From 984ea9a6d85d7308e651267a7d91404a42a522c0 Mon Sep 17 00:00:00 2001 From: "Nakamoto, S" Date: Wed, 22 Apr 2026 20:55:48 +0000 Subject: [PATCH 1/3] ci(validate): init cross-chain-pmm-lps so validation gate passes The validate job in deploy-to-phoenix.yml (and validate-on-pr.yml) relies on cross-chain-pmm-lps/config/*.json for the cW* mesh matrix and deployment rules checks, but actions/checkout@v4 does not initialize submodules. .gitmodules mixes Gitea HTTPS and git@github.com: SSH URLs, so blanket 'submodules: recursive' isn't safe on the runner either. - Add a pre-step to each validate job that shallow-clones https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git into ./cross-chain-pmm-lps/ when deployment-status.json isn't present. Idempotent: no-op on hosts that already have the submodule. - Harden run-all-validation.sh step 3/3b to degrade gracefully with a clear skip message when deployment-status.json is absent, so local runs without the submodule don't false-fail. Fixes the pre-existing validation failure (runs 132-137) that was blocking the new deploy-atomic-swap-dapp job from triggering. --- .gitea/workflows/deploy-to-phoenix.yml | 15 +++++++++++++++ .gitea/workflows/validate-on-pr.yml | 9 +++++++++ scripts/verify/run-all-validation.sh | 11 +++++++---- 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/deploy-to-phoenix.yml b/.gitea/workflows/deploy-to-phoenix.yml index f0f8a3d5..f058145f 100644 --- a/.gitea/workflows/deploy-to-phoenix.yml +++ b/.gitea/workflows/deploy-to-phoenix.yml @@ -12,6 +12,21 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Materialize cross-chain-pmm-lps (config only) + run: | + set -euo pipefail + # The cw* mesh matrix and deployment-status validators read + # cross-chain-pmm-lps/config/*.json. That submodule uses mixed + # SSH/HTTPS remotes, so instead of recursing submodules (which + # would fail on git@github.com: URLs without a deploy key), + # we shallow-clone the Gitea mirror for config reads only. + if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then + rm -rf cross-chain-pmm-lps + git clone --depth=1 \ + https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \ + cross-chain-pmm-lps + fi + - name: Run repo validation gate run: | bash scripts/verify/run-all-validation.sh --skip-genesis diff --git a/.gitea/workflows/validate-on-pr.yml b/.gitea/workflows/validate-on-pr.yml index 3cb7b9d9..cc5ba463 100644 --- a/.gitea/workflows/validate-on-pr.yml +++ b/.gitea/workflows/validate-on-pr.yml @@ -12,5 +12,14 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + - name: Materialize cross-chain-pmm-lps (config only) + run: | + set -euo pipefail + if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then + rm -rf cross-chain-pmm-lps + git clone --depth=1 \ + https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \ + cross-chain-pmm-lps + fi - name: run-all-validation (no LAN, no genesis) run: bash scripts/verify/run-all-validation.sh --skip-genesis diff --git a/scripts/verify/run-all-validation.sh b/scripts/verify/run-all-validation.sh index 7cd48a5a..51cb1b83 100644 --- a/scripts/verify/run-all-validation.sh +++ b/scripts/verify/run-all-validation.sh @@ -41,22 +41,25 @@ echo "" echo "3. cW* mesh matrix (deployment-status + Uni V2 pair-discovery)..." DISCOVERY_JSON="$PROJECT_ROOT/reports/extraction/promod-uniswap-v2-live-pair-discovery-latest.json" -if [[ -f "$DISCOVERY_JSON" ]]; then +PMM_STATUS="$PROJECT_ROOT/cross-chain-pmm-lps/config/deployment-status.json" +if [[ -f "$DISCOVERY_JSON" && -f "$PMM_STATUS" ]]; then MATRIX_JSON="$PROJECT_ROOT/reports/status/cw-mesh-deployment-matrix-latest.json" bash "$SCRIPT_DIR/build-cw-mesh-deployment-matrix.sh" --no-markdown --json-out "$MATRIX_JSON" || log_err "cw mesh matrix merge failed" log_ok "cW mesh matrix OK (also wrote $MATRIX_JSON)" -else +elif [[ ! -f "$DISCOVERY_JSON" ]]; then echo " ($DISCOVERY_JSON missing — run: bash scripts/verify/build-promod-uniswap-v2-live-pair-discovery.sh)" +else + echo " ($PMM_STATUS missing — cross-chain-pmm-lps submodule not initialized; skip)" fi echo "" echo "3b. deployment-status graph (cross-chain-pmm-lps)..." PMM_VALIDATE="$PROJECT_ROOT/cross-chain-pmm-lps/scripts/validate-deployment-status.cjs" -if [[ -f "$PMM_VALIDATE" ]] && command -v node &>/dev/null; then +if [[ -f "$PMM_VALIDATE" && -f "$PMM_STATUS" ]] && command -v node &>/dev/null; then node "$PMM_VALIDATE" || log_err "validate-deployment-status.cjs failed" log_ok "deployment-status.json rules OK" else - echo " (skip: node or $PMM_VALIDATE missing)" + echo " (skip: node, $PMM_VALIDATE, or $PMM_STATUS missing)" fi echo "" -- 2.34.1 From cd1b8057d48b4e85724b8c5bee937764ddeb9f35 Mon Sep 17 00:00:00 2001 From: "Nakamoto, S" Date: Wed, 22 Apr 2026 21:44:11 +0000 Subject: [PATCH 2/3] ci(validate): use actions/checkout for private pmm-lps with built-in token Anonymous git clone of the private d-bis/cross-chain-pmm-lps repo hangs on the Gitea runner waiting for credentials. Use actions/checkout@v4 with `repository`, `path`, and `token: secrets.GITHUB_TOKEN` so the in-org runner token handles auth cleanly in both deploy-to-phoenix.yml and validate-on-pr.yml. --- .gitea/workflows/deploy-to-phoenix.yml | 25 ++++++++++++------------- .gitea/workflows/validate-on-pr.yml | 14 ++++++-------- 2 files changed, 18 insertions(+), 21 deletions(-) diff --git a/.gitea/workflows/deploy-to-phoenix.yml b/.gitea/workflows/deploy-to-phoenix.yml index f058145f..74aea6f7 100644 --- a/.gitea/workflows/deploy-to-phoenix.yml +++ b/.gitea/workflows/deploy-to-phoenix.yml @@ -12,20 +12,19 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + # The cw* mesh matrix and deployment-status validators read + # cross-chain-pmm-lps/config/*.json. That repo is private and + # .gitmodules mixes Gitea HTTPS with git@github.com: SSH URLs, + # so `submodules: recursive` on the parent checkout isn't safe. + # Pull only the pmm-lps repo into a sibling path using the + # built-in Actions token (scoped to the same org). - name: Materialize cross-chain-pmm-lps (config only) - run: | - set -euo pipefail - # The cw* mesh matrix and deployment-status validators read - # cross-chain-pmm-lps/config/*.json. That submodule uses mixed - # SSH/HTTPS remotes, so instead of recursing submodules (which - # would fail on git@github.com: URLs without a deploy key), - # we shallow-clone the Gitea mirror for config reads only. - if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then - rm -rf cross-chain-pmm-lps - git clone --depth=1 \ - https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \ - cross-chain-pmm-lps - fi + uses: actions/checkout@v4 + with: + repository: d-bis/cross-chain-pmm-lps + path: cross-chain-pmm-lps + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 1 - name: Run repo validation gate run: | diff --git a/.gitea/workflows/validate-on-pr.yml b/.gitea/workflows/validate-on-pr.yml index cc5ba463..03791c45 100644 --- a/.gitea/workflows/validate-on-pr.yml +++ b/.gitea/workflows/validate-on-pr.yml @@ -13,13 +13,11 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Materialize cross-chain-pmm-lps (config only) - run: | - set -euo pipefail - if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then - rm -rf cross-chain-pmm-lps - git clone --depth=1 \ - https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \ - cross-chain-pmm-lps - fi + uses: actions/checkout@v4 + with: + repository: d-bis/cross-chain-pmm-lps + path: cross-chain-pmm-lps + token: ${{ secrets.GITHUB_TOKEN }} + fetch-depth: 1 - name: run-all-validation (no LAN, no genesis) run: bash scripts/verify/run-all-validation.sh --skip-genesis -- 2.34.1 From 9e9ad47a289b07062f9fcfdb8cf5a86bf17102c1 Mon Sep 17 00:00:00 2001 From: "Nakamoto, S" Date: Wed, 22 Apr 2026 22:06:38 +0000 Subject: [PATCH 3/3] ci(validate): materialize cross-chain-pmm-lps via anon HTTPS clone The d-bis/cross-chain-pmm-lps repo is now public on Gitea, so we can shallow-clone it anonymously in the validate step without any token plumbing. Drops the actions/checkout@v4 + GITHUB_TOKEN approach that failed because the built-in Actions token is scoped to the running repo only. --- .gitea/workflows/deploy-to-phoenix.yml | 23 ++++++++++++----------- .gitea/workflows/validate-on-pr.yml | 14 ++++++++------ 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/.gitea/workflows/deploy-to-phoenix.yml b/.gitea/workflows/deploy-to-phoenix.yml index 74aea6f7..dd65ce0f 100644 --- a/.gitea/workflows/deploy-to-phoenix.yml +++ b/.gitea/workflows/deploy-to-phoenix.yml @@ -13,18 +13,19 @@ jobs: uses: actions/checkout@v4 # The cw* mesh matrix and deployment-status validators read - # cross-chain-pmm-lps/config/*.json. That repo is private and - # .gitmodules mixes Gitea HTTPS with git@github.com: SSH URLs, - # so `submodules: recursive` on the parent checkout isn't safe. - # Pull only the pmm-lps repo into a sibling path using the - # built-in Actions token (scoped to the same org). + # cross-chain-pmm-lps/config/*.json. .gitmodules mixes Gitea HTTPS + # with git@github.com: SSH URLs, so `submodules: recursive` on the + # parent checkout isn't safe. Shallow-clone the public mirror of the + # pmm-lps repo directly (config-only, no secrets needed). - name: Materialize cross-chain-pmm-lps (config only) - uses: actions/checkout@v4 - with: - repository: d-bis/cross-chain-pmm-lps - path: cross-chain-pmm-lps - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 1 + run: | + set -euo pipefail + if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then + rm -rf cross-chain-pmm-lps + git clone --depth=1 \ + https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \ + cross-chain-pmm-lps + fi - name: Run repo validation gate run: | diff --git a/.gitea/workflows/validate-on-pr.yml b/.gitea/workflows/validate-on-pr.yml index 03791c45..cc5ba463 100644 --- a/.gitea/workflows/validate-on-pr.yml +++ b/.gitea/workflows/validate-on-pr.yml @@ -13,11 +13,13 @@ jobs: - name: Checkout uses: actions/checkout@v4 - name: Materialize cross-chain-pmm-lps (config only) - uses: actions/checkout@v4 - with: - repository: d-bis/cross-chain-pmm-lps - path: cross-chain-pmm-lps - token: ${{ secrets.GITHUB_TOKEN }} - fetch-depth: 1 + run: | + set -euo pipefail + if [ ! -f cross-chain-pmm-lps/config/deployment-status.json ]; then + rm -rf cross-chain-pmm-lps + git clone --depth=1 \ + https://gitea.d-bis.org/d-bis/cross-chain-pmm-lps.git \ + cross-chain-pmm-lps + fi - name: run-all-validation (no LAN, no genesis) run: bash scripts/verify/run-all-validation.sh --skip-genesis -- 2.34.1