built. This makes it possible for others to reproduce the same WASM of this contract. The idea first appeared in the cargo-near SourceScan integration thread.
Benefits
This NEP extension gives developers the capability to save all the required build details, making it possible to reproduce the same WASM code in the future. This ensures greater consistency in contracts and the ability to verify source code. With the assistance of tools like SourceScan and cargo-near, the development process on NEAR becomes significantly easier.