Supporting Private Workflow Registry

[patrickhuie19]

Supporting Private Workflow Registry

This change is part of a series of changes to allow the workflow engine to pull workflows from metadata sources other than the WorkflowRegistry.

For broader context, check out https://docs.google.com/document/d/1K5lLtczMe_HyrLTbdLNmb_jxj40lPCmMZW4OBjn7K5U/edit?tab=t.t17fuwqoj0w9#bookmark=id.i3vs01f9lvvr

For the workflow engine specific changes, this diagram is most relevant:

Series

[merged] chainlink-protos: smartcontractkit/chainlink-protos#255
[merged] chainlink-common: smartcontractkit/chainlink-common#1749
[In-review] chainlink: #20708

Changes specific to chainlink

• Supports AlternativeWorkflowMetadata sources configured via TOML: grpc brokered and file brokered (for on-prem deployments)
• Each source is responsible for fetching active + paused workflows. They present events directly to the reconciliation loop, so that if there is a failure on their source (RPC read failure, grpc server unavailable), they can gracefully wait for the next polling cycle w/o churning engine deletion.
• The GRPC workflow metadata source will be deployed to a server. JWT CSA-key based allowlist auth. Retries on retryable errors.
• Workflow execution and deployment events now include the workflow metadata source name to give us flexibility in our analytics and UI consumers to filter data by source.
• Adds metrics for future dashboards/alerting.

[github-actions]

I see you updated files related to core. Please run pnpm changeset in the root directory to add a changeset as well as in the text include at least one of the following tags:

• #added For any new functionality added.
• #breaking_change For any functionality that requires manual action for the node to boot.
• #bugfix For bug fixes.
• #changed For any change to the existing functionality.
• #db_update For any feature that introduces updates to database schema.
• #deprecation_notice For any upcoming deprecation functionality.
• #internal For changesets that need to be excluded from the final changelog.
• #nops For any feature that is NOP facing and needs to be in the official Release Notes for the release.
• #removed For any functionality/config that is removed.
• #updated For any functionality that is updated.
• #wip For any change that is not ready yet and external communication about it should be held off till it is feature complete.

[trunk-io]

     

Failed Test	Failure Summary	Logs
Test_CRE_GRPCSource_Lifecycle	The test failed during the gRPC source lifecycle, but the specific error causing the failure is not indicated in the logs.	Logs ↗︎
Test_CRE_GRPCSource_Lifecycle	The test failed without a specific error message, but it appears to be related to issues in the gRPC source lifecycle workflow or environment setup.	Logs ↗︎

View Full Report ↗︎ ⋅ Docs

[trunk-io]

     

Failed Test	Failure Summary	Logs
Test_CRE_V2_Cron_Regression	The test named Test_CRE_V2_Cron_Regression failed to complete successfully.	Logs ↗︎
Test_CRE_V2_EVM_EstimateGas_Invalid_To_Address_Regression/[v2]_EVM.EstimateGas_-_invalid_'to'_address_fails_with_not_authored_con...	The test failed because it could not connect to the local node, causing environment setup to fail.	Logs ↗︎
Test_CRE_V2_EVM_EstimateGas_Invalid_To_Address_Regression/[v2]_EVM.EstimateGas_-_invalid_'to'_address_fails_with_cut_hex	The test failed because it could not connect to the local node, causing environment setup to fail.	Logs ↗︎
Test_CRE_V2_EVM_FilterLogs_Invalid_Addresses_Regression/[v2]_EVM.FilterLogs_-_invalid_addresses_fails_with_invalid_address	The test failed because it could not connect to the local node, causing environment setup to fail.	Logs ↗︎

... and 48 more

View Full Report ↗︎ ⋅ Docs

[cedric-cordenier]

@patrickhuie19 I think you should lift this up into the syncer -- you're having to deal with inconsistent heads here, but if you just treated each source independently you'd avoid that

What I'm proposing is that in the syncUsingReconciliationStrategy you just:

• loop over the sources
• for each source -> fetch workflows and store associated head
• once you've fetched from all sources -> merge the result (and assert no overlapping!)
• then put it through the reconcile logic

[patrickhuie19]

handled a little differently: a117d58. updated the diagram in the description of the PR to match. syncUsingReconciliation loops over each source. each source will call ListWorkflowMetadata to get workflows, and then will send active + paused events to generateReconciliationEvents if there are no failures on the List action. In this way theres no deleting engine churn if on one polling cycle the eth mainnet rpc is down or the grpc server is unavailable after a few retries.

[cedric-cordenier]

Is Additional a better name here? (Alternative to me implies "replacement of", whereas we want to read from both)

[patrickhuie19]

hmm. we have to keep TOML backwards compatible, so it will take a few node revisions to deprecate the old TOML config section in favor of a more flexible section name like [[Capabilities.WorkflowRegistry.Source]] - i wanted to handle any such migration later on once we see usage.

[bolekk]

I'm with Cedric on this. How about "Offchain Sources"?

[cedric-cordenier]

I would avoid enforcing a limit here (if we have to have a limit, I'd raise it to eg. 5); I'm anticipating that this will probably need to change

[patrickhuie19]

Some context: Our polling cycle in the syncer is 12 seconds, so I think when we see this feature getting a lot of use, we would want to move to an individual polling cycle per source. I don't anticipate that happening for the next 12 months though, so putting a strawman limit on the alternative sources to help us not scatter metadata seems useful. Given that, would you still propose raising the limit?

[patrickhuie19]

Raised to 5: a117d58

[cedric-cordenier]

Ideally we would deprecate the old fields (Address, NetworkID, ContractVersion, ChainID)
And introduce a []SourcesConfig that supports both contract + grpc sources
Then in setFrom you can read from the deprecated fields and add a contract source to the sources

Everywhere else in the application uses sources going forward

[patrickhuie19]

Will schedule for a follow up ticket, good idea.

[patrickhuie19]

https://smartcontract-it.atlassian.net/browse/CRE-1634

[bolekk]

It will be hard to keep all sources together because config format is very different. How about a split into OnchainSources and OffchainSources? Potentially add XYZSources in the future.

[cedric-cordenier]

Does this need to be public if it's only used one line 52?

[patrickhuie19]

good catch, thanks

[cedric-cordenier]

Do you need a lock here? (Same question inside the List function)

This won't get called in parallel (the only thing calling this is the singleton sync routine)

[patrickhuie19]

I kept the lock to match the old pattern, which IFIUC had the lock in case the node was running the vault don functionality associated with the contract reader in addition to the engine deployment functionality. could remove; enables parallelization in tests w/ no cost for a singleton routine.

[cedric-cordenier]

One edge case to be careful of here is that if you fail to get a result from one source, but get a result from another and then try to reconcile that partial list of workflows, it will lead to any workflows from the failing source to be deleted

That probably isn't desirable. You'll either need to:

• just error at this point (even if you fetched one of the sources successfully)
• or do reconciliation based on the source alone (i.e. all workflows are tagged with a source and you reconcile each in turn)

Probably the second one is what we want

[patrickhuie19]

Agreed, thanks for the catch - the second option looks best to me as well

[patrickhuie19]

a117d58

[cedric-cordenier]

Nit: TryInitialize shouldn't be part of any public interface -- we should treat this as an internal detail of each source

[cedric-cordenier]

Can we move this out of the interface since it's only ever called internally (and in fact for some sources it does nothing)?

[patrickhuie19]

Yes good catch, thanks

[cedric-cordenier]

@patrickhuie19 Lots of comments are being removed here... some of which contains some useful information about what we're doing -- do we need to remove?

[patrickhuie19]

no, we want them, thanks - I thought i added back in.

[cl-sonarqube-production]

Quality Gate passed

Issues
4 New issues
2 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

[bolekk]

I'm with Cedric on this. How about "Offchain Sources"?

[bolekk]

It will be hard to keep all sources together because config format is very different. How about a split into OnchainSources and OffchainSources? Potentially add XYZSources in the future.

[bolekk]

Can you change the comment to "workflow DON with Gateway"? The name of the file is already confusing.

[bolekk]

"offchain"?

[bolekk]

nice!

[bolekk]

This is probably a ready Go library which core already imports. @jmank88 ?

[bolekk]

How about OnchainWorkflowSource?

[bolekk]

Is this pretty much a copy of the old "getAllWorkflowsMetadata"? Can you preserve the TODO comment that got removed please?