test: a docker test for the zoe/zcf upgrade

[Chris-Hibbert]

refs: #6678

Description

This is a Docker test to validate that the upgrade will work correctly on chain, and to build the necessary scripts.

Security Considerations

This is about deployment.

Scaling Considerations

N/A

Documentation Considerations

N/A

Testing Considerations

This is a test.

[dckc]

didn't finish my review today, but I'll share my thoughts so far

[dckc]

isn't better-sqlite3 already in our yarn.lock? Are we introducing another version of it or something?

[Chris-Hibbert]

reverting.

[dckc]

I see this PR adds the bundles generated from the current git version. I can see why we might need to check in bundles from some older git version, but for the current version, I think we can do:

yarn bundle-source --cache-json /tmp packages/vats/src/vat-zoe.js Zoe-upgrade
ZOE_HASH=`jq -r .endoZipBase64Sha512 /tmp/bundle-Zoe-upgrade.json`
yarn bundle-source --cache-json /tmp packages/zoe/src/contractFacet/vatRoot.js Zcf-upgrade
ZCF_HASH=`jq -r .endoZipBase64Sha512 /tmp/bundle-Zcf-upgrade.json`

and then assert that $ZOE_HASH matches the one from zcf-upgrade-script.js

[Chris-Hibbert]

These bundles were actually (and crucially) generated in #7966 (effectively, a newer version), which has the changes to Zoe and ZCF. This PR sits on top of a branch without those changes, so we can't build them here.

I guess you're right that I could rebase this branch on top of #7966, and build the way you describe. deployment/upgrade-test provides an immutable environment that isn't affected by the checked-out code under agoric-sdk.

What #7969 wants to do can only be done in a branch that doesn't contain the Zoe/ZCF changes, but this branch's goals don't require that isolation.

[dckc]

I get c4b3d8bf11cfbcc90ced7e1a8a936d368098360bb01aa4c70a750a39f56dc9d87c10547e825585ce11ceeca5b24d7093bdef04843ac8ac6e90e661b1235bf69b

when I do:

yarn bundle-source --cache-json /tmp packages/zoe/src/contractFacet/vatRoot.js Zcf-upgrade
export ZCF_HASH=`jq -r .endoZipBase64Sha512 /tmp/bundle-Zcf-upgrade.json`

[Chris-Hibbert]

It's not a surprise that they don't match what you get when you build here, since this branch doesn't have the Zoe/ZCF changes. But I'll rebase to a place that does as you suggested above, and we can make that work.

I was also presuming there might be changes to libraries, etc. that would effect the hash, and expected to do a final re-build before submitting the merge request.

[Chris-Hibbert]

There are instructions in agoric-upgrade-11/actions.sh for building the bundles.

[Chris-Hibbert]

These bundles were actually (and crucially) generated in #7966 (effectively, a newer version), which has the changes to Zoe and ZCF. This PR sits on top of a branch without those changes, so we can't build them here.

I guess you're right that I could rebase this branch on top of #7966, and build the way you describe. deployment/upgrade-test provides an immutable environment that isn't affected by the checked-out code under agoric-sdk.

What #7969 wants to do can only be done in a branch that doesn't contain the Zoe/ZCF changes, but this branch's goals don't require that isolation.

[Chris-Hibbert]

It's not a surprise that they don't match what you get when you build here, since this branch doesn't have the Zoe/ZCF changes. But I'll rebase to a place that does as you suggested above, and we can make that work.

I was also presuming there might be changes to libraries, etc. that would effect the hash, and expected to do a final re-build before submitting the merge request.

[Chris-Hibbert]

reverting.

[turadg]

Excellent. Thanks for the thorough comments

[turadg]

helpful docs

[turadg]

XXX elsewhere means tech debt. please user a different character. Or just upcase.

Suggested change

	echo XXXX fill wallet XXXXXX
	echo FILL WALLET

[Chris-Hibbert]

done

[turadg]

this precedes this PR, but I want to say I think we can have a better name for this. eg. thisupgrade. or find a way to evaluate the scripts letting them use file path relative references. maybe if we adopt zx or execa.

[Chris-Hibbert]

done

[turadg]

??? did you mean to use @ts-check ?

[Chris-Hibbert]

bad copy-paste from prior test.

[turadg]

what happens if you import AmountMath?

[Chris-Hibbert]

AIUI, imports aren't supported in core-eval proposals.

[dckc]

We have a mechanism to support imports. You used it in #7969: packages/vats/src/proposals/zcf-proposal.js starts with import { E } from '@endo/far';.

But it's a complex mechanism, and E is in the environment of a core-eval script even without that import. I tend to do a certain amount of copy-and-paste before I go for the whole writeCoreProposal thing.

[Chris-Hibbert]

I tend to do a certain amount of copy-and-paste before I go for the whole writeCoreProposal thing.

@dckc I'm not positive how to interpret this. Should I change something here?

[turadg]

💤

[Chris-Hibbert]

Took me a couple of passes to see it. Thx.

[turadg]

Suggested change

	# The bundles for Zoe and ZCF have been installed, and their hashes updated in
	# the bundles for Zoe and ZCF have been installed, and their hashes updated in

[Chris-Hibbert]

yup

[turadg]

there will be! we just have to design and implement it :)

[Chris-Hibbert]

There are slightly clearer instructions now in actions.sh.

[dckc]

I haven't been able to reproduce the bundles.

I'd like to avoid checking them in at all.

[turadg]

I don't get it. Why disable ts-check if this is all it takes to enable it? Oh, does the import fail at runtime? if that's it then please enable ts-check and do a type-only import.

/** @typedef {import('@endo/far').E} E */

[Chris-Hibbert]

@dckc I'm just cargo-culting here. What's your advice on best practices?

[dckc]

type-only import

TIL. Nifty.

But at runtime, the string import( cannot occur anywhere in the script, even in comments. See rejectImportExpressions

Conservatively reject the source text if it may contain a dynamic
import expression. To reject without parsing, rejectImportExpressions will
also reject some other text as well.

[dckc]

oh... this import( limitation is another thing that's addressed by the "cadillac method", using writeCoreProposal from @agoric/deploy-script-support:

agoric-sdk/packages/deploy-script-support/src/code-gen.js

Line 20 in 8bcf6af

export const defangEvaluableCode = code =>

[dckc]

by way of documentation, I started...

• Why does import cause errors in a permissioned upgrade (CoreEval) script? Is there a better way? · Agoric/agoric-sdk · Discussion #8087

[Chris-Hibbert]

I haven't been able to reproduce the bundles. I'd like to avoid checking them in at all.

Let's pair to come up with a working alternative.

[dckc]

The blank check in zcf-upgrade-permit.json is worth filling in.

[dckc]

That's a blank check for zcf-upgrade-permit.json to use all powers in the bootstrap space. We neglected to go back and fill in the actual amount. Based on what upgradeZoeAndZcf uses from its argument, that seems to be:

Suggested change

	true
	{
	"consume": { "vatStore": true, "vatAdminSvc": true }
	}

[Chris-Hibbert]

done

[dckc]