Skip to content

Commit 0872fea

Browse files
authored
feat(charts): Add support for host contracts upgrade (#357)
* feat(charts): update local fhevm chart values to contracts 0.7.0 release * feat(charts): add smart contract upgrade support to contracts chart * feat(charts): add local example config for performing a smart contract upgrade * chore(charts): lint comment in values filel
1 parent b89ada4 commit 0872fea

14 files changed

Lines changed: 421 additions & 172 deletions

charts/contracts/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
name: contracts
22
description: A helm chart to manage fhevm Smart Contracts Deployment
3-
version: 0.4.3
3+
version: 0.5.0
44
apiVersion: v2
55
keywords:
66
- fhevm

charts/contracts/templates/_helpers.tpl

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,5 @@
1010
{{- define "scDebugStatefulSetName" -}}
1111
{{- $scDebugStatefulSetNameDefault := printf "%s-%s" .Release.Name "debug" }}
1212
{{- default $scDebugStatefulSetNameDefault .Values.scDebug.nameOverride | trunc 63 | trimSuffix "-" -}}
13-
{{- end -}}
13+
{{- end -}}
14+

charts/contracts/templates/sc-deploy-config.yaml

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
{{- if .Values.scDeploy.enabled -}}
21
apiVersion: v1
32
kind: ConfigMap
43
metadata:
@@ -93,14 +92,24 @@ data:
9392
done;
9493
9594
{{- if .Values.scDeploy.verifyContracts }}
96-
for envfile in /app/addresses/.env.*; do
97-
echo "---"
98-
echo "Verifying contract for ${envfile}"
99-
CONTRACT_NAME="$(echo ${envfile} | cut -d'.' -f 3)"
100-
CONTRACT_ADDRESS="$(cat ${envfile} | cut -d'=' -f 2)"
101-
npx --no-install hardhat verify ${CONTRACT_ADDRESS} || true
102-
done;
95+
npx --no-install hardhat verify:verify || true
10396
{{- end }}
10497
echo "adding the current contracts version to the configmap"
10598
kubectl patch configmap "${CONFIGMAP_NAME}" -p="{\"data\": {\"contracts.version\": \"{{ .Values.scDeploy.image.tag }}\"}}"
106-
{{- end }}
99+
upgrade-contracts.sh: |
100+
#!/bin/bash
101+
set -eo pipefail
102+
{{- if .Values.scDeploy.preventRedeployment }}
103+
# Prevent smart contract deployment if already done for current version
104+
if [[ "$DEPLOYED_SMART_CONTRACTS_VERSION" == "{{ .Values.scDeploy.image.tag }}" ]]; then
105+
echo "contracts already deployed with version: ${DEPLOYED_SMART_CONTRACTS_VERSION}, aborting deployment" 1>&2
106+
exit 0
107+
fi
108+
{{- end }}
109+
110+
echo "executing upgrade commands"
111+
{{- range .Values.scUpgrade.upgradeCommands }}
112+
{{ . | nindent 4 }}
113+
{{- end }}
114+
echo "updating the contracts version to the configmap"
115+
kubectl patch configmap "${CONFIGMAP_NAME}" -p="{\"data\": {\"contracts.version\": \"{{ .Values.scDeploy.image.tag }}\"}}"

charts/contracts/templates/sc-deploy-job.yaml

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{- if .Values.scDeploy.enabled }}
1+
{{- if or .Values.scDeploy.enabled .Values.scUpgrade.enabled -}}
22
apiVersion: batch/v1
33
kind: Job
44
metadata:
@@ -23,7 +23,6 @@ spec:
2323
{{- with .Values.podLabels }}
2424
{{- toYaml . | nindent 8 }}
2525
{{- end }}
26-
2726
spec:
2827
serviceAccountName: {{ .Release.Name }}-config-writer
2928
securityContext:
@@ -40,10 +39,23 @@ spec:
4039
affinity:
4140
{{- toYaml . | nindent 8 }}
4241
{{- end }}
42+
{{- if .Values.scUpgrade.enabled }}
43+
initContainers:
44+
- name: copy-old-contracts
45+
image: {{ .Values.scUpgrade.oldContracts.image.name }}:{{ .Values.scUpgrade.oldContracts.image.tag }}
46+
command: ["cp", "-r", "/app/contracts/.", "/app/oldContracts"]
47+
volumeMounts:
48+
- mountPath: /app/oldContracts
49+
name: old-contracts
4350
containers:
44-
- name: deploy
51+
- name: upgrade-smart-contracts
52+
command: [ "/app/upgrade-contracts.sh" ]
53+
{{- else if .Values.scDeploy.enabled }}
54+
containers:
55+
- name: deploy-smart-contracts
56+
command: [ "/app/deploy-contracts.sh" ]
57+
{{- end }}
4558
image: {{ .Values.scDeploy.image.name }}:{{ .Values.scDeploy.image.tag }}
46-
command: ["/app/deploy-contracts.sh"]
4759
env:
4860
- name: DEPLOYED_SMART_CONTRACTS_VERSION
4961
valueFrom:
@@ -61,6 +73,13 @@ spec:
6173
- mountPath: /app/deploy-contracts.sh
6274
subPath: deploy-contracts.sh
6375
name: config
76+
- mountPath: /app/upgrade-contracts.sh
77+
subPath: upgrade-contracts.sh
78+
name: config
79+
{{- if .Values.scUpgrade.enabled }}
80+
- mountPath: /app/oldContracts
81+
name: old-contracts
82+
{{- end }}
6483
{{- if .Values.persistence.enabled }}
6584
- mountPath: /app/addresses
6685
name: persistence
@@ -82,6 +101,10 @@ spec:
82101
persistentVolumeClaim:
83102
claimName: {{ include "scVolumeName" . }}
84103
{{- end }}
104+
{{- if .Values.scUpgrade.enabled }}
105+
- name: old-contracts
106+
emptyDir: {}
107+
{{- end }}
85108
restartPolicy: Never
86109
imagePullSecrets:
87110
- name: registry-credentials

charts/contracts/templates/sc-deploy-statefulset.yaml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,13 @@ spec:
3737
affinity:
3838
{{- toYaml . | nindent 8 }}
3939
{{- end }}
40+
initContainers:
41+
- name: copy-old-contracts
42+
image: {{ .Values.scUpgrade.oldContracts.image.name }}:{{ .Values.scUpgrade.oldContracts.image.tag }}
43+
command: ["cp", "-r", "/app/contracts/.", "/app/oldContracts"]
44+
volumeMounts:
45+
- mountPath: /app/oldContracts
46+
name: old-contracts
4047
containers:
4148
- name: debug
4249
image: {{ .Values.scDeploy.image.name }}:{{ .Values.scDeploy.image.tag }}
@@ -52,6 +59,11 @@ spec:
5259
- mountPath: /app/deploy-contracts.sh
5360
subPath: deploy-contracts.sh
5461
name: config
62+
- mountPath: /app/upgrade-contracts.sh
63+
subPath: upgrade-contracts.sh
64+
name: config
65+
- mountPath: /app/oldContracts
66+
name: old-contracts
5567
{{- if .Values.persistence.enabled }}
5668
- mountPath: /app/addresses
5769
name: persistence
@@ -73,6 +85,8 @@ spec:
7385
persistentVolumeClaim:
7486
claimName: {{ include "scVolumeName" . }}
7587
{{- end }}
88+
- name: old-contracts
89+
emptyDir: {}
7690
imagePullSecrets:
7791
- name: registry-credentials
7892
{{- end }}

charts/contracts/values.yaml

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@ scDeploy:
44
# preventRedeployment: false
55
nameOverride:
66
image:
7-
name: ghcr.io/zama-ai/fhevm-gateway/sc-bundle
8-
tag: v0.1.0-rc11
7+
name: ghcr.io/zama-ai/fhevm/host-contracts
8+
tag: v0.7.0
99
configmap:
10-
name: "gateway-sc-addresses"
10+
name: "sc-addresses"
1111
annotations:
1212
env:
1313
- name: MNEMONIC
@@ -18,6 +18,8 @@ scDeploy:
1818
value: "0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c"
1919
- name: RPC_URL
2020
value: "http://gateway-node:8546"
21+
# - name: HARDHAT_NETWORK
22+
# value: "sepolia"
2123
resources:
2224
requests:
2325
cpu: 100m
@@ -29,6 +31,19 @@ scDeploy:
2931
runAsNonRoot: true
3032
runAsUser: 10000
3133
fsGroup: 10001
34+
deployCommands:
35+
# - npx hardhat task:deploy
36+
verifyContracts: false
37+
38+
scUpgrade:
39+
enabled: false
40+
oldContracts:
41+
image:
42+
name: ghcr.io/zama-ai/fhevm/host-contracts
43+
tag: v0.7.0-rc2
44+
# Note: The upgrade process uses the new contracts image from scDeploy.image
45+
upgradeCommands:
46+
# - npx hardhat task:upgrade
3247

3348
# Uncomment to use a specific node selector and toleration
3449
# nodeSelector:

deployments/fhevm/coprocessor-values.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ hostListener:
7474
- --coprocessor-api-key=$(TENANT_API_KEY)
7575
- --url=ws://host-anvil-node:8545
7676
serviceMonitor:
77-
enabled: true
77+
enabled: false
7878

7979
gwListener:
8080
enabled: true
@@ -99,7 +99,7 @@ gwListener:
9999
- --zkpok-manager-address=$(ZKPOK_MANAGER_ADDRESS)
100100
- --verify-proof-req-database-channel="event_zkpok_new_work"
101101
serviceMonitor:
102-
enabled: true
102+
enabled: false
103103

104104
tfheWorker:
105105
enabled: true
@@ -127,7 +127,7 @@ tfheWorker:
127127
- --service-name=coprocessor-tfhe-worker
128128
- --coprocessor-private-key=/accounts/coprocessor.hex
129129
serviceMonitor:
130-
enabled: true
130+
enabled: false
131131
tracing:
132132
enabled: true
133133
endpoint: "http://observability-zws-dev-observability-alloy.observability.svc.cluster.local:4317"
@@ -186,7 +186,7 @@ zkProofWorker:
186186
- --pg-pool-connections=5
187187
- --worker-thread-count=4
188188
serviceMonitor:
189-
enabled: true
189+
enabled: false
190190
resources:
191191
requests:
192192
cpu: 1
@@ -255,7 +255,7 @@ snsWorker:
255255
- --pg-polling-interval=60
256256
- --pg-pool-connections=10
257257
serviceMonitor:
258-
enabled: true
258+
enabled: false
259259
resources:
260260
requests:
261261
cpu: 1
@@ -328,4 +328,4 @@ txSender:
328328
- --gateway-url=http://gateway-fhevm-staging-anvil-node:8546
329329
- --private-key=$(TX_SENDER_PRIVATE_KEY)
330330
serviceMonitor:
331-
enabled: true
331+
enabled: false
Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,115 @@
1+
scDeploy:
2+
enabled: true
3+
image:
4+
name: ghcr.io/zama-ai/fhevm/gateway-contracts
5+
tag: "v0.7.0"
6+
configmap:
7+
name: "gateway-sc-addresses"
8+
env:
9+
- name: HARDHAT_NETWORK
10+
value: "staging"
11+
- name: RPC_URL
12+
value: "http://gateway-anvil-node:8546"
13+
- name: DEPLOYER_PRIVATE_KEY
14+
value: "0xe746bc71f6bee141a954e6a49bc9384d334e393a7ea1e70b50241cb2e78e9e4c"
15+
# 1) Initial Contract Deployment Config
16+
- name: CHAIN_ID_GATEWAY
17+
value: "54321"
18+
- name: DEPLOYER_ADDRESS
19+
value: "0xCf28E90D4A6dB23c34E1881aEF5fd9fF2e478634"
20+
- name: PAUSER_ADDRESS
21+
value: "0xCf28E90D4A6dB23c34E1881aEF5fd9fF2e478634"
22+
- name: PROTOCOL_NAME
23+
value: "Zama"
24+
- name: PROTOCOL_WEBSITE
25+
value: "zama.ai"
26+
- name: MPC_THRESHOLD
27+
value: "1"
28+
- name: NUM_KMS_NODES
29+
value: "4"
30+
# USER_DECRYPTION_THRESHOLD=(2*MPC_THRESHOLD) + 1
31+
- name: USER_DECRYPTION_THRESHOLD
32+
value: "3"
33+
# PUBLIC_DECRYPTION_THRESHOLD=floor(NUM_KMS_NODES/2) + 1
34+
# This threshold must match the one defined for the host
35+
- name: PUBLIC_DECRYPTION_THRESHOLD
36+
value: "3"
37+
- name: KMS_TX_SENDER_ADDRESS_0
38+
value: "0x87B8588FE7b273A0707b430fd26E01ecb014417A" # 0x2fa595e2a6ecf65fb93c06ffe4dd444c1d9d72746a61b09a0eef2f7ee52ff8af
39+
- name: KMS_TX_SENDER_ADDRESS_1
40+
value: "0x264D261d719aFD70F4d72f529D644A56327dCf2e" # 0xb97704c21e5c50e06272fbe1db3b4ba21d360e2dc81cde169ad14c1ea21a85a4
41+
- name: KMS_TX_SENDER_ADDRESS_2
42+
value: "0xEEcE0864CCAB13866AdCa8319B278b6d4af40484" # 0xb72ad6f093ee103cc35d376b57901c17abb1a1fe47b82ba385bebaabfe559d5a
43+
- name: KMS_TX_SENDER_ADDRESS_3
44+
value: "0x0425EB924AcCc9199ebf98038Dea9cA4823bC3e9" # 0xdc68f74b49335532da848d8d7cbce641d5920256ca76798cbb128c7165a10f27
45+
- name: KMS_SIGNER_ADDRESS_0
46+
value: "0xB01Df3Cf07E867c0E73785CE4b095408B25b1adE"
47+
- name: KMS_SIGNER_ADDRESS_1
48+
value: "0xd9cCc0D6d3f703FEF2FA8963715695f7A43F334D"
49+
- name: KMS_SIGNER_ADDRESS_2
50+
value: "0x78d72267C5cb71DdfEb5737e3CAB7878998C982C"
51+
- name: KMS_SIGNER_ADDRESS_3
52+
value: "0xB78Ff45392840d5d9382A0fD2C3A9454ca396193"
53+
- name: KMS_NODE_IP_ADDRESS_0
54+
value: ""
55+
- name: KMS_NODE_IP_ADDRESS_1
56+
value: ""
57+
- name: KMS_NODE_IP_ADDRESS_2
58+
value: ""
59+
- name: KMS_NODE_IP_ADDRESS_3
60+
value: ""
61+
- name: KMS_NODE_DA_URL_0
62+
value: ""
63+
- name: KMS_NODE_DA_URL_1
64+
value: ""
65+
- name: KMS_NODE_DA_URL_2
66+
value: ""
67+
- name: KMS_NODE_DA_URL_3
68+
value: ""
69+
- name: NUM_COPROCESSORS
70+
value: "1"
71+
- name: COPROCESSOR_TX_SENDER_ADDRESS_0
72+
value: "0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD"
73+
- name: COPROCESSOR_SIGNER_ADDRESS_0
74+
value: "0x6254A198F67ad40290a2E7B48aDB2d19B71f67BD"
75+
- name: COPROCESSOR_DA_URL_0
76+
value: ""
77+
- name: COPROCESSOR_S3_BUCKET_URL_0
78+
value: "http://example.com"
79+
- name: FHE_PARAMS_NAME
80+
value: "test"
81+
- name: FHE_PARAMS_DIGEST
82+
value: "0x0000000000000000000000000000000000000000000000000000000000000000"
83+
# 2) Add Host Chains Config
84+
# - name: NUM_HOST_CHAINS
85+
# value: "1"
86+
# - name: HOST_CHAIN_CHAIN_ID_0
87+
# value: "12345"
88+
# - name: HOST_CHAIN_FHEVM_EXECUTOR_ADDRESS_0
89+
# valueFrom:
90+
# configMapKeyRef:
91+
# name: host-sc-addresses
92+
# key: exec.address
93+
# - name: HOST_CHAIN_ACL_ADDRESS_0
94+
# valueFrom:
95+
# configMapKeyRef:
96+
# name: host-sc-addresses
97+
# key: acl.address
98+
# - name: HOST_CHAIN_NAME_0
99+
# value: ""
100+
# - name: HOST_CHAIN_WEBSITE_0
101+
# value: ""
102+
103+
verifyContracts: false
104+
deployCommands:
105+
- "npx --no-install hardhat task:deployAllGatewayContracts"
106+
#- "npx --no-install hardhat task:deployEmptyUUPSProxies"
107+
#- "npx --no-install hardhat task:addHostChainsToGatewayConfig"
108+
109+
persistence:
110+
enabled: true
111+
volumeClaim:
112+
create: true
113+
name: "gateway-contracts"
114+
storageClassName: "standard"
115+
storageCapacity: 1Gi

0 commit comments

Comments
 (0)