fix(coprocessor): remove tx-sender dependency on hostchain for multic… #1075
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: coprocessor-docker-build | |
| on: | |
| release: | |
| types: | |
| - published | |
| workflow_call: | |
| inputs: | |
| is_workflow_call: | |
| description: "Indicates if the workflow is called from another workflow" | |
| type: boolean | |
| default: true | |
| required: false | |
| secrets: | |
| AWS_ACCESS_KEY_S3_USER: | |
| required: true | |
| AWS_SECRET_KEY_S3_USER: | |
| required: true | |
| BLOCKCHAIN_ACTIONS_TOKEN: | |
| required: true | |
| GHCR_READ_TOKEN: | |
| required: true | |
| CGR_USERNAME: | |
| required: true | |
| CGR_PASSWORD: | |
| required: true | |
| outputs: | |
| db_migration_build_result: | |
| description: "Result of the build-db-migration job" | |
| value: ${{ jobs.build-db-migration.result }} | |
| gw_listener_build_result: | |
| description: "Result of the build-gw-listener job" | |
| value: ${{ jobs.build-gw-listener.result }} | |
| host_listener_build_result: | |
| description: "Result of the build-host-listener job" | |
| value: ${{ jobs.build-host-listener.result }} | |
| sns_worker_build_result: | |
| description: "Result of the build-sns-worker job" | |
| value: ${{ jobs.build-sns-worker.result }} | |
| tfhe_worker_build_result: | |
| description: "Result of the build-tfhe-worker job" | |
| value: ${{ jobs.build-tfhe-worker.result }} | |
| tx_sender_build_result: | |
| description: "Result of the build-tx-sender job" | |
| value: ${{ jobs.build-tx-sender.result }} | |
| zkproof_worker_build_result: | |
| description: "Result of the build-zkproof-worker job" | |
| value: ${{ jobs.build-zkproof-worker.result }} | |
| workflow_dispatch: | |
| inputs: | |
| build_db_migration: | |
| description: "Enable/disable build for Coprocessor's DB Migration" | |
| type: boolean | |
| default: true | |
| build_gw_listener: | |
| description: "Enable/disable build for Coprocessor's Gateway Listener" | |
| type: boolean | |
| default: true | |
| build_host_listener: | |
| description: "Enable/disable build for Coprocessor's Host Listener" | |
| type: boolean | |
| default: true | |
| build_sns_worker: | |
| description: "Enable/disable build for Coprocessor's SNS Worker" | |
| type: boolean | |
| default: true | |
| build_tfhe_worker: | |
| description: "Enable/disable build for Coprocessor's TFHE Worker" | |
| type: boolean | |
| default: true | |
| build_tx_sender: | |
| description: "Enable/disable build for Coprocessor's Transaction Sender" | |
| type: boolean | |
| default: true | |
| build_zkproof_worker: | |
| description: "Enable/disable build for Coprocessor's ZKProof Worker" | |
| type: boolean | |
| default: true | |
| push: | |
| branches: ['main', 'release/*'] | |
| permissions: {} | |
| jobs: | |
| ######################################################################## | |
| # PRE-BUILD CHECKS # | |
| ######################################################################## | |
| is-latest-commit: | |
| uses: ./.github/workflows/is-latest-commit.yml | |
| if: github.event_name == 'push' | |
| check-changes-db-migration: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: &check_changes_secrets | |
| GHCR_READ_TOKEN: ${{ secrets.GHCR_READ_TOKEN }} | |
| permissions: &check_changes_permissions | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| pull-requests: 'read' # Required to read pull request information | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/db-migration | |
| filters: | | |
| db-migration: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/db-migration/** | |
| check-changes-gw-listener: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/gw-listener | |
| filters: | | |
| gw-listener: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/gw-listener/** | |
| - coprocessor/fhevm-engine/Cargo.* | |
| check-changes-host-listener: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/host-listener | |
| filters: | | |
| host-listener: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/host-listener/** | |
| - coprocessor/fhevm-engine/Cargo.* | |
| - host-contracts/contracts/*Events.sol | |
| - host-contracts/contracts/shared/** | |
| check-changes-sns-worker: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/sns-worker | |
| filters: | | |
| sns-worker: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/sns-worker/** | |
| - coprocessor/fhevm-engine/Cargo.* | |
| check-changes-tfhe-worker: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/tfhe-worker | |
| filters: | | |
| tfhe-worker: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/tfhe-worker/** | |
| - coprocessor/fhevm-engine/Cargo.* | |
| check-changes-tx-sender: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/tx-sender | |
| filters: | | |
| tx-sender: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/transaction-sender/** | |
| - coprocessor/fhevm-engine/Cargo.* | |
| check-changes-zkproof-worker: | |
| uses: ./.github/workflows/check-changes-for-docker-build.yml | |
| if: github.event_name == 'push' || inputs.is_workflow_call | |
| secrets: *check_changes_secrets | |
| permissions: *check_changes_permissions | |
| with: | |
| caller-workflow-event-name: ${{ github.event_name }} | |
| caller-workflow-event-before: ${{ github.event.before }} | |
| docker-image: fhevm/coprocessor/zkproof-worker | |
| filters: | | |
| zkproof-worker: | |
| - .github/workflows/coprocessor-docker-build.yml | |
| - coprocessor/fhevm-engine/zkproof-worker/** | |
| - coprocessor/fhevm-engine/Cargo.* | |
| ######################################################################## | |
| # BUILD DECISIONS # | |
| # Centralizes all build/re-tag logic in one place for maintainability # | |
| ######################################################################## | |
| build-decisions: | |
| name: build-decisions | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - is-latest-commit | |
| - check-changes-db-migration | |
| - check-changes-gw-listener | |
| - check-changes-host-listener | |
| - check-changes-sns-worker | |
| - check-changes-tfhe-worker | |
| - check-changes-tx-sender | |
| - check-changes-zkproof-worker | |
| outputs: | |
| db_migration: ${{ steps.decide.outputs.db_migration }} | |
| gw_listener: ${{ steps.decide.outputs.gw_listener }} | |
| host_listener: ${{ steps.decide.outputs.host_listener }} | |
| sns_worker: ${{ steps.decide.outputs.sns_worker }} | |
| tfhe_worker: ${{ steps.decide.outputs.tfhe_worker }} | |
| tx_sender: ${{ steps.decide.outputs.tx_sender }} | |
| zkproof_worker: ${{ steps.decide.outputs.zkproof_worker }} | |
| steps: | |
| - id: decide | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| NEEDS: ${{ toJSON(needs) }} | |
| INPUTS: ${{ toJSON(inputs) }} | |
| with: | |
| script: | | |
| // Decision logic (returns: "build", "retag", or "skip"): | |
| // - release: always build | |
| // - push: only act if latest commit; build if changes, retag otherwise | |
| // - workflow_call: build if changes detected, otherwise skip | |
| // - workflow_dispatch: build if input is true, otherwise skip | |
| const event = process.env.EVENT_NAME; | |
| const needs = JSON.parse(process.env.NEEDS); | |
| const inputs = JSON.parse(process.env.INPUTS); | |
| const isLatestCommit = needs['is-latest-commit'].outputs?.is_latest === 'true'; | |
| const isWorkflowCall = inputs.is_workflow_call ?? false; | |
| const decideAction = (changes, manualInput) => { | |
| if (event === 'release') return 'build'; | |
| if (event === 'push') return isLatestCommit ? (changes ? 'build' : 'retag') : 'skip'; | |
| if (isWorkflowCall) return changes ? 'build' : 'skip'; | |
| if (!isWorkflowCall && event === 'workflow_dispatch') return manualInput ? 'build' : 'skip'; | |
| return 'skip'; | |
| }; | |
| const services = { | |
| db_migration: { changes: needs['check-changes-db-migration'].outputs?.changes, build_input: inputs.build_db_migration }, | |
| gw_listener: { changes: needs['check-changes-gw-listener'].outputs?.changes, build_input: inputs.build_gw_listener }, | |
| host_listener: { changes: needs['check-changes-host-listener'].outputs?.changes, build_input: inputs.build_host_listener }, | |
| sns_worker: { changes: needs['check-changes-sns-worker'].outputs?.changes, build_input: inputs.build_sns_worker }, | |
| tfhe_worker: { changes: needs['check-changes-tfhe-worker'].outputs?.changes, build_input: inputs.build_tfhe_worker }, | |
| tx_sender: { changes: needs['check-changes-tx-sender'].outputs?.changes, build_input: inputs.build_tx_sender }, | |
| zkproof_worker: { changes: needs['check-changes-zkproof-worker'].outputs?.changes, build_input: inputs.build_zkproof_worker }, | |
| }; | |
| core.info(`Event: ${event}, Is latest commit: ${isLatestCommit}, Is workflow call: ${isWorkflowCall}`); | |
| for (const [name, { changes, build_input }] of Object.entries(services)) { | |
| const action = decideAction(changes === 'true', build_input ?? false); | |
| core.setOutput(name, action); | |
| core.info(`${name}: ${action} (changes: ${changes}, build_input: ${build_input})`); | |
| } | |
| ######################################################################## | |
| # DB MIGRATION # | |
| ######################################################################## | |
| build-db-migration: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-db-migration-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.db_migration == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| secrets: &docker_secrets | |
| AWS_ACCESS_KEY_S3_USER: ${{ secrets.AWS_ACCESS_KEY_S3_USER }} | |
| AWS_SECRET_KEY_S3_USER: ${{ secrets.AWS_SECRET_KEY_S3_USER }} | |
| BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} | |
| CGR_USERNAME: ${{ secrets.CGR_USERNAME }} | |
| CGR_PASSWORD: ${{ secrets.CGR_PASSWORD }} | |
| permissions: &docker_permissions | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| pull-requests: 'read' # Required to read pull request information | |
| attestations: 'write' # Required to create build attestations | |
| packages: 'write' # Required to publish Docker images | |
| id-token: 'write' # Required for OIDC authentication | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/db-migration" | |
| docker-file: "coprocessor/fhevm-engine/db-migration/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-db-migration" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-db-migration-image: | |
| needs: [build-decisions, check-changes-db-migration] | |
| if: always() && needs.build-decisions.outputs.db_migration == 'retag' | |
| permissions: &re-tag-image-permissions | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| packages: 'write' # Required to publish Docker images | |
| id-token: 'write' # Required for OIDC authentication | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/db-migration" | |
| previous-tag-or-commit: ${{ needs.check-changes-db-migration.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # GATEWAY LISTENER # | |
| ######################################################################## | |
| build-gw-listener: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-gw-listener-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.gw_listener == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/gw-listener" | |
| docker-file: "./coprocessor/fhevm-engine/gw-listener/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-gw-listener" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-gw-listener-image: | |
| needs: [build-decisions, check-changes-gw-listener] | |
| if: always() && needs.build-decisions.outputs.gw_listener == 'retag' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/gw-listener" | |
| previous-tag-or-commit: ${{ needs.check-changes-gw-listener.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # HOST LISTENER # | |
| ######################################################################## | |
| build-host-listener: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-host-listener-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.host_listener == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/host-listener" | |
| docker-file: "coprocessor/fhevm-engine/host-listener/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-host-listener" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-host-listener-image: | |
| needs: [build-decisions, check-changes-host-listener] | |
| if: always() && needs.build-decisions.outputs.host_listener == 'retag' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/host-listener" | |
| previous-tag-or-commit: ${{ needs.check-changes-host-listener.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # SNS WORKER # | |
| ######################################################################## | |
| build-sns-worker: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-sns-worker-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.sns_worker == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/sns-worker" | |
| docker-file: "coprocessor/fhevm-engine/sns-worker/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-sns-worker" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-sns-worker-image: | |
| needs: [build-decisions, check-changes-sns-worker] | |
| if: always() && needs.build-decisions.outputs.sns_worker == 'retag' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/sns-worker" | |
| previous-tag-or-commit: ${{ needs.check-changes-sns-worker.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # TFHE WORKER # | |
| ######################################################################## | |
| build-tfhe-worker: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-tfhe-worker-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.tfhe_worker == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/tfhe-worker" | |
| docker-file: "coprocessor/fhevm-engine/tfhe-worker/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-tfhe-worker" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-tfhe-worker-image: | |
| needs: [build-decisions, check-changes-tfhe-worker] | |
| if: always() && needs.build-decisions.outputs.tfhe_worker == 'retag' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/tfhe-worker" | |
| previous-tag-or-commit: ${{ needs.check-changes-tfhe-worker.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # TRANSACTION SENDER # | |
| ######################################################################## | |
| build-tx-sender: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-tx-sender-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.tx_sender == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/tx-sender" | |
| docker-file: "./coprocessor/fhevm-engine/transaction-sender/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-tx-sender" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-tx-sender-image: | |
| needs: [build-decisions, check-changes-tx-sender] | |
| if: always() && needs.build-decisions.outputs.tx_sender == 'retag' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/tx-sender" | |
| previous-tag-or-commit: ${{ needs.check-changes-tx-sender.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} | |
| ######################################################################## | |
| # ZKPROOF WORKER # | |
| ######################################################################## | |
| build-zkproof-worker: | |
| needs: build-decisions | |
| concurrency: | |
| group: coprocessor-build-zkproof-worker-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| if: always() && needs.build-decisions.outputs.zkproof_worker == 'build' | |
| uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3cf4c2b133947d29e7a313555638621f9ca0345c # v1.0.3 | |
| permissions: *docker_permissions | |
| secrets: *docker_secrets | |
| with: | |
| use-cgr-secrets: true | |
| working-directory: "." | |
| image-name: "fhevm/coprocessor/zkproof-worker" | |
| docker-file: "coprocessor/fhevm-engine/zkproof-worker/Dockerfile" | |
| app-cache-dir: "fhevm-coprocessor-zkproof-worker" | |
| rust-toolchain-file-path: coprocessor/fhevm-engine/rust-toolchain.toml | |
| re-tag-zkproof-worker-image: | |
| needs: [build-decisions, check-changes-zkproof-worker] | |
| if: always() && needs.build-decisions.outputs.zkproof_worker == 'retag' | |
| permissions: *re-tag-image-permissions | |
| uses: ./.github/workflows/re-tag-docker-image.yml | |
| with: | |
| image-name: "fhevm/coprocessor/zkproof-worker" | |
| previous-tag-or-commit: ${{ needs.check-changes-zkproof-worker.outputs.base-commit }} | |
| new-tag-or-commit: ${{ github.event.after }} |