v0.2.9 #8

	name: Verifiable Release

	on:
	push:
	tags:
	['v*']

	env:
	APP_NAME: 'openbook_v2'
	SOLANA_VERSION: '1.16.1'
	ANCHOR_VERSION: '0.28.0'

	jobs:
	build:
	name: Verifiable Release Artifacts
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	submodules: 'recursive'

	- name: Cache dependencies
	uses: Swatinem/rust-cache@v2

	- name: Setup Anchor
	run: \|
	cargo install --git https://github.com/coral-xyz/anchor --rev 4e5280be46d859ba1c57fabe4c3916bec742fd69 anchor-cli --locked --force

	- name: Verifiable Build
	run: \|
	anchor build --verifiable --docker-image backpackapp/build:v${{ env.ANCHOR_VERSION }} --solana-version ${{ env.SOLANA_VERSION }} -- --features enable-gpl

	- name: Generate Checksum
	run: \|
	echo "CHECKSUM=$(sha256sum ./target/verifiable/${{ env.APP_NAME }}.so \| head -c 64)" >> $GITHUB_ENV
	mv ./target/verifiable/${{ env.APP_NAME }}.so ./target/verifiable/${{ env.APP_NAME }}-${{ github.ref_name }}.so

	# Complete supply chain inventory used for release
	- name: Generate SBOM
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	format: 'cyclonedx'
	output: '${{ env.APP_NAME }}-${{ github.ref_name }}-sbom.json'

	- name: Update Release
	id: create_release
	uses: softprops/action-gh-release@v1
	with:
	tag_name: ${{ github.ref_name }}
	name: ${{ github.ref_name }}
	body: \|
	OpenBook V2 release: ${{ github.ref_name }}
	Build sha256: ${{ env.CHECKSUM }}
	GitHub commit: ${{ github.sha }}
	files: \|
	./target/verifiable/${{ env.APP_NAME }}-${{ github.ref_name }}.so
	./${{ env.APP_NAME }}-${{ github.ref_name }}-sbom.json

Provide feedback