Skip to content

ci(frost): compile + test the frost_roast_retry activation path in CI#4130

Merged
mswilkison merged 2 commits into
feat/frost-schnorr-migration-scaffoldfrom
ci/frost-roast-retry-build-coverage
Jul 2, 2026
Merged

ci(frost): compile + test the frost_roast_retry activation path in CI#4130
mswilkison merged 2 commits into
feat/frost-schnorr-migration-scaffoldfrom
ci/frost-roast-retry-build-coverage

Conversation

@mswilkison

Copy link
Copy Markdown
Contributor

Why

This closes the sole production-activation blocker found in the deep production-readiness review of the ROAST retry work (stacked on #3866).

The interactive FROST + ROAST retry coordinator flow — BeginAttempt / RecordEvidence / AggregateBundle / VerifyBundle / NextAttempt, i.e. liveness plus slashing/blame — lives behind the frost_roast_retry Go build tag (~50 files). No CI job ever set that tag:

  • client.yml (~line 138) and release.yml (~line 56) run untagged go build/test ./..., which compiles only the !frost_roast_retry no-op stubs.
  • frost-cgo-integration.yml (~line 111) built only -tags "frost_native frost_tbtc_signer" and -run-filtered to the TestRealCgoInteractiveSigning* family.

Net effect: the entire ROAST retry state machine and ~30 frost_native unit tests never compiled or ran anywhere in CI, and make build (the release/Docker path) shipped the ROAST-retry-noop default build. The rollout doc also falsely claimed CI already exercised the tag.

What this changes

.github/workflows/client.yml — new client-frost-roast-retry job (plain Go, cgo off, no Docker; runs on every PR touching Go):

  • go build -tags "frost_roast_retry" ./... and go build -tags "frost_native frost_roast_retry" ./... (mock-FFI, no Rust lib).
  • go test under the three non-cgo tag sets that cover the whole matrixfrost_native, frost_roast_retry, frost_native frost_roast_retry — over ./pkg/frost/... and ./pkg/tbtc/....

.github/workflows/frost-cgo-integration.yml:

  • Adds frost_roast_retry to the real-crypto cgo tag set (frost_native frost_tbtc_signer frost_roast_retry).
  • Drops the narrow -run filter so the whole tagged ./pkg/frost/signing/ suite runs against the linked libfrost_tbtc, with skips still forbidden (KEEP_CORE_FROST_REQUIRE_CGO=true). Safe by construction: the heavy multiproc e2e tests already ran (matched by the old substring regex) and spawn their worker subprocesses with anchored -test.run, so dropping the outer filter only adds lighter tagged unit tests.
  • New step smoke-builds the activation artifact via make build-frost using the lib built earlier in the job.
  • Adds Makefile to the path triggers.

Makefile — new build-frost target: produces the ROAST-retry activation binary (tags frost_native frost_tbtc_signer frost_roast_retry, cgo-linked to libfrost_tbtc with the same CGO_LDFLAGS as the cgo workflow). The default make build still ships the !frost_roast_retry stubs; adopting the tagged artifact in the release/Docker path is gated on the readiness-manifest flip and is intentionally left to that decision (the Rust lib currently lives on a separate branch — see ci/frost-signer-pin.env), so this PR makes the artifact producible + CI-validated rather than silently flipping the default release image.

docs/development/frost-roast-retry-rollout.adoc: replaces the false "CI already exercises the tag" claim with an accurate description of the coverage above.

Validated locally (system Go, cgo disabled)

Check Result
go build -tags "frost_roast_retry" ./... compiles clean
go build -tags "frost_native frost_roast_retry" ./... compiles clean
go test -tags "frost_native" ./pkg/frost/... ./pkg/tbtc/... pass
go test -tags "frost_roast_retry" ./pkg/frost/... ./pkg/tbtc/... pass
go test -tags "frost_native frost_roast_retry" ./pkg/frost/... ./pkg/tbtc/... pass
make -n build-frost expands correctly

The tagged builds compiled clean and every newly-run non-cgo tagged test passed — no failures were surfaced, and no assertion was weakened.

Deferred to CI: the cgo-linked full build/tests and the make build-frost smoke — these require building the Rust libfrost_tbtc, which cannot be done locally without the pinned signer source. The cgo job already builds that lib, so those steps are correct by construction (they reuse the same lib + CGO_LDFLAGS).

Follow-ups / known gaps

  • cgo path is CI-only-validated. The frost_native frost_tbtc_signer frost_roast_retry real-crypto suite and make build-frost link libfrost_tbtc; they were not run on this machine. First green run of frost-cgo-integration.yml on this branch is the confirmation.
  • Release/Docker still ship the stub build by design. make build (Dockerfile build-docker stage) is unchanged; wiring build-frost into the release image is deferred to the readiness-manifest flip and to the branch merge that brings the signer crate in-tree (per ci/frost-signer-pin.env).
  • pkg/tbtc cgo-tagged tests (the 1–2 frost_native frost_tbtc_signer cgo files, e.g. real taproot-tx build) are not yet in the cgo gate; the cgo job keeps its pkg/frost/signing scope. Adding ./pkg/tbtc/ to the cgo run is a reasonable next step but pulls the heavy tbtc suite under real-crypto linking, so it is left as a follow-up.

🤖 Generated with Claude Code

The interactive FROST + ROAST retry coordinator flow (liveness +
evidence/blame) lives behind the `frost_roast_retry` build tag, but no CI
job ever set it: client.yml and release.yml run untagged `go build/test`,
and frost-cgo-integration.yml built only `frost_native frost_tbtc_signer`
and `-run`-filtered to the `TestRealCgoInteractiveSigning*` family. So the
entire ROAST retry state machine and ~30 `frost_native` unit tests never
compiled or ran in CI, and `make build` (the release/Docker path) shipped
the `!frost_roast_retry` no-op stubs. This closes that activation gap.

- client.yml: add a `client-frost-roast-retry` job that builds the
  coordinator path with cgo disabled (`go build -tags "frost_roast_retry"`
  and `-tags "frost_native frost_roast_retry"` over `./...`) and runs the
  tagged unit tests under the three non-cgo tag sets that cover the whole
  matrix (`frost_native`, `frost_roast_retry`,
  `frost_native frost_roast_retry`) over ./pkg/frost/... and ./pkg/tbtc/...
  against the mock FFI (no Rust lib, no Docker).

- frost-cgo-integration.yml: add `frost_roast_retry` to the real-crypto
  cgo tag set and drop the narrow `-run` filter so the whole tagged
  pkg/frost/signing suite runs against the linked libfrost_tbtc (skips
  still forbidden); the heavy multiproc e2e tests already ran and
  self-constrain their worker subprocesses with anchored `-test.run`, so
  dropping the outer filter only adds lighter tagged unit tests. Add a
  step that smoke-builds the activation artifact via `make build-frost`.

- Makefile: add a `build-frost` target that produces the ROAST-retry
  activation binary (tags `frost_native frost_tbtc_signer
  frost_roast_retry`, cgo-linked to libfrost_tbtc with the same
  CGO_LDFLAGS as the cgo workflow).

- frost-roast-retry-rollout.adoc: replace the false claim that CI already
  exercised the tag with an accurate description of the new coverage.

Locally validated (system Go, cgo off): `go build -tags "frost_roast_retry"
./...` and `-tags "frost_native frost_roast_retry" ./...` compile clean;
all three non-cgo tag sets pass on ./pkg/frost/... and ./pkg/tbtc/...
The cgo-linked full build is deferred to CI (requires building the Rust
libfrost_tbtc, which the cgo workflow does from the pinned signer source).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 57491869-610a-4b0f-a447-13f3c193dcdf

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/frost-roast-retry-build-coverage

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

…c is linked

Dropping the narrow `-run` filter in frost-cgo-integration.yml made
`TestRegisterBuildTaggedTBTCSignerEngine` run for the first time under the
cgo gate, where it failed: it asserts every engine operation returns
`ErrNativeCryptographyUnavailable`, a fail-closed contract that only holds
when libfrost_tbtc is NOT linked (the cgo bridge is compiled but the
frost_tbtc_* symbols are unresolvable via dlsym). Under the gate the lib IS
linked, so `StartSignRound` instead reached the real signer and its
provenance gate, producing a different error.

Probe the linked lib with `assertTBTCSignerABICompatible()` - the same
check the ABI preflight uses, which keeps `ErrNativeCryptographyUnavailable`
in the chain iff the lib is absent - and skip the fail-closed assertions
with a reason when the lib is present. The registration-wiring assertions
still run under both builds, and the linked-lib crypto path is covered by
`TestBuildTaggedTBTCSignerInteractiveFROSTBridge_WithLinkedSigner` and the
`TestRealCgoInteractiveSigning*` suite. No assertion was weakened and no
production code was touched; this matches the skip-when-unavailable pattern
already used by the neighbouring cgo tests.

Validated locally by building libfrost_tbtc from the pinned signer mirror
and running the whole tagged pkg/frost/signing suite with the lib linked
and KEEP_CORE_FROST_REQUIRE_CGO=true: 402 pass, 1 skip (this test), 0 fail;
the real-crypto DKG/multiproc e2e tests ran and passed. Without the lib
linked the test still runs its fail-closed assertions and passes.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@mswilkison mswilkison merged commit 8b97d7f into feat/frost-schnorr-migration-scaffold Jul 2, 2026
18 checks passed
@mswilkison mswilkison deleted the ci/frost-roast-retry-build-coverage branch July 2, 2026 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant