test: ibc integration test

[julienrbrt]

Overview

ref: #133, #42

Summary by CodeRabbit

• Chores
  • Updated the integration test workflow to include both liveness and IBC connectivity tests.
  • Added automated testing for token transfers between Rollkit and Celestia chains using IBC.
  • Improved artifact handling and test reporting for easier debugging.

[coderabbitai]

Walkthrough

The GitHub Actions workflow for integration testing was renamed and restructured into two jobs: liveness and ibc. The liveness job sets up a Rollkit chain, creates accounts, and tests transactions. The new ibc job depends on liveness and tests IBC connectivity and ICS20 token transfers between Rollkit and a Celestia chain.

Changes

File(s)	Change Summary
.github/workflows/integration_test.yml	Renamed and split workflow into liveness and ibc jobs; added IBC integration and ICS20 transfer tests; modified transaction test to send tokens from Bob to Carol; added artifact handling and process cleanup.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant Liveness Job
    participant Rollkit Chain
    participant Carol
    participant Bob
    participant IBC Job
    participant Celestia Chain
    participant Hermes Relayer

    GitHub Actions->>Liveness Job: Start liveness job
    Liveness Job->>Rollkit Chain: Scaffold and start chain
    Liveness Job->>Carol: Create account, capture mnemonic
    Liveness Job->>Bob: Use existing account
    Bob->>Carol: Send tokens (transaction test)
    Liveness Job->>GitHub Actions: Upload artifacts (gm binary, gmd home, Carol's mnemonic)
    GitHub Actions->>IBC Job: Start ibc job (after liveness)
    IBC Job->>GitHub Actions: Download artifacts
    IBC Job->>Celestia Chain: Start chain, recover Carol's account
    IBC Job->>Hermes Relayer: Configure and start relayer
    IBC Job->>Rollkit Chain: Start chain
    IBC Job->>Hermes Relayer: Create IBC connection & channel
    Rollkit Chain->>Celestia Chain: Send ICS20 tokens via IBC
    Celestia Chain->>Rollkit Chain: Send ICS20 tokens back
    IBC Job->>GitHub Actions: Output test results and logs

Loading

Possibly related issues

• IBC CI test + Fix block results tests #133: This PR adds IBC connection and ICS20 transaction tests in CI, directly addressing the objective of this issue.

Possibly related PRs

• ci: add tx test in integration test #87: Both PRs modify the integration test workflow file and involve transaction tests, though this PR expands the scope to include IBC.
• ci: add liveness test #81: This PR extends and splits the workflow introduced in ci: add liveness test #81, adding IBC testing and enhancing liveness checks.

Suggested reviewers

• randygrok
• tac0turtle

Poem

A rabbit hops through YAML fields,
Splitting tests for truth revealed.
Liveness first, then IBC,
Tokens dance from chain to chain with glee.
Carol and Bob, with mnemonics in tow,
Ensure our blockchains smoothly flow!
🐰✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

.github/workflows/integration_test.yml (2)

70-70: Address the remaining TODO before merging
The placeholder for pinning the Rollkit dependency (# TODO(@julienrbrt) this should be replaced with a specific commit hash) needs resolution to ensure build reproducibility.

Would you like me to help replace main with a stable commit hash here?

---

273-278: Use the captured GMD_HOME env var when starting Rollkit
You’ve set GMD_HOME from the liveness job’s output but then hardcode --home ./gmd/.gm. Consider replacing this with --home $GMD_HOME to avoid path assumptions.

- ./gmd/go/bin/gmd start ... --home ./gmd/.gm > chain.log 2>&1 &
+ ./gmd/go/bin/gmd start ... --home "$GMD_HOME" > chain.log 2>&1 &

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fa80885 and fe1e585.

📒 Files selected for processing (1)

• .github/workflows/integration_test.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test / Run Unit Tests
• GitHub Check: Test with Rollkit Chain

🔇 Additional comments (2)

.github/workflows/integration_test.yml (2)

17-20: Correct mapping of step outputs to job outputs
The liveness job properly exposes carol_mnemonic and gmd_home for downstream jobs via needs.liveness.outputs.

---

107-116: Verify actions/upload-artifact parameters
The include-hidden-files option is not officially supported by actions/upload-artifact@v4. Please confirm this flag’s validity or remove it to avoid silent failures when uploading the gmd binary and home directory.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

.github/workflows/integration_test.yml (3)

242-247: Add checksum verification for Hermes binary
Downloading the Hermes relayer without verifying its checksum is vulnerable to tampering.

- wget https://github.com/informalsystems/hermes/releases/download/${HERMES_VERSION}/hermes-${HERMES_VERSION}-x86_64-unknown-linux-gnu.tar.gz
+ wget https://github.com/informalsystems/hermes/releases/download/${HERMES_VERSION}/hermes-${HERMES_VERSION}-x86_64-unknown-linux-gnu.tar.gz
+ wget https://github.com/informalsystems/hermes/releases/download/${HERMES_VERSION}/checksums.txt
+ grep "hermes-${HERMES_VERSION}-x86_64-unknown-linux-gnu.tar.gz" checksums.txt | sha256sum -c -
  tar -xzf hermes-${HERMES_VERSION}-x86_64-unknown-linux-gnu.tar.gz
  sudo mv hermes /usr/local/bin/hermes

---

343-351: Assert on IBC transfer to Celestia
Currently, the step only prints the post-transfer balance. To enforce test failure on mismatch, add pre-balance capture and a comparison exit check.

Example diff:

- BALANCE=$(celestia-appd query bank balances $CELESTIA_ADDR --output json --node http://localhost:26654 | jq '.balances')
- echo "Celestia balance after IBC transfer: $BALANCE"
+ PRE_BALANCE=$(celestia-appd query bank balances $CELESTIA_ADDR --output json --node http://localhost:26654 | jq -r '.balances[0].amount')
+ hermes tx amount=100stake ...
+ BALANCE=$(celestia-appd query bank balances $CELESTIA_ADDR --output json --node http://localhost:26654 | jq -r '.balances[0].amount')
+ if [ "$BALANCE" -ne "$((PRE_BALANCE + 100))" ]; then
+   echo "IBC transfer failed: expected $((PRE_BALANCE + 100)), got $BALANCE"
+   exit 1
+ fi

---

236-241: Add checksum verification for Celestia binary
Fetching the Celestia App without integrity checks poses a supply-chain risk.

Apply this diff:

- wget https://github.com/celestiaorg/celestia-app/releases/download/${CEL_VERSION}/celestia-app_Linux_x86_64.tar.gz
+ wget https://github.com/celestiaorg/celestia-app/releases/download/${CEL_VERSION}/celestia-app_Linux_x86_64.tar.gz
+ wget https://github.com/celestiaorg/celestia-app/releases/download/${CEL_VERSION}/checksums.txt
+ grep "celestia-app_Linux_x86_64.tar.gz" checksums.txt | sha256sum -c -
  tar -xzf celestia-app_Linux_x86_64.tar.gz
  sudo mv celestia-appd /usr/local/bin/celestia-appd

🧹 Nitpick comments (2)

.github/workflows/integration_test.yml (2)

107-115: Archive chain binary and home directory
Uploading both the gmd binary and its home directory is good. For clarity, consider naming the artifact explicitly (e.g., name: gmd) so that downstream downloads target it directly.

---

233-235: Download chain artifacts explicitly
actions/download-artifact without a name: will fetch all artifacts. To avoid surprises if more artifacts are added, explicitly set with: name: gmd.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe1e585 and b2faeb3.

📒 Files selected for processing (1)

• .github/workflows/integration_test.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test / Run Unit Tests
• GitHub Check: Test with Rollkit Chain

🔇 Additional comments (13)

.github/workflows/integration_test.yml (13)

1-1: Update workflow name to reflect IBC tests
The workflow name now captures both liveness and IBC integration tests.

---

17-19: Expose outputs for cross-job usage
Capturing carol_mnemonic and gmd_home as job outputs is required for seeding the IBC job.

---

51-51: Ensure correct address prefix
The --address-prefix gm flag aligns account address formats with test expectations—please verify all downstream steps use the gm prefix.

---

87-93: Persist Carol’s mnemonic for IBC tests
Generating and exporting Carol’s mnemonic via both GITHUB_ENV and GITHUB_OUTPUT is essential for hermes key import.

---

95-106: Capture chain binary and config home
Recording GM_BINARY_PATH and GMD_HOME for artifact exchange looks correct and will facilitate reuse in the ibc job.

---

174-176: Switch transaction target to Carol
The send command now routes funds from Bob to Carol, matching the updated test scenario. Implementation is correct.

---

215-219: Introduce IBC test job
Adding the ibc job with a dependency on liveness cleanly separates chain liveness checks from IBC connectivity tests.

---

221-226: Pin relayer and Celestia App versions
Hardcoding HERMES_VERSION and CEL_VERSION is necessary for reproducible tests. Please confirm these versions exist and have no known critical vulnerabilities.

---

248-253: Initialize Celestia app with recovered validator key
Using --recover and --keyring-backend test is correct for non-interactive key import. Confirm the genesis account and chain ID align with what your tests expect.

---

264-270: Start local DA in IBC job
Re-cloning and starting the DA node again ensures the DA layer is running for the IBC tests.

---

274-281: Verify artifact extraction path
The invocation ./gmd/go/bin/gmd assumes the gmd binary and home directory extracted under ./gmd. Please verify the upload/download layout matches this path.

---

339-342: Establish IBC channel
Creating an unordered transfer channel between gm and celestia-local is correct.

---

371-385: Cleanup all background processes
The final cleanup step kills all PIDs, preventing resource leaks across jobs.

[alpe]

Nice setup. I can not run this locally. How about moving this to some bash scripts instead that are called by CI? I had a similar approach in my new branch

[julienrbrt]

Nice setup. I can not run this locally. How about moving this to some bash scripts instead that are called by CI? I had a similar approach in my new branch

You can actually, by just calling: act. Like for the other job, I am actually less for bash scripts, as it messes with the user local setup: #81 (comment)

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (2)

.github/workflows/integration_test.yml (2)

236-240: Add checksum verification for Celestia App binary
Downloading celestia-appd without verifying its checksum or signature risks supply-chain attacks. Introduce a checksum download and sha256sum -c step before extraction.

---

243-246: Add checksum verification for Hermes binary
Similarly, verify the integrity of the hermes release by downloading the official checksum file or signature and validating with sha256sum -c or GPG.

🧹 Nitpick comments (2)

.github/workflows/integration_test.yml (2)

107-115: Optimize artifact upload size
Uploading the entire GMD_HOME directory directly can produce oversized artifacts. Consider bundling the binary and home directory into a compressed archive before upload, for example:

-      uses: actions/upload-artifact@v4
+      run: |
+        tar czf gmd-artifact.tar.gz ${{ steps.paths.outputs.GM_BINARY_PATH }} ${{ steps.paths.outputs.GMD_HOME }}
+      uses: actions/upload-artifact@v4
       with:
         name: gmd
-        path: |
-          ${{ steps.paths.outputs.GM_BINARY_PATH }}
-          ${{ steps.paths.outputs.GMD_HOME }}
+        path: gmd-artifact.tar.gz

---

380-392: Graceful process cleanup
While kill -9 force-terminates processes, consider first sending a gentler signal (e.g., kill $PID) to allow clean shutdown, then fall back to -9 if needed.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b2faeb3 and e65069a.

📒 Files selected for processing (1)

• .github/workflows/integration_test.yml (7 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test / Run Unit Tests
• GitHub Check: Test with Rollkit Chain

🔇 Additional comments (6)

.github/workflows/integration_test.yml (6)

1-1: Trivial Workflow Rename
This update renames the workflow to accurately reflect the expanded scope. No further changes needed here.

---

17-17: Disable telemetry during CI runs
Setting DO_NOT_TRACK=true is a good practice to prevent unwanted telemetry in automated environments.

---

18-20: Expose outputs for dependent jobs
Capturing Carol’s mnemonic and the GMD_HOME directory as job outputs is correct and enables the ibc job to consume these values.

---

51-51: Chain scaffolding command
The ignite scaffold chain gm --no-module --skip-git --address-prefix gm invocation is appropriate for creating an isolated test chain.

---

95-106: Capture GMD binary path and home directory
Correctly resolving and exporting GM_BINARY_PATH and GMD_HOME for artifact uploads and downstream consumption. No issues detected.

---

369-376: Enhanced failure logging
Collecting chain.log, celestia.log, and hermes.log on failure significantly improves debugging capabilities.