Skip to content

feat(test): TestRelease + general keygen — run the release harness via the SDK (WS-I)#440

Merged
bdchatham merged 3 commits into
mainfrom
feat/test-release
Jun 23, 2026
Merged

feat(test): TestRelease + general keygen — run the release harness via the SDK (WS-I)#440
bdchatham merged 3 commits into
mainfrom
feat/test-release

Conversation

@bdchatham

@bdchatham bdchatham commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

What

Final WS-I suite: ports the release-validation scenario to a Go-native TestRelease, and refactors keygen out of seitask into a general package.

  • internal/keygen (new, k8s-free): the BIP-39 → cosmos-secp256k1 → bech32 derivation, Derive() Identity. internal/seitask/keygen keeps only the Secret/workflow-vars writer over it (the part the cutover deletes). Pre-empts the cutover-lift; hd.go/hd_test.go moved verbatim.
  • TestRelease: derive a funded admin → provision 4 validators + 1 EVM-serving RPC (kv index, memiavl, legacy sei_* APIs) → mnemonic Secret → run the external release-test image as a Job → gate on exit code + chain liveness.
  • SDK: Node.REST(), sei.WaitRESTServing, TaskSpec.Labels (all additive).

Review

Full Coral slate (sei-network dissenter + systems + k8s + idiom), blinded. The dissenter caught a false-pass — the scenario's env is envFrom workflow-vars CM ∪ explicit list, and the CM carries RPC_EVM_RPC_LIST with no explicit equivalent, so a harness sub-case could skip silently and still exit 0. Fixed (Job env reproduces the CM superset). Plus: WaitRESTServing (LCD cold-start), verdict observability (log the harness pass-count), Job resources/ttl, maps.Clone the package-global config, waitJob ctx-branch pod-log tail.

Empirical answers from review+smoke: fullNode serves REST by default (ModeFull → REST.Enable=true; validators don't — explains the upgrade suite's api.rest.enable); nightly is unenforced-PSS and the scenario sets no securityContext, so none is imposed on the harness image.

Ledger: test/integration/.xreview/release-suite.md

Test

go build/vet -tags integration + golangci-lint — 0 issues. keygen refactor verified behavior-preserving (pure extraction). Smoke-proven live on harbor with the real release-test image (c28ce94): --- PASS: TestRelease (2313s), external harness 749 passing / 0 failed / exitCode 0, clean self-teardown.

With this, all four suites (load, chaos, upgrade, release) run through the harness + SDK.

🤖 Generated with Claude Code

bdchatham and others added 3 commits June 23, 2026 11:17
@bdchatham @claude
refactor(keygen): extract general Sei key derivation out of seitask
6629e7c 
The BIP-39 → cosmos secp256k1 → bech32 derivation is general and reused
by the test harness, so move it to a k8s-free internal/keygen package
(Derive() Identity). internal/seitask/keygen keeps only the
seitask-runner's Secret + workflow-vars writer, layered on top via
keygen.Derive — and is the only part the cutover deletes.

hd.go + hd_test.go move verbatim (git mv); Run now calls keygen.Derive.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bdchatham @claude
feat(test): TestRelease runs the external release-test harness via th…
0b2840f 
…e SDK

Ports the release-validation scenario to a Go-native suite: derive a
funded admin account (internal/keygen), provision 4 validators + one
EVM-serving RPC follower (kv indexing, memiavl, legacy sei_* EVM APIs),
hand the harness its endpoints + admin mnemonic (Secret/secretKeyRef),
run the external release-test image as a Job, and gate on its exit code.
The harness image owns the functional assertions; this suite stands up
the chain and reports liveness. Replaces the Workflow's keygen +
provision + run-release-test steps with statement order + the SDK.

One RPC node (vs the load suite's two) is deliberate — the harness runs
stateful EVM-filter/send-then-wait sequences needing one consistent
mempool + filter-store.

SDK: add Node.REST() (reads SeiNode status.endpoint.tendermintRest), the
follower REST endpoint the harness consumes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@bdchatham @claude
fix(test): resolve TestRelease xreview + smoke (env superset, REST pr…
169de22 
…obe, deadline)

Full Coral slate (sei-network dissenter + systems + k8s + idiom) + a live
smoke on harbor (749/749 harness tests passing, exitCode 0).

- Dissenter (false-pass): the scenario injects env via `envFrom
  workflow-vars CM` ∪ the explicit list, and the CM carries
  RPC_EVM_RPC_LIST with no explicit equivalent — a harness sub-case could
  skip silently and still exit 0. Job env now reproduces the CM superset.
- REST cold-start: add sei.WaitRESTServing (LCD binds later than EVM);
  probe it serves before handing the URL to the harness.
- Verdict observability: log the harness pod-log tail on success too, so
  a skip-but-pass is visible (the run shows "749 passing").
- Job: resources + ttlSecondsAfterFinished matching the scenario (nightly
  is unenforced-PSS and the scenario sets no securityContext, so none is
  imposed on the harness image). Deadline 60m + ctx 80m — the
  chain-agnostic suite runs ~38m.
- waitJob: tail the pod log on ctx/signal too; genericize messages.
- maps.Clone the package-global config before the SDK; keygen doc typo.

Ledger: test/integration/.xreview/release-suite.md
Smoke-proven: --- PASS: TestRelease (2313s), 749 passing / 0 failed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cursor

cursor Bot commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown

PR Summary

Medium Risk
Touches mnemonic derivation and Secret wiring for CI release runs; integration Job env and long-running cluster provisioning increase blast radius if misconfigured, but behavior is largely additive with smoke validation.

Overview
Adds TestRelease, a Go integration suite that replaces the Chaos-Mesh release-validation workflow: derive a genesis-funded admin, provision 4 validators + one EVM RPC follower via the SDK, inject the mnemonic through a Secret, run the external release-test image as a Job, and assert exit code plus post-run chain liveness. The Job env mirrors the old workflow-vars superset (including RPC_EVM_RPC_LIST) to avoid silent skip-but-pass; success also logs harness pod output.

Extracts internal/keygen (k8s-free Derive() + shared SecretMnemonicKey); internal/seitask/keygen now only writes Secrets/workflow-vars on top of it.

SDK additions: Node.REST(), k8s handle wiring, and sei.WaitRESTServing so REST is probed before the harness starts (LCD cold-start). waitJob tails pod logs on ctx timeout; releaseBaseConfig is cloned before network create.

Reviewed by Cursor Bugbot for commit 169de22. Bugbot is set up for automated code reviews on this repo. Configure here.

@bdchatham bdchatham merged commit 6301b22 into main Jun 23, 2026
5 checks passed
@bdchatham bdchatham deleted the feat/test-release branch June 23, 2026 19:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bdchatham