-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build: add fhevm db migration image (#136)
* build: add fhevm-db-migration image * build: add db migration to docker-compose * fix: insert test tenant binary keys instead of paths * fix: use COPY for large binary files * build: add db-migration docker image * build: fix hadolint warn * build: enable push
- Loading branch information
1 parent
368c851
commit 9925951
Showing
7 changed files
with
208 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
name: "fhEVM DB migration Docker Image" | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- ci/db-migration | ||
paths: | ||
- .github/workflows/fhevm-coprocessor.yml | ||
- .github/workflows/common-docker.yml | ||
- fhevm-engine/fhevm-db/** | ||
release: | ||
types: | ||
- published | ||
|
||
concurrency: | ||
group: fhevm-coprocessor-${{ github.ref_name }} | ||
cancel-in-progress: false | ||
|
||
jobs: | ||
docker-coprocessor: | ||
uses: ./.github/workflows/common-docker.yml | ||
permissions: | ||
contents: "read" | ||
id-token: "write" | ||
packages: "write" | ||
with: | ||
working-directory: "." | ||
push_image: true | ||
image-name: "fhevm-db-migration" | ||
generate-dev-image: false | ||
docker-file: "fhevm-engine/fhevm-db/Dockerfile" | ||
arm-build: true | ||
|
||
secrets: | ||
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} | ||
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} | ||
|
||
done: | ||
runs-on: ubuntu-latest | ||
name: Pipeline Done | ||
steps: | ||
- name: Success | ||
run: echo Pipeline Done | ||
needs: | ||
- docker-coprocessor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
ignored: | ||
- DL3018 | ||
- DL3008 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,37 +1,66 @@ | ||
version: '3.8' | ||
name: fhevm | ||
|
||
services: | ||
db: | ||
container_name: db | ||
image: postgres:15.7 | ||
restart: always | ||
environment: | ||
- POSTGRES_USER=postgres | ||
- POSTGRES_PASSWORD=postgres | ||
POSTGRES_USER: postgres | ||
POSTGRES_PASSWORD: postgres | ||
ports: | ||
- '5432:5432' | ||
volumes: | ||
healthcheck: | ||
test: ["CMD-SHELL", "pg_isready -U postgres"] | ||
interval: 10s | ||
timeout: 5s | ||
retries: 3 | ||
volumes: | ||
- db:/var/lib/postgresql/data | ||
coproc: | ||
image: ghcr.io/zama-ai/fhevm-coprocessor:v7 | ||
|
||
migration: | ||
container_name: migration | ||
image: ghcr.io/zama-ai/fhevm-db-migration:v1.1 | ||
environment: | ||
DATABASE_URL: postgresql://postgres:postgres@db:5432/coprocessor | ||
depends_on: | ||
db: | ||
condition: service_healthy | ||
|
||
coprocessor: | ||
container_name: coprocessor | ||
image: ghcr.io/zama-ai/fhevm-coprocessor:v0.1.0-3 | ||
environment: | ||
- DATABASE_URL=postgresql://postgres:postgres@db:5432/coprocessor | ||
DATABASE_URL: postgresql://postgres:postgres@db:5432/coprocessor | ||
ports: | ||
- '50051:50051' | ||
volumes: | ||
- ${PWD}/coprocessor.key:/usr/share/coprocessor.key | ||
- ./coprocessor.key:/usr/share/coprocessor.key | ||
command: | ||
- --run-bg-worker | ||
- --run-server | ||
- --server-addr=0.0.0.0:50051 | ||
- --coprocessor-private-key=/usr/share/coprocessor.key | ||
depends_on: | ||
migration: | ||
condition: service_completed_successfully | ||
|
||
geth: | ||
image: ghcr.io/zama-ai/geth-coprocessor-devnode:v6 | ||
container_name: geth | ||
image: ghcr.io/zama-ai/geth-coprocessor-devnode:v8 | ||
environment: | ||
- FHEVM_COPROCESSOR_API_KEY=a1503fb6-d79b-4e9e-826d-44cf262f3e05 | ||
- FHEVM_COPROCESSOR_URL=coproc:50051 | ||
- COPROCESSOR_CONTRACT_ADDRESS=0x6819e3aDc437fAf9D533490eD3a7552493fCE3B1 | ||
- ACL_CONTRACT_ADDRESS=0x339EcE85B9E11a3A3AA557582784a15d7F82AAf2 | ||
FHEVM_COPROCESSOR_API_KEY: a1503fb6-d79b-4e9e-826d-44cf262f3e05 | ||
FHEVM_COPROCESSOR_URL: coprocessor:50051 | ||
COPROCESSOR_CONTRACT_ADDRESS: 0x6819e3aDc437fAf9D533490eD3a7552493fCE3B1 | ||
ACL_CONTRACT_ADDRESS: 0x339EcE85B9E11a3A3AA557582784a15d7F82AAf2 | ||
volumes: | ||
- ./geth:/geth | ||
ports: | ||
- '8745:8545' | ||
depends_on: | ||
coprocessor: | ||
condition: service_started | ||
|
||
volumes: | ||
db: | ||
driver: local | ||
driver: local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# Use the Rust image as the base | ||
FROM rust:1.74 | ||
|
||
# Install dependencies and tools | ||
RUN apt-get update && \ | ||
apt-get install -y --no-install-recommends libpq-dev postgresql-client xxd && \ | ||
cargo install sqlx-cli --no-default-features --features postgres --locked && \ | ||
apt-get clean && rm -rf /var/lib/apt/lists/* | ||
|
||
# Copy migrations and initialization script | ||
COPY fhevm-engine/fhevm-db/initialize_db.sh /initialize_db.sh | ||
COPY fhevm-engine/fhevm-db/migrations /migrations | ||
COPY fhevm-engine/fhevm-keys /fhevm-keys | ||
|
||
# Make the script executable | ||
RUN chmod +x /initialize_db.sh | ||
|
||
# Run the initialization script as the entrypoint | ||
ENTRYPOINT ["/bin/bash", "/initialize_db.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
#!/bin/bash | ||
|
||
# 1: Create Database | ||
echo "Creating database..." | ||
sqlx database create | ||
|
||
# 2: Run sqlx migrations | ||
echo "Running migrations..." | ||
sqlx migrate run --source /migrations || { echo "Failed to run migrations."; exit 1; } | ||
|
||
# 3. Insert test tenant with keys | ||
echo "Start preparing tenant query..." | ||
TENANT_API_KEY=a1503fb6-d79b-4e9e-826d-44cf262f3e05 | ||
CHAIN_ID=12345 | ||
ACL_CONTRACT_ADDRESS=0x339EcE85B9E11a3A3AA557582784a15d7F82AAf2 | ||
INPUT_VERIFIER_ADDRESS=0x69dE3158643e738a0724418b21a35FAA20CBb1c5 | ||
PKS_FILE="/fhevm-keys/pks" | ||
SKS_FILE="/fhevm-keys/sks" | ||
PUBLIC_PARAMS_FILE="/fhevm-keys/pp" | ||
|
||
TMP_CSV="/tmp/tenant_data.csv" | ||
echo "tenant_api_key,chain_id,acl_contract_address,verifying_contract_address,pks_key,sks_key,public_params" > $TMP_CSV | ||
|
||
echo "$TENANT_API_KEY,$CHAIN_ID,$ACL_CONTRACT_ADDRESS,$INPUT_VERIFIER_ADDRESS,\"\\x$(cat $PKS_FILE | xxd -p | tr -d '\n')\",\"\\x$(cat $SKS_FILE | xxd -p | tr -d '\n')\",\"\\x$(cat $PUBLIC_PARAMS_FILE | xxd -p | tr -d '\n')\"" >> $TMP_CSV | ||
|
||
echo "Inserting tenant data using \COPY..." | ||
psql $DATABASE_URL -c "\COPY tenants (tenant_api_key, chain_id, acl_contract_address, verifying_contract_address, pks_key, sks_key, public_params) FROM '$TMP_CSV' CSV HEADER;" | ||
|
||
rm -f $TMP_CSV | ||
|
||
echo "Database initialization complete." |
62 changes: 62 additions & 0 deletions
62
fhevm-engine/fhevm-db/migrations/20240722111257_coprocessor.sql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
|
||
CREATE TABLE IF NOT EXISTS computations ( | ||
tenant_id INT NOT NULL, | ||
output_handle BYTEA NOT NULL, | ||
output_type SMALLINT NOT NULL, | ||
-- can be handle or scalar, depends on is_scalar field | ||
-- only second dependency can ever be scalar | ||
dependencies BYTEA[] NOT NULL, | ||
fhe_operation SMALLINT NOT NULL, | ||
created_at TIMESTAMP NOT NULL DEFAULT NOW(), | ||
completed_at TIMESTAMP, | ||
is_scalar BOOLEAN NOT NULL, | ||
is_completed BOOLEAN NOT NULL DEFAULT 'f', | ||
is_error BOOLEAN NOT NULL DEFAULT 'f', | ||
error_message TEXT, | ||
PRIMARY KEY (tenant_id, output_handle) | ||
); | ||
|
||
CREATE TABLE IF NOT EXISTS ciphertexts ( | ||
tenant_id INT NOT NULL, | ||
handle BYTEA NOT NULL, | ||
ciphertext BYTEA NOT NULL, | ||
ciphertext_version SMALLINT NOT NULL, | ||
ciphertext_type SMALLINT NOT NULL, | ||
-- if ciphertext came from blob we have its reference | ||
input_blob_hash BYTEA, | ||
input_blob_index INT NOT NULL DEFAULT 0, | ||
created_at TIMESTAMP DEFAULT NOW(), | ||
PRIMARY KEY (tenant_id, handle, ciphertext_version) | ||
); | ||
|
||
-- store for audits and historical reference | ||
CREATE TABLE IF NOT EXISTS input_blobs ( | ||
tenant_id INT NOT NULL, | ||
blob_hash BYTEA NOT NULL, | ||
blob_data BYTEA NOT NULL, | ||
blob_ciphertext_count INT NOT NULL, | ||
created_at TIMESTAMP DEFAULT NOW(), | ||
PRIMARY KEY (tenant_id, blob_hash) | ||
); | ||
|
||
CREATE TABLE IF NOT EXISTS tenants ( | ||
tenant_id SERIAL PRIMARY KEY, | ||
tenant_api_key UUID NOT NULL DEFAULT gen_random_uuid(), | ||
-- for EIP712 signatures | ||
chain_id INT NOT NULL, | ||
-- for EIP712 signatures | ||
verifying_contract_address TEXT NOT NULL, | ||
acl_contract_address TEXT NOT NULL, | ||
pks_key BYTEA NOT NULL, | ||
sks_key BYTEA NOT NULL, | ||
public_params BYTEA NOT NULL, | ||
-- for debugging, can be null | ||
cks_key BYTEA, | ||
-- admin api key is allowed to create more tenants with their keys | ||
is_admin BOOLEAN DEFAULT 'f' | ||
); | ||
|
||
CREATE INDEX IF NOT EXISTS computations_dependencies_index ON computations USING GIN (dependencies); | ||
CREATE INDEX IF NOT EXISTS computations_completed_index ON computations (is_completed); | ||
CREATE INDEX IF NOT EXISTS computations_errors_index ON computations (is_error); | ||
CREATE UNIQUE INDEX IF NOT EXISTS tenants_by_api_key ON tenants (tenant_api_key); |