Anchor mutable DAR candidates to DevNet#289
Conversation
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Superseded by the simpler repository-tag design requested during review. CI must not query DevNet. A successful deployment workflow will create an immutable package-scoped deployment tag, and ordinary PRs will derive the reusable candidate version from Git tags only. Closing this oversized draft; no part of it will be merged. |
|
Replacement draft: #290 implements the smaller tag-only policy. CI reads Git tags and committed DARs; no Canton lookup or trusted PR workflow is involved. |
Summary
0.0.1when absent, otherwise reuse the exact live candidate or select exactly one patch above the highest preferred DevNet versionnetworks: []candidate while preserving every recorded or exact-live DAR as immutable historydpm upgrade-check --bothfrom every distinct exact DevNet predecessor and deploy only bytes matching the committed candidatepull_request_targetcheck that executes default-branch code and treats the detached PR checkout only as bounded dataLive DevNet audit and normalization
Trusted audit: https://github.com/Fairmint/daml/actions/runs/29274341662
Both providers preferred
OpenCapTable-v34 0.0.1with package ID9f94e5a0084b8fd45e3a53a9f8d896dd2cc584bf1ceff90b6b8bf036b336b565. The exact historical DAR was recovered under a distinct immutable alias (SHA-25685a53aa0cec145e92a453ad59f03e5cd03d8ba400ce8bb5759bf0f55edbf5056) without changing the canonical recorded0.0.1artifact.The current mutable candidate is normalized to
0.0.2, package IDf1042c0593b5e999ca17bc76159b1dba2746564df623a14cbfeffb8585de249a, SHA-256524b71370b42d579bd3b204c2ca05023da73c1bd4396efe9aa1aabf438576143. Superseded undeployed0.0.3was pruned after exact live-ID proof.The audit queried DevNet only. Mainnet was not queried and does not influence candidate selection.
Safety behavior
Validation
npm run buildnpm run build:tsnpm run lint(0 errors; existing warnings only)npm run formatnpm run lint:damlnpm testnpm run verify-dars(3 DARs)npm run check-upgrade-compat(exact recovered0.0.1→ candidate0.0.2)npm run test:dar-version-policy(51/51)git diff --checkDeployment prerequisite
The repository currently has no Canton DevNet client-secret entries. The trusted live check and release workflow will remain blocked until a human provisions
CANTON_DEVNET_INTELLECT_LEDGER_JSON_API_CLIENT_SECRETandCANTON_DEVNET_5N_LEDGER_JSON_API_CLIENT_SECRET.Durable policy and recovery guidance is published in the repository wiki.