zama-ai
diff --git a/‎.github/actionlint.yaml‎
Lines changed: 9 additions & 0 deletions b/‎.github/actionlint.yaml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.github/workflows/common-pull-request-lint.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/common-pull-request-lint.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/coprocessor-db-migration-docker-build.yml‎
Lines changed: 26 additions & 0 deletions b/‎.github/workflows/coprocessor-db-migration-docker-build.yml‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎.github/workflows/coprocessor-gw-listener-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/coprocessor-gw-listener-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/coprocessor-host-listener-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/coprocessor-host-listener-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/coprocessor-sns-worker-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/coprocessor-sns-worker-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/coprocessor-tfhe-worker-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/coprocessor-tfhe-worker-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/coprocessor-tx-sender-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/coprocessor-tx-sender-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/coprocessor-zkproof-worker-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/coprocessor-zkproof-worker-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎.github/workflows/gateway-contracts-docker-build.yml‎
Lines changed: 25 additions & 0 deletions b/‎.github/workflows/gateway-contracts-docker-build.yml‎
Lines changed: 25 additions & 0 deletions
@@ -14,3 +14,12 @@ self-hosted-runner:
     - m1mac
     - 4090-desktop
     - aws-mac1-metal
+
+# Path-specific configurations
+paths:
+  .github/workflows/**/*.{yml,yaml}:
+    ignore:
+      - SC2001 # https://www.shellcheck.net/wiki/SC2129
+      - 'property "result" is not defined in object type.*'
+      - '".*" section is alias node but mapping node is expected'
+      - 'secret ".*" is required by ".*" reusable workflow.*'
@@ -24,7 +24,6 @@ jobs:
       - name: actionlint
         uses: raven-actions/actionlint@3a24062651993d40fed1019b58ac6fbdfbf276cc # v2.0.1
         with:
-            flags: "-ignore SC2001"
             version: ${{ env.ACTIONLINT_VERSION }}
 
       - name: Ensure SHA pinned actions
@@ -48,4 +47,4 @@ jobs:
         uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0
         with:
           persona: pedantic
-          version: 1.14.2
+          version: 1.17.0
@@ -1,5 +1,28 @@
 name: coprocessor-db-migration-docker-build
+
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -22,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-db-migration: ${{ steps.filter.outputs.coprocessor-db-migration }}
     steps:
 
@@ -1,6 +1,28 @@
 name: coprocessor-gw-listener-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-gw-listener: ${{ steps.filter.outputs.coprocessor-gw-listener }}
     steps:
 
@@ -1,6 +1,28 @@
 name: coprocessor-host-listener-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-host-listener: ${{ steps.filter.outputs.coprocessor-host-listener }}
     steps:
 
@@ -1,6 +1,28 @@
 name: coprocessor-sns-worker-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-sns-worker: ${{ steps.filter.outputs.coprocessor-sns-worker }}
     steps:
 
@@ -1,6 +1,28 @@
 name: coprocessor-tfhe-worker-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-tfhe-worker: ${{ steps.filter.outputs.coprocessor-tfhe-worker }}
     steps:
 
@@ -1,6 +1,28 @@
 name: coprocessor-tx-sender-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-tx-sender: ${{ steps.filter.outputs.coprocessor-tx-sender }}
     steps:
 
@@ -1,6 +1,28 @@
 name: coprocessor-zkproof-worker-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-zkproof-worker: ${{ steps.filter.outputs.coprocessor-zkproof-worker }}
     steps:
 
@@ -1,6 +1,28 @@
 name: gateway-contracts-docker-build
 
 on:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
+    inputs:
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
+        required: false
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -23,6 +45,9 @@ jobs:
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-gw-contracts: ${{ steps.filter.outputs.gw-contracts }}
     steps: