Skip to content

feat: continuous rerand #2007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
philsippl wants to merge 80 commits into
base: main
Choose a base branch
from
Open

feat: continuous rerand #2007

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
80 commits
Select commit Hold shift + click to select a range
d61d65b
initial implementation
philsippl Feb 27, 2026
03557fd
simplfy and fixes
philsippl Feb 27, 2026
262af1a
clippy and semgrep
philsippl Feb 27, 2026
b8985bf
fixes
philsippl Feb 27, 2026
8a017c9
migrations for schema
philsippl Feb 27, 2026
ed710ad
fix chunk sync
philsippl Feb 27, 2026
b608592
more fixes
philsippl Feb 27, 2026
d7cfd39
modification fence
philsippl Feb 27, 2026
42cbfd0
up
philsippl Feb 28, 2026
82a306b
update design
philsippl Feb 28, 2026
71b3dbd
clean up
philsippl Feb 28, 2026
7cf445d
simplify
philsippl Feb 28, 2026
d7e02c9
update e2e
philsippl Feb 28, 2026
53da85f
up spec
philsippl Feb 28, 2026
68a593c
fmt + clippy
philsippl Feb 28, 2026
7d2543b
Merge branch 'main' into ps/cont-rerand
philsippl Feb 28, 2026
f0479f9
run in ci
philsippl Mar 1, 2026
4ccf85e
up
philsippl Mar 1, 2026
dc94b35
fix mermaid
philsippl Mar 1, 2026
022d8f0
fix mermaid
philsippl Mar 2, 2026
3a43859
more
philsippl Mar 2, 2026
e78e96b
pr feedback
philsippl Mar 4, 2026
e1f1547
Merge branch 'main' of github.com:worldcoin/iris-mpc into ps/cont-rerand
philsippl Mar 4, 2026
8d78951
fmt
philsippl Mar 4, 2026
adcba77
removed flaky test
philsippl Mar 4, 2026
a425598
up
philsippl Mar 9, 2026
d1f170e
Merge branch 'main' of github.com:worldcoin/iris-mpc into ps/cont-rerand
philsippl Mar 9, 2026
5fe0150
up ampc-common
philsippl Mar 9, 2026
85363d6
codex feedback
philsippl Mar 10, 2026
9ada456
prepare a docker image
wojciechsromek Mar 20, 2026
5e63cd6
deployment wip
wojciechsromek Mar 20, 2026
4d63f6d
per node configs
wojciechsromek Mar 20, 2026
ab259f9
unify naming
wojciechsromek Mar 20, 2026
13c2121
start running on a non-main schema
wojciechsromek Mar 20, 2026
661343c
first start in iris-mpc stage, not ampc dev
wojciechsromek Mar 23, 2026
0248649
use full service name for smpc stage deploy
wojciechsromek Mar 25, 2026
1cad16f
unify naming
wojciechsromek Mar 25, 2026
bf68472
make sure to use secrets prefixed with service name
wojciechsromek Mar 25, 2026
9e195ca
correct service account name
wojciechsromek Mar 25, 2026
f3f5e51
correct node selector
wojciechsromek Mar 25, 2026
c958cad
proper github-secret notation
wojciechsromek Mar 25, 2026
8debfea
debug issue with s3
wojciechsromek Mar 25, 2026
71e7b94
fmt
wojciechsromek Mar 25, 2026
cb27d6a
new SHA + clippy fix
wojciechsromek Mar 25, 2026
01d4f9d
new sha
wojciechsromek Mar 25, 2026
0bbe0c3
sha + correct secret prefix
wojciechsromek Mar 25, 2026
d794dba
sha + params
wojciechsromek Mar 25, 2026
5b9902b
scale down for the night
wojciechsromek Mar 25, 2026
f048993
scale up
wojciechsromek Mar 26, 2026
8d3e011
set health endpoint, enable datadog
wojciechsromek Mar 26, 2026
e6870f8
Merge branch 'main' of github.com:worldcoin/iris-mpc into ps/cont-rerand
philsippl Mar 26, 2026
7b93ea1
up
philsippl Mar 26, 2026
eeabfa6
up
philsippl Mar 26, 2026
bbded4e
verify bin
philsippl Mar 26, 2026
c24da43
user last public localstack version
wojciechsromek Mar 26, 2026
ef509e1
build iris-mpc image from current branch
wojciechsromek Mar 26, 2026
ca45866
deploy iris-mpc with new migrations
wojciechsromek Mar 26, 2026
94460c6
support different schemas
philsippl Mar 26, 2026
9864889
scale down cont rereand
wojciechsromek Mar 26, 2026
7b07ce0
do not use s3 loader in stage
wojciechsromek Mar 27, 2026
4b98f95
verification binary
wojciechsromek Mar 27, 2026
b28c5f4
stopping iris-mpc
wojciechsromek Mar 30, 2026
d412c96
scale up rerand
wojciechsromek Mar 30, 2026
949fe6f
scale down rerand
wojciechsromek Mar 30, 2026
8bfcde9
scale up iris-mpc
wojciechsromek Mar 30, 2026
05da344
scale up rerand
wojciechsromek Mar 30, 2026
ea07805
iris, rerand down
wojciechsromek Mar 30, 2026
6f409ad
handle sigterm
wojciechsromek Mar 30, 2026
4161e46
clippy + fmt
wojciechsromek Mar 31, 2026
95a1a29
prevent limits on rand test
wojciechsromek Apr 3, 2026
ef4137a
public ecr on images
wojciechsromek Apr 3, 2026
73959b6
prepare a test with sigterm handle
wojciechsromek Apr 3, 2026
1a4f04d
gracefuly close rerand
wojciechsromek Apr 3, 2026
2c6f99a
deploy iris + rerand
wojciechsromek Apr 3, 2026
6f8f291
service down
wojciechsromek Apr 3, 2026
a036712
restore main iris-mpc version
wojciechsromek Apr 3, 2026
9b2a8c6
stop iris
wojciechsromek Apr 3, 2026
eb4c57d
run iris
wojciechsromek Apr 3, 2026
359bc0d
pr feedback
philsippl Apr 23, 2026
d66d314
rerand_enabled config and check
philsippl Apr 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/build-and-push-rerandomization-protocol.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
branches:
- main
- "fix/add-cacerts-to-rerandom-binary"
- "ps/cont-rerand"
paths:
- Dockerfile.shares-re-randomization
- iris-mpc-upgrade/**
Expand Down
70 changes: 70 additions & 0 deletions .github/workflows/continuous-rerand-e2e-tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: Continuous Rerand E2E Tests

on:
pull_request:

concurrency:
group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
cancel-in-progress: true

jobs:
rerand-e2e:
timeout-minutes: 30
runs-on:
labels: ubuntu-22.04-16core
permissions:
contents: read

steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

- name: Get all test, doc and src files that have changed
id: changed-files-yaml
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62
with:
files_yaml: |
src:
- Dockerfile*
- Cargo.lock
- Cargo.toml
- deny.toml
- rust-toolchain.toml
- iris-*/**
- iris-mpc-upgrade/**
- iris-mpc-store/**
- iris-mpc-common/**
- docs/specs/rerandomization.md
- migrations/**
- scripts/**
- iris-mpc-bins/bin/iris-mpc-upgrade/run-rerand-e2e-tests.sh
- iris-mpc-bins/bin/iris-mpc-upgrade/docker-compose.rand.yaml
- .github/workflows/continuous-rerand-e2e-tests.yaml

- name: Cache Rust build
if: steps.changed-files-yaml.outputs.src_any_changed == 'true'
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb
id: cache-rust
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: rust-build-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
rust-build-${{ runner.os }}-

- name: Install protobuf compiler
if: steps.changed-files-yaml.outputs.src_any_changed == 'true'
run: |
if command -v protoc > /dev/null; then
echo "protoc already installed: $(command -v protoc)"
else
sudo apt-get update
sudo apt-get install -y protobuf-compiler
fi

- name: Run rerandomization e2e tests
if: steps.changed-files-yaml.outputs.src_any_changed == 'true'
run: |
bash iris-mpc-bins/bin/iris-mpc-upgrade/run-rerand-e2e-tests.sh
1 change: 1 addition & 0 deletions .github/workflows/temp-branch-build-and-push.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
branches:
- "dev"
- "pop-3544-gpu-shutdown-guardrail"
- "ps/cont-rerand"

concurrency:
group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
Expand Down
21 changes: 18 additions & 3 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ thiserror = "1"
tokio = { version = "=1.49", features = ["full", "rt-multi-thread"] }
tokio-util = "0.7.15"
toml = { version = "0.8.23", features = ["preserve_order"] }
uuid = { version = "1", features = ["v4"] }
uuid = { version = "1", features = ["v4", "v7"] }
iris-mpc-cpu = { path = "./iris-mpc-cpu" }
ampc-anon-stats = { git = "https://github.com/worldcoin/ampc-common.git", rev = "edc8550e918dbb111c758a5883d971d7be10bc1f" }
ampc-actor-utils = { git = "https://github.com/worldcoin/ampc-common.git", rev = "edc8550e918dbb111c758a5883d971d7be10bc1f" }
Expand Down
67 changes: 67 additions & 0 deletions deploy/stage/common-values-iris-mpc-continuous-rerandomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
image: "ghcr.io/worldcoin/rerandomization-protocol:4161e46ca376d391c52139bd1b1d56ca420c1072"
replicaCount: 0

environment: stage

command: ["/bin/rerandomize-db"]
args:
- "rerandomize-continuous"

strategy:
type: Recreate

serviceAccount:
create: true
name: "iris-mpc-continuous-rerandomization"

datadog:
enabled: true

ports:
- containerPort: 3000
name: health
protocol: TCP

startupProbe:
httpGet:
path: /health
port: health

livenessProbe:
httpGet:
path: /health
port: health

readinessProbe:
periodSeconds: 20
failureThreshold: 4
httpGet:
path: /health
port: health

podSecurityContext:
runAsUser: 65534
runAsGroup: 65534

imagePullSecrets:
- name: github-secret

resources:
limits:
cpu: 3.5
memory: 12Gi
requests:
cpu: 3.5
memory: 12Gi

nodeSelector:
kubernetes.io/arch: amd64
workload: "continuous_rerandomization"

tolerations:
- key: "dedicated"
operator: "Equal"
value: "continuousDbRerandomization"
effect: "NoSchedule"

concurrencyPolicy: Replace
2 changes: 1 addition & 1 deletion deploy/stage/common-values-iris-mpc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
image: "ghcr.io/worldcoin/iris-mpc:v0.31.5@sha256:af92dd27cabe80eb3a01fcec21960cb79d12a44e01f17459b83cc923c339f4d4"
replicaCount: 1

environment: stage
replicaCount: 1

strategy:
type: Recreate
Expand Down
26 changes: 26 additions & 0 deletions deploy/stage/smpcv2-0-stage/values-iris-mpc-continuous-rerandomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
env:
- name: SMPC__SERVICE__SERVICE_NAME
value: iris-mpc-continuous-rerandomization-0
- name: AWS_REGION
value: eu-north-1
- name: PARTY_ID
value: "0"
- name: DB_URL
valueFrom:
secretKeyRef:
key: DATABASE_AURORA_URL
name: application
- name: SCHEMA_NAME
value: SMPC_stage_0
- name: ENVIRONMENT
value: stage
- name: RERAND_S3_BUCKET
value: wf-smpcv2-stage-continuous-rerandomization
- name: CHUNK_SIZE
value: "2000"
- name: CHUNK_DELAY_SECS
value: "1"
- name: SAFETY_BUFFER_IDS
value: "0"
- name: S3_POLL_INTERVAL_MS
value: "2000"
2 changes: 1 addition & 1 deletion deploy/stage/smpcv2-0-stage/values-iris-mpc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ env:
value: "wf-smpcv2-stage-sns-requests"

- name: SMPC__ENABLE_S3_IMPORTER
value: "true"
value: "false"

- name: SMPC__DB_CHUNKS_BUCKET_NAME
value: "iris-mpc-db-exporter-store-node-0-stage--eun1-az3--x-s3"
Expand Down
26 changes: 26 additions & 0 deletions deploy/stage/smpcv2-1-stage/values-iris-mpc-continuous-rerandomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
env:
- name: SMPC__SERVICE__SERVICE_NAME
value: iris-mpc-continuous-rerandomization-1
- name: AWS_REGION
value: eu-north-1
- name: PARTY_ID
value: "1"
- name: DB_URL
valueFrom:
secretKeyRef:
key: DATABASE_AURORA_URL
name: application
- name: SCHEMA_NAME
value: SMPC_stage_1
- name: ENVIRONMENT
value: stage
- name: RERAND_S3_BUCKET
value: wf-smpcv2-stage-continuous-rerandomization
- name: CHUNK_SIZE
value: "2000"
- name: CHUNK_DELAY_SECS
value: "1"
- name: SAFETY_BUFFER_IDS
value: "0"
- name: S3_POLL_INTERVAL_MS
value: "2000"
2 changes: 1 addition & 1 deletion deploy/stage/smpcv2-1-stage/values-iris-mpc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ env:
value: "wf-smpcv2-stage-sns-requests"

- name: SMPC__ENABLE_S3_IMPORTER
value: "true"
value: "false"

- name: SMPC__DB_CHUNKS_BUCKET_NAME
value: "iris-mpc-db-exporter-store-node-1-stage--eun1-az3--x-s3"
Expand Down
26 changes: 26 additions & 0 deletions deploy/stage/smpcv2-2-stage/values-iris-mpc-continuous-rerandomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
env:
- name: SMPC__SERVICE__SERVICE_NAME
value: iris-mpc-continuous-rerandomization-2
- name: AWS_REGION
value: eu-north-1
- name: PARTY_ID
value: "2"
- name: DB_URL
valueFrom:
secretKeyRef:
key: DATABASE_AURORA_URL
name: application
- name: SCHEMA_NAME
value: SMPC_stage_2
- name: ENVIRONMENT
value: stage
- name: RERAND_S3_BUCKET
value: wf-smpcv2-stage-continuous-rerandomization
- name: CHUNK_SIZE
value: "2000"
- name: CHUNK_DELAY_SECS
value: "1"
- name: SAFETY_BUFFER_IDS
value: "0"
- name: S3_POLL_INTERVAL_MS
value: "2000"
2 changes: 1 addition & 1 deletion deploy/stage/smpcv2-2-stage/values-iris-mpc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ env:
value: "wf-smpcv2-stage-sns-requests"

- name: SMPC__ENABLE_S3_IMPORTER
value: "true"
value: "false"

- name: SMPC__DB_CHUNKS_BUCKET_NAME
value: "iris-mpc-db-exporter-store-node-2-stage--eun1-az3--x-s3"
Expand Down
Loading
Loading