Skip to content

PoA quorum and HA failover fixes (cherry-pick e1588b6) #3237

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
MitchTurner wants to merge 4 commits into from
Closed

PoA quorum and HA failover fixes (cherry-pick e1588b6) #3237

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
187d8cc
PoA quorum and HA failover fixes (to release/v0.47.3) (#3225)
Voxelot Mar 23, 2026
3b25913
update changelog
MitchTurner Mar 24, 2026
19732d4
fix rust version
MitchTurner Mar 24, 2026
5e99a52
fix check
MitchTurner Mar 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .cargo/audit.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
[advisories]
ignore = [
"RUSTSEC-2025-0009", # https://github.com/FuelLabs/fuel-core/issues/2814
]
]
1 change: 1 addition & 0 deletions .changes/changed/3225.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
PoA quorum and HA failover fixes: Redis leader lease adapter improvements, write_block.lua HEIGHT_EXISTS check, sub-quorum block repair, Prometheus metrics, and chaos test harness.
1 change: 1 addition & 0 deletions .changes/changed/3237.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
PoA quorum and HA failover fixes: Redis leader lease adapter improvements, write_block.lua HEIGHT_EXISTS check, sub-quorum block repair, Prometheus metrics, and chaos test harness.
121 changes: 121 additions & 0 deletions .github/workflows/chaos-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,121 @@
name: Leader Lock Chaos Tests

on:
workflow_dispatch:
inputs:
seeds:
description: 'Seed range (e.g. "0-100")'
required: false
default: '0-50'
duration:
description: 'Test duration per seed (e.g. "30m")'
required: false
default: '30m'
block_time:
description: 'Block production interval'
required: false
default: '100ms'
fault_interval:
description: 'Average fault injection interval'
required: false
default: '1s'
stall_threshold:
description: 'Max allowed production stall'
required: false
default: '20s'
parallelism:
description: 'Number of seeds per runner'
required: false
default: '5'

env:
CARGO_TERM_COLOR: always

jobs:
prepare:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.matrix.outputs.matrix }}
steps:
- id: matrix
run: |
RANGE="${{ inputs.seeds }}"
START="${RANGE%-*}"
END="${RANGE#*-}"
BATCH_SIZE=${{ inputs.parallelism }}
BATCHES="["
FIRST=true
for ((i=START; i<=END; i+=BATCH_SIZE)); do
BATCH_END=$((i + BATCH_SIZE - 1))
if [ $BATCH_END -gt $END ]; then BATCH_END=$END; fi
if [ "$FIRST" = true ]; then FIRST=false; else BATCHES+=","; fi
BATCHES+="{\"start\":$i,\"end\":$BATCH_END}"
done
BATCHES+="]"
echo "matrix={\"batch\":$BATCHES}" >> "$GITHUB_OUTPUT"

chaos-test:
Comment on lines +36 to +57

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 2 months ago

In general, the fix is to add an explicit permissions: block that restricts the GITHUB_TOKEN to the least privileges necessary. This can be defined either at the workflow root (applies to all jobs) or per job. Since both prepare and chaos-test only need to read repository contents (for actions/checkout) and do not push commits, manage issues/PRs, or modify settings, contents: read is sufficient. actions/cache and actions/upload-artifact do not require additional repository-scoped write permissions; they use dedicated cache/artifact infrastructure.

The best minimal fix without changing functionality is to add a workflow-level permissions: block right after the name: line (before on:). This block should set contents: read, which is the recommended baseline for read-only workflows. No other scopes appear needed given the provided steps. This will satisfy CodeQL’s requirement, keep the token as least-privilege, and apply consistently to all jobs in this workflow.

Concretely:

  • Edit .github/workflows/chaos-test.yml.
  • After line 1: name: Leader Lock Chaos Tests, insert: 
    permissions:
  contents: read
  • No imports or additional methods are needed; this is pure workflow configuration.
Suggested changeset 1
.github/workflows/chaos-test.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/chaos-test.yml b/.github/workflows/chaos-test.yml
--- a/.github/workflows/chaos-test.yml
+++ b/.github/workflows/chaos-test.yml
@@ -1,4 +1,6 @@
 name: Leader Lock Chaos Tests
+permissions:
+  contents: read
 
 on:
   workflow_dispatch:
EOF
@@ -1,4 +1,6 @@
name: Leader Lock Chaos Tests
permissions:
contents: read

on:
workflow_dispatch:
Copilot is powered by AI and may make mistakes. Always verify output.
needs: prepare
runs-on: ubuntu-latest
timeout-minutes: 180
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.prepare.outputs.matrix) }}
steps:
- uses: actions/checkout@v6

- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable

- name: Install Redis
run: sudo apt-get update && sudo apt-get install -y redis-server

- name: Cache cargo
uses: actions/cache@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: chaos-test-${{ hashFiles('**/Cargo.lock') }}

- name: Build chaos test
run: cargo build --release -p fuel-core-chaos-test

- name: Run chaos tests (seeds ${{ matrix.batch.start }}-${{ matrix.batch.end }})
run: |
FAILED=0
for seed in $(seq ${{ matrix.batch.start }} ${{ matrix.batch.end }}); do
echo "=== Seed $seed ==="
LOG="chaos_seed${seed}.log"
cargo run --release -p fuel-core-chaos-test -- \
--seed $seed \
--duration ${{ inputs.duration }} \
--block-time ${{ inputs.block_time }} \
--fault-interval ${{ inputs.fault_interval }} \
--stall-threshold ${{ inputs.stall_threshold }} \
> "$LOG" 2>&1
RC=$?
if [ $RC -ne 0 ]; then
echo "SEED $seed: FAIL"
grep -E "FORK|RESULT" "$LOG" | tail -3
if grep -q "FORK" "$LOG"; then
echo "::error::FORK detected at seed $seed"
fi
FAILED=$((FAILED + 1))
else
echo "SEED $seed: PASS"
fi
done
if [ $FAILED -gt 0 ]; then
echo "::error::$FAILED seed(s) failed"
exit 1
fi
Copy link
Copy Markdown

@cursor cursor Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chaos test loop exits on first seed failure

Medium Severity

GitHub Actions runs bash with set -eo pipefail by default. When cargo run exits with a non-zero code on a failing seed, the shell terminates immediately before reaching RC=$?. This means the loop only processes seeds until the first failure — the FAILED counter logic and the summary at the end are effectively dead code. The intent to run all seeds and collect failures is defeated.

Fix in Cursor Fix in Web


- name: Upload logs
if: always()
uses: actions/upload-artifact@v4
with:
name: chaos-logs-${{ matrix.batch.start }}-${{ matrix.batch.end }}
path: chaos_seed*.log
retention-days: 14
Comment on lines +58 to +121

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 2 months ago

In general, the fix is to add an explicit permissions block to the workflow so that the GITHUB_TOKEN has only the minimal required scopes. Since this workflow only checks out code, caches build artifacts, builds, runs tests, and uploads artifacts, it only needs read access to repository contents; no write permissions or special scopes (issues, pull-requests, etc.) are required.

The best fix without changing functionality is to add a top-level permissions block (applies to all jobs) right after the name: or on: section in .github/workflows/chaos-test.yml. Set contents: read, which is sufficient for actions/checkout and does not interfere with actions/cache or actions/upload-artifact, as those operate within the workflow’s already-granted scopes. No job-specific permissions overrides are needed since neither prepare nor chaos-test require more than read access.

Concretely, edit .github/workflows/chaos-test.yml to insert:

permissions:
  contents: read

after the name: Leader Lock Chaos Tests line (line 1) and before on: (line 3). No other code, steps, or dependencies need to change.

Suggested changeset 1
.github/workflows/chaos-test.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/chaos-test.yml b/.github/workflows/chaos-test.yml
--- a/.github/workflows/chaos-test.yml
+++ b/.github/workflows/chaos-test.yml
@@ -1,5 +1,8 @@
 name: Leader Lock Chaos Tests
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
     inputs:
EOF
@@ -1,5 +1,8 @@
name: Leader Lock Chaos Tests

permissions:
contents: read

on:
workflow_dispatch:
inputs:
Copilot is powered by AI and may make mistakes. Always verify output.
33 changes: 28 additions & 5 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core
AWS_ECR_ORG: fuellabs
CARGO_TERM_COLOR: always
RUST_VERSION: 1.93.0
RUST_VERSION: 1.90.0
Comment thread
cursor[bot] marked this conversation as resolved.
Outdated
RUST_VERSION_FMT: nightly-2025-09-28
RUST_VERSION_COV: nightly-2025-09-28
RUSTFLAGS: -D warnings
Expand Down Expand Up @@ -225,43 +225,65 @@
run: cargo test -p fuel-core-tests --features aws-kms -- kms

leader-lock-integration-tests:
name: Leader Lock Integration Tests (w/Redis)
name: Leader Lock Tests (w/Redis)
needs:
- lint-toml-files
- prevent-openssl
- rustfmt
- check-changelog
runs-on: warp-ubuntu-2404-x64-4x
timeout-minutes: 45
env:
RUSTFLAGS: -D warnings
REDIS_VERSION: 8.6.0
steps:
- uses: actions/checkout@v6
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: Install Redis
run: |
sudo apt-get update
sudo apt-get install -y redis-server
sudo apt-get install -y build-essential tcl curl ca-certificates
curl -fsSL "https://download.redis.io/releases/redis-${REDIS_VERSION}.tar.gz" -o /tmp/redis.tar.gz
tar -xzf /tmp/redis.tar.gz -C /tmp
cd "/tmp/redis-${REDIS_VERSION}"
make -j"$(nproc)"
sudo make install
redis-server --version
- uses: rui314/setup-mold@v1
- uses: Swatinem/rust-cache@v2
with:
key: leader-lock-integration-tests
cache-on-failure: true
- name: Start Redis
run: |
redis-server --daemonize yes
redis-cli ping
redis-server \
--port 6379 \
--bind 127.0.0.1 \
--save "" \
--appendonly no \
--daemonize yes \
--pidfile /tmp/redis-ci.pid \
--dir /tmp
for _ in $(seq 1 20); do
if redis-cli -h 127.0.0.1 -p 6379 ping | grep -q PONG; then
exit 0
fi
sleep 0.5
done
echo "Redis failed to start"
exit 1
- name: Run leader lock integration tests
run: |
echo "REDIS_URL=${REDIS_URL:-redis://127.0.0.1:6379} REDIS_DB=${REDIS_DB:-0} LEADER_LOCK_KEY_PREFIX=${LEADER_LOCK_KEY_PREFIX:-<unset>}"
env | sort | grep -Ei 'REDIS|LEADER|LOCK|FUEL' || true
(timeout 90s redis-cli MONITOR | stdbuf -oL grep -E 'SELECT|SET|PEXPIRE|DEL|leader|lock' || true) &
cargo test --package fuel-core --lib service::adapters::consensus_module::poa::tests:: --features leader_lock -- --test-threads=1 --nocapture
cargo test --package fuel-core-tests --test integration_tests leader_lock --features leader_lock -- --test-threads=1 --nocapture

verifications-complete:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}
needs:
- cargo-verifications
- publish-crates-check
Expand Down Expand Up @@ -450,6 +472,7 @@
asset_path: ./${{ env.ZIP_FILE_NAME }}
asset_name: ${{ env.ZIP_FILE_NAME }}
asset_content_type: application/gzip

cargo-audit:
runs-on: ubuntu-latest
continue-on-error: true
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/docker-images.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ env:
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core
AWS_ECR_ORG: fuellabs
CARGO_TERM_COLOR: always
RUST_VERSION: 1.93.0
RUST_VERSION: 1.90.0
Copy link
Copy Markdown

@cursor cursor Bot Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cherry-pick downgrades RUST_VERSION from 1.93.0 to 1.90.0

Medium Severity

The cherry-pick introduces a RUST_VERSION regression from 1.93.0 to 1.90.0 in docker-images.yml. Every other location in the repo uses 1.93.0: rust-toolchain.toml, the Dockerfile (rust:1.93.0-bookworm), and ci.yml. While RUST_VERSION isn't currently interpolated via ${{ env.RUST_VERSION }} in this workflow's steps, it's exported as an environment variable available to all steps and any tool or script that reads it would get an incorrect, stale value.

Fix in Cursor Fix in Web

RUST_VERSION_FMT: nightly-2023-10-29
RUST_VERSION_COV: nightly-2024-06-05
RUSTFLAGS: -D warnings
Expand Down Expand Up @@ -173,6 +173,7 @@ jobs:
platforms: linux/amd64,linux/arm64
build-args: "DEBUG_SYMBOLS=true"


publish-e2e-client-docker-image:
needs:
- publish-docker-images
Expand Down
Loading
Loading