fhevm/.github/workflows/gateway-contracts-upgrade-tests.yml at 5d79fb153dc4842a52d2bbab2f50cd0772f6a95e · zama-ai/fhevm · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
name: gateway-contracts-upgrade-tests

permissions: {}

on:
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

# Define common environment variables here:
# - DOTENV_CONFIG_PATH: The path to the environment file, used for loading variables used for upgrades
# - HARDHAT_NETWORK: Should match the network from the docker-compose.yml's services
# - CHAIN_ID_GATEWAY: Should match the chain ID used in the anvil node in the docker-compose.yml file
# - RPC_URL: The port should match the one used in the anvil node in the docker-compose.yml file
env:
  DOTENV_CONFIG_PATH: .env.example
  HARDHAT_NETWORK: staging
  CHAIN_ID_GATEWAY: 54321
  RPC_URL: http://localhost:8546

jobs:
  check-changes:
    name: gateway-contracts-upgrade-tests/check-changes
    permissions:
      actions: 'read' # Required to read workflow run information
      contents: 'read' # Required to checkout repository code
      pull-requests: 'read' # Required to read pull request information
    runs-on: ubuntu-latest
    outputs:
      changes-gw-contracts: ${{ steps.filter.outputs.gw-contracts }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: 'false'
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # v3.0.2
        id: filter
        with:
          filters: |
            gw-contracts:
              - .github/workflows/gateway-contracts-upgrade-tests.yml
              - gateway-contracts/**
  sc-upgrade:
    name: gateway-contracts-upgrade-tests/sc-upgrade (bpr)
    needs: check-changes
    if: ${{ needs.check-changes.outputs.changes-gw-contracts == 'true' }}
    permissions:
      contents: 'read' # Required to checkout repository code
      checks: 'write' # Required to create GitHub checks for test results
      packages: 'read' # Required to read GitHub packages/container registry
    runs-on: ubuntu-latest
    steps:
      - name: Checkout previous release code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          # This version should be updated whenever we release new contract versions or
          # touch a contract upgrade path.
          ref: v0.10.0
          path: previous-fhevm
          persist-credentials: 'false'

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0

      - name: Login to Docker Registry
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and start Docker services from previous release
        working-directory: previous-fhevm/gateway-contracts
        run: |
          make docker-compose-build
          make docker-compose-up

      - name: Check smart contract deployment from previous release
        working-directory: previous-fhevm/gateway-contracts
        run: |

          ## Check Contracts Deployment
          timeout 300s bash -c 'while docker ps --filter "name=deploy-gateway-contracts" --format "{{.Status}}" | grep -q "Up"; do sleep 5; done'
          docker compose logs deploy-gateway-contracts > deployment_logs.txt
          EXIT_CODE_SC=$(docker inspect --format='{{.State.ExitCode}}' deploy-gateway-contracts)
          # display logs for debugging
          # cat deployment_logs.txt
          if [ "$EXIT_CODE_SC" -ne 0 ]; then
            echo "Deployment failed with exit code $EXIT_CODE_SC"
            exit 1
          elif ! grep -q "Contract deployment done!" deployment_logs.txt; then
            echo "Deployment did not complete successfully - 'Contract deployment done!' message not found in logs"
            exit 1
          else
            echo "Deployment completed successfully with expected completion message"
          fi

      - name: Checkout current code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: 'false'
          path: current-fhevm

      - name: Install dependencies
        working-directory: current-fhevm/gateway-contracts
        run: npm ci

      # This step prepares the directory for upgrading contracts:
      # 1) Copy contracts from previous version to directory `./previous-contracts`: upgrade tasks
      # require access to the previous implementations
      # 2) Copy addresses from previous version to root directory: the upgrade tasks need to use the
      # internal addresses that have been deployed (ie, the previous version's addresses)
      - name: Prepare contracts for upgrades
        working-directory: current-fhevm/gateway-contracts
        run: |
          cp -r ../../previous-fhevm/gateway-contracts/contracts ./previous-contracts
          docker cp deploy-gateway-contracts:/app/addresses ./

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      #  See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade GatewayConfig contract
        working-directory: current-fhevm/gateway-contracts
        run: |
          npx hardhat task:upgradeGatewayConfig \
            --current-implementation previous-contracts/GatewayConfig.sol:GatewayConfig \
            --new-implementation contracts/GatewayConfig.sol:GatewayConfig \
            --use-internal-proxy-address true \
            --verify-contract false

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      #  See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade Decryption contract
        working-directory: current-fhevm/gateway-contracts
        if: false
        run: |
          npx hardhat task:upgradeDecryption \
            --current-implementation previous-contracts/Decryption.sol:Decryption \
            --new-implementation contracts/Decryption.sol:Decryption \
            --use-internal-proxy-address true \
            --verify-contract false

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      #  See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade CiphertextCommits contract
        working-directory: current-fhevm/gateway-contracts
        if: false
        run: |
          npx hardhat task:upgradeCiphertextCommits \
            --current-implementation previous-contracts/CiphertextCommits.sol:CiphertextCommits \
            --new-implementation contracts/CiphertextCommits.sol:CiphertextCommits \
            --use-internal-proxy-address true \
            --verify-contract false

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      #  See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade InputVerification contract
        working-directory: current-fhevm/gateway-contracts
        if: false
        run: |
          npx hardhat task:upgradeInputVerification \
            --current-implementation previous-contracts/InputVerification.sol:InputVerification \
            --new-implementation contracts/InputVerification.sol:InputVerification \
            --use-internal-proxy-address true \
            --verify-contract false

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      #  See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade MultichainACL contract
        working-directory: current-fhevm/gateway-contracts
        if: false
        run: |
          npx hardhat task:upgradeMultichainACL \
            --current-implementation previous-contracts/MultichainACL.sol:MultichainACL \
            --new-implementation contracts/MultichainACL.sol:MultichainACL \
            --use-internal-proxy-address true \
            --verify-contract false

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      # See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade KMSGeneration contract
        working-directory: current-fhevm/gateway-contracts
        if: false
        run: |
          npx hardhat task:upgradeKMSGeneration \
            --current-implementation previous-contracts/KMSGeneration.sol:KMSGeneration \
            --new-implementation contracts/KMSGeneration.sol:KMSGeneration \
            --use-internal-proxy-address true \
            --verify-contract false

      # TODO: We should instead automatically detect if the contract needs to be upgraded
      # See https://github.com/zama-ai/fhevm-internal/issues/379
      - name: Upgrade ProtocolPayment contract
        working-directory: current-fhevm/gateway-contracts
        if: false
        run: |
          npx hardhat task:upgradeProtocolPayment \
            --current-implementation previous-contracts/ProtocolPayment.sol:ProtocolPayment \
            --new-implementation contracts/ProtocolPayment.sol:ProtocolPayment \
            --use-internal-proxy-address true \
            --verify-contract false

      - name: Clean up
        working-directory: previous-fhevm/gateway-contracts
        if: always()
        run: |
          make docker-compose-down