Compiling non-prod code only when explicitly specified (#2605)

.github/workflows/ci.yml

@@ -119,7 +119,7 @@ jobs:
           fi
           if [ "${{ github.event.inputs.rebuild-bitacross-docker }}" = "true" ] || [ "${{ steps.filter.outputs.bitacross_src }}" = "true" ]; then
             rebuild_bitacross=true
-          fi          
+          fi
           if [ "${{ github.event.inputs.push-docker }}" = "true" ]; then
             push_docker=true
           elif [ "${{ github.event_name }}" = 'push' ] && [ "${{ github.ref }}" = 'refs/heads/dev' ]; then
@@ -133,7 +133,7 @@ jobs:
           fi
           if [ "${{ steps.filter.outputs.bitacross_test }}" = "true" ] || [ "$rebuild_parachain" = "true" ] || [ "$rebuild_bitacross" = "true" ]; then
             run_bitacross_test=true
-          fi          
+          fi
           echo "rebuild_parachain=$rebuild_parachain" | tee -a $GITHUB_OUTPUT
           echo "rebuild_tee=$rebuild_tee" | tee -a $GITHUB_OUTPUT
           echo "rebuild_bitacross=$rebuild_bitacross" | tee -a $GITHUB_OUTPUT
@@ -153,7 +153,7 @@ jobs:
       - name: Install pre-built taplo
         run: |
           mkdir -p $HOME/.local/bin
-          wget -q https://github.com/tamasfe/taplo/releases/download/0.8.1/taplo-linux-x86_64.gz                    
+          wget -q https://github.com/tamasfe/taplo/releases/download/0.8.1/taplo-linux-x86_64.gz
           gzip -d taplo-linux-x86_64.gz
           cp taplo-linux-x86_64 $HOME/.local/bin/taplo
           chmod a+x $HOME/.local/bin/taplo
@@ -259,20 +259,20 @@ jobs:
       - name: Pallet unittests
         working-directory: ./tee-worker
         run: |
-          cargo test --release -p pallet-* --lib
+          cargo test --release -p pallet-* --lib --features development
 
       - name: Tee-worker clippy
         working-directory: ./tee-worker
         run: |
           echo "::group::cargo clippy all"
-          cargo clippy --release -- -D warnings
+          cargo clippy --release --features development -- -D warnings
           echo "::endgroup::"
           echo "::group::cargo clippy sidechain"
-          cargo clippy --release --features sidechain -- -D warnings
+          cargo clippy --release --features sidechain,development -- -D warnings
           echo "::endgroup::"
           echo "::group::cargo clippy offchain-worker"
           cargo clean --profile release
-          cargo clippy --release --features offchain-worker -- -D warnings
+          cargo clippy --release --features offchain-worker,development -- -D warnings
           echo "::endgroup::"
 
       - name: Clean up disk
@@ -290,14 +290,14 @@ jobs:
         working-directory: ./tee-worker/enclave-runtime
         run: |
           echo "::group::cargo clippy all"
-          cargo clippy --release -- -D warnings
+          cargo clippy --release --features development -- -D warnings
           echo "::endgroup::"
           echo "::group::cargo clippy sidechain"
-          cargo clippy --release --features sidechain -- -D warnings
+          cargo clippy --release --features sidechain,development -- -D warnings
           echo "::endgroup::"
           echo "::group::cargo clippy offchain-worker"
           cargo clean --profile release
-          cargo clippy --release --features offchain-worker -- -D warnings
+          cargo clippy --release --features offchain-worker,development -- -D warnings
           echo "::endgroup::"
 
       - name: Fail early
@@ -379,7 +379,7 @@ jobs:
         if: needs.set-condition.outputs.rebuild_parachain == 'true'
         run: |
           echo "::group::build docker image"
-          ./scripts/build-docker.sh release latest --features=fast-runtime
+          ./scripts/build-docker.sh release latest --features=fast-runtime,development
           echo "::endgroup::"
           echo "::group::docker images"
           docker images --all

bitacross-worker/Makefile

@@ -76,13 +76,14 @@ ifeq ($(SGX_PRODUCTION), 1)
 	SGX_ENCLAVE_CONFIG = "enclave-runtime/Enclave.config.production.xml"
 	SGX_SIGN_KEY = $(SGX_COMMERCIAL_KEY)
 	SGX_SIGN_PASSFILE = $(SGX_PASSFILE)
-	WORKER_FEATURES := --features=production,link-binary,$(WORKER_MODE),$(WORKER_FEATURES),$(ADDITIONAL_FEATURES)
+	WORKER_FEATURES := --features=link-binary,$(WORKER_MODE),$(WORKER_FEATURES),$(ADDITIONAL_FEATURES)
 else
 	SGX_ENCLAVE_MODE = "Development Mode"
 	SGX_ENCLAVE_CONFIG = "enclave-runtime/Enclave.config.xml"
 	SGX_SIGN_KEY = "enclave-runtime/Enclave_private.pem"
 	SGX_SIGN_PASSFILE = ""
-	WORKER_FEATURES := --features=default,link-binary,$(WORKER_MODE),$(WORKER_FEATURES),$(ADDITIONAL_FEATURES)
+	WORKER_FEATURES := --features=default,development,link-binary,$(WORKER_MODE),$(WORKER_FEATURES),$(ADDITIONAL_FEATURES)
+	ADDITIONAL_FEATURES := development
 endif
 
 CLIENT_FEATURES = --features=$(WORKER_MODE),$(ADDITIONAL_FEATURES)

bitacross-worker/app-libs/stf/Cargo.toml

@@ -84,6 +84,6 @@ std = [
     "litentry-primitives/std",
 ]
 test = []
-production = [
-    "litentry-macros/production",
+development = [
+    "litentry-macros/development",
 ]

bitacross-worker/app-libs/stf/src/getter.rs

@@ -20,7 +20,7 @@ use ita_sgx_runtime::System;
 use itp_stf_interface::ExecuteGetter;
 use itp_stf_primitives::{traits::GetterAuthorization, types::KeyPair};
 use itp_utils::stringify::account_id_to_string;
-use litentry_macros::if_production_or;
+use litentry_macros::if_development_or;
 use litentry_primitives::{Identity, LitentryMultiSignature};
 use log::*;
 use sp_std::vec;
@@ -31,7 +31,7 @@ use sp_runtime::transaction_validity::{
 	TransactionValidityError, UnknownTransaction, ValidTransaction,
 };
 
-#[cfg(not(feature = "production"))]
+#[cfg(feature = "development")]
 use crate::helpers::ALICE_ACCOUNTID32;
 
 #[derive(Encode, Decode, Clone, Debug, PartialEq, Eq)]
@@ -130,17 +130,17 @@ impl TrustedGetterSigned {
 
 	pub fn verify_signature(&self) -> bool {
 		// in non-prod, we accept signature from Alice too
-		if_production_or!(
+		if_development_or!(
 			{
 				self.signature
 					.verify(self.getter.encode().as_slice(), self.getter.sender_identity())
+					|| self
+						.signature
+						.verify(self.getter.encode().as_slice(), &ALICE_ACCOUNTID32.into())
 			},
 			{
 				self.signature
 					.verify(self.getter.encode().as_slice(), self.getter.sender_identity())
-					|| self
-						.signature
-						.verify(self.getter.encode().as_slice(), &ALICE_ACCOUNTID32.into())
 			}
 		)
 	}

bitacross-worker/app-libs/stf/src/helpers.rs

@@ -28,7 +28,7 @@ use itp_utils::stringify::account_id_to_string;
 use log::*;
 use std::prelude::v1::*;
 
-#[cfg(not(feature = "production"))]
+#[cfg(feature = "development")]
 pub use non_prod::*;
 
 pub fn get_storage_value<V: Decode>(
@@ -167,7 +167,7 @@ pub fn shard_creation_info() -> ShardCreationInfo {
 	}
 }
 
-#[cfg(not(feature = "production"))]
+#[cfg(feature = "development")]
 mod non_prod {
 	use super::*;
 	use hex_literal::hex;

bitacross-worker/bitacross/core/bc-relayer-registry/Cargo.toml

@@ -29,8 +29,7 @@ base64 = { version = "0.13", features = ["alloc"] }
 
 [features]
 default = ["std"]
-production = [
-]
+development = []
 sgx = [
     "sgx_tstd",
     "thiserror-sgx",

bitacross-worker/bitacross/core/bc-task-receiver/Cargo.toml

@@ -73,5 +73,4 @@ std = [
     "itp-stf-state-handler/std",
     "thiserror",
 ]
-production = [
-]
+development = []

bitacross-worker/cli/Cargo.toml

@@ -55,6 +55,6 @@ litentry-primitives = { path = "../litentry/primitives" }
 [features]
 default = []
 offchain-worker = []
-production = []
+development = []
 # dcap feature flag is not used in this crate, but for easier build purposes only it present here as well
 dcap = []

bitacross-worker/core-primitives/attestation-handler/Cargo.toml

@@ -99,4 +99,4 @@ sgx = [
     "httparse/mesalock_sgx",
 ]
 test = []
-production = []
+development = []

bitacross-worker/core-primitives/attestation-handler/src/attestation_handler.rs

@@ -66,14 +66,14 @@ use std::{
 pub const DEV_HOSTNAME: &str = "api.trustedservices.intel.com";
 
 // Litentry TODO: use `dev` for production temporary. Will switch to dcap later.
-#[cfg(feature = "production")]
+#[cfg(not(feature = "development"))]
 pub const SIGRL_SUFFIX: &str = "/sgx/dev/attestation/v4/sigrl/";
-#[cfg(feature = "production")]
+#[cfg(not(feature = "development"))]
 pub const REPORT_SUFFIX: &str = "/sgx/dev/attestation/v4/report";
 
-#[cfg(not(feature = "production"))]
+#[cfg(feature = "development")]
 pub const SIGRL_SUFFIX: &str = "/sgx/dev/attestation/v4/sigrl/";
-#[cfg(not(feature = "production"))]
+#[cfg(feature = "development")]
 pub const REPORT_SUFFIX: &str = "/sgx/dev/attestation/v4/report";
 
 /// Trait to provide an abstraction to the attestation logic

bitacross-worker/core-primitives/settings/Cargo.toml

@@ -7,6 +7,5 @@ edition = "2021"
 [dependencies]
 
 [features]
-production = [
-]
+development = []
 offchain-worker = []

bitacross-worker/core-primitives/settings/src/lib.rs

@@ -47,14 +47,14 @@ pub mod files {
 	// used by worker and enclave
 	pub const SHARDS_PATH: &str = "shards";
 
-	#[cfg(feature = "production")]
+	#[cfg(not(feature = "development"))]
 	pub static RA_SPID_FILE: &str = "spid_production.txt";
-	#[cfg(feature = "production")]
+	#[cfg(not(feature = "development"))]
 	pub static RA_API_KEY_FILE: &str = "key_production.txt";
 
-	#[cfg(not(feature = "production"))]
+	#[cfg(feature = "development")]
 	pub static RA_SPID_FILE: &str = "spid.txt";
-	#[cfg(not(feature = "production"))]
+	#[cfg(feature = "development")]
 	pub static RA_API_KEY_FILE: &str = "key.txt";
 
 	pub const SPID_MIN_LENGTH: usize = 32;

bitacross-worker/enclave-runtime/Cargo.toml

@@ -14,13 +14,13 @@ crate-type = ["staticlib"]
 
 [features]
 default = []
-production = [
-    "ita-stf/production",
-    "itp-settings/production",
-    "itp-attestation-handler/production",
-    "litentry-primitives/production",
-    "litentry-macros/production",
-    "bc-task-receiver/production",
+development = [
+    "ita-stf/development",
+    "itp-settings/development",
+    "itp-attestation-handler/development",
+    "litentry-primitives/development",
+    "litentry-macros/development",
+    "bc-task-receiver/development",
 ]
 offchain-worker = [
     "itp-settings/offchain-worker",

bitacross-worker/enclave-runtime/Makefile

@@ -36,16 +36,16 @@ RUSTFLAGS :="-C target-feature=+avx2"
 
 ifeq ($(SGX_DEBUG), 1)
 	OUTPUT_PATH := debug
-	CARGO_TARGET := 
+	CARGO_TARGET :=
 else
 	OUTPUT_PATH := release
 	CARGO_TARGET := --release
 endif
 
 ifeq ($(SGX_PRODUCTION), 1)
-	ENCLAVE_FEATURES = --features=production,$(WORKER_MODE),$(ADDITIONAL_FEATURES)
+	ENCLAVE_FEATURES = --features=$(WORKER_MODE),$(ADDITIONAL_FEATURES)
 else
-	ENCLAVE_FEATURES = --features=test,$(WORKER_MODE),$(ADDITIONAL_FEATURES)
+	ENCLAVE_FEATURES = --features=test,development,$(WORKER_MODE),$(ADDITIONAL_FEATURES)
 endif
 
 .PHONY: all

bitacross-worker/enclave-runtime/src/lib.rs

@@ -60,6 +60,7 @@ use crate::{
 };
 use codec::Decode;
 use core::ffi::c_int;
+#[cfg(feature = "development")]
 use initialization::global_components::{
 	GLOBAL_BITCOIN_KEY_REPOSITORY_COMPONENT, GLOBAL_ETHEREUM_KEY_REPOSITORY_COMPONENT,
 };
@@ -71,11 +72,13 @@ use itc_parentchain::{
 use itp_component_container::ComponentGetter;
 use itp_node_api::metadata::NodeMetadata;
 use itp_nonce_cache::{MutateNonce, Nonce};
-use itp_sgx_crypto::key_repository::{AccessKey, AccessPubkey};
+#[cfg(feature = "development")]
+use itp_sgx_crypto::key_repository::AccessKey;
+use itp_sgx_crypto::key_repository::AccessPubkey;
 use itp_storage::{StorageProof, StorageProofChecker};
 use itp_types::{ShardIdentifier, SignedBlock};
 use itp_utils::write_slice_and_whitespace_pad;
-use litentry_macros::if_production_or;
+use litentry_macros::if_development_or;
 use log::*;
 use once_cell::sync::OnceCell;
 use sgx_types::sgx_status_t;
@@ -129,7 +132,10 @@ pub unsafe extern "C" fn init(
 	encoded_base_dir_size: u32,
 ) -> sgx_status_t {
 	// Initialize the logging environment in the enclave.
-	if_production_or!(
+	if_development_or!(
+		env_logger::builder()
+			.format_timestamp(Some(env_logger::TimestampPrecision::Micros))
+			.init(),
 		{
 			let module_names = litentry_proc_macros::local_modules!();
 			println!(
@@ -143,10 +149,7 @@ pub unsafe extern "C" fn init(
 				builder.filter(Some(module), LevelFilter::Info);
 			});
 			builder.init();
-		},
-		env_logger::builder()
-			.format_timestamp(Some(env_logger::TimestampPrecision::Micros))
-			.init()
+		}
 	);
 
 	let mu_ra_url =
@@ -249,12 +252,9 @@ pub unsafe extern "C" fn get_ecc_signing_pubkey(pubkey: *mut u8, pubkey_size: u3
 }
 
 #[no_mangle]
+#[cfg_attr(not(feature = "development"), allow(unused_variables))]
 pub unsafe extern "C" fn get_bitcoin_wallet_pair(pair: *mut u8, pair_size: u32) -> sgx_status_t {
-	if_production_or!(
-		{
-			error!("Bitcoin wallet can only be retrieved in non-prod");
-			sgx_status_t::SGX_ERROR_UNEXPECTED
-		},
+	if_development_or!(
 		{
 			let bitcoin_key_repository = match GLOBAL_BITCOIN_KEY_REPOSITORY_COMPONENT.get() {
 				Ok(s) => s,
@@ -273,17 +273,18 @@ pub unsafe extern "C" fn get_bitcoin_wallet_pair(pair: *mut u8, pair_size: u32)
 			privkey_slice.clone_from_slice(&keypair.private_bytes());
 
 			sgx_status_t::SGX_SUCCESS
+		},
+		{
+			error!("Bitcoin wallet can only be retrieved in non-prod");
+			sgx_status_t::SGX_ERROR_UNEXPECTED
 		}
 	)
 }
 
 #[no_mangle]
+#[cfg_attr(not(feature = "development"), allow(unused_variables))]
 pub unsafe extern "C" fn get_ethereum_wallet_pair(pair: *mut u8, pair_size: u32) -> sgx_status_t {
-	if_production_or!(
-		{
-			error!("Ethereum wallet can only be retrieved in non-prod");
-			sgx_status_t::SGX_ERROR_UNEXPECTED
-		},
+	if_development_or!(
 		{
 			let ethereum_key_repository = match GLOBAL_ETHEREUM_KEY_REPOSITORY_COMPONENT.get() {
 				Ok(s) => s,
@@ -302,6 +303,10 @@ pub unsafe extern "C" fn get_ethereum_wallet_pair(pair: *mut u8, pair_size: u32)
 			privkey_slice.clone_from_slice(&keypair.private_bytes());
 
 			sgx_status_t::SGX_SUCCESS
+		},
+		{
+			error!("Ethereum wallet can only be retrieved in non-prod");
+			sgx_status_t::SGX_ERROR_UNEXPECTED
 		}
 	)
 }

bitacross-worker/enclave-runtime/src/rpc/worker_api_direct.rs

@@ -49,8 +49,9 @@ use itp_top_pool_author::traits::AuthorApi;
 use itp_types::{DirectRequestStatus, RsaRequest, ShardIdentifier, H256};
 use itp_utils::{FromHexPrefixed, ToHexPrefixed};
 use jsonrpc_core::{serde_json::json, IoHandler, Params, Value};
+#[cfg(feature = "development")]
 use lc_scheduled_enclave::{ScheduledEnclaveUpdater, GLOBAL_SCHEDULED_ENCLAVE};
-use litentry_macros::if_not_production;
+use litentry_macros::if_development;
 use litentry_primitives::{AesRequest, DecryptableRequest};
 use log::debug;
 use sgx_crypto_helper::rsa3072::Rsa3072PubKey;
@@ -311,7 +312,7 @@ where
 		Ok(json!(json_value))
 	});
 
-	if_not_production!({
+	if_development!({
 		use itp_types::{MrEnclave, SidechainBlockNumber};
 		// state_setScheduledEnclave, params: sidechainBlockNumber, hex encoded mrenclave
 		io.add_sync_method("state_setScheduledEnclave", move |params: Params| {