zama-ai
diff --git a/‎.github/actionlint.yaml‎
Lines changed: 9 additions & 0 deletions b/‎.github/actionlint.yaml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.github/workflows/common-pull-request-lint.yml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/common-pull-request-lint.yml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/coprocessor-db-migration-docker-build.yml‎
Lines changed: 24 additions & 36 deletions b/‎.github/workflows/coprocessor-db-migration-docker-build.yml‎
Lines changed: 24 additions & 36 deletions
diff --git a/‎.github/workflows/coprocessor-gw-listener-docker-build.yml‎
Lines changed: 25 additions & 37 deletions b/‎.github/workflows/coprocessor-gw-listener-docker-build.yml‎
Lines changed: 25 additions & 37 deletions
diff --git a/‎.github/workflows/coprocessor-host-listener-docker-build.yml‎
Lines changed: 24 additions & 36 deletions b/‎.github/workflows/coprocessor-host-listener-docker-build.yml‎
Lines changed: 24 additions & 36 deletions
@@ -14,3 +14,12 @@ self-hosted-runner:
     - m1mac
     - 4090-desktop
     - aws-mac1-metal
+
+# Path-specific configurations
+paths:
+  .github/workflows/**/*.{yml,yaml}:
+    ignore:
+      - SC2001 # https://www.shellcheck.net/wiki/SC2129
+      - 'property "result" is not defined in object type.*'
+      - '".*" section is alias node but mapping node is expected'
+      - 'secret ".*" is required by ".*" reusable workflow.*'
@@ -24,7 +24,6 @@ jobs:
       - name: actionlint
         uses: raven-actions/actionlint@3a24062651993d40fed1019b58ac6fbdfbf276cc # v2.0.1
         with:
-            flags: "-ignore SC2001"
             version: ${{ env.ACTIONLINT_VERSION }}
 
       - name: Ensure SHA pinned actions
@@ -48,4 +47,4 @@ jobs:
         uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0
         with:
           persona: pedantic
-          version: 1.14.2
+          version: 1.17.0
@@ -1,18 +1,28 @@
 name: coprocessor-db-migration-docker-build
 
 on:
-  workflow_dispatch:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
     inputs:
-      ref:
-        description: 'Branch/ref to build'
-        required: false
-        default: 'main'
-        type: string
-      trigger_source:
-        description: 'Source that triggered this workflow'
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
         required: false
-        default: 'manual'
-        type: string
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -29,12 +39,14 @@ concurrency:
 
 jobs:
   check-changes:
-    name: coprocessor-db-migration-docker-build/check-changes
     permissions:
       actions: 'read' # Required to read workflow run information
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-db-migration: ${{ steps.filter.outputs.coprocessor-db-migration }}
     steps:
@@ -48,8 +60,8 @@ jobs:
             coprocessor-db-migration:
               - .github/workflows/coprocessor-db-migration-docker-build.yml
               - coprocessor/fhevm-engine/db-migration/**
+
   build:
-    name: coprocessor-db-migration-docker-build/build (bpr)
     needs: check-changes
     if: ${{ needs.check-changes.outputs.changes-coprocessor-db-migration == 'true' || github.event_name == 'release' }}
     uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@6c72e3dbc894744c1e228fb165f4c4d657e475b6 # v1.0.1
@@ -74,27 +86,3 @@ jobs:
       image-name: "fhevm/coprocessor/db-migration"
       docker-file: "coprocessor/fhevm-engine/db-migration/Dockerfile"
       app-cache-dir: "fhevm-coprocessor-db-migration"
-  output-build-status:
-    name: coprocessor-db-migration-docker-build/output-build-status
-    needs: [check-changes, build]
-    if: always()
-    permissions:
-      contents: 'read'
-    runs-on: ubuntu-latest
-    outputs:
-      image-built: ${{ steps.check-build.outputs.image-built }}
-      image-tag: ${{ steps.check-build.outputs.image-tag }}
-    steps:
-      - name: Check if image was built
-        id: check-build
-        run: |
-          # Check if docker build job ran and succeeded
-          if [[ "${{ needs.build.result }}" == "success" ]]; then
-            echo "image-built=true" >> "$GITHUB_OUTPUT"
-            echo "image-tag=${{ github.sha }}" >> "$GITHUB_OUTPUT"
-            echo "✅ Image was built successfully"
-          else
-            echo "image-built=false" >> "$GITHUB_OUTPUT"
-            echo "image-tag=" >> "$GITHUB_OUTPUT"
-            echo "⏭️ Image was not built (result: ${{ needs.build.result }})"
-          fi
@@ -1,18 +1,28 @@
 name: coprocessor-gw-listener-docker-build
 
 on:
-  workflow_dispatch:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
     inputs:
-      ref:
-        description: 'Branch/ref to build'
-        required: false
-        default: 'main'
-        type: string
-      trigger_source:
-        description: 'Source that triggered this workflow'
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
         required: false
-        default: 'manual'
-        type: string
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -29,12 +39,14 @@ concurrency:
 
 jobs:
   check-changes:
-    name: coprocessor-gw-listener-docker-build/check-changes
     permissions:
       actions: 'read' # Required to read workflow run information
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-gw-listener: ${{ steps.filter.outputs.coprocessor-gw-listener }}
     steps:
@@ -46,12 +58,12 @@ jobs:
         with:
           filters: |
             coprocessor-gw-listener:
-              - .github/workflows/coprocessor-docker-build-gw-listener.yml
+              - .github/workflows/coprocessor-gw-listener-docker-build.yml
               - coprocessor/fhevm-engine/gw-listener/**
               - coprocessor/fhevm-engine/Cargo.toml
               - coprocessor/fhevm-engine/Cargo.lock
+
   build:
-    name: coprocessor-gw-listener-docker-build/build
     needs: check-changes
     if: ${{ needs.check-changes.outputs.changes-coprocessor-gw-listener == 'true' || github.event_name == 'release' }}
     uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@6c72e3dbc894744c1e228fb165f4c4d657e475b6 # v1.0.1
@@ -76,27 +88,3 @@ jobs:
       image-name: "fhevm/coprocessor/gw-listener"
       docker-file: "./coprocessor/fhevm-engine/gw-listener/Dockerfile"
       app-cache-dir: "fhevm-coprocessor-gw-listener"
-  output-build-status:
-    name: coprocessor-gw-listener-docker-build/output-build-status
-    needs: [check-changes, build]
-    if: always()
-    permissions:
-      contents: 'read'
-    runs-on: ubuntu-latest
-    outputs:
-      image-built: ${{ steps.check-build.outputs.image-built }}
-      image-tag: ${{ steps.check-build.outputs.image-tag }}
-    steps:
-      - name: Check if image was built
-        id: check-build
-        run: |
-          # Check if docker build job ran and succeeded
-          if [[ "${{ needs.build.result }}" == "success" ]]; then
-            echo "image-built=true" >> "$GITHUB_OUTPUT"
-            echo "image-tag=${{ github.sha }}" >> "$GITHUB_OUTPUT"
-            echo "✅ Image was built successfully"
-          else
-            echo "image-built=false" >> "$GITHUB_OUTPUT"
-            echo "image-tag=" >> "$GITHUB_OUTPUT"
-            echo "⏭️ Image was not built (result: ${{ needs.build.result }})"
-          fi
@@ -1,18 +1,28 @@
 name: coprocessor-host-listener-docker-build
 
 on:
-  workflow_dispatch:
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_S3_USER:
+        required: true
+      AWS_SECRET_KEY_S3_USER:
+        required: true
+      BLOCKCHAIN_ACTIONS_TOKEN:
+        required: true
+      CGR_USERNAME:
+        required: true
+      CGR_PASSWORD:
+        required: true
     inputs:
-      ref:
-        description: 'Branch/ref to build'
-        required: false
-        default: 'main'
-        type: string
-      trigger_source:
-        description: 'Source that triggered this workflow'
+      is_workflow_call:
+        description: 'To determine if the trigger was a workflow_call or a pull request'
+        type: boolean
         required: false
-        default: 'manual'
-        type: string
+        default: true
+    outputs:
+      build_result:
+        description: "Result of the build job of this workflow"
+        value: ${{ jobs.build.result }}
   pull_request:
   push:
     branches:
@@ -29,12 +39,14 @@ concurrency:
 
 jobs:
   check-changes:
-    name: coprocessor-host-listener-docker-build/check-changes
     permissions:
       actions: 'read' # Required to read workflow run information
       contents: 'read' # Required to checkout repository code
       pull-requests: 'read' # Required to read pull request information
     runs-on: ubuntu-latest
+    if: |
+      inputs.is_workflow_call ||
+      (!inputs.is_workflow_call && !startsWith(github.head_ref, 'mergify/merge-queue/'))
     outputs:
       changes-coprocessor-host-listener: ${{ steps.filter.outputs.coprocessor-host-listener }}
     steps:
@@ -52,8 +64,8 @@ jobs:
               - coprocessor/fhevm-engine/Cargo.lock
               - host-contracts/contracts/*Events.sol
               - host-contracts/contracts/shared/**
+
   build:
-    name: coprocessor-host-listener-docker-build/build
     needs: check-changes
     if: ${{ needs.check-changes.outputs.changes-coprocessor-host-listener == 'true' || github.event_name == 'release' }}
     uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@6c72e3dbc894744c1e228fb165f4c4d657e475b6 # v1.0.1
@@ -78,27 +90,3 @@ jobs:
       image-name: "fhevm/coprocessor/host-listener"
       docker-file: "coprocessor/fhevm-engine/host-listener/Dockerfile"
       app-cache-dir: "fhevm-coprocessor-host-listener"
-  output-build-status:
-    name: coprocessor-host-listener-docker-build/output-build-status
-    needs: [check-changes, build]
-    if: always()
-    permissions:
-      contents: 'read'
-    runs-on: ubuntu-latest
-    outputs:
-      image-built: ${{ steps.check-build.outputs.image-built }}
-      image-tag: ${{ steps.check-build.outputs.image-tag }}
-    steps:
-      - name: Check if image was built
-        id: check-build
-        run: |
-          # Check if docker build job ran and succeeded
-          if [[ "${{ needs.build.result }}" == "success" ]]; then
-            echo "image-built=true" >> "$GITHUB_OUTPUT"
-            echo "image-tag=${{ github.sha }}" >> "$GITHUB_OUTPUT"
-            echo "✅ Image was built successfully"
-          else
-            echo "image-built=false" >> "$GITHUB_OUTPUT"
-            echo "image-tag=" >> "$GITHUB_OUTPUT"
-            echo "⏭️ Image was not built (result: ${{ needs.build.result }})"
-          fi