chore(protocol-contracts): clean hardhat config #3650
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: gateway-contracts-upgrade-tests | |
| permissions: {} | |
| on: | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # Define common environment variables here: | |
| # - DOTENV_CONFIG_PATH: The path to the environment file, used for loading variables used for upgrades | |
| # - HARDHAT_NETWORK: Should match the network from the docker-compose.yml's services | |
| # - CHAIN_ID_GATEWAY: Should match the chain ID used in the anvil node in the docker-compose.yml file | |
| # - RPC_URL: The port should match the one used in the anvil node in the docker-compose.yml file | |
| env: | |
| DOTENV_CONFIG_PATH: .env.example | |
| HARDHAT_NETWORK: staging | |
| CHAIN_ID_GATEWAY: 54321 | |
| RPC_URL: http://localhost:8546 | |
| jobs: | |
| check-changes: | |
| name: gateway-contracts-upgrade-tests/check-changes | |
| permissions: | |
| actions: 'read' # Required to read workflow run information | |
| contents: 'read' # Required to checkout repository code | |
| pull-requests: 'read' # Required to read pull request information | |
| runs-on: ubuntu-latest | |
| outputs: | |
| changes-gw-contracts: ${{ steps.filter.outputs.gw-contracts }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: 'false' | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| filters: | | |
| gw-contracts: | |
| - .github/workflows/gateway-contracts-upgrade-tests.yml | |
| - gateway-contracts/** | |
| sc-upgrade: | |
| name: gateway-contracts-upgrade-tests/sc-upgrade (bpr) | |
| needs: check-changes | |
| if: ${{ needs.check-changes.outputs.changes-gw-contracts == 'true' }} | |
| permissions: | |
| contents: 'read' # Required to checkout repository code | |
| checks: 'write' # Required to create GitHub checks for test results | |
| packages: 'read' # Required to read GitHub packages/container registry | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout previous release code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| # This version should be updated whenever we release new contract versions or | |
| # touch a contract upgrade path. | |
| ref: v0.9.8 | |
| path: previous-fhevm | |
| persist-credentials: 'false' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and start Docker services from previous release | |
| working-directory: previous-fhevm/gateway-contracts | |
| run: | | |
| make docker-compose-build | |
| make docker-compose-up | |
| - name: Check smart contract deployment from previous release | |
| working-directory: previous-fhevm/gateway-contracts | |
| run: | | |
| ## Check Contracts Deployment | |
| timeout 300s bash -c 'while docker ps --filter "name=deploy-gateway-contracts" --format "{{.Status}}" | grep -q "Up"; do sleep 5; done' | |
| docker compose logs deploy-gateway-contracts > deployment_logs.txt | |
| EXIT_CODE_SC=$(docker inspect --format='{{.State.ExitCode}}' deploy-gateway-contracts) | |
| # display logs for debugging | |
| # cat deployment_logs.txt | |
| if [ "$EXIT_CODE_SC" -ne 0 ]; then | |
| echo "Deployment failed with exit code $EXIT_CODE_SC" | |
| exit 1 | |
| elif ! grep -q "Contract deployment done!" deployment_logs.txt; then | |
| echo "Deployment did not complete successfully - 'Contract deployment done!' message not found in logs" | |
| exit 1 | |
| else | |
| echo "Deployment completed successfully with expected completion message" | |
| fi | |
| - name: Checkout current code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: 'false' | |
| path: current-fhevm | |
| - name: Install dependencies | |
| working-directory: current-fhevm/gateway-contracts | |
| run: npm ci | |
| # This step prepares the directory for upgrading contracts: | |
| # 1) Copy contracts from previous version to directory `./previous-contracts`: upgrade tasks | |
| # require access to the previous implementations | |
| # 2) Copy addresses from previous version to root directory: the upgrade tasks need to use the | |
| # internal addresses that have been deployed (ie, the previous version's addresses) | |
| # 3) Deploy mocked payment ZamaOFT contract: this can be removed once fhevm 0.10 is released | |
| # as the docker-compose file will consider the `deploy-mocked-zama-oft` service | |
| # 4) Set payment bridging contract addresses in env and solidity files: this can be removed once | |
| # fhevm 0.10 is released as the payment bridging contract addresses will be set using the regular | |
| # `task:deployAllGatewayContracts` task | |
| # 5) Deploy ProtocolPayment contract: this can be removed once fhevm 0.10 is released as the | |
| # ProtocolPayment contract will be deployed using the regular `task:deployAllGatewayContracts` task | |
| # TODO: Remove 3 and 4 once fhevm 0.10 is released and upgrades are tested against it | |
| # See https://github.com/zama-ai/fhevm-internal/issues/502 | |
| - name: Prepare contracts for upgrades | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| cp -r ../../previous-fhevm/gateway-contracts/contracts ./previous-contracts | |
| docker cp deploy-gateway-contracts:/app/addresses ./ | |
| npx hardhat task:deployMockedZamaOFT | |
| npx hardhat task:setPaymentBridgingContractAddresses --use-internal-addresses true | |
| npx hardhat task:deploySingleContract --name ProtocolPayment --use-internal-proxy-address true | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade GatewayConfig contract | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| npx hardhat task:upgradeGatewayConfig \ | |
| --current-implementation previous-contracts/GatewayConfig.sol:GatewayConfig \ | |
| --new-implementation contracts/GatewayConfig.sol:GatewayConfig \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade Decryption contract | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| npx hardhat task:upgradeDecryption \ | |
| --current-implementation previous-contracts/Decryption.sol:Decryption \ | |
| --new-implementation contracts/Decryption.sol:Decryption \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade CiphertextCommits contract | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| npx hardhat task:upgradeCiphertextCommits \ | |
| --current-implementation previous-contracts/CiphertextCommits.sol:CiphertextCommits \ | |
| --new-implementation contracts/CiphertextCommits.sol:CiphertextCommits \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade InputVerification contract | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| npx hardhat task:upgradeInputVerification \ | |
| --current-implementation previous-contracts/InputVerification.sol:InputVerification \ | |
| --new-implementation contracts/InputVerification.sol:InputVerification \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade MultichainACL contract | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| npx hardhat task:upgradeMultichainACL \ | |
| --current-implementation previous-contracts/MultichainACL.sol:MultichainACL \ | |
| --new-implementation contracts/MultichainACL.sol:MultichainACL \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade KMSGeneration contract | |
| working-directory: current-fhevm/gateway-contracts | |
| run: | | |
| npx hardhat task:upgradeKMSGeneration \ | |
| --current-implementation previous-contracts/KMSGeneration.sol:KMSGeneration \ | |
| --new-implementation contracts/KMSGeneration.sol:KMSGeneration \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| # TODO: We should instead automatically detect if the contract needs to be upgraded | |
| # See https://github.com/zama-ai/fhevm-internal/issues/379 | |
| - name: Upgrade ProtocolPayment contract | |
| working-directory: current-fhevm/gateway-contracts | |
| if: false | |
| run: | | |
| npx hardhat task:upgradeProtocolPayment \ | |
| --current-implementation previous-contracts/ProtocolPayment.sol:ProtocolPayment \ | |
| --new-implementation contracts/ProtocolPayment.sol:ProtocolPayment \ | |
| --use-internal-proxy-address true \ | |
| --verify-contract false | |
| - name: Clean up | |
| working-directory: previous-fhevm/gateway-contracts | |
| if: always() | |
| run: | | |
| make docker-compose-down |