Open krebernisak opened 2 years ago
We weren't able to use anchor build --verify
on the CI because it expects to spawn it's own Docker container, but it's already running in a container. It ends up building nothing and just failing. I think the environment is deterministic enough though (since we're building inside projectserum/build
, which is what --verifiable
does), we just need to validate if the sha256
matches a local anchor build --verifiable
output.
There is no Etherscan on Solana that we could use to publicly verify deployed contracts, but maybe we could add a public helper script using Anchor Verifiable Builds so users could verify themselves, or CI could do it for them and report it.
Resources: