self/.github/workflows/circuits.yml

name: Circuits CI
on:
  pull_request:
    branches:
      - dev
      - staging
      - main
jobs:
  check_changes:
    runs-on: ubuntu-slim
    outputs:
      should_run: ${{ steps.filter.outputs.should_run }}
    steps:
      - uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Check if should run
        id: filter
        run: |
          if [[ "${{ github.base_ref }}" == "main" ]] || [[ "${{ github.base_ref }}" == "staging" ]]; then
            echo "should_run=true" >> $GITHUB_OUTPUT
            echo "Running for ${{ github.base_ref }} - no path filter"
          else
            # For dev branch, check if circuits files changed
            if git diff --name-only origin/${{ github.base_ref }}...HEAD | grep -q "^circuits/"; then
              echo "should_run=true" >> $GITHUB_OUTPUT
              echo "Running for dev - circuits files changed"
            else
              echo "should_run=false" >> $GITHUB_OUTPUT
              echo "Skipping for dev - no circuits files changed"
            fi
          fi

  run_circuit_tests:
    needs: check_changes
    if: github.event.pull_request.draft == false && needs.check_changes.outputs.should_run == 'true'
    runs-on:
      - "self-hosted"
      - "selfxyz-org"
      - "ubuntu-24-04"
    environment: development
    permissions:
      contents: read
    env:
      CIRCOM_VERSION: "2.1.9"
      CIRCOM_SHA256: "e5575829252d763b7818049df9de2ef9304df834697de77fa63ce7babc23c967"
    steps:
      - uses: actions/checkout@v4

      # Circom installation from https://github.com/erhant/circomkit/blob/main/.github/workflows/tests.yml
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install --yes \
            build-essential \
            libgmp-dev \
            libsodium-dev \
            nasm \
            nlohmann-json3-dev

      - name: Setup Rust
        uses: dtolnay/rust-toolchain@stable

      - name: Restore Circom binary
        id: circom-cache
        uses: actions/cache/restore@v4
        with:
          path: ~/.cache/circom
          key: circom-v2.1.9

      - name: Download Circom Binary v2.1.9
        if: steps.circom-cache.outputs.cache-hit != 'true'
        run: |
          mkdir -p ~/.cache/circom

          # Download with curl (more reliable than wget in CI environments)
          # Use exponential backoff retry logic
          for attempt in 1 2 3; do
            echo "Download attempt $attempt/3..."

            if curl -L --connect-timeout 30 --max-time 300 \
                --retry 3 --retry-delay 2 --retry-max-time 600 \
                -o ~/.cache/circom/circom \
                "https://github.com/iden3/circom/releases/download/v${{ env.CIRCOM_VERSION }}/circom-linux-amd64"; then
              echo "✅ Download successful!"
              break
            else
              echo "❌ Download failed on attempt $attempt"
              if [ $attempt -eq 3 ]; then
                echo "💥 All download attempts failed"
                exit 1
              fi
              # Exponential backoff: 5s, 10s, 20s
              sleep_time=$((5 * attempt))
              echo "⏳ Waiting ${sleep_time}s before retry..."
              sleep $sleep_time
            fi
          done

          # Verify file exists and has content
          if [ ! -f ~/.cache/circom/circom ]; then
            echo "💥 Error: circom binary file is missing"
            exit 1
          fi

          if [ ! -s ~/.cache/circom/circom ]; then
            echo "💥 Error: circom binary file is empty"
            exit 1
          fi

          echo "📁 File size: $(ls -lh ~/.cache/circom/circom | awk '{print $5}')"
          chmod +x ~/.cache/circom/circom

          # Verify checksum
          echo "🔍 Verifying checksum..."
          echo "${{ env.CIRCOM_SHA256 }}  $HOME/.cache/circom/circom" | sha256sum -c -

      - name: Save Circom cache
        if: steps.circom-cache.outputs.cache-hit != 'true'
        uses: actions/cache/save@v4
        with:
          path: ~/.cache/circom
          key: circom-v2.1.9

      - name: Verify Circom checksum (cache hit)
        if: steps.circom-cache.outputs.cache-hit == 'true'
        run: |
          echo "${{ env.CIRCOM_SHA256 }}  $HOME/.cache/circom/circom" | sha256sum -c -

      - name: Add Circom to PATH
        run: echo "$HOME/.cache/circom" >> "$GITHUB_PATH"

      - name: Print Circom version
        run: circom --version

      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version-file: .nvmrc

      - name: Enable Corepack
        run: corepack enable

      - name: Cache Yarn dependencies
        uses: ./.github/actions/cache-yarn
        with:
          path: |
            .yarn/cache
            node_modules
            circuits/node_modules
          cache-version: v1

      - name: Install Yarn dependencies
        uses: ./.github/actions/yarn-install
        with:
          working_directory: circuits

      - name: Run lint
        run: yarn workspace @selfxyz/circuits lint
      - name: Run Tests (Circuits)
        env:
          FULL_TEST_SUITE: false
        run: yarn workspace @selfxyz/circuits test