Update SMT #204
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update SMT | |
| on: | |
| schedule: | |
| - cron: "0 4,16 * * *" | |
| workflow_dispatch: | |
| inputs: | |
| force_post_root: | |
| description: "Post roots on-chain even if CRL data did not change" | |
| type: boolean | |
| default: false | |
| jobs: | |
| update: | |
| name: Fetch CRL & Update SMT | |
| runs-on: ubuntu-latest | |
| environment: SMTRootStorageModule | |
| permissions: | |
| contents: write | |
| defaults: | |
| run: | |
| working-directory: server | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24" | |
| - run: go mod download | |
| - name: Build CLI | |
| run: go build -o bin/smtbuild ./cmd/smtbuild | |
| - name: Build WASM | |
| run: GOOS=js GOARCH=wasm go build -o wasm/smt.wasm ./wasm/ | |
| - name: Fetch CRL & Build SMT | |
| id: build | |
| run: ./bin/smtbuild --binary | |
| env: | |
| DATA_DIR: ./data | |
| - name: Convert existing snapshots to binary (if missing) | |
| run: | | |
| for gen in g2 g3; do | |
| json="data/${gen}/tree-snapshot.json.gz" | |
| bin="data/${gen}/tree-snapshot.bin.gz" | |
| if [ -f "$json" ] && [ ! -f "$bin" ]; then | |
| echo "Converting $json to binary..." | |
| ./bin/smtbuild --convert-binary "$json" | |
| fi | |
| done | |
| - name: Commit data | |
| if: steps.build.outputs.changed == 'true' | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add data/*/root.json | |
| if ! git diff --cached --quiet; then | |
| git commit -m "update: CRL data $(date -u +%Y%m%d%H%M)" | |
| git pull --rebase | |
| git push | |
| fi | |
| - name: Check if release needs update | |
| id: release-check | |
| run: | | |
| # Upload if CRL changed OR if new asset types are missing from the release | |
| if [ "${{ steps.build.outputs.changed }}" = "true" ]; then | |
| echo "needs_upload=true" >> "$GITHUB_OUTPUT" | |
| elif ! gh release view snapshot-latest --json assets --jq '.assets[].name' 2>/dev/null | grep -q 'smt.wasm'; then | |
| echo "needs_upload=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "needs_upload=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload snapshot | |
| if: steps.release-check.outputs.needs_upload == 'true' | |
| run: | | |
| gh release delete snapshot-latest --yes || true | |
| assets="" | |
| notes="Auto-updated SMT snapshot $(date -u +%Y-%m-%dT%H:%M:%SZ)"$'\n\n' | |
| for gen in g2 g3; do | |
| src="data/${gen}/tree-snapshot.json.gz" | |
| bin_src="data/${gen}/tree-snapshot.bin.gz" | |
| root_file="data/${gen}/root.json" | |
| if [ -f "$src" ]; then | |
| dest="data/${gen}/${gen}-tree-snapshot.json.gz" | |
| cp "$src" "$dest" | |
| assets="$assets $dest" | |
| fi | |
| if [ -f "$bin_src" ]; then | |
| bin_dest="data/${gen}/${gen}-tree-snapshot.bin.gz" | |
| cp "$bin_src" "$bin_dest" | |
| assets="$assets $bin_dest" | |
| fi | |
| if [ -f "$root_file" ]; then | |
| root=$(jq -r '.root' "$root_file") | |
| count=$(jq -r '.count' "$root_file") | |
| crl=$(jq -r '.crlNumber' "$root_file") | |
| ts=$(jq -r '.timestamp' "$root_file") | |
| notes+="### ${gen^^}"$'\n' | |
| notes+="- **Root:** \`${root}\`"$'\n' | |
| notes+="- **Count:** ${count}"$'\n' | |
| notes+="- **CRL Number:** ${crl}"$'\n' | |
| notes+="- **Updated:** ${ts}"$'\n\n' | |
| fi | |
| done | |
| # Add WASM module assets | |
| if [ -f "wasm/smt.wasm" ]; then | |
| assets="$assets wasm/smt.wasm" | |
| fi | |
| WASM_JS="$(go env GOROOT)/lib/wasm/wasm_exec.js" | |
| if [ ! -f "$WASM_JS" ]; then WASM_JS="$(go env GOROOT)/misc/wasm/wasm_exec.js"; fi | |
| if [ -f "$WASM_JS" ]; then | |
| cp "$WASM_JS" wasm/wasm_exec.js | |
| assets="$assets wasm/wasm_exec.js" | |
| fi | |
| if [ -n "$assets" ]; then | |
| gh release create snapshot-latest \ | |
| --title "SMT Snapshot" \ | |
| --notes "$notes" \ | |
| $assets | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Post root on-chain | |
| if: steps.build.outputs.changed == 'true' || inputs.force_post_root == true | |
| run: ./bin/smtbuild --post-root | |
| env: | |
| DATA_DIR: ./data | |
| RPC_URL: ${{ secrets.RPC_URL }} | |
| RELAYER_PRIVATE_KEY: ${{ secrets.RELAYER_PRIVATE_KEY }} | |
| CONTRACT_ADDRESS: ${{ secrets.CONTRACT_ADDRESS }} | |
| # Mainnet gas guardrails. Defaults (100 gwei / 180s) apply if unset. | |
| RELAYER_MAX_FEE_GWEI: ${{ vars.RELAYER_MAX_FEE_GWEI }} | |
| RELAYER_TX_TIMEOUT_SEC: ${{ vars.RELAYER_TX_TIMEOUT_SEC }} |