Reproducible builds of multi-contracts pipeline

[raresraulea]

The deterministic build of the multisig contract was successful through the mxpy multisig template clone, but the verify step fails with:

DEBUG:urllib3.connectionpool:https://devnet-play-api.multiversx.com:443 "GET /tasks/e5417786-e269-4996-9881-56a9e5fb8d9b HTTP/1.1" 200 204
INFO:cli.contracts.verifier:Verification finished!
{
    "status": "finished",
    "queued": "2023-04-07T09:02:36.165Z",
    "started": "2023-04-07T09:02:36.181Z",
    "finished": "2023-04-07T09:05:23.126Z",
    "result": {
        "status": "error",
        "message": "Source code hashes do not match"
    }
}

Here is the reproducible build script:

if [ ! -f ./build_with_docker.py ]; then
    wget https://raw.githubusercontent.com/multiversx/mx-sdk-build-contract/main/build_with_docker.py
fi

export PROJECT=./
export BUILD_OUTPUT=output-from-docker
export IMAGE=multiversx/sdk-rust-contract-builder:v4.1.4

rm -rf ./output-from-docker
echo $PROJECT
python3 ./build_with_docker.py --image=${IMAGE} \
    --project=${PROJECT} \
    --output=${BUILD_OUTPUT}

Here is the deploy script:

WASM_PATH=./output-from-docker/multisig/multisig-full.wasm
WALLET_PEM=./interact-rs/alice.pem
PROXY=https://devnet-gateway.multiversx.com
CHAIN_ID=D
mxpy --verbose contract deploy --metadata-payable --metadata-payable-by-sc --recall-nonce --bytecode=${WASM_PATH} --pem=${WALLET_PEM} --gas-limit=600000000 --proxy=${PROXY} --chain=${CHAIN_ID} --arguments 1 erd19rh30cq9964an8vj7qnj7gwaus90nv6020vxpu69ramwrn8yr78smteycl  --send || return

Here is the verify script:

mxpy --verbose contract verify "erd1qqqqqqqqqqqqqpgq5t9vsl3sp5u34dl67zp2f50qf79f6wphd8ss6cmlu4" --packaged-src=./output-from-docker/multisig/multisig-0.0.0.source.json --verifier-url="https://devnet-play-api.multiversx.com" --docker-image="multiversx/sdk-rust-contract-builder:v4.1.4"  --pem=./interact-rs/alice.pem

/ What I noticed:

• I deploy based on the multisig-full.wasm, but the contents of the codehash file is related to the multisig-view (.codehash.txt) with the following content/codehash: 324a61bb8893f6d0bc040e2aac3c376da7a8a02cebeae24c16f8bab5cd3fe191, while the hex codeHash of the deployed contracts is 5561724f9f87557e4c52566d3dc59707570c6b63f06d7a895cb6cc996c6a59e7, indeed different.

The attached photo shows the folder structure of the docker output.

[andreibancioiu]

Thanks for raising this & for all the provided details :pray:

• Verify API adjusted and deployed on Mainnet and Devnet
• mxpy supporting contract verify for multi-contracts: v6.5.0
• Docker image supporting multi-contracts: v5.1.0