Teams must provide an IPFS CID for the frontend code which must match their generated code.

[kathodler]

Ok so the best way we can ensure verifiability of frontend code is to make it so you have to deploy your build folder to ipfs and provide an ipfs CID of your code which we will point to.

[kathodler]

So for Fleek you can use this Github Action which will print out the ipfs deploy url:

on: [push]

jobs:
  test-deploy:
    runs-on: ubuntu-latest
    name: A job to test the action-deploy action by deploying a test site
    steps:
      - uses: actions/checkout@v2
      - name: Deploy test site
        id: deploy
        uses: fleekhq/action-deploy@v1
        with:
          apiKey: ${{ secrets.FLEEK_API_KEY }}
      - name: Get the output url
        run: echo "Deploy url is ${{ steps.deploy.outputs.deployUrl }}"

[kathodler]

Pinata

on: [push]

jobs:
  test-deploy:
    runs-on: ubuntu-latest
    name: A job to test the action-deploy action by deploying a test site
    steps:
      - uses: actions/checkout@v2
      - name: Deploy test site
        id: deploy
        uses: anantaramdas/ipfs-pinata-deploy-action@v1.6.4
        with:
          pin-name: ${{ github.sha }}
          path: "./ui/app/dist"
          pinata-api-key: ${{ secrets.PINATA_API_KEY }}
          pinata-secret-api-key: ${{ secrets.PINATA_SECRET_KEY }}
          verbose: true
          remove-old: true
      - name: Get the output cid
        run: echo "Deploy CID is ${{  steps.deploy.outputs.hash }}"

[kathodler]

So the rules should be:

1. Teams can deploy to any ipfs host of their choosing.
2. Their submission must include an ipfs CID of their frontend and and the ropsten addresses of their contracts.
3. Projects must include a documented build command or script that builds to a folder (./out, ./build, etc...)
4. Running ipfs add -Qr --only-hash ./build must yield the same CID as the ipfs CID provided