test(saya): add Saya end-to-end TEE test #1975
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - "release/**" | |
| paths: | |
| - "Cargo.toml" | |
| - "bin/**/*.rs" | |
| - "bin/**/Cargo.toml" | |
| - "crates/**/*.rs" | |
| - "crates/**/Cargo.toml" | |
| - ".github/workflows/test.yml" | |
| pull_request: | |
| types: [opened, synchronize, ready_for_review] | |
| paths: | |
| - "Cargo.toml" | |
| - "bin/**/*.rs" | |
| - "bin/**/Cargo.toml" | |
| - "crates/**/*.rs" | |
| - "crates/**/Cargo.toml" | |
| - ".github/workflows/test.yml" | |
| # Cancel in progress workflow when a new one is triggered by running in a concurrency group | |
| # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/control-the-concurrency-of-workflows-and-jobs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| fmt: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - run: scripts/rust_fmt.sh --check | |
| generate-test-artifacts: | |
| needs: [fmt] | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - name: Restore cached test fixtures | |
| id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| crates/contracts/build | |
| tests/vrf/build | |
| tests/snos/snos/build | |
| tests/fixtures/db/spawn_and_move | |
| tests/fixtures/db/simple | |
| tests/fixtures/db/1_6_0 | |
| tests/fixtures/db/snos | |
| key: | | |
| test-fixtures-${{ hashFiles('Makefile', 'crates/contracts/contracts/account/**', 'crates/contracts/contracts/legacy/**', 'crates/contracts/contracts/messaging/**', 'crates/contracts/contracts/test-contracts/**', 'crates/contracts/contracts/vrf/**', 'crates/contracts/contracts/avnu/**', 'crates/contracts/contracts/Scarb.toml', 'tests/vrf/contracts/**', 'tests/fixtures/db/*.tar.gz') }} | |
| - name: Generate test fixtures | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: make | |
| - name: Upload test artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: fixtures | |
| overwrite: true | |
| retention-days: 14 | |
| if-no-files-found: error | |
| path: | | |
| crates/contracts/build | |
| tests/vrf/build | |
| tests/snos/snos/build | |
| tests/fixtures/db/spawn_and_move | |
| tests/fixtures/db/simple | |
| tests/fixtures/db/1_6_0 | |
| tests/fixtures/db/snos | |
| build-katana-binary: | |
| needs: [fmt, clippy, generate-test-artifacts] | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: ${{ matrix.os == 'macos' && 120 || 30 }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu | |
| runner: ubuntu-latest-32-cores | |
| container: ghcr.io/dojoengine/katana-dev:latest | |
| - os: macos | |
| runner: macos-latest | |
| container: null | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: ${{ matrix.container }} | |
| env: | |
| MLIR_SYS_190_PREFIX: /usr/lib/llvm-19/ | |
| LLVM_SYS_191_PREFIX: /usr/lib/llvm-19/ | |
| TABLEGEN_190_PREFIX: /usr/lib/llvm-19/ | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - name: Free disk space (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| sudo rm -rf /opt/hostedtoolcache | |
| sudo rm -rf /Users/runner/Library/Android | |
| sudo rm -rf /Applications/Xcode_*.app | |
| brew cleanup -s | |
| df -h | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ github.job }}-${{ matrix.os }} | |
| shared-key: katana-ci-cache-${{ matrix.os }} | |
| - name: Install LLVM 19 (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| brew install llvm@19 | |
| echo "MLIR_SYS_190_PREFIX=$(brew --prefix llvm@19)" >> $GITHUB_ENV | |
| echo "LLVM_SYS_191_PREFIX=$(brew --prefix llvm@19)" >> $GITHUB_ENV | |
| echo "TABLEGEN_190_PREFIX=$(brew --prefix llvm@19)" >> $GITHUB_ENV | |
| - name: Install zstd and protobuf (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| brew install zstd pkg-config protobuf | |
| echo "PKG_CONFIG_PATH=$(brew --prefix zstd)/lib/pkgconfig:$PKG_CONFIG_PATH" >> $GITHUB_ENV | |
| echo "LIBRARY_PATH=$(brew --prefix zstd)/lib:$LIBRARY_PATH" >> $GITHUB_ENV | |
| - name: Build Explorer UI (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| curl -fsSL https://bun.sh/install | bash | |
| export BUN_INSTALL="$HOME/.bun" | |
| export PATH="$BUN_INSTALL/bin:$PATH" | |
| make build-explorer | |
| - name: Download contract artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| - name: Install cargo-nextest (macOS) | |
| if: matrix.os == 'macos' | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-nextest | |
| - name: Build binary with all features | |
| run: cargo build --bin katana --all-features | |
| # Build and archive test binaries on macOS so the test job can run | |
| # without recompilation (macOS runners are too slow to compile + test | |
| # within a single job timeout). Runs after the binary build so deps | |
| # are already compiled. | |
| - name: Build and archive test binaries (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| cargo nextest archive --all-features --workspace --exclude snos-integration-test --exclude db-compat-test --archive-file nextest-archive.tar.zst | |
| - name: Upload binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: binary-${{ matrix.os }} | |
| overwrite: true | |
| retention-days: 1 | |
| if-no-files-found: error | |
| path: ./target/debug/katana | |
| - name: Upload nextest archive (macOS) | |
| if: matrix.os == 'macos' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nextest-archive-macos | |
| overwrite: true | |
| retention-days: 1 | |
| if-no-files-found: error | |
| path: nextest-archive.tar.zst | |
| clippy: | |
| needs: [generate-test-artifacts] | |
| runs-on: ubuntu-latest-4-cores | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| env: | |
| MLIR_SYS_190_PREFIX: /usr/lib/llvm-19/ | |
| LLVM_SYS_191_PREFIX: /usr/lib/llvm-19/ | |
| TABLEGEN_190_PREFIX: /usr/lib/llvm-19/ | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ github.job }} | |
| shared-key: katana-ci-cache-nightly | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| - name: Run Clippy | |
| run: ./scripts/clippy.sh | |
| test: | |
| needs: [fmt, clippy, generate-test-artifacts, build-katana-binary] | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: ${{ matrix.os == 'macos' && 60 || 30 }} | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu | |
| runner: ubuntu-latest-32-cores | |
| container: ghcr.io/dojoengine/katana-dev:latest | |
| - os: macos | |
| runner: macos-latest | |
| container: null | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: ${{ matrix.container }} | |
| env: | |
| MLIR_SYS_190_PREFIX: /usr/lib/llvm-19/ | |
| LLVM_SYS_191_PREFIX: /usr/lib/llvm-19/ | |
| TABLEGEN_190_PREFIX: /usr/lib/llvm-19/ | |
| NEXTEST_PROFILE: ci | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - uses: Swatinem/rust-cache@v2 | |
| if: matrix.os == 'ubuntu' | |
| with: | |
| key: ci-${{ github.job }}-${{ matrix.os }} | |
| shared-key: katana-ci-cache-${{ matrix.os }} | |
| # LLVM is needed at runtime for cairo-native JIT compilation | |
| - name: Install LLVM 19 (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| brew install llvm@19 | |
| echo "MLIR_SYS_190_PREFIX=$(brew --prefix llvm@19)" >> $GITHUB_ENV | |
| echo "LLVM_SYS_191_PREFIX=$(brew --prefix llvm@19)" >> $GITHUB_ENV | |
| echo "TABLEGEN_190_PREFIX=$(brew --prefix llvm@19)" >> $GITHUB_ENV | |
| # zstd is needed at runtime for database compression | |
| - name: Install zstd (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| brew install zstd | |
| echo "LIBRARY_PATH=$(brew --prefix zstd)/lib:$LIBRARY_PATH" >> $GITHUB_ENV | |
| - name: Install cargo-nextest (macOS) | |
| if: matrix.os == 'macos' | |
| uses: taiki-e/install-action@v2 | |
| with: | |
| tool: cargo-nextest | |
| # anvil is needed for the messaging integration test | |
| - name: Install Foundry (macOS) | |
| if: matrix.os == 'macos' | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| - name: Download Katana binary | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: binary-${{ matrix.os }} | |
| - name: Add binary to PATH | |
| run: | | |
| chmod +x katana | |
| echo "$(pwd)" >> $GITHUB_PATH | |
| - name: Download nextest archive (macOS) | |
| if: matrix.os == 'macos' | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: nextest-archive-macos | |
| - name: Run tests from archive (macOS) | |
| if: matrix.os == 'macos' | |
| run: | | |
| cargo nextest run --archive-file nextest-archive.tar.zst --workspace-remap . | |
| - name: Run tests (ubuntu) | |
| if: matrix.os == 'ubuntu' && github.event_name != 'pull_request' | |
| run: | | |
| cargo nextest run --all-features --workspace --exclude snos-integration-test --exclude db-compat-test --exclude vrf-e2e-test --exclude saya-tee-e2e-test --build-jobs 20 | |
| - name: Run tests w/ code coverage (ubuntu) | |
| if: matrix.os == 'ubuntu' && github.event_name == 'pull_request' | |
| run: | | |
| cargo llvm-cov nextest --no-report --all-features --workspace --exclude snos-integration-test --exclude db-compat-test --exclude vrf-e2e-test --exclude saya-tee-e2e-test --build-jobs 20 | |
| cargo llvm-cov report --lcov --output-path lcov.info | |
| - name: Upload code coverage | |
| uses: codecov/codecov-action@v4 | |
| if: matrix.os == 'ubuntu' && github.event_name == 'pull_request' | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: lcov.info | |
| # TODO: re-enable once the snos crate is added back to the workspace | |
| # snos-integration-test: | |
| # needs: [fmt, clippy] | |
| # runs-on: ubuntu-latest-32-cores | |
| # timeout-minutes: 30 | |
| # if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| # container: | |
| # image: ghcr.io/dojoengine/katana-dev:latest | |
| # env: | |
| # MLIR_SYS_190_PREFIX: /usr/lib/llvm-19/ | |
| # LLVM_SYS_191_PREFIX: /usr/lib/llvm-19/ | |
| # TABLEGEN_190_PREFIX: /usr/lib/llvm-19/ | |
| # steps: | |
| # - uses: actions/checkout@v3 | |
| # with: | |
| # submodules: recursive | |
| # # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| # - run: git config --global --add safe.directory "*" | |
| # - uses: Swatinem/rust-cache@v2 | |
| # with: | |
| # key: ci-${{ github.job }} | |
| # shared-key: katana-ci-cache | |
| # - name: Download test artifacts | |
| # uses: actions/download-artifact@v5 | |
| # with: | |
| # name: fixtures | |
| # - name: Prepare SNOS test environment | |
| # run: | | |
| # if [ ! -d "./tests/snos/snos/build" ]; then | |
| # make snos-artifacts | |
| # fi | |
| # - run: | | |
| # cargo run -p snos-integration-test | |
| explorer-reverse-proxy: | |
| needs: [fmt, clippy, build-katana-binary] | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ github.job }} | |
| shared-key: katana-ci-cache | |
| - name: Download Katana binary | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: binary-ubuntu | |
| - name: Setup Katana binary | |
| run: chmod +x ./katana | |
| # chrome executable required by puppeteer | |
| - uses: browser-actions/setup-chrome@v1 | |
| - name: Run reverse proxy test | |
| run: | | |
| KATANA_BIN=./katana ./scripts/reverse-proxy-test.sh | |
| dojo-integration-test: | |
| needs: [fmt, clippy, build-katana-binary] | |
| runs-on: ubuntu-latest-32-cores | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| env: | |
| ASDF_SOZO_VERSION: "1.7.0" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ github.job }} | |
| shared-key: katana-ci-cache | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| - name: Download Katana binary | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: binary-ubuntu | |
| - name: Setup Katana binary | |
| run: chmod +x ./katana | |
| - name: Start Katana | |
| run: ./katana > katana.log 2>&1 & | |
| - name: Checkout Dojo repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: dojoengine/dojo | |
| ref: v1.7.0-alpha.2 | |
| path: dojo | |
| - uses: software-mansion/setup-scarb@v1 | |
| with: | |
| scarb-version: "dev-2025-09-05" | |
| - name: Build and migrate `spawn-and-move` project | |
| run: | | |
| cd dojo/examples/spawn-and-move | |
| sozo build && sozo migrate | |
| - name: Output Katana logs on failure | |
| if: failure() | |
| run: | | |
| echo "=== Last 50 lines of Katana logs ===" | |
| tail -n 50 katana.log | |
| cartridge-e2e: | |
| needs: [fmt, clippy, generate-test-artifacts] | |
| runs-on: ubuntu-latest-32-cores | |
| timeout-minutes: 30 | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| env: | |
| MLIR_SYS_190_PREFIX: /usr/lib/llvm-19/ | |
| LLVM_SYS_191_PREFIX: /usr/lib/llvm-19/ | |
| TABLEGEN_190_PREFIX: /usr/lib/llvm-19/ | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - run: git config --global --add safe.directory "*" | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ github.job }} | |
| shared-key: katana-ci-cache | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| - name: Install paymaster-service and vrf-server sidecars | |
| run: | | |
| cargo install --locked --git https://github.com/cartridge-gg/paymaster --rev 4748365 paymaster-service | |
| cargo install --locked --git https://github.com/cartridge-gg/vrf.git --rev 6d1c0f60a53558f19618b2bff81c3da0849db270 vrf-server | |
| - name: Run cartridge e2e test | |
| run: cargo run -p vrf-e2e-test | |
| saya-tee-e2e: | |
| needs: [fmt, clippy, generate-test-artifacts] | |
| runs-on: ubuntu-latest-32-cores | |
| timeout-minutes: 45 | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false) | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| env: | |
| MLIR_SYS_190_PREFIX: /usr/lib/llvm-19/ | |
| LLVM_SYS_191_PREFIX: /usr/lib/llvm-19/ | |
| TABLEGEN_190_PREFIX: /usr/lib/llvm-19/ | |
| CARGO_NET_GIT_FETCH_WITH_CLI: "true" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| - run: git config --global --add safe.directory "*" | |
| # saya-tee depends on `katana_tee_client` from the private | |
| # cartridge-gg/katana-tee repo via SSH. Load the deploy key into | |
| # the SSH agent before any cargo commands fetch git deps. | |
| - name: Setup SSH agent for cartridge-gg/katana-tee | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.KATANA_TEE_DEPLOY_KEY }} | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ci-${{ github.job }} | |
| shared-key: katana-ci-cache | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| # Both `saya-ops` and `saya-tee` come from `dojoengine/saya` on | |
| # the `feat/mock-prove` branch. Each is in its own sub-workspace | |
| # under `bin/`, so we clone the repo and `cargo install --path` | |
| # rather than `cargo install --git --bin` (which only sees the | |
| # root workspace). | |
| - name: Clone saya feat/mock-prove | |
| run: git clone --depth 1 --branch feat/mock-prove https://github.com/dojoengine/saya /tmp/saya | |
| - name: Install saya-ops from feat/mock-prove | |
| run: cargo install --locked --path /tmp/saya/bin/ops --bin saya-ops | |
| - name: Install saya-tee from feat/mock-prove | |
| run: cargo install --locked --path /tmp/saya/bin/persistent-tee --bin saya-tee | |
| # The e2e test spawns a `katana --dev` subprocess for L2 (the L3 | |
| # stays in-process via TestNode). Build the binary first so the | |
| # default `target/debug/katana` resolution works. | |
| - name: Build katana binary | |
| run: cargo build -p katana --bin katana | |
| - name: Run saya-tee e2e test | |
| env: | |
| RUST_LOG: info,saya_tee_e2e_test=debug,persistent_tee=info | |
| run: cargo run -p saya-tee-e2e-test | |
| db-compatibility-check: | |
| needs: [fmt, clippy, build-katana-binary] | |
| runs-on: ubuntu-latest-4-cores | |
| container: | |
| image: ghcr.io/dojoengine/katana-dev:latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| submodules: recursive | |
| # Workaround for https://github.com/actions/runner-images/issues/6775 | |
| - run: git config --global --add safe.directory "*" | |
| - uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: release-checks-${{ github.job }} | |
| shared-key: katana-ci-cache | |
| - name: Download Katana binary | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: binary-ubuntu | |
| - name: Download test artifacts | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: fixtures | |
| - name: Setup Katana binary | |
| run: chmod +x ./katana | |
| - name: Run database compatibility check | |
| run: KATANA_BIN=./katana cargo run -p db-compat-test |