diff --git a/.github/workflows/antithesis-build.yml b/.github/workflows/antithesis-build.yml new file mode 100644 index 000000000..814c6464a --- /dev/null +++ b/.github/workflows/antithesis-build.yml @@ -0,0 +1,48 @@ +# Workflow for automatically building and pushing the config image to the Antithesis registry. +name: Antithesis Docker Image Builder + +on: + pull_request: + workflow_dispatch: + +env: + ANTITHESIS_REGISTRY: us-central1-docker.pkg.dev + ANTITHESIS_REPOSITORY: molten-verve-216720/polygon-repository + +concurrency: + group: antithesis-build-and-push-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build-and-push: + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - uses: actions/checkout@v4 + + - uses: docker/login-action@v3 + with: + registry: ${{ env.ANTITHESIS_REGISTRY }} + username: _json_key + password: ${{ secrets.ANTITHESIS_JSON_LOGIN_KEY }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.ANTITHESIS_JSON_LOGIN_KEY }} + env: + ANTITHESIS_JSON_LOGIN_KEY: ${{ secrets.ANTITHESIS_JSON_LOGIN_KEY }} + + - name: Build and push config image + uses: docker/build-push-action@v6 + with: + context: docker + file: docker/antithesis.Dockerfile + push: true + tags: | + ${{ env.ANTITHESIS_REGISTRY }}/${{ env.ANTITHESIS_REPOSITORY}}/config:antithesis-latest, + ${{ env.ANTITHESIS_REGISTRY }}/${{ env.ANTITHESIS_REPOSITORY}}/config:${{ github.sha }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.ANTITHESIS_JSON_LOGIN_KEY }} + env: + ANTITHESIS_JSON_LOGIN_KEY: ${{ secrets.ANTITHESIS_JSON_LOGIN_KEY }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7e353149b..108aa53dc 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -418,9 +418,9 @@ jobs: - name: Install polycli run: | - tmp_dir=$(mktemp -d) - curl -L "https://github.com/0xPolygon/polygon-cli/releases/download/${{ env.POLYCLI_VERSION }}/polycli_${{ env.POLYCLI_VERSION }}_linux_amd64.tar.gz" | tar -xz -C "$tmp_dir" - mv "$tmp_dir"/* /usr/local/bin/polycli + tmp_dir=$(mktemp -d) + curl -L "https://github.com/0xPolygon/polygon-cli/releases/download/${{ env.POLYCLI_VERSION }}/polycli_${{ env.POLYCLI_VERSION }}_linux_amd64.tar.gz" | tar -xz -C "$tmp_dir" + mv "$tmp_dir"/* /usr/local/bin/polycli rm -rf "$tmp_dir" sudo chmod +x /usr/local/bin/polycli /usr/local/bin/polycli version @@ -435,7 +435,7 @@ jobs: # This step will only execute if the necessary secrets are available, preventing failures # on pull requests from forked repositories. if: ${{ env.agglayer_prover_sp1_key && env.agglayer_prover_sp1_key != '' }} - env : + env: agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }} - name: Deploy L1 chain and a first CDK L2 chain (cdk-erigon sequencer + cdk stack) @@ -586,7 +586,7 @@ jobs: fi env: agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }} - + - name: Dump enclave if: ${{ !cancelled() }} run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump diff --git a/.github/workflows/docker-image-builder.yml b/.github/workflows/docker-image-builder.yml index aed443a47..d0d5e3f26 100644 --- a/.github/workflows/docker-image-builder.yml +++ b/.github/workflows/docker-image-builder.yml @@ -21,7 +21,7 @@ jobs: zkevm-contracts: runs-on: ubuntu-latest timeout-minutes: 30 - steps: + steps: - uses: actions/checkout@v4 - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 4b47b2cfc..39de4bba9 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -5,6 +5,12 @@ on: schedule: - cron: 0 6 * * * # Run this workflow every day at 6 AM Paris time (UTC+2). workflow_dispatch: + inputs: + param_file: + description: This parameter file will be used when running Antithesis tests + required: false + type: string + default: .github/tests/fork13-new-cdk-stack-cdk-validium.yml concurrency: group: nightly-${{ github.event.pull_request.number || github.ref }} @@ -13,7 +19,58 @@ concurrency: env: ENCLAVE_NAME: cdk + # Antithesis parameters. + ANTITHESIS_REGISTRY: us-central1-docker.pkg.dev + ANTITHESIS_REPOSITORY: molten-verve-216720/polygon-repository + ANTITHESIS_TENANT: polygon + ANTITHESIS_NOTEBOOK: polygon + + # This parameter file will be used when running Antithesis tests using the nightly schedule. + DEFAULT_ANTITHESIS_PARAM_FILE: .github/tests/fork13-new-cdk-stack-cdk-validium.yml + jobs: + # Trigger Antithesis tests. + # Note that the configuration docker image must have been pushed into the Antithesis registry. + antithesis: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - name: Set the parameter file to be used in Antithesis tests + run: echo "PARAM_FILE=${{ github.event_name == 'workflow_dispatch' && inputs.param_file || env.DEFAULT_ANTITHESIS_PARAM_FILE }}" >> $GITHUB_ENV + + - name: Trigger Antithesis tests + uses: antithesishq/antithesis-trigger-action@main + with: + username: ${{ secrets.ANTITHESIS_USERNAME }} + password: ${{ secrets.ANTITHESIS_PASSWORD }} + github_token: ${{ secrets.ANTITHESIS_PAT }} + + tenant: ${{ env.ANTITHESIS_TENANT }} + notebook_name: ${{ env.ANTITHESIS_NOTEBOOK }} + test_name: cdk + + config_image: ${{ env.ANTITHESIS_REGISTRY }}/${{ env.ANTITHESIS_REPOSITORY}}/config:antithesis-latest + description: Kurtosis CDK tests + email_recipients: ${{ secrets.ANTITHESIS_EMAIL_RECIPIENTS }} # this is a ";" delimited list (e.g. "u1@site.com;u2@site.com"). + additional_parameters: |- + custom.configuration=${{ env.PARAM_FILE }} + custom.duration="1.0" # in hours (min 0.5 hours) + + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.ANTITHESIS_USERNAME && env.ANTITHESIS_PASSWORD && env.ANTITHESIS_PAT && env.ANTITHESIS_EMAIL_RECIPIENTS }} + env: + ANTITHESIS_USERNAME: ${{ secrets.ANTITHESIS_USERNAME }} + ANTITHESIS_PASSWORD: ${{ secrets.ANTITHESIS_PASSWORD }} + ANTITHESIS_PAT: ${{ secrets.ANTITHESIS_PAT }} + ANTITHESIS_EMAIL_RECIPIENTS: ${{ secrets.ANTITHESIS_EMAIL_RECIPIENTS }} + # Deploy a standalone zkevm permisionless node against Cardona Sepolia Tesnet. cardona-sepolia-testnet-pless-zkevm-node: runs-on: ubuntu-latest diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 56a5f29b2..cd45444a2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,32 +22,32 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4 - - name: Checkout cdk repository - uses: actions/checkout@v4 - with: - repository: 0xPolygon/cdk - path: cdk - ref: ${{ env.CDK_VERSION }} + - name: Checkout cdk repository + uses: actions/checkout@v4 + with: + repository: 0xPolygon/cdk + path: cdk + ref: ${{ env.CDK_VERSION }} - - uses: actions/setup-go@v5 - with: - go-version: 1.22.x - cache-dependency-path: cdk/go.sum + - uses: actions/setup-go@v5 + with: + go-version: 1.22.x + cache-dependency-path: cdk/go.sum - - name: Build cdk docker image - working-directory: cdk - run: make build-docker + - name: Build cdk docker image + working-directory: cdk + run: make build-docker - - name: Save cdk image to archive - run: docker save --output /tmp/cdk.tar cdk + - name: Save cdk image to archive + run: docker save --output /tmp/cdk.tar cdk - - name: Upload archive - uses: actions/upload-artifact@v4 - with: - name: cdk - path: /tmp/cdk.tar + - name: Upload archive + uses: actions/upload-artifact@v4 + with: + name: cdk + path: /tmp/cdk.tar cdk-e2e-tests: if: false @@ -64,79 +64,79 @@ jobs: - "fork12-rollup" - "fork12-pessimistic" steps: - - uses: actions/checkout@v4 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - # This step will only execute if the necessary secrets are available, preventing failures - # on pull requests from forked repositories. - if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Install Kurtosis CDK tools - uses: ./.github/actions/setup-kurtosis-cdk - - - name: Install polycli - run: | - tmp_dir=$(mktemp -d) - curl -L "https://github.com/0xPolygon/polygon-cli/releases/download/${{ env.POLYCLI_VERSION }}/polycli_${{ env.POLYCLI_VERSION }}_linux_amd64.tar.gz" | tar -xz -C "$tmp_dir" - mv "$tmp_dir"/* /usr/local/bin/polycli - rm -rf "$tmp_dir" - sudo chmod +x /usr/local/bin/polycli - /usr/local/bin/polycli version - - - name: Checkout cdk repository - uses: actions/checkout@v4 - with: - repository: 0xPolygon/cdk - path: cdk - ref: ${{ env.CDK_VERSION }} - - - name: Setup bats - uses: bats-core/bats-action@3.0.0 - - - name: Download cdk archive - uses: actions/download-artifact@v4 - with: - name: cdk - path: /tmp - - - name: Load cdk image - run: | - docker load --input /tmp/cdk.tar - docker image ls -a - - - name: Run e2e tests - working-directory: cdk/test - run: make test-e2e-${{ matrix.e2e-group }} - # Some of the test environments, the pessimistic envs, require the SP1 private key. - # This check makes sure that such environments will be tested only if the necessary secrets - # are available, preventing failures on pull requests from forked repositories. - if: ${{ !contains(matrix.e2e-group, 'pessimistic') || (contains(matrix.e2e-group, 'pessimistic') && env.agglayer_prover_sp1_key) }} - env: - KURTOSIS_FOLDER: ${{ github.workspace }} - BATS_LIB_PATH: /usr/lib/ - agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }} - - - name: Dump enclave - if: failure() - run: kurtosis enclave dump cdk ./dump - - - name: Generate archive name - if: failure() - run: | - archive_name="dump_cdk_e2e_test_${{matrix.e2e-group}}_${{ github.run_id }}" - echo "ARCHIVE_NAME=${archive_name}" >> "$GITHUB_ENV" - echo "Generated archive name: ${archive_name}" - - - name: Upload logs - if: failure() - uses: actions/upload-artifact@v4 - with: - name: ${{ env.ARCHIVE_NAME }} - path: ./dump + - uses: actions/checkout@v4 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Install Kurtosis CDK tools + uses: ./.github/actions/setup-kurtosis-cdk + + - name: Install polycli + run: | + tmp_dir=$(mktemp -d) + curl -L "https://github.com/0xPolygon/polygon-cli/releases/download/${{ env.POLYCLI_VERSION }}/polycli_${{ env.POLYCLI_VERSION }}_linux_amd64.tar.gz" | tar -xz -C "$tmp_dir" + mv "$tmp_dir"/* /usr/local/bin/polycli + rm -rf "$tmp_dir" + sudo chmod +x /usr/local/bin/polycli + /usr/local/bin/polycli version + + - name: Checkout cdk repository + uses: actions/checkout@v4 + with: + repository: 0xPolygon/cdk + path: cdk + ref: ${{ env.CDK_VERSION }} + + - name: Setup bats + uses: bats-core/bats-action@3.0.0 + + - name: Download cdk archive + uses: actions/download-artifact@v4 + with: + name: cdk + path: /tmp + + - name: Load cdk image + run: | + docker load --input /tmp/cdk.tar + docker image ls -a + + - name: Run e2e tests + working-directory: cdk/test + run: make test-e2e-${{ matrix.e2e-group }} + # Some of the test environments, the pessimistic envs, require the SP1 private key. + # This check makes sure that such environments will be tested only if the necessary secrets + # are available, preventing failures on pull requests from forked repositories. + if: ${{ !contains(matrix.e2e-group, 'pessimistic') || (contains(matrix.e2e-group, 'pessimistic') && env.agglayer_prover_sp1_key) }} + env: + KURTOSIS_FOLDER: ${{ github.workspace }} + BATS_LIB_PATH: /usr/lib/ + agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }} + + - name: Dump enclave + if: failure() + run: kurtosis enclave dump cdk ./dump + + - name: Generate archive name + if: failure() + run: | + archive_name="dump_cdk_e2e_test_${{matrix.e2e-group}}_${{ github.run_id }}" + echo "ARCHIVE_NAME=${archive_name}" >> "$GITHUB_ENV" + echo "Generated archive name: ${archive_name}" + + - name: Upload logs + if: failure() + uses: actions/upload-artifact@v4 + with: + name: ${{ env.ARCHIVE_NAME }} + path: ./dump diff --git a/docker/README.md b/docker/README.md index 6c5b60bc9..837436bd9 100644 --- a/docker/README.md +++ b/docker/README.md @@ -135,3 +135,9 @@ $ docker images --filter "reference=local/toolbox" REPOSITORY TAG IMAGE ID CREATED SIZE local/toolbox local 3f85f026aaf9 2 seconds ago 490MB ``` + +### Antithesis + +```bash +docker build --tag kurtosis-cdk-antithesis --file antithesis.Dockerfile . +``` diff --git a/docker/antithesis.Dockerfile b/docker/antithesis.Dockerfile new file mode 100644 index 000000000..b46c8dbdf --- /dev/null +++ b/docker/antithesis.Dockerfile @@ -0,0 +1,40 @@ +FROM debian:stable-slim as builder + +# WARNING (DL3008): Pin versions in apt get install. +# hadolint ignore=DL3008 +RUN apt-get update \ + && apt-get --yes upgrade \ + && apt-get install --yes --no-install-recommends libssl-dev ca-certificates jq git curl make \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* \ + # Pull kurtosis-cdk package. + && git clone --branch v0.2.29 https://github.com/0xPolygon/kurtosis-cdk \ + # Pull kurtosis-cdk dependencies. + # The package has other dependencies (blockscout, prometheus and grafana) but they shouldn't be used when testing the package with Antithesis. + && git clone --branch 4.4.0 https://github.com/ethpandaops/ethereum-package \ + && git clone --branch 1.2.0 https://github.com/ethpandaops/optimism-package \ + # Make the kurtosis-cdk package reference locally pulled dependencies. + && sed -i '$ a\\nreplace:\n github.com/ethpandaops/ethereum-package: ../ethereum-package\n github.com/ethpandaops/optimism-package: ../optimism-package\n github.com/kurtosis-tech/redis-package: ../redis-package\n github.com/kurtosis-tech/postgres-package: ../postgres-package\n github.com/bharath-123/db-adminer-package: ../db-adminer-package\n github.com/kurtosis-tech/prometheus-package: ../prometheus-package' /kurtosis-cdk/kurtosis.yml \ + # Pull ethereum package dependencies. + && git clone --branch main https://github.com/kurtosis-tech/prometheus-package \ + && git clone --branch main https://github.com/kurtosis-tech/postgres-package \ + && git clone --branch main https://github.com/bharath-123/db-adminer-package \ + && git clone --branch main https://github.com/kurtosis-tech/redis-package \ + # Make the ethereum package reference locally pulled dependencies. + && sed -i '$ a\\nreplace:\n github.com/kurtosis-tech/prometheus-package: ../prometheus-package\n github.com/kurtosis-tech/postgres-package: ../postgres-package\n github.com/bharath-123/db-adminer-package: ../db-adminer-package\n github.com/kurtosis-tech/redis-package: ../redis-package' /ethereum-package/kurtosis.yml \ + # Pull optimism package dependencies. + # It relies on the ethereum package which is already pulled. + && sed -i '$ a\\nreplace:\n github.com/ethpandaops/ethereum-package: ../ethereum-package' /optimism-package/kurtosis.yml + + +FROM scratch +LABEL author="devtools@polygon.technology" +LABEL description="Antithesis config image for kurtosis-cdk" + +COPY --from=builder /kurtosis-cdk /kurtosis-cdk +COPY --from=builder /ethereum-package /ethereum-package +COPY --from=builder /prometheus-package /prometheus-package +COPY --from=builder /postgres-package /postgres-package +COPY --from=builder /db-adminer-package /db-adminer-package +COPY --from=builder /redis-package /redis-package +COPY --from=builder /optimism-package /optimism-package