Skip to content

Origin Automated Actions #2854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
sparrowDom wants to merge 67 commits into
base: master
Choose a base branch
from
Draft

Origin Automated Actions #2854

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
67 commits
Select commit Hold shift + click to select a range
7fff2cd
add the KMS connector module
sparrowDom Mar 23, 2026
987c2ae
Merge remote-tracking branch 'origin/master' into sparrowDom/automate…
sparrowDom Mar 25, 2026
9e0eea5
ai review/plan
apexearth Mar 26, 2026
35c1b9a
supply cron configuration as a json file
sparrowDom Mar 26, 2026
0bca2c0
trigger cron-jobs via http request. Query the job result via HTTP
sparrowDom Mar 26, 2026
9db5c23
move actions
apexearth Mar 27, 2026
d1bb61a
convert to ts
apexearth Mar 27, 2026
9e68ee3
Merge branch 'sparrowDom/automated-actions-lite' of https://github.co…
apexearth Mar 27, 2026
cb262f1
rename/upgrade ts
apexearth Mar 27, 2026
6858bbd
make github build the image instead of docker
sparrowDom Mar 27, 2026
adcb500
fix node issue
sparrowDom Mar 27, 2026
80f660a
rename image
sparrowDom Mar 27, 2026
0371df6
another rename
sparrowDom Mar 27, 2026
9c91e74
fix naming mistakes
sparrowDom Mar 27, 2026
79075e5
Migrate Defender actions to TypeScript hardhat tasks
apexearth Mar 27, 2026
f52fbd3
test loki execution and ensure flush
apexearth Mar 27, 2026
c728f99
prettier
apexearth Mar 27, 2026
f42b623
fix prettier/lint conflict
apexearth Mar 27, 2026
e79b58d
Merge branch 'sparrowDom/automated-actions-lite-chris2' into sparrowD…
apexearth Mar 27, 2026
868b1ec
tweak how we log
apexearth Mar 28, 2026
9ae2bfc
create docker-compose env for local execution
apexearth Mar 28, 2026
55ccb19
add cron readme
apexearth Mar 28, 2026
baeeafb
lint fix
apexearth Mar 28, 2026
ee58e99
path fix
apexearth Mar 28, 2026
5db6014
fix output
apexearth Mar 28, 2026
a3c6ec1
healthcheck fix
apexearth Apr 1, 2026
cd81063
extract actions out of defender
apexearth Apr 1, 2026
243dba7
convert files to ts
apexearth Apr 2, 2026
22d77a4
expose kms signer
sparrowDom Apr 2, 2026
6a25d18
Merge remote-tracking branch 'origin/master' into sparrowDom/automate…
sparrowDom Apr 2, 2026
b6c9fb0
unify names
sparrowDom Apr 2, 2026
eadaae4
add support to base for handling bribes
sparrowDom Apr 2, 2026
1373e69
add some more cron-job configurations
sparrowDom Apr 3, 2026
da6abf3
Convert cron-jobs.json to typed cron-jobs.ts
apexearth Apr 4, 2026
2d49c6a
add skill file on how to transform actions from viem to hardhat
sparrowDom Apr 5, 2026
6d6b74e
convert first function from viem to hardhat
sparrowDom Apr 5, 2026
2bd9eca
convert the first action into hardhat and add Skills file
sparrowDom Apr 7, 2026
0bf7b24
from kebab case to camel case
sparrowDom Apr 7, 2026
c35f138
convert another function
sparrowDom Apr 7, 2026
baad11a
convert another functino
sparrowDom Apr 7, 2026
5f18017
some more function creations
sparrowDom Apr 7, 2026
eb14ecb
convert rebase
sparrowDom Apr 7, 2026
0e7f8f6
convert and test a couple of more functions
sparrowDom Apr 7, 2026
8225116
convert a few more actions
sparrowDom Apr 7, 2026
dee9d4d
add execute and propose actions
sparrowDom Apr 8, 2026
0dd1349
old docker insstance will no longer be required
sparrowDom Apr 8, 2026
804fc9d
add the beacon chain tasks into the same format
sparrowDom Apr 8, 2026
7d7060e
fix cronjob collissions
sparrowDom Apr 8, 2026
194cbe4
Merge remote-tracking branch 'origin/master' into sparrowDom/automate…
sparrowDom Apr 8, 2026
5a587ce
add votemarket call
sparrowDom Apr 9, 2026
e1b7857
separate cross chain message
sparrowDom Apr 9, 2026
5dd743c
add cross chain actions
sparrowDom Apr 9, 2026
ef16785
cross chain strategy actions
sparrowDom Apr 9, 2026
b8e6eca
add hyperliquid cron config
sparrowDom Apr 9, 2026
836c9bb
add hyper-evm actions
sparrowDom Apr 9, 2026
7d9da23
add comments explaining frequency
sparrowDom Apr 9, 2026
42afd0c
Add structured logging, observability docs, and action runner integra…
apexearth Apr 11, 2026
d8b0067
Refactor supervisor logging and extract API module
apexearth Apr 15, 2026
0f17acc
Add shared Postgres nonce queue for cross-repo transaction serializat…
sparrowDom Apr 15, 2026
3622428
fix healthcheck network
apexearth Apr 15, 2026
f83484c
add a config var to increase gas estimate from the provider
sparrowDom Apr 15, 2026
0df4704
add explicit gas limit
sparrowDom Apr 15, 2026
7ddbf79
remove legacy rebase commands
sparrowDom Apr 15, 2026
f85b979
add the ability to store and list the lastest actions and their statu…
sparrowDom Apr 16, 2026
f7a6837
persist action name and run-id across the different log messages. All…
sparrowDom Apr 16, 2026
647bdd2
fix logging errors where action name and run id wouldn't get propagat…
sparrowDom Apr 16, 2026
baa8aa9
attempt to fix logging error
sparrowDom Apr 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions .github/workflows/contracts-automaton-prod-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
name: Contracts Actions Image

on:
push:
branches:
- origin-automaton-production
workflow_dispatch:

permissions:
contents: read
packages: write

jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Prepare image metadata
id: prep
run: |
IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/contracts-automaton-prod"
IMAGE_NAME="$(echo "${IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')"
echo "image_name=${IMAGE_NAME}" >> "${GITHUB_OUTPUT}"

- name: Build and push image
uses: docker/build-push-action@v5
with:
context: ./contracts
file: ./contracts/dockerfile-actions
push: true
tags: |
${{ steps.prep.outputs.image_name }}:latest
${{ steps.prep.outputs.image_name }}:${{ github.sha }}
106 changes: 78 additions & 28 deletions .github/workflows/defi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
name: DeFi
on:
on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- 'master'
- 'staging'
- 'stable'
- "master"
- "staging"
- "stable"
workflow_dispatch:

concurrency:
Expand All @@ -32,7 +32,7 @@ jobs:
node-version: "20.x"
cache: "pnpm"
cache-dependency-path: contracts/pnpm-lock.yaml

- name: Configure Git to use HTTPS for GitHub
run: git config --global url."https://github.com/".insteadOf "git@github.com:"

Expand Down Expand Up @@ -63,14 +63,14 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: "20.x"
cache: "pnpm"
cache-dependency-path: contracts/pnpm-lock.yaml

- name: Configure Git to use HTTPS for GitHub
run: git config --global url."https://github.com/".insteadOf "git@github.com:"

Expand All @@ -85,7 +85,7 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: unit-test-coverage-${{ github.sha }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1
Expand All @@ -101,7 +101,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand All @@ -125,7 +125,7 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: base-unit-test-coverage-${{ github.sha }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1
Expand All @@ -141,7 +141,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand All @@ -165,17 +165,67 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: sonic-unit-test-coverage-${{ github.sha }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1

contracts-nonce-queue-test:
name: "Nonce Queue Integration"
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: nonce_test
POSTGRES_USER: test
POSTGRES_PASSWORD: test
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U test -d nonce_test"
--health-interval 5s
--health-timeout 5s
--health-retries 10
steps:
- uses: actions/checkout@v4

- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: "20.x"
cache: "pnpm"
cache-dependency-path: contracts/pnpm-lock.yaml

- name: Configure Git to use HTTPS for GitHub
run: git config --global url."https://github.com/".insteadOf "git@github.com:"

- name: Install deps
working-directory: ./contracts
run: pnpm install --frozen-lockfile

- name: Run nonce queue integration test
env:
DATABASE_URL: postgresql://test:test@localhost:5432/nonce_test
working-directory: ./contracts
run: |
pnpm exec ts-node tasks/lib/nonceQueue.test.ts
pnpm exec ts-node tasks/lib/nonceQueueTxLifecycle.test.ts
pnpm exec ts-node tasks/lib/nonceQueueTxHistory.test.ts
pnpm exec ts-node cron/api.test.ts

contracts-forktest:
name: "Mainnet Fork Tests ${{ matrix.chunk_id }}"
runs-on: ubuntu-latest
strategy:
matrix:
chunk_id: [0,1,2,3]
chunk_id: [0, 1, 2, 3]
continue-on-error: true
env:
HARDHAT_CACHE_DIR: ./cache
Expand All @@ -192,7 +242,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -221,7 +271,7 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: fork-test-coverage-${{ github.sha }}-runner${{ matrix.chunk_id }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1
Expand All @@ -242,7 +292,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -271,7 +321,7 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: fork-test-arb-coverage-${{ github.sha }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1
Expand All @@ -292,7 +342,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -321,11 +371,11 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: fork-test-base-coverage-${{ github.sha }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1

contracts-sonic-forktest:
name: "Sonic Fork Tests"
runs-on: ubuntu-latest
Expand All @@ -342,7 +392,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -371,11 +421,11 @@ jobs:
- uses: actions/upload-artifact@v4
with:
name: fork-test-sonic-coverage-${{ github.sha }}
path: |
path: |
./contracts/coverage.json
./contracts/coverage/**/*
retention-days: 1

contracts-plume-forktest:
name: "Plume Fork Tests"
runs-on: ubuntu-latest
Expand All @@ -392,7 +442,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -501,7 +551,7 @@ jobs:
key: ${{ runner.os }}-hardhat-${{ hashFiles('contracts/cache/*.json') }}
restore-keys: |
${{ runner.os }}-hardhat-cache

- name: Download all reports
uses: actions/download-artifact@v4

Expand All @@ -519,7 +569,7 @@ jobs:
- name: Set up Python 3.10
uses: actions/setup-python@v5
with:
python-version: '3.10'
python-version: "3.10"

- name: Install dependencies
run: |
Expand All @@ -534,7 +584,7 @@ jobs:
with:
version: 10
run_install: false

- name: Use Node.js
uses: actions/setup-node@v4
with:
Expand Down Expand Up @@ -564,4 +614,4 @@ jobs:
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high --all-projects
args: --severity-threshold=high --all-projects
21 changes: 21 additions & 0 deletions contracts/.eslintrc.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,25 @@ module.exports = {
"no-only-tests/no-only-tests": "error",
"no-unused-vars": [2, { vars: "all", args: "after-used" }],
},
overrides: [
{
files: ["**/*.ts"],
parser: "@typescript-eslint/parser",
parserOptions: {
project: "./tsconfig.json",
sourceType: "module",
},
plugins: ["@typescript-eslint"],
extends: ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
rules: {
"no-unused-vars": "off",
"@typescript-eslint/no-unused-vars": [
2,
{ vars: "all", args: "after-used" },
],
"@typescript-eslint/no-explicit-any": "off",
"@typescript-eslint/no-require-imports": "off",
},
},
],
};
23 changes: 21 additions & 2 deletions contracts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,9 @@ If enabled, the gas usage will be output in a table after the tests have execute
When using Hardhat tasks, there are a few options for specifying the wallet to send transactions from.

1. Primary key
2. Impersonate
3. Defender Relayer
2. AWS KMS signer
3. Impersonate
4. Defender Relayer

### Primary Key

Expand All @@ -262,6 +263,24 @@ unset DEPLOYER_PK
unset GOVERNOR_PK
```

### AWS KMS Signer

Hardhat tasks can sign transactions with AWS KMS when both `AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY` are set.

The default `relayer-id` is `origin-relayer-production-evm`. Some tasks can be mapped
to different defaults in code, and a user-provided task parameter always wins:

```
npx hardhat <task> --network <network> --relayer-id <kms-key-id-or-alias>
```

The relayer resolution precedence is:

1. `--relayer-id`
2. task-name based override map
3. global default (`origin-relayer-production-evm`)

### Impersonate

If using a fork test or node, you can impersonate any externally owned account or contract. Export `IMPERSONATE` with the address of the account you want to impersonate. The account will be funded with some Ether. For example
Expand Down
1 change: 1 addition & 0 deletions contracts/cron/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
cronjob
Loading
Loading