diff --git a/.github/workflows/benchmark_coprocessor.yml b/.github/workflows/coprocessor-benchmark-cpu.yml similarity index 100% rename from .github/workflows/benchmark_coprocessor.yml rename to .github/workflows/coprocessor-benchmark-cpu.yml diff --git a/.github/workflows/benchmark_coprocessor_gpu.yml b/.github/workflows/coprocessor-benchmark-gpu.yml similarity index 100% rename from .github/workflows/benchmark_coprocessor_gpu.yml rename to .github/workflows/coprocessor-benchmark-gpu.yml diff --git a/.github/workflows/cargo-tests.yml b/.github/workflows/coprocessor-cargo-tests.yml similarity index 69% rename from .github/workflows/cargo-tests.yml rename to .github/workflows/coprocessor-cargo-tests.yml index 6b484fbd..ae853444 100644 --- a/.github/workflows/cargo-tests.yml +++ b/.github/workflows/coprocessor-cargo-tests.yml @@ -1,20 +1,35 @@ -name: Rust tests +name: Coprocessor Cargo tests on: pull_request: - paths: - - .github/workflows/cargo-tests.yml - - fhevm-engine/** - - proto/** concurrency: group: ${{ github.workflow }}-${{ github.head_ref }} - cancel-in-progress: true + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-rust-files: ${{ steps.filter.outputs.rust-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + rust-files: + - .github/workflows/coprocessor-cargo-tests.yml + - fhevm-engine/** + - proto/** cargo-tests: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-rust-files == 'true' }} runs-on: large_ubuntu_16 - steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/dependency_analysis.yml b/.github/workflows/coprocessor-dependency-analysis.yml similarity index 65% rename from .github/workflows/dependency_analysis.yml rename to .github/workflows/coprocessor-dependency-analysis.yml index 165866b5..e5d6ccd7 100644 --- a/.github/workflows/dependency_analysis.yml +++ b/.github/workflows/coprocessor-dependency-analysis.yml @@ -1,17 +1,33 @@ -name: Dependency analysis +name: Coprocessor Dependency analysis on: pull_request: - paths-ignore: - - "deployments/**" - - "hardhat/**" concurrency: group: deps-analysis-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-rust-files: ${{ steps.filter.outputs.rust-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + rust-files: + - .github/workflows/coprocessor-dependency-analysis.yml + - fhevm-engine/** dependencies-check: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-rust-files == 'true' }} runs-on: ubuntu-latest steps: diff --git a/.github/workflows/coprocessor-docker-build-db-migration.yml b/.github/workflows/coprocessor-docker-build-db-migration.yml new file mode 100644 index 00000000..d0352175 --- /dev/null +++ b/.github/workflows/coprocessor-docker-build-db-migration.yml @@ -0,0 +1,51 @@ +name: Docker - Fhevm DB migration + +on: + pull_request: + push: + branches: + - main + release: + types: + - published + +concurrency: + group: fhevm-db-migration-${{ github.ref_name }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-db-migration-files: ${{ steps.filter.outputs.db-migration-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + db-migration-files: + - .github/workflows/coprocessor-docker-build-db-migration.yml + - fhevm-engine/fhevm-db/** + docker-fhevm-db-migration: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-db-migration-files == 'true' || github.event_name == 'release' }} + uses: zama-ai/ci-templates/.github/workflows/docker_common.yml@44333c96991d6747e0bef6a3308bfd98b20390f8 # main + secrets: + GHCR_ACTION_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} + GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} + permissions: + contents: "read" + id-token: "write" + packages: "write" + with: + working-directory: "." + push_image: true + image-name: "fhevm-backend/db-migration" + generate-dev-image: false + docker-file: "fhevm-engine/fhevm-db/Dockerfile" + arm-build: true \ No newline at end of file diff --git a/.github/workflows/coprocessor-docker-build.yml b/.github/workflows/coprocessor-docker-build.yml new file mode 100644 index 00000000..6d0f3a73 --- /dev/null +++ b/.github/workflows/coprocessor-docker-build.yml @@ -0,0 +1,52 @@ +name: Docker - Fhevm Coprocessor + +on: + pull_request: + push: + branches: + - main + release: + types: + - published + +concurrency: + group: fhevm-coprocessor-${{ github.ref_name }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + +jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-coprocessor-files: ${{ steps.filter.outputs.coprocessor-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + coprocessor-files: + - .github/workflows/coprocessor-docker-build.yml + - fhevm-engine/** + - proto/** + docker-fhevm-coprocessor: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-coprocessor-files == 'true' || github.event_name == 'release' }} + uses: zama-ai/ci-templates/.github/workflows/docker_common.yml@44333c96991d6747e0bef6a3308bfd98b20390f8 # main + secrets: + GHCR_ACTION_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} + GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} + permissions: + contents: "read" + id-token: "write" + packages: "write" + with: + working-directory: "." + push_image: true + image-name: "fhevm-backend/coprocessor" + generate-dev-image: false + docker-file: "fhevm-engine/coprocessor/Dockerfile" + arm-build: true \ No newline at end of file diff --git a/.github/workflows/gpu-tests.yml b/.github/workflows/coprocessor-gpu-tests.yml similarity index 85% rename from .github/workflows/gpu-tests.yml rename to .github/workflows/coprocessor-gpu-tests.yml index b0a40862..0e939259 100644 --- a/.github/workflows/gpu-tests.yml +++ b/.github/workflows/coprocessor-gpu-tests.yml @@ -1,5 +1,5 @@ # Compile and test fhevm-backend on a single L40 GPU, on hyperstack -name: GPU backend tests (L40) +name: Coprocessor GPU backend tests (L40) env: CARGO_TERM_COLOR: always @@ -15,37 +15,9 @@ on: # Allows you to run this workflow manually from the Actions tab as an alternative. workflow_dispatch: pull_request: - paths: - - fhevm-engine/Cargo.toml - - fhevm-engine/coprocessor/Cargo.toml - - fhevm-engine/coprocessor/build.rs - - fhevm-engine/coprocessor/src/** - - fhevm-engine/executor/Cargo.toml - - fhevm-engine/executor/build.rs - - fhevm-engine/executor/src/** - - fhevm-engine/scheduler/src/** - - fhevm-engine/scheduler/Cargo.toml - - fhevm-engine/scheduler/build.rs - - proto/** - - '.github/workflows/gpu-tests.yml' - - ci/slab.toml push: branches: - main - paths: - - fhevm-engine/Cargo.toml - - fhevm-engine/coprocessor/Cargo.toml - - fhevm-engine/coprocessor/build.rs - - fhevm-engine/coprocessor/src/** - - fhevm-engine/executor/Cargo.toml - - fhevm-engine/executor/build.rs - - fhevm-engine/executor/src/** - - fhevm-engine/scheduler/src/** - - fhevm-engine/scheduler/Cargo.toml - - fhevm-engine/scheduler/build.rs - - proto/** - - '.github/workflows/gpu-tests.yml' - - ci/slab.toml jobs: should-run: @@ -78,7 +50,7 @@ jobs: - fhevm-engine/scheduler/Cargo.toml - fhevm-engine/scheduler/build.rs - proto/** - - '.github/workflows/gpu-tests.yml' + - '.github/workflows/coprocessor_gpu-tests.yml' - ci/slab.toml setup-instance: diff --git a/.github/workflows/docker-coprocessor.yml b/.github/workflows/docker-coprocessor.yml deleted file mode 100644 index 312e4e41..00000000 --- a/.github/workflows/docker-coprocessor.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: "Docker - fhevm Coprocessor" - -on: - pull_request: - paths: - - .github/workflows/docker-coprocessor.yml - - fhevm-engine/** - - proto/** - push: - branches: - - main - paths: - - .github/workflows/docker-coprocessor.yml - - fhevm-engine/** - - proto/** - release: - types: - - published - -concurrency: - group: fhevm-coprocessor-${{ github.ref_name }} - cancel-in-progress: false - -jobs: - docker-fhevm-coprocessor: - uses: zama-ai/ci-templates/.github/workflows/docker_common.yml@44333c96991d6747e0bef6a3308bfd98b20390f8 # main - secrets: - GHCR_ACTION_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} - GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} - permissions: - contents: "read" - id-token: "write" - packages: "write" - with: - working-directory: "." - push_image: true - image-name: "fhevm-backend/coprocessor" - generate-dev-image: false - docker-file: "fhevm-engine/coprocessor/Dockerfile" - arm-build: true \ No newline at end of file diff --git a/.github/workflows/docker-db-migration.yml b/.github/workflows/docker-db-migration.yml deleted file mode 100644 index de1cc659..00000000 --- a/.github/workflows/docker-db-migration.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: "Docker - fhevm DB migration" - -on: - pull_request: - paths: - - .github/workflows/docker-db-migration.yml - - fhevm-engine/fhevm-db/** - push: - branches: - - main - paths: - - .github/workflows/docker-db-migration.yml - - fhevm-engine/fhevm-db/** - release: - types: - - published - -concurrency: - group: fhevm-db-migration-${{ github.ref_name }} - cancel-in-progress: false - -jobs: - docker-fhevm-db-migration: - uses: zama-ai/ci-templates/.github/workflows/docker_common.yml@44333c96991d6747e0bef6a3308bfd98b20390f8 # main - secrets: - GHCR_ACTION_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} - GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} - permissions: - contents: "read" - id-token: "write" - packages: "write" - with: - working-directory: "." - push_image: true - image-name: "fhevm-backend/db-migration" - generate-dev-image: false - docker-file: "fhevm-engine/fhevm-db/Dockerfile" - arm-build: true \ No newline at end of file diff --git a/.github/workflows/docker-contracts.yml b/.github/workflows/host-contracts-docker-build.yml similarity index 51% rename from .github/workflows/docker-contracts.yml rename to .github/workflows/host-contracts-docker-build.yml index 202448ec..8f594578 100644 --- a/.github/workflows/docker-contracts.yml +++ b/.github/workflows/host-contracts-docker-build.yml @@ -1,16 +1,10 @@ -name: "Docker - fhevm Host Contracts" +name: Docker - Fhevm Host Contracts on: pull_request: - paths: - - .github/workflows/docker-contracts.yml - - contracts/** push: branches: - main - paths: - - .github/workflows/docker-contracts.yml - - contracts/** release: types: - published @@ -20,7 +14,26 @@ concurrency: cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-contracts-files: ${{ steps.filter.outputs.contracts-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + contracts-files: + - .github/workflows/host-contracts-docker-build.yml + - contracts/** docker-fhevm-contracts: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-contracts-files == 'true' || github.event_name == 'release' }} uses: zama-ai/ci-templates/.github/workflows/docker_common.yml@44333c96991d6747e0bef6a3308bfd98b20390f8 # main secrets: GHCR_ACTION_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} diff --git a/.github/workflows/fhevm-host-contracts-tests.yml b/.github/workflows/host-contracts-docker-deployment-tests.yml similarity index 75% rename from .github/workflows/fhevm-host-contracts-tests.yml rename to .github/workflows/host-contracts-docker-deployment-tests.yml index 3bab03df..13bfd37a 100644 --- a/.github/workflows/fhevm-host-contracts-tests.yml +++ b/.github/workflows/host-contracts-docker-deployment-tests.yml @@ -1,19 +1,34 @@ -name: fhevm Host Contracts Deployment Test +name: Fhevm Host Contracts Deployment Tests on: pull_request: - paths: - - .github/workflows/fhevm-sc-tests.yml - - contracts/** concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-contracts-files: ${{ steps.filter.outputs.contracts-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + contracts-files: + - .github/workflows/host-contracts-docker-deployment-tests.yml + - contracts/** docker-compose-tests: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-contracts-files == 'true' }} runs-on: ubuntu-latest - steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 diff --git a/.github/workflows/test.yml b/.github/workflows/host-contracts-npm-tests.yml similarity index 58% rename from .github/workflows/test.yml rename to .github/workflows/host-contracts-npm-tests.yml index d9adf5a1..a8ff5891 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/host-contracts-npm-tests.yml @@ -1,14 +1,29 @@ -name: Pull request tests (contracts) +name: Fhevm Host Contracts npm Tests on: pull_request: - branches: - - "*" - paths: - - contracts/** jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-contracts-files: ${{ steps.filter.outputs.contracts-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + contracts-files: + - .github/workflows/host-contracts-npm-tests.yml + - contracts/** build: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-contracts-files == 'true' }} runs-on: large_ubuntu_32 strategy: matrix: diff --git a/.github/workflows/fhevm-host-contracts-publish.yml b/.github/workflows/host-contracts-publish.yml similarity index 97% rename from .github/workflows/fhevm-host-contracts-publish.yml rename to .github/workflows/host-contracts-publish.yml index 2a2fe47f..642aa41d 100644 --- a/.github/workflows/fhevm-host-contracts-publish.yml +++ b/.github/workflows/host-contracts-publish.yml @@ -1,4 +1,4 @@ -name: Publish fhevm Solidity core contracts +name: Fhevm Host Contracts npm Publish on: workflow_dispatch: diff --git a/.github/workflows/slither.yml b/.github/workflows/host-contracts-slither-analysis.yml similarity index 59% rename from .github/workflows/slither.yml rename to .github/workflows/host-contracts-slither-analysis.yml index 619ef3bb..afea6f71 100644 --- a/.github/workflows/slither.yml +++ b/.github/workflows/host-contracts-slither-analysis.yml @@ -1,16 +1,30 @@ -name: Slither Analysis -permissions: - contents: read - checks: write +name: Fhevm Host Contracts Slither Analysis + on: pull_request: branches: - main - paths: - - contracts/** - - .github/workflows/slither.yml jobs: + check-changes: + permissions: + actions: 'read' + contents: 'read' + pull-requests: 'read' + runs-on: ubuntu-latest + outputs: + changes-contracts-files: ${{ steps.filter.outputs.contracts-files }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: filter + with: + filters: | + contracts-files: + - .github/workflows/host-contracts-slither-analysis.yml + - contracts/** analyze: + needs: check-changes + if: ${{ needs.check-changes.outputs.changes-contracts-files == 'true' }} runs-on: large_ubuntu_32 steps: - name: Checkout @@ -35,3 +49,7 @@ jobs: uses: github/codeql-action/upload-sarif@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3.28.11 with: sarif_file: results.sarif + +permissions: + contents: read + checks: write \ No newline at end of file