Azure pipeline fixes

Author: iKapitonau

deployment/ci/bootstrap_init.sh

@@ -5,8 +5,8 @@ set -euvo pipefail
 rm -rf ~/.secretd/*
 rm -rf /opt/secret/.sgx_secrets/*
 
-secretd config chain-id secretdev-1
-secretd config keyring-backend test
+secretd config set client chain-id secretdev-1
+secretd config set client keyring-backend test
 
 secretd init banana --chain-id secretdev-1
 
@@ -25,17 +25,20 @@ echo $b_mnemonic | secretd keys add b --recover
 echo $c_mnemonic | secretd keys add c --recover
 echo $d_mnemonic | secretd keys add d --recover
 
-secretd add-genesis-account "$(secretd keys show -a a)" 1000000000000000000uscrt
-secretd add-genesis-account "$(secretd keys show -a b)" 1000000000000000000uscrt
-secretd add-genesis-account "$(secretd keys show -a c)" 1000000000000000000uscrt
-secretd add-genesis-account "$(secretd keys show -a d)" 1000000000000000000uscrt
+secretd genesis add-genesis-account "$(secretd keys show -a a)" 1000000000000000000uscrt
+secretd genesis add-genesis-account "$(secretd keys show -a b)" 1000000000000000000uscrt
+secretd genesis add-genesis-account "$(secretd keys show -a c)" 1000000000000000000uscrt
+secretd genesis add-genesis-account "$(secretd keys show -a d)" 1000000000000000000uscrt
 
-secretd gentx a 1000000uscrt --chain-id secretdev-1
+secretd genesis gentx a 1000000uscrt --chain-id secretdev-1
 
-secretd collect-gentxs
-secretd validate-genesis
+secretd genesis collect-gentxs
+secretd genesis validate
 
 secretd init-bootstrap
-secretd validate-genesis
+secretd genesis validate
+
+# Setup LCD
+perl -i -pe 's;address = "tcp://localhost:1317";address = "tcp://0.0.0.0:1317";' ~/.secretd/config/app.toml
 
 source /opt/sgxsdk/environment && RUST_BACKTRACE=1 secretd start --rpc.laddr tcp://0.0.0.0:26657 --bootstrap

deployment/ci/node_init.sh

@@ -14,9 +14,9 @@ rm -rf ~/.secretd
 NO_TESTS="${NO_TESTS:-}"
 
 mkdir -p /root/.secretd/.node
-secretd config keyring-backend test
-secretd config node tcp://bootstrap:26657
-secretd config chain-id secretdev-1
+secretd config set client chain-id secretdev-1
+secretd config set client keyring-backend test
+secretd config set client node tcp://bootstrap:26657
 
 secretd init "$(hostname)" --chain-id secretdev-1 || true
 
@@ -32,7 +32,13 @@ sleep 20
 
 cp /tmp/.secretd/keyring-test /root/.secretd/ -r
 
-secretd init-enclave
+sed -i 's|//,"collateral_service": "https://api.trustedservices.intel.com/sgx/certification/v4/"|,"collateral_service": "https://pccs.scrtlabs.com/sgx/certification/v4/"|' /etc/sgx_default_qcnl.conf
+sed -i 's|"pccs_url": "https://localhost:8081/sgx/certification/v4/"|"pccs_url": "https://global.acccache.azure.net/sgx/certification/v3/"|' /etc/sgx_default_qcnl.conf
+
+groupadd sgx_prv
+usermod -a -G sgx_prv $(whoami)
+
+secretd init-enclave --no-epid
 
 PUBLIC_KEY=$(secretd dump /opt/secret/.sgx_secrets/pubkey.bin 2> /dev/null)
 
@@ -51,9 +57,9 @@ secretd configure-secret node-master-key.txt "$SEED"
 
 cp /tmp/.secretd/config/genesis.json /root/.secretd/config/genesis.json
 
-secretd validate-genesis
+secretd genesis validate
 
-secretd config node tcp://localhost:26657
+secretd config set client node tcp://localhost:26657
 
 if [ ! -z "$NO_TESTS" ]
 then
@@ -73,7 +79,7 @@ function wait_for_tx () {
     done
 }
 
-until (secretd status 2>&1 | jq -e '(.SyncInfo.latest_block_height | tonumber) > 0' &>/dev/null); do
+until (secretd status 2>&1 | jq -e '(.sync_info.latest_block_height | tonumber) > 0' &>/dev/null); do
     echo "Waiting for chain to start..."
     sleep 1
 done
@@ -82,32 +88,30 @@ sleep 5
 
 # store wasm code on-chain so we could later instantiate it
 export STORE_TX_HASH=$(
-    yes |
-    secretd tx compute store erc20.wasm --from a --gas 1200000 --gas-prices 0.25uscrt --output json |
+    secretd tx compute store erc20.wasm --from a --gas 1200000 --gas-prices 0.25uscrt --output json -y |
     jq -r .txhash
 )
 
 wait_for_tx "$STORE_TX_HASH" "Waiting for store to finish on-chain..."
 
 # test storing of wasm code (this doesn't touch sgx yet)
 secretd q tx "$STORE_TX_HASH" --output json |
-    jq -e '.logs[].events[].attributes[] | select(.key == "code_id" and .value == "1")'
+    jq -e '.events[].attributes[] | select(.key == "code_id" and .value == "1")'
 
 # init the contract (ocall_init + write_db + canonicalize_address)
 # a is a tendermint address (will be used in transfer: https://github.com/CosmWasm/cosmwasm-examples/blob/f2f0568ebc90d812bcfaa0ef5eb1da149a951552/erc20/src/contract.rs#L110)
 # secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t is just a random address
 # balances are set to 108 & 53 at init
 INIT_TX_HASH=$(
-    yes |
-        secretd tx compute instantiate 1 "{\"decimals\":10,\"initial_balances\":[{\"address\":\"$(secretd keys show a -a)\",\"amount\":\"108\"},{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\",\"amount\":\"53\"}],\"name\":\"ReuvenPersonalRustCoin\",\"symbol\":\"RPRC\"}" --label RPRCCoin --output json --gas-prices 0.25uscrt --from a |
+        secretd tx compute instantiate 1 "{\"decimals\":10,\"initial_balances\":[{\"address\":\"$(secretd keys show a -a)\",\"amount\":\"108\"},{\"address\":\"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t\",\"amount\":\"53\"}],\"name\":\"ReuvenPersonalRustCoin\",\"symbol\":\"RPRC\"}" --label RPRCCoin --output json --gas-prices 0.25uscrt --from a -y |
         jq -r .txhash
 )
 
 wait_for_tx "$INIT_TX_HASH" "Waiting for instantiate to finish on-chain..."
 
 export CONTRACT_ADDRESS=$(
     secretd q tx "$INIT_TX_HASH" --output json |
-        jq -er '.logs[].events[].attributes[] | select(.key == "contract_address") | .value' |
+        jq -er '.events[].attributes[] | select(.key == "contract_address") | .value' |
         head -1
 )
 
@@ -119,8 +123,7 @@ secretd q compute query "$CONTRACT_ADDRESS" "{\"balance\":{\"address\":\"secret1
 
 # transfer 10 balance (ocall_handle + read_db + write_db + humanize_address + canonicalize_address)
 TRANSFER_TX_HASH=$(
-    yes |
-        secretd tx compute execute --from a "$CONTRACT_ADDRESS" '{"transfer":{"amount":"10","recipient":"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t"}}' --gas-prices 0.25uscrt --output json 2> /dev/null |
+        secretd tx compute execute --from a "$CONTRACT_ADDRESS" '{"transfer":{"amount":"10","recipient":"secret1f395p0gg67mmfd5zcqvpnp9cxnu0hg6rjep44t"}}' --gas-prices 0.25uscrt --output json -y 2> /dev/null |
         jq -r .txhash
 )
 

deployment/ci/query-load-test/package.json

@@ -3,7 +3,7 @@
   "devDependencies": {
     "@types/node": "^17.0.23",
     "axios": "^0.26.1",
-    "secretjs": "1.7.1-beta.0",
+    "secretjs": "1.15.0-beta.3",
     "typescript": "^4.6.3"
   },
   "dependencies": {

deployment/ci/query-load-test/test.js

@@ -12,6 +12,22 @@ const CHAIN_ID = "secretdev-1";
 const c_mnemonic =
     "chair love bleak wonder skirt permit say assist aunt credit roast size obtain minute throw sand usual age smart exact enough room shadow charge";
 
+const getValueFromEvents = (events, key) => {
+  if (!events) {
+    return "";
+  }
+
+  for (const e of events) {
+    for (const a of e.attributes) {
+      if (`${e.type}.${a.key}` === key) {
+        return String(a.value);
+      }
+    }
+  }
+
+  return "";
+}
+
 // Returns a client with which we can interact with secret network
 const initializeClient = async (endpoint, chainId) => {
     const wallet = new Wallet(c_mnemonic);
@@ -163,13 +179,9 @@ const uploadContract = async (
         throw new Error(`Failed to upload contract`);
     }
 
-    const codeIdKv = uploadReceipt.jsonLog[0].events[0].attributes.find(
-        (a) => {
-            return a.key === "code_id";
-        }
-    );
+    const codeIdKv = getValueFromEvents(uploadReceipt.events, "message.code_id");
 
-    const codeId = Number(codeIdKv.value);
+    const codeId = Number(codeIdKv);
     console.log(`${contractName} contract codeId: ${codeId}`);
 
     const codeHash = (await client.query.compute.codeHashByCodeId({code_id: String(codeId)})).code_hash;
@@ -215,7 +227,6 @@ const initializeContract = async (
             gasLimit: 4000000,
         }
     );
-
     console.log(`decrypt: ${JSON.stringify(contract)}`)
 
     if (contract.code !== 0) {

deployment/dockerfiles/Dockerfile

@@ -8,7 +8,7 @@
 #   `--target compile-secretd` - image with compiled enclave and secretd
 
 ARG SCRT_BASE_IMAGE_ENCLAVE=ghcr.io/scrtlabs/sgx-rust:2204-1.1.6
-ARG SCRT_RELEASE_BASE_IMAGE=ghcr.io/scrtlabs/release-base:22.04-2.20-dcap
+ARG SCRT_RELEASE_BASE_IMAGE=ghcr.io/scrtlabs/release-base:22.04-2.25-dcap
 
 # ***************** PREPARE COMPILE ENCLAVE ************** #
 

deployment/dockerfiles/base-images/app.Dockerfile

@@ -1,13 +1,13 @@
-FROM ubuntu:jammy as runtime_base
+FROM ubuntu:jammy AS runtime_base
 
 LABEL maintainer=enigmampc
 
 # SGX version parameters
-ARG SDK_VERSION=2.20
-ARG SGX_VERSION=2.20.100.4
-ARG PSW_VERSION=2.20.100.4-jammy1
+ARG SDK_VERSION=2.25
+ARG SGX_VERSION=2.25.100.3
+ARG PSW_VERSION=2.25.100.3-jammy1
 ARG OS_REVESION=jammy1
-ARG DCAP_VERSION=1.17.100.4-jammy1
+ARG DCAP_VERSION=1.22.100.3-jammy1
 #RUN apt-get update && \
 #    apt-get install -y --no-install-recommends \
 #    #### Base utilities ####
@@ -93,4 +93,4 @@ RUN echo -e 'no\n/opt' | ./sgx/sgx_linux_x64_sdk_${SGX_VERSION}.bin && \
 ##
 ENV LD_LIBRARY_PATH=/opt/sgxsdk/libsgx-enclave-common/
 #
-##RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make
+##RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make

deployment/dockerfiles/ibc/docker-compose.yml

@@ -1,7 +1,7 @@
 version: "3.9"
 services:
   localsecret-1:
-    image: "ghcr.io/scrtlabs/localsecret:v0.0.0"
+    image: "ghcr.io/scrtlabs/localsecret:beta"
     # ports are only here in case interaction
     # between localhost and container is desired
     ports:
@@ -21,7 +21,7 @@ services:
       timeout: 5s
       retries: 5
   localsecret-2:
-    image: "ghcr.io/scrtlabs/localsecret:v0.0.0"
+    image: "ghcr.io/scrtlabs/localsecret:beta"
     # ports are only here in case interaction
     # between localhost and container is desired
     ports:

deployment/dockerfiles/tests/compile-contracts.Dockerfile

@@ -1,14 +1,15 @@
-FROM ghcr.io/scrtlabs/release-base:20.04-2.20
+FROM ghcr.io/scrtlabs/release-base:22.04-2.25-dcap
 
-ARG NODE_VERSION=16
+ARG NODE_VERSION=18
 
 RUN mkdir -p /opt/secret/.sgx_secrets
 
 COPY scripts/install-wasm-tools.sh install-wasm-tools.sh
 RUN chmod +x install-wasm-tools.sh
 RUN ./install-wasm-tools.sh
 
-RUN $HOME/.cargo/bin/rustup install 1.61
+RUN $HOME/.cargo/bin/rustup install 1.71
+RUN $HOME/.cargo/bin/rustup default 1.71
 RUN $HOME/.cargo/bin/rustup target add wasm32-unknown-unknown
 
 ENV GOROOT=/usr/local/go

deployment/dockerfiles/tests/integration-tests.Dockerfile

@@ -1,11 +1,11 @@
 # This dockerfile contains tests that require a full network to run, and require a running node that is connected to the network
 
-FROM ghcr.io/scrtlabs/compile-contracts:1.10.0
+FROM ghcr.io/scrtlabs/compile-contracts:1.15.2
 
 COPY deployment/ci/query-load-test query-load-test
 
 WORKDIR query-load-test
 
 RUN npm install
 
-ENTRYPOINT ["node", "test.js"]
+ENTRYPOINT ["node", "test.js"]

deployment/dockerfiles/tests/system-tests.Dockerfile

@@ -1,7 +1,7 @@
 # This dockerfile contains tests that only test the compute module, using a single node. They do not execute tests
 # on multiple nodes, nor do they require a full network or interfaces with user libraries, network latency, etc.
 
-FROM ghcr.io/scrtlabs/compile-contracts:1.10.0
+FROM ghcr.io/scrtlabs/compile-contracts:1.15.2
 
 RUN mkdir -p /opt/secret/.sgx_secrets
 
@@ -26,6 +26,7 @@ COPY cmd cmd
 RUN true
 COPY client client
 COPY ias_keys ias_keys
+COPY eip191 eip191
 
 COPY spid.txt ias_keys/develop/spid.txt
 COPY spid.txt ias_keys/sw_dummy/spid.txt
@@ -43,7 +44,11 @@ COPY deployment/ci/go-tests-bench.sh .
 RUN chmod +x go-tests.sh
 RUN chmod +x go-tests-bench.sh
 
-COPY --from=azcr.io/enigmampc/ci-base-image-local /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so ./go-cosmwasm/api/libgo_cosmwasm.so
-COPY --from=azcr.io/enigmampc/ci-base-image-local /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so x/compute/internal/keeper/librust_cosmwasm_enclave.signed.so
+COPY --from=azcr.io/enigmampc/ci-base-image-local /go/src/github.com/scrtlabs/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so ./go-cosmwasm/api/libgo_cosmwasm.so
+COPY --from=azcr.io/enigmampc/ci-base-image-local /go/src/github.com/scrtlabs/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so x/compute/internal/keeper/librust_cosmwasm_enclave.signed.so
+
+RUN ln -s /usr/lib/x86_64-linux-gnu/libsgx_dcap_quoteverify.so.1 /usr/lib/x86_64-linux-gnu/libsgx_dcap_quoteverify.so
+RUN ln -s /usr/lib/x86_64-linux-gnu/libsgx_epid.so.1 /usr/lib/x86_64-linux-gnu/libsgx_epid.so
+RUN ln -s /usr/lib/x86_64-linux-gnu/libsgx_dcap_ql.so.1 /usr/lib/x86_64-linux-gnu/libsgx_dcap_ql.so
 
 ENTRYPOINT ["/bin/bash", "go-tests.sh"]

go-cosmwasm/api/link_std.go

@@ -3,5 +3,5 @@
 
 package api
 
-// #cgo LDFLAGS: -Wl,-rpath,${SRCDIR} -L${SRCDIR} -lgo_cosmwasm -lsgx_dcap_ql -lsgx_dcap_quoteverify 
+// #cgo LDFLAGS: -Wl,-rpath,${SRCDIR} -L${SRCDIR} -lgo_cosmwasm -lsgx_dcap_ql -lsgx_dcap_quoteverify -lsgx_epid
 import "C"

scripts/install-wasm-tools.sh

@@ -81,7 +81,7 @@ cargo install pwasm-utils-cli --bin wasm-prune --force
 if [[ "$OSTYPE" == "linux-gnu" ]]; then
 	set -e
 
-	sudo apt-get install -y wabt
+	$MAKE_ME_ROOT apt-get install -y wabt
 fi
 
 echo ""