zama-ai
diff --git a/‎charts/contracts/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/contracts/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/contracts/templates/_helpers.tpl‎
Lines changed: 2 additions & 1 deletion b/‎charts/contracts/templates/_helpers.tpl‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎charts/contracts/templates/sc-deploy-config.yaml‎
Lines changed: 18 additions & 9 deletions b/‎charts/contracts/templates/sc-deploy-config.yaml‎
Lines changed: 18 additions & 9 deletions
diff --git a/‎charts/contracts/templates/sc-deploy-job.yaml‎
Lines changed: 27 additions & 4 deletions b/‎charts/contracts/templates/sc-deploy-job.yaml‎
Lines changed: 27 additions & 4 deletions
diff --git a/‎charts/contracts/templates/sc-deploy-statefulset.yaml‎
Lines changed: 14 additions & 0 deletions b/‎charts/contracts/templates/sc-deploy-statefulset.yaml‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎charts/contracts/values.yaml‎
Lines changed: 18 additions & 3 deletions b/‎charts/contracts/values.yaml‎
Lines changed: 18 additions & 3 deletions
diff --git a/‎deployments/fhevm/coprocessor-values.yaml‎
Lines changed: 6 additions & 6 deletions b/‎deployments/fhevm/coprocessor-values.yaml‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎deployments/fhevm/gateway-contracts-1-deploy-values.yaml‎
Lines changed: 115 additions & 0 deletions b/‎deployments/fhevm/gateway-contracts-1-deploy-values.yaml‎
Lines changed: 115 additions & 0 deletions
@@ -1,6 +1,6 @@
 name: contracts
 description: A helm chart to manage fhevm Smart Contracts Deployment
-version: 0.4.3
+version: 0.5.0
 apiVersion: v2
 keywords:
   - fhevm
 
@@ -10,4 +10,5 @@
 {{- define "scDebugStatefulSetName" -}}
 {{- $scDebugStatefulSetNameDefault := printf "%s-%s" .Release.Name "debug" }}
 {{- default $scDebugStatefulSetNameDefault .Values.scDebug.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
+{{- end -}}
+
@@ -1,4 +1,3 @@
-{{- if .Values.scDeploy.enabled -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -93,14 +92,24 @@ data:
     done;
 
     {{- if .Values.scDeploy.verifyContracts }}
-    for envfile in /app/addresses/.env.*; do
-      echo "---"
-      echo "Verifying contract for ${envfile}"
-      CONTRACT_NAME="$(echo ${envfile} | cut -d'.' -f 3)"
-      CONTRACT_ADDRESS="$(cat ${envfile} | cut -d'=' -f 2)"
-      npx --no-install hardhat verify ${CONTRACT_ADDRESS} || true
-    done;
+    npx --no-install hardhat verify:verify || true
     {{- end }}
     echo "adding the current contracts version to the configmap"
     kubectl patch configmap "${CONFIGMAP_NAME}" -p="{\"data\": {\"contracts.version\": \"{{ .Values.scDeploy.image.tag }}\"}}"
-{{- end }}
+  upgrade-contracts.sh: |
+    #!/bin/bash
+    set -eo pipefail
+    {{- if .Values.scDeploy.preventRedeployment }}
+    # Prevent smart contract deployment if already done for current version
+    if [[ "$DEPLOYED_SMART_CONTRACTS_VERSION" == "{{ .Values.scDeploy.image.tag }}" ]]; then
+      echo "contracts already deployed with version: ${DEPLOYED_SMART_CONTRACTS_VERSION}, aborting deployment" 1>&2
+      exit 0
+    fi
+    {{- end }}
+
+    echo "executing upgrade commands"
+    {{- range .Values.scUpgrade.upgradeCommands }}
+    {{ . | nindent 4 }}
+    {{- end }}
+    echo "updating the contracts version to the configmap"
+    kubectl patch configmap "${CONFIGMAP_NAME}" -p="{\"data\": {\"contracts.version\": \"{{ .Values.scDeploy.image.tag }}\"}}"
@@ -1,4 +1,4 @@
-{{- if .Values.scDeploy.enabled }}
+{{- if or .Values.scDeploy.enabled .Values.scUpgrade.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -23,7 +23,6 @@ spec:
         {{- with .Values.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
-
     spec:
       serviceAccountName: {{ .Release.Name }}-config-writer
       securityContext:
@@ -40,10 +39,23 @@ spec:
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.scUpgrade.enabled }}
+      initContainers:
+      - name: copy-old-contracts
+        image: {{ .Values.scUpgrade.oldContracts.image.name }}:{{ .Values.scUpgrade.oldContracts.image.tag }}
+        command: ["cp", "-r", "/app/contracts/.", "/app/oldContracts"]
+        volumeMounts:
+          - mountPath: /app/oldContracts
+            name: old-contracts
       containers:
-      - name: deploy
+      - name: upgrade-smart-contracts
+        command: [ "/app/upgrade-contracts.sh" ]
+      {{- else if .Values.scDeploy.enabled }}
+      containers:
+      - name: deploy-smart-contracts
+        command: [ "/app/deploy-contracts.sh" ]
+      {{- end }}
         image: {{ .Values.scDeploy.image.name }}:{{ .Values.scDeploy.image.tag }}
-        command: ["/app/deploy-contracts.sh"]
         env:
           - name: DEPLOYED_SMART_CONTRACTS_VERSION
             valueFrom:
@@ -61,6 +73,13 @@ spec:
           - mountPath: /app/deploy-contracts.sh
             subPath: deploy-contracts.sh
             name: config
+          - mountPath: /app/upgrade-contracts.sh
+            subPath: upgrade-contracts.sh
+            name: config
+          {{- if .Values.scUpgrade.enabled }}
+          - mountPath: /app/oldContracts
+            name: old-contracts
+          {{- end }}
           {{- if .Values.persistence.enabled }}
           - mountPath: /app/addresses
             name: persistence
@@ -82,6 +101,10 @@ spec:
         persistentVolumeClaim:
           claimName: {{ include "scVolumeName" . }}
       {{- end }}
+      {{- if .Values.scUpgrade.enabled }}
+      - name: old-contracts
+        emptyDir: {}
+      {{- end }}
       restartPolicy: Never
       imagePullSecrets:
         - name: registry-credentials
 
@@ -37,6 +37,13 @@ spec:
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      initContainers:
+        - name: copy-old-contracts
+          image: {{ .Values.scUpgrade.oldContracts.image.name }}:{{ .Values.scUpgrade.oldContracts.image.tag }}
+          command: ["cp", "-r", "/app/contracts/.", "/app/oldContracts"]
+          volumeMounts:
+            - mountPath: /app/oldContracts
+              name: old-contracts
       containers:
         - name: debug
           image: {{ .Values.scDeploy.image.name }}:{{ .Values.scDeploy.image.tag }}
@@ -52,6 +59,11 @@ spec:
             - mountPath: /app/deploy-contracts.sh
               subPath: deploy-contracts.sh
               name: config
+            - mountPath: /app/upgrade-contracts.sh
+              subPath: upgrade-contracts.sh
+              name: config
+            - mountPath: /app/oldContracts
+              name: old-contracts
             {{- if .Values.persistence.enabled }}
             - mountPath: /app/addresses
               name: persistence
@@ -73,6 +85,8 @@ spec:
           persistentVolumeClaim:
             claimName: {{ include "scVolumeName" . }}
       {{- end }}
+        - name: old-contracts
+          emptyDir: {}
       imagePullSecrets:
         - name: registry-credentials
 {{- end }}
@@ -4,10 +4,10 @@ scDeploy:
   # preventRedeployment: false
   nameOverride:
   image:
-    name: ghcr.io/zama-ai/fhevm-gateway/sc-bundle
-    tag: v0.1.0-rc11
+    name: ghcr.io/zama-ai/fhevm/host-contracts
+    tag: v0.7.0
   configmap:
-    name: "gateway-sc-addresses"
+    name: "sc-addresses"
     annotations:
   env:
     - name: MNEMONIC
@@ -18,6 +18,8 @@ scDeploy:
       value: "0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c"
     - name: RPC_URL
       value: "http://gateway-node:8546"
+    # - name: HARDHAT_NETWORK
+    #   value: "sepolia"
   resources:
     requests:
       cpu: 100m
@@ -29,6 +31,19 @@ scDeploy:
     runAsNonRoot: true
     runAsUser: 10000
     fsGroup: 10001
+  deployCommands:
+  # - npx hardhat task:deploy
+  verifyContracts: false
+
+scUpgrade:
+  enabled: false
+  oldContracts:
+    image:
+      name: ghcr.io/zama-ai/fhevm/host-contracts
+      tag: v0.7.0-rc2
+  # Note: The upgrade process uses the new contracts image from scDeploy.image
+  upgradeCommands:
+  # - npx hardhat task:upgrade
 
 # Uncomment to use a specific node selector and toleration
 # nodeSelector:
 
@@ -74,7 +74,7 @@ hostListener:
     - --coprocessor-api-key=$(TENANT_API_KEY)
     - --url=ws://host-anvil-node:8545
   serviceMonitor:
-    enabled: true
+    enabled: false
 
 gwListener:
   enabled: true
@@ -99,7 +99,7 @@ gwListener:
     - --zkpok-manager-address=$(ZKPOK_MANAGER_ADDRESS)
     - --verify-proof-req-database-channel="event_zkpok_new_work"
   serviceMonitor:
-    enabled: true
+    enabled: false
 
 tfheWorker:
   enabled: true
@@ -127,7 +127,7 @@ tfheWorker:
     - --service-name=coprocessor-tfhe-worker
     - --coprocessor-private-key=/accounts/coprocessor.hex
   serviceMonitor:
-    enabled: true
+    enabled: false
   tracing:
     enabled: true
     endpoint: "http://observability-zws-dev-observability-alloy.observability.svc.cluster.local:4317"
@@ -186,7 +186,7 @@ zkProofWorker:
     - --pg-pool-connections=5
     - --worker-thread-count=4
   serviceMonitor:
-    enabled: true
+    enabled: false
   resources:
     requests:
       cpu: 1
@@ -255,7 +255,7 @@ snsWorker:
     - --pg-polling-interval=60
     - --pg-pool-connections=10
   serviceMonitor:
-    enabled: true
+    enabled: false
   resources:
     requests:
       cpu: 1
@@ -328,4 +328,4 @@ txSender:
     - --gateway-url=http://gateway-fhevm-staging-anvil-node:8546
     - --private-key=$(TX_SENDER_PRIVATE_KEY)
   serviceMonitor:
-    enabled: true
+    enabled: false
@@ -0,0 +1,115 @@
+scDeploy:
+  enabled: true
+  image:
+    name: ghcr.io/zama-ai/fhevm/gateway-contracts
+    tag: "v0.7.0"
+  configmap:
+    name: "gateway-sc-addresses"
+  env:
+    - name: HARDHAT_NETWORK
+      value: "staging"
+    - name: RPC_URL
+      value: "http://gateway-anvil-node:8546"
+    - name: DEPLOYER_PRIVATE_KEY
+      value: "0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c"
+    # 1) Initial Contract Deployment Config
+    - name: CHAIN_ID_GATEWAY
+      value: "54321"
+    - name: DEPLOYER_ADDRESS
+      value: "0xCf28E90D4A6dB23c34E1881aEF5fd9fF2e478634"
+    - name: PAUSER_ADDRESS
+      value: "0xCf28E90D4A6dB23c34E1881aEF5fd9fF2e478634"
+    - name: PROTOCOL_NAME
+      value: "Zama"
+    - name: PROTOCOL_WEBSITE
+      value: "zama.ai"
+    - name: MPC_THRESHOLD
+      value: "1"
+    - name: NUM_KMS_NODES
+      value: "4"
+    # USER_DECRYPTION_THRESHOLD=(2*MPC_THRESHOLD) + 1
+    - name: USER_DECRYPTION_THRESHOLD
+      value: "3"
+    # PUBLIC_DECRYPTION_THRESHOLD=floor(NUM_KMS_NODES/2) + 1
+    # This threshold must match the one defined for the host
+    - name: PUBLIC_DECRYPTION_THRESHOLD
+      value: "3"
+    - name: KMS_TX_SENDER_ADDRESS_0
+      value: "0x87B8588FE7b273A0707b430fd26E01ecb014417A" # 0x2fa595e2a6ecf65fb93c06ffe4dd444c1d9d72746a61b09a0eef2f7ee52ff8af
+    - name: KMS_TX_SENDER_ADDRESS_1
+      value: "0x264D261d719aFD70F4d72f529D644A56327dCf2e" # 0xb97704c21e5c50e06272fbe1db3b4ba21d360e2dc81cde169ad14c1ea21a85a4
+    - name: KMS_TX_SENDER_ADDRESS_2
+      value: "0xEEcE0864CCAB13866AdCa8319B278b6d4af40484" # 0xb72ad6f093ee103cc35d376b57901c17abb1a1fe47b82ba385bebaabfe559d5a
+    - name: KMS_TX_SENDER_ADDRESS_3
+      value: "0x0425EB924AcCc9199ebf98038Dea9cA4823bC3e9" # 0xdc68f74b49335532da848d8d7cbce641d5920256ca76798cbb128c7165a10f27
+    - name: KMS_SIGNER_ADDRESS_0
+      value: "0xB01Df3Cf07E867c0E73785CE4b095408B25b1adE"
+    - name: KMS_SIGNER_ADDRESS_1
+      value: "0xd9cCc0D6d3f703FEF2FA8963715695f7A43F334D"
+    - name: KMS_SIGNER_ADDRESS_2
+      value: "0x78d72267C5cb71DdfEb5737e3CAB7878998C982C"
+    - name: KMS_SIGNER_ADDRESS_3
+      value: "0xB78Ff45392840d5d9382A0fD2C3A9454ca396193"
+    - name: KMS_NODE_IP_ADDRESS_0
+      value: ""
+    - name: KMS_NODE_IP_ADDRESS_1
+      value: ""
+    - name: KMS_NODE_IP_ADDRESS_2
+      value: ""
+    - name: KMS_NODE_IP_ADDRESS_3
+      value: ""
+    - name: KMS_NODE_DA_URL_0
+      value: ""
+    - name: KMS_NODE_DA_URL_1
+      value: ""
+    - name: KMS_NODE_DA_URL_2
+      value: ""
+    - name: KMS_NODE_DA_URL_3
+      value: ""
+    - name: NUM_COPROCESSORS
+      value: "1"
+    - name: COPROCESSOR_TX_SENDER_ADDRESS_0
+      value: "0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD"
+    - name: COPROCESSOR_SIGNER_ADDRESS_0
+      value: "0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD"
+    - name: COPROCESSOR_DA_URL_0
+      value: ""
+    - name: COPROCESSOR_S3_BUCKET_URL_0
+      value: "http://example.com"
+    - name: FHE_PARAMS_NAME
+      value: "test"
+    - name: FHE_PARAMS_DIGEST
+      value: "0x0000000000000000000000000000000000000000000000000000000000000000"
+    # 2) Add Host Chains Config
+#    - name: NUM_HOST_CHAINS
+#      value: "1"
+#    - name: HOST_CHAIN_CHAIN_ID_0
+#      value: "12345"
+#    - name: HOST_CHAIN_FHEVM_EXECUTOR_ADDRESS_0
+#      valueFrom:
+#        configMapKeyRef:
+#          name: host-sc-addresses
+#          key: exec.address
+#    - name: HOST_CHAIN_ACL_ADDRESS_0
+#      valueFrom:
+#        configMapKeyRef:
+#          name: host-sc-addresses
+#          key: acl.address
+#    - name: HOST_CHAIN_NAME_0
+#      value: ""
+#    - name: HOST_CHAIN_WEBSITE_0
+#      value: ""
+
+  verifyContracts: false
+  deployCommands:
+    - "npx --no-install hardhat task:deployAllGatewayContracts"
+    #- "npx --no-install hardhat task:deployEmptyUUPSProxies"
+    #- "npx --no-install hardhat task:addHostChainsToGatewayConfig"
+
+persistence:
+  enabled: true
+  volumeClaim:
+    create: true
+    name: "gateway-contracts"
+    storageClassName: "standard"
+    storageCapacity: 1Gi