cargo-near - npm Package Compare versions

Comparing version 0.12.2 to 0.13.0

CHANGELOG.md

@@ -10,2 +10,13 @@ # Changelog
 
+## [0.13.0](https://github.com/near/cargo-near/compare/cargo-near-v0.12.2...cargo-near-v0.13.0) - 2024-12-17
+
+### Added
+
+- reproducible choice interactive (#262)
+
+### Other
+
+- update `cargo near new` template `image` and `image_digest` ([#259](https://github.com/near/cargo-near/pull/259))
+- update `cargo near new` template `image` and `image_digest` ([#257](https://github.com/near/cargo-near/pull/257))
+
 ## [0.12.2](https://github.com/near/cargo-near/compare/cargo-near-v0.12.1...cargo-near-v0.12.2) - 2024-11-20
@@ -12,0 +23,0 @@

npm-shrinkwrap.json

@@ -27,3 +27,3 @@ {
       "name": "cargo-near",
-      "version": "0.12.2"
+      "version": "0.13.0"
     },
@@ -790,3 +790,3 @@ "node_modules/@isaacs/cliui": {
   "requires": true,
-  "version": "0.12.2"
+  "version": "0.13.0"
 }

package.json

 {
-  "artifactDownloadUrl": "https://github.com/near/cargo-near/releases/download/cargo-near-v0.12.2",
+  "artifactDownloadUrl": "https://github.com/near/cargo-near/releases/download/cargo-near-v0.13.0",
   "author": "Near Inc <hello@nearprotocol.com>",
@@ -98,3 +98,3 @@ "bin": {
   },
-  "version": "0.12.2",
+  "version": "0.13.0",
   "volta": {
@@ -101,0 +101,0 @@ "node": "18.14.1",

README.md

@@ -102,22 +102,53 @@ <!-- markdownlint-disable MD014 -->
 
-By default, this runs a reproducible build in a [Docker](https://docs.docker.com/) container, which:
+Running the above command opens a menu with following variants: 
 
+### `non-reproducible-wasm`
+
+**Recommended variant for use during local development.**
+
+This is a regular build, which behaves much like and is a thin wrapper around a regular `cargo build --target wasm32-unknown-unknown --release`.
+
+Additional flags for build configuration can be looked up by
+
+```bash
+cargo near build non-reproducible-wasm --help
+```
+if needed.
+
+### `reproducible-wasm`
+
+**Recommended variant for the production releases.**
+
+This variant runs a reproducible build in a [Docker](https://docs.docker.com/) container, which:
+
 1. runs against source code version, committed to git, ignoring any uncommitted changes
 2. requires that `Cargo.lock` of project is created (e.g. via `cargo update`) and added to git. 
     - this enables `--locked` build by downstream `cargo` command. 
-3. will use configuration in [`[package.metadata.near.reproducible_build]`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.toml.template#L14-L25) 
-   section of contract's `Cargo.toml` and [`package.repository`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.toml.template#L9) field
+3. will use configuration in [`[package.metadata.near.reproducible_build]`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L14-L29) 
+   section of contract's `Cargo.toml` and [`package.repository`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L9) field
     - default values for this section can also be found in `Cargo.toml` of 
       template project, generated by `cargo near new`
 
-Important flags:
+**What's a reproducible build in context of NEAR?**
+Why is it needed? Explanation of these points and a step-by-step tutorial is present at [SourceScan/verification-guide](https://github.com/SourceScan/verification-guide).
 
-1. `--no-docker`
-    - flag can be used to perform a regular build with rust toolchain installed onto host, running the `cargo-near` cli. 
-    - *NO*-Docker builds run against actual state of code in filesystem and not against a version, committed to source control.   
+<details>
+  <summary>Additional (optional) details on possible <code>[package.metadata.near.reproducible_build]</code> configuration</summary><p>
+  
+1. available images can be found by this link https://hub.docker.com/r/sourcescan/cargo-near/tags 
+    - [`image`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L18) and [`image_digest`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L20) are straightforward to configure:
+  ![image_and_digest_pinpoint](./docs/image_and_digest_pinpoint.png)
+2. flags of build command, run inside of docker container, can be configured, if needed, by changing [`container_build_command`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L29) field
+      - base `container_build_command` for images starting with **sourcescan/cargo-near:0.13.0-rust-1.83.0** and after it  is `["cargo", "near", "build", "non-reproducible-wasm", "--locked"]`, where the `--locked` flag is required
+      - base `container_build_command` for images prior to **sourcescan/cargo-near:0.13.0-rust-1.83.0** is `["cargo", "near", "build"]` 
+      - additional flags, if needed, can be looked up on
+          - `cargo near build non-reproducible-wasm --help` for newer/latest images 
+          - `cargo near build --help` for older ones 
+          - running `docker run -it sourcescan/cargo-near:0.11.0-rust-1.82.0` (or another specific image) and checking the `--help` message of exact `cargo-near` in container may be helpful when in doubt    
+3. `cargo near` allows parameterizing build with values of environment variables, present at the time of the build and not present in a contract's source code,
+   by specifying their names in [`passed_env`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L24) array
+    - supported by **sourcescan/cargo-near:0.10.1-rust-1.82.0** image or later images
+    - SourceScan/Nearblocks does not support verifying such contracts with additional parameters present in their metadata yet 
 
-2. `--no-locked` 
-    - flag is allowed in *NO*-Docker builds, e.g. to generate a `Cargo.lock` *and* simultaneously build the contract.
-    - flag is allowed in Docker builds, but 
-      - such builds are not reproducible due to potential update of dependencies and compiled `wasm` mismatch as the result.
+</p></details>
 
@@ -150,4 +181,12 @@ ---
 
-By default, this runs a reproducible build in a Docker container. 
+Similar to `build`, running the above command opens a menu with following variants: 
 
+### `build-non-reproducible-wasm`
+
+This forwards to [non-reproducible-wasm](#non-reproducible-wasm) variant of `build` command.
+
+### `build-reproducible-wasm`
+
+This forwards to [reproducible-wasm](#reproducible-wasm) variant of `build` command.
+
 `deploy` command from Docker build requires that contract's source code:
@@ -157,13 +196,5 @@
 2. has been pushed to remote repository, identified by 
-   [`package.repository`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.toml.template#L9).
+   [`package.repository`](https://github.com/near/cargo-near/blob/main/cargo-near/src/commands/new/new-project-template/Cargo.template.toml#L9).
 
-Important flags:
 
-1. `--no-docker`
-    - flag can be used to perform a regular *NO*-Docker build *and* deploy. 
-      - Similar to `build` command,  in this case none of the git-related concerns and restrictions apply.
-
-2. `--no-locked` 
-    - flag is declined for deploy, due to its effects on `build` result
-
 ## Contribution
@@ -170,0 +201,0 @@

No alert changes

Improved metrics

Total package byte prevSize

70445

increased by4%

Number of lines in readme file

213

increased by17.03%

No dependency changes