test(test-suite): update with new coprocessor images (#321)

* test(test-suite): update with new coprocessor images

* chore(test-suite): build all images from main

* feat(test-suite): add --build option to fhevm-cli

* fix(test-suite): improve caching with local build

* test(test-suite): update fhevm stack to latest as a shortcut to test

* fix(test-suite): update fhevm-reayer to match rc13 config

* docs(test-suite): improve doc

Author: tawadaa

.github/workflows/test-suite-e2e-tests-with-build.yml

@@ -0,0 +1,129 @@
+name: test-suite-e2e-tests-with-build
+
+on:
+  workflow_dispatch:
+    inputs:
+      core_version:
+        description: "KMS Core Version"
+        default: ""
+        type: string
+      relayer_version:
+        description: "Relayer Image Version"
+        default: ""
+        type: string
+  # WIP: still not working - skipped for now
+  # pull_request:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+jobs:
+  check-changes:
+    name: test-suite-e2e-tests-with-build/check-changes
+    permissions:
+      actions: 'read'
+      contents: 'read'
+      pull-requests: 'read'
+    runs-on: ubuntu-latest
+    outputs:
+      changes-fhevm: ${{ steps.filter.outputs.fhevm }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36  # v3.0.2
+        id: filter
+        with:
+          filters: |
+            fhevm:
+              - 'test-suite/fhevm/**'
+  tests:
+    name: test-suite-e2e-tests-with-build/tests
+    needs: check-changes
+    if: ${{ needs.check-changes.outputs.changes-fhevm == 'true' || github.event_name == 'release' || github.event_name == 'workflow_dispatch' }}
+    permissions:
+      contents: "read"
+      id-token: "write"
+      packages: "read"
+
+    runs-on: large_ubuntu_32
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Display Docker and Buildx version
+        run: |
+          echo "Docker version: $(docker --version)"
+          echo "Docker Buildx version: $(docker buildx version)"
+          echo "--- Docker Info ---"
+          docker info
+          echo "-------------------"
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_READ_TOKEN }}
+
+      - name: Deploy fhevm Stack
+        working-directory: test-suite/fhevm
+        env:
+          CORE_VERSION: ${{ inputs.core_version }}
+          RELAYER_VERSION: ${{ inputs.relayer_version }}
+          DOCKER_BUILDKIT: 1
+        timeout-minutes: 90
+        run: |
+          ./fhevm-cli deploy --build
+
+      - name: Input proof test (uint64)
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test input-proof
+
+      - name: Public Decryption test
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test public-decryption
+
+      - name: User Decryption test
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test user-decryption
+
+      - name: ERC20 test
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test erc20
+
+      - name: Public Decryption HTTP endpoint test (ebool)
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test public-decrypt-http-ebool
+
+      - name: Public Decryption HTTP endpoint test (mixed)
+        working-directory: test-suite/fhevm
+        run: |
+          ./fhevm-cli test public-decrypt-http-mixed
+
+      - name: Show logs on test failure
+        working-directory: test-suite/fhevm
+        if: always()
+        run: |
+          echo "::group::Relayer Logs"
+          ./fhevm-cli logs relayer
+          echo "::endgroup::"
+          echo "::group::SNS Worker Logs"
+          ./fhevm-cli logs sns-worker | grep -v "Selected 0 rows to process"
+          echo "::endgroup::"
+          echo "::group::Transaction Sender Logs (filtered)"
+          ./fhevm-cli logs transaction-sender | grep -v "Selected 0 rows to process"
+          echo "::endgroup::"
+
+      - name: Cleanup
+        working-directory: test-suite/fhevm
+        if: always()
+        run: |
+          ./fhevm-cli clean

host-contracts/Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/zama-ai/fhevm-node:latest
+FROM ghcr.io/zama-ai/fhevm/gci/nodejs:22.14.0-alpine3.21
 
 USER root
 

test-suite/README.md

@@ -26,6 +26,7 @@ KMS can be configured to two modes:
 
 ## Get started
 
+### Quickstart
 The test suite offers a unified CLI for all operations:
 
 ```sh
@@ -52,6 +53,32 @@ cd test-suite/fhevm
 ./fhevm-cli clean
 ```
 
+### WIP - Forcing Local Builds (`--build`)
+
+⚠️ **IMPORTANT: THIS FEATURE IS STILL A WORK IN PROGRESS!** ⚠️
+We are actively working to optimize caching for local machines and GitHub runners.
+
+🚨 **SECURITY NOTICE:**
+The pre-built Docker images for the FHEVM stack are currently hosted in a **private registry** and are **not publicly available** for direct pulling. This is intentional for security reasons.
+
+Therefore, for external developers or anyone setting up the stack for the first time without access to our private registry, **using the `--build` option is the recommended and necessary way to get started:**
+
+```sh
+./fhevm-cli deploy --build
+```
+
+This command instructs Docker Compose to:
+1.  Build the images locally using the `Dockerfile` and context specified in the respective `docker-compose/*.yml` files for each service. This process uses the source code available in your local checkout (or cloned sub-repositories).
+2.  Tag the newly built images with the versions specified in the `fhevm-cli` script.
+3.  Then, start the services using these freshly built local images.
+
+**Why `--build` is essential for external developers:**
+*   **Image Access:** Since pre-built images are private, `--build` allows you to construct the necessary images from the publicly available source code.
+*   **Local Modifications:** If you have made local changes to any of the Dockerfiles or the build context of a service (e.g., you've cloned one of the sub-repositories like `fhevm-contracts` or `fhevm-coprocessor` into the expected relative paths and made changes), `--build` ensures these changes are incorporated.
+*   **Ensuring Correct Setup:** It guarantees that you are running with images built directly from the provided source, eliminating discrepancies that could arise from attempting to pull non-existent or inaccessible public images.
+
+🚧 **In summary:** Until public images are made available, external users should always use `./fhevm-cli deploy --build` to ensure a successful deployment.
+
 ## Security policy
 
 ### Handling sensitive data

test-suite/fhevm/config/relayer/local.yaml

@@ -1,10 +1,6 @@
 environment: development
 
-inputproof:
-  url: "0.0.0.0:3000"
-
-
-
+http_endpoint: "0.0.0.0:3000"
 
 transaction:
   private_key_fhevm_env: FHEVM_PRIVATE_KEY
@@ -24,6 +20,10 @@ transaction:
     base_delay_secs: 3
     max_delay_secs: 225
 
+metrics_endpoint: "0.0.0.0:9898"
+http_metrics:
+  histogram_buckets: [0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30, 32, 34, 36, 40]
+
 
 log:
   # Set log level for development

test-suite/fhevm/docker-compose/connector-docker-compose.yml

@@ -3,6 +3,13 @@ services:
   kms-connector:
     container_name: kms-connector
     image: ghcr.io/zama-ai/fhevm/kms-connector:${CONNECTOR_VERSION}
+    build:
+      context: ../../..
+      dockerfile: kms-connector/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.connector.local
     volumes:

test-suite/fhevm/docker-compose/coprocessor-docker-compose.yml

@@ -35,6 +35,13 @@ services:
   db-migration:
     container_name: fhevm-db-migration
     image: ghcr.io/zama-ai/fhevm/coprocessor/db-migration:${DB_MIGRATION_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/db-migration/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.coprocessor.local
     environment:
@@ -50,9 +57,16 @@ services:
         condition: service_completed_successfully
 
   ####################### COPROCESSOR SERVICES #######################
-  fhevm-listener:
-    container_name: fhevm-fhevm-listener
-    image: ghcr.io/zama-ai/fhevm/coprocessor:${COPROCESSOR_VERSION}
+  host-listener:
+    container_name: fhevm-host-listener
+    image: ghcr.io/zama-ai/fhevm/coprocessor/host-listener:${HOST_LISTENER_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/fhevm-listener/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.coprocessor.local
     command:
@@ -68,11 +82,14 @@ services:
 
   gw-listener:
     container_name: fhevm-gw-listener
-    image: ghcr.io/zama-ai/fhevm/coprocessor:${COPROCESSOR_VERSION}
-    # image: ghcr.io/zama-ai/fhevm/coprocessor/gw-listener:latest
-    # build:
-    #   context: ../../..
-    #   dockerfile: coprocessor/fhevm-engine/gw-listener/Dockerfile
+    image: ghcr.io/zama-ai/fhevm/coprocessor/gw-listener:${GW_LISTENER_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/gw-listener/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     healthcheck:
       test: ["CMD-SHELL", "curl -f http://localhost:8080/liveness || exit 1"]
       interval: 10s
@@ -97,7 +114,14 @@ services:
 
   tfhe-worker:
     container_name: fhevm-tfhe-worker
-    image: ghcr.io/zama-ai/fhevm/coprocessor:${COPROCESSOR_VERSION}
+    image: ghcr.io/zama-ai/fhevm/coprocessor/tfhe-worker:${TFHE_WORKER_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/coprocessor/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.coprocessor.local
     command:
@@ -118,7 +142,14 @@ services:
 
   zkproof-worker:
     container_name: fhevm-zkproof-worker
-    image: ghcr.io/zama-ai/fhevm/coprocessor:${COPROCESSOR_VERSION}
+    image: ghcr.io/zama-ai/fhevm/coprocessor/zkproof-worker:${ZKPROOF_WORKER_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/zkproof-worker/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.coprocessor.local
     command:
@@ -137,7 +168,14 @@ services:
 
   sns-worker:
     container_name: fhevm-sns-worker
-    image: ghcr.io/zama-ai/fhevm/coprocessor:${COPROCESSOR_VERSION}
+    image: ghcr.io/zama-ai/fhevm/coprocessor/sns-worker:${SNS_WORKER_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/sns-executor/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.coprocessor.local
     command:
@@ -147,19 +185,19 @@ services:
       - --pg-listen-channels
       - event_pbs_computations
       - event_ciphertext_computed
-      - --pg-notify-channel="event_ciphertext128_computed"
+      - --pg-notify-channel
+      - event_ciphertext128_computed
       - --work-items-batch-size=20
       - --pg-polling-interval=30
       - --pg-pool-connections=10
       - --bucket-name-ct64=ct64
       - --bucket-name-ct128=ct128
-      # # uncomment if you are using release => v0.7.0-rc2
-      # - --s3-max-concurrent-uploads=100
-      # - --s3-max-retries-per-upload=100
-      # - --s3-max-backoff=10s
-      # - --s3-max-retries-timeout=120s
-      # - --s3-recheck-duration=2s
-      # - --s3-regular-recheck-duration=120s
+      - --s3-max-concurrent-uploads=100
+      - --s3-max-retries-per-upload=100
+      - --s3-max-backoff=10s
+      - --s3-max-retries-timeout=120s
+      - --s3-recheck-duration=2s
+      - --s3-regular-recheck-duration=120s
     depends_on:
       db:
         condition: service_healthy
@@ -168,7 +206,14 @@ services:
 
   transaction-sender:
     container_name: fhevm-transaction-sender
-    image: ghcr.io/zama-ai/fhevm/coprocessor:${COPROCESSOR_VERSION}
+    image: ghcr.io/zama-ai/fhevm/coprocessor/tx-sender:${TX_SENDER_VERSION}
+    build:
+      context: ../../..
+      dockerfile: coprocessor/fhevm-engine/transaction-sender/Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.coprocessor.local
     command:
@@ -186,8 +231,7 @@ services:
       - --verify-proof-resp-batch-limit=128
       - --verify-proof-resp-max-retries=15
       - --verify-proof-remove-after-max-retries
-      # # uncomment if you are using release => v0.7.0-rc2
-      # - --signer-type=private-key
+      - --signer-type=private-key
     depends_on:
       db:
         condition: service_healthy

test-suite/fhevm/docker-compose/gateway-docker-compose.yml

@@ -24,6 +24,13 @@ services:
   gateway-sc-deploy:
     container_name: fhevm-gateway-sc-deploy
     image: ghcr.io/zama-ai/fhevm/gateway-contracts:${GATEWAY_VERSION}
+    build:
+      context: ../../../gateway-contracts
+      dockerfile: Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.gateway.local
     command:
@@ -37,6 +44,13 @@ services:
   gateway-sc-add-network:
     container_name: fhevm-gateway-sc-add-network
     image: ghcr.io/zama-ai/fhevm/gateway-contracts:${GATEWAY_VERSION}
+    build:
+      context: ../../../gateway-contracts
+      dockerfile: Dockerfile
+      cache_from:
+        - type=gha
+      cache_to:
+        - type=gha,mode=max
     env_file:
       - ../env/staging/.env.gateway.local
     command: