graphprotocol
Store the commit-hash in `subgraph.yaml` in order to provide breadcrumps to verify the source code
Which packages are impacted by your issue?
@graphprotocol/graph-cli
Describe the issue
Currently, there is almost no possibility to know which exact source was compiled into the WASM binary that is executed by Indexers. Although subgraph developers have the possibility to specify a repository in the manifest, they often forget to do that. Even if the source code repository is known, it is often hard to impossible to know which exact commit was used to deploy a subgraph.
Reproduction
https://github.com/graphprotocol/graph-node/blob/master/docs/subgraph-manifest.md
Steps to Reproduce the Bug or Issue
- Create a subgraph
- Deploy subgraph
Expected behavior
As a user, I would like the CLI to assist me following best-practices. On graph deploy, it should first ensure that there are no uncommitted changes in the repository. Then, take the commit-hash and store it in commitHash field in subgraph.yaml.
In order to have the commitHash field in the subgraph.yaml, the subgraph manifest spec needs to be updated: https://github.com/graphprotocol/graph-node/blob/master/docs/subgraph-manifest.md
The graph deploy command should fail if there are uncommitted changes in the repo but give a CLI param (like --force) to override it if needed.
Screenshots or Videos
No response
Platform
Any
Subgraph Manifest
specVersion: 0.0.5 description: Gravatar for Ethereum repository: https://github.com/graphprotocol/example-subgraphs commitHash: e9788ff8ab6e1a246b31bfc08b5d1380f93ae7e4
Subgraph GraphQL Schema
No response
Additional context
No response
