Skip to content

chore(release): bump version to 0.2.1 [skip-line-limit] #1603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hmzakhalid merged 3 commits into from
Jun 16, 2026
Merged

chore(release): bump version to 0.2.1 [skip-line-limit] #1603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8adf109
chore(release): bump version to 0.2.1
hmzakhalid Jun 15, 2026
1da9f88
fix: update versions
hmzakhalid Jun 15, 2026
a8691c3
update CI and format
0xjei Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .github/workflows/releases.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,43 @@ jobs:
echo "found=false" >> $GITHUB_OUTPUT
fi

# Guard against shipping stale or wrong-layout artifacts. The `circuit-artifacts`
# branch is populated out-of-band (`pnpm build:circuits --committee all --preset
# insecure-512` followed by `scripts/circuit-artifacts.ts push`). If it lags the
# circuit source, its SOURCE_HASH won't match the source we're releasing and its
# on-disk layout may predate the `{preset}/{committee}/{variant}` scheme that
# consumers (e3-zk-prover) resolve against. Fail loudly here rather than publishing
# a tarball that downstreams can't use — regenerate and re-push the branch.
- name: Verify circuit artifacts match source
if: steps.pull.outputs.found == 'true'
run: |
PULLED_HASH=$(cat dist/circuits/SOURCE_HASH 2>/dev/null || true)
EXPECTED_HASH="${{ steps.pull.outputs.source_hash }}"
if [[ -z "$PULLED_HASH" ]]; then
echo "::error::circuit-artifacts branch is missing SOURCE_HASH; cannot verify it matches the released source."
exit 1
fi
if [[ "$PULLED_HASH" != "$EXPECTED_HASH" ]]; then
echo "::error::circuit-artifacts is stale (SOURCE_HASH=$PULLED_HASH, expected $EXPECTED_HASH)."
echo "::error::Rebuild and re-push: pnpm build:circuits --committee all --preset insecure-512 && pnpm tsx scripts/circuit-artifacts.ts push"
exit 1
fi
# Assert the per-committee layout that `--committee all` produces is present, so an
# old flat (committee-less) build can never slip through even if the hash lined up.
missing=0
for committee in minimum micro small; do
marker="dist/circuits/insecure-512/${committee}/default/dkg/pk/pk.json"
if [[ ! -f "$marker" ]]; then
echo "::error::Expected circuit artifact missing: ${marker#dist/circuits/}"
missing=1
fi
done
if [[ "$missing" != "0" ]]; then
echo "::error::circuit-artifacts was not built with --committee all; regenerate as above."
exit 1
fi
echo "✅ circuit-artifacts verified (SOURCE_HASH=$PULLED_HASH, per-committee layout present)"

- name: Create release archive
if: steps.pull.outputs.found == 'true'
run: |
Expand Down
300 changes: 40 additions & 260 deletions CHANGELOG.md
View file
Open in desktop

Large diffs are not rendered by default.

Loading
Loading