Repository files navigation

A GitHub Action to automate Solana program upgrades through Squads multisig.This action creates and submits a multisig transaction that includes programupgrade, optional IDL update, and optional PDA verification.

The easiest way to use this squads action is to use thereusable workflow whichwill automatically handle the build, upload, and verify steps.

• Creates a Squads multisig transaction containing:
  • Program upgrade instruction using a new buffer
  • IDL upgrade instruction using a new IDL buffer
  • Optional PDA verification instruction
• Handles automatic retries for RPC connections
• Supports custom RPC endpoints
• Works with any Squads v4 multisig

-uses:Woody4618/squads-program-action@v0.3.0with:# Required: RPC URL for Solanarpc:${{ secrets.RPC_URL }}# Required: Program ID to upgradeprogram:BhV84MZrRnEvtWLdWMRJGJr1GbusxfVMHAwc3pq92g4z# Required: Buffer containing the new programbuffer:7SGJSG8aoZj39NeAkZvbUvsPDMRcUUrhRhPzgzKv7743# Optional: Buffer containing the new IDLidl-buffer:E74BKk75nHtSScZJ4YZ5gB2orvhdzLjcFyxyqkNx6MNc# Required: Squads multisig addressmultisig:${{ secrets.MULTISIG }}# Required: Byte array of the keypair. Needs to have at least voter permission in squads. Format: [23,42,53...]keypair:${{ secrets.KEYPAIR }}# Optional: Priority fee in lamports for the transaction (default: 100000)priority-fee:100000# Optional: Index of the Squads vault to use (default: 0)vault-index:0# Optional: Base64 encoded PDA verification transaction. Get this from solana verify cli using solana-verify export-pda-txpda-tx:${{ secrets.PDA_TX }}

Before using this action, you need:

1. A Squads v4 multisig with:
   • Program upgrade authority
   • Required members set up
2. Program buffer uploaded to Solana
3. IDL buffer uploaded to Solana
4. Keypair with permission to create transactions in the multisig

name:Upgrade Programon:workflow_dispatch:inputs:buffer:description:'Program buffer address'required:trueidl-buffer:description:'IDL buffer address'required:truejobs:upgrade:runs-on:ubuntu-lateststeps:      -uses:actions/checkout@v4      -uses:Woody4618/squads-program-action@mainwith:rpc:${{ secrets.RPC_URL }}program:BhV84MZrRnEvtWLdWMRJGJr1GbusxfVMHAwc3pq92g4zbuffer:${{ inputs.buffer }}idl-buffer:${{ inputs.idl-buffer }}multisig:${{ secrets.MULTISIG }}keypair:${{ secrets.KEYPAIR }}# Optional: Increase priority fee for faster processingpriority-fee:200000# Optional: Use a different vault indexvault-index:0

1. The action creates a transaction in your Squads multisig containing:
   • Program upgrade instruction
   • IDL upgrade instruction
   • PDA verification (if provided)
2. VisitSquads UI to:
   • Review the transaction
   • Approve with required signatures
3. Once enough members approve, Squads executes:
   • Program upgrade
   • IDL update (if included)
   • PDA verification (if included)

• The provided keypair only needs permission to create transactions
• Actual upgrade authority comes from the Squads vault
• Keep your keypair and multisig address secure in GitHub Secrets
• Use a reliable RPC endpoint as the action includes retry logic

To contribute or modify this action:

1. Clone the repository
2. Install dependencies:

npm install

3. Make your changes
4. Build the action:

npm run bundle

5. Test locally:

npm run local-action

Use this template to bootstrap the creation of a TypeScript action. 🚀

This template includes compilation support, tests, a validation workflow,publishing, and versioning guidance.

If you are new, there's also a simpler introduction in theHello world JavaScript action repository.

To create your own action, you can use this repository as a template! Justfollow the below instructions:

1. Click theUse this template button at the top of the repository
2. SelectCreate a new repository
3. Select an owner and name for your new repository
4. ClickCreate repository
5. Clone your new repository

After you've cloned the repository to your local machine or codespace, you'llneed to perform some initial setup steps before you can develop your action.

1. 🛠️ Install the dependencies

   npm install

2. 🏗️ Package the TypeScript for distribution

   npm run bundle

3. ✅ Run the tests

   $ npmtestPASS  ./index.test.js  ✓ throws invalid number (3ms)  ✓wait 500 ms (504ms)  ✓test runs (95ms)...

Theaction.yml file defines metadata about your action, such asinput(s) and output(s). For details about this file, seeMetadata syntax for GitHub Actions.

When you copy this repository, updateaction.yml with the name, description,inputs, and outputs for your action.

Thesrc/ directory is the heart of your action! This contains thesource code that will be run when your action is invoked. You can replace thecontents of this directory with your own code.

There are a few things to keep in mind when writing your action code:

• Most GitHub Actions toolkit and CI/CD operations are processed asynchronously.Inmain.ts, you will see that the action is run in anasync function.

  import*ascorefrom'@actions/core'//...asyncfunctionrun(){try{//...}catch(error){core.setFailed(error.message)}}

  For more information about the GitHub Actions toolkit, see thedocumentation.

So, what are you waiting for? Go ahead and start customizing your action!

1. Create a new branch

   git checkout -b releases/v1

2. Replace the contents ofsrc/ with your action code

3. Add tests to__tests__/ for your source code

4. Format, test, and build the action

   npm run all

   This step is important! It will runrollup tobuild the final JavaScript action code with all dependencies included. Ifyou do not run this step, your action will not work correctly when it isused in a workflow.

5. (Optional) Test your action locally

   The@github/local-action utilitycan be used to test your action locally. It is a simple command-line toolthat "stubs" (or simulates) the GitHub Actions Toolkit. This way, you can runyour TypeScript action locally without having to commit and push your changesto a repository.

   Thelocal-action utility can be run in the following ways:

   • Visual Studio Code Debugger

     Make sure to review and, if needed, update.vscode/launch.json

   • Terminal/Command Prompt

     # npx local action <action-yaml-path> <entrypoint> <dotenv-file>npx local-action. src/main.ts .env

   You can provide a.env file to thelocal-action CLI to set environmentvariables used by the GitHub Actions Toolkit. For example, setting inputs andevent payload data used by your action. For more information, see the examplefile,.env.example, and theGitHub Actions Documentation.

6. Commit your changes

   git add.git commit -m"My first action is ready!"

7. Push them to your repository

   git push -u origin releases/v1

8. Create a pull request and get feedback on your action

9. Merge the pull request into themain branch

Your action is now published! 🚀

For information about versioning your action, seeVersioningin the GitHub Actions toolkit.

After testing, you can create version tag(s) that developers can use toreference different stable versions of your action.

To include the action in a workflow in another repository, you can use theuses syntax with the@ symbol to reference a specific branch, tag, or commithash.

steps:  -name:Checkoutid:checkoutuses:actions/checkout@v4  -name:Test Local Actionid:test-actionuses:actions/typescript-action@v1# Commit with the `v1` tagwith:milliseconds:1000  -name:Print Outputid:outputrun:echo "${{ steps.test-action.outputs.time }}"

This project includes a helper script,script/releasedesigned to streamline the process of tagging and pushing new releases forGitHub Actions.

GitHub Actions allows users to select a specific version of the action to use,based on release tags. This script simplifies this process by performing thefollowing steps:

1. Retrieving the latest release tag: The script starts by fetching the mostrecent SemVer release tag of the current branch, by looking at the local dataavailable in your repository.
2. Prompting for a new release tag: The user is then prompted to enter a newrelease tag. To assist with this, the script displays the tag retrieved inthe previous step, and validates the format of the inputted tag (vX.X.X). Theuser is also reminded to update the version field in package.json.
3. Tagging the new release: The script then tags a new release and syncs theseparate major tag (e.g. v1, v2) with the new release tag (e.g. v1.0.0,v2.1.2). When the user is creating a new major release, the scriptauto-detects this and creates areleases/v# branch for the previous majorversion.
4. Pushing changes to remote: Finally, the script pushes the necessarycommits, tags and branches to the remote repository. From here, you will needto create a new release in GitHub so users can easily reference the new tagsin their workflows.