test: add sui gateway upgrade E2E test

[ws4charlie]

Description

To run the upgrade test: make start-sui-test

Closes: #3805

How Has This Been Tested?

• Tested CCTX in localnet
• Tested in development environment
• Go unit tests
• Go integration tests
• Tested via GitHub Actions

Summary by CodeRabbit

• New Features

  • Added support for the Sui blockchain client and tooling in the localnet orchestrator environment.
  • Enhanced Sui gateway deployment and upgrade capabilities, including new configuration options and verification steps.
  • Improved Sui key management by supporting private key import and activation via CLI.

• Bug Fixes

  • Improved transaction execution validation for Sui by explicitly checking transaction success status.

• Tests

  • Introduced end-to-end tests for Sui gateway package upgrades.
  • Added tests for Sui private key Bech32 encoding functionality.

• Chores

  • Updated documentation and configuration files to reflect new Sui-related features and tests.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

This change introduces an end-to-end (e2e) test for upgrading the Sui gateway package. It adds new configuration fields, updates Docker and shell scripts to support Sui tooling, and implements the logic for deploying, upgrading, and verifying the Sui gateway package within the test runner. Supporting cryptographic utilities and tests are also included.

Changes

File(s)	Change Summary
changelog.md	Added an entry under "UNRELEASED" referencing PR #3866, describing the addition of an e2e test for Sui gateway package upgrade.
cmd/zetae2e/config/config.go, cmd/zetae2e/config/contracts.go	Updated internal config handling to support the new Sui GatewayUpgradeCap contract field for import/export between runner and config.
cmd/zetae2e/local/local.go	Added a conditional step to invoke Sui gateway package upgrade verification in the local e2e flow when Sui testing is enabled.
contrib/localnet/orchestrator/Dockerfile.fastbuild	Added Sui client support: new build stage for Sui, copying Sui binary, client config, and protocol contracts into the orchestrator image.
contrib/localnet/orchestrator/start-zetae2e.sh	Added logic to set up Sui client configuration if the Sui host is reachable.
contrib/localnet/sui/sui_client.yaml	Introduced a new YAML config for the Sui client specifying keystore and RPC endpoint for localnet.
e2e/config/config.go	Added GatewayUpgradeCap field to the Sui config struct.
e2e/contracts/sui/protocol-contracts-sui	Added a new subproject commit reference for Sui protocol contracts.
e2e/runner/runner.go	Added SuiGatewayUpgradeCap field to the E2ERunner struct; updated address copying and contract address printing logic.
e2e/runner/setup_sui.go	Enhanced Sui setup: imports deployer key, activates it, updates Move.toml, tracks upgrade capability object, and asserts deployment results.
e2e/runner/sui.go	Added explicit transaction success assertion after Sui transaction execution using the Sui client status.
e2e/runner/sui_gateway_upgrade.go	Introduced new logic for Sui gateway package upgrade and verification, including CLI invocation, Move call, object data comparison, and Move.toml update.
pkg/contracts/sui/crypto.go	Added Bech32 secp256k1 private key conversion utility for Sui, including a new constant and function.
pkg/contracts/sui/crypto_test.go	Added tests for the new private key conversion function, covering both valid and invalid input scenarios.

Sequence Diagram(s)

sequenceDiagram
    participant TestRunner as E2ERunner
    participant SuiCLI as Sui CLI
    participant SuiNode as Sui Node

    TestRunner->>SuiCLI: Import deployer private key
    SuiCLI-->>TestRunner: Confirmation

    TestRunner->>SuiCLI: Set active address
    SuiCLI-->>TestRunner: Confirmation

    TestRunner->>SuiCLI: Deploy Sui gateway package
    SuiCLI-->>TestRunner: Deployment output (object IDs)

    TestRunner->>SuiNode: Query gateway object data (before upgrade)
    SuiNode-->>TestRunner: Gateway object data

    TestRunner->>SuiCLI: Upgrade Sui gateway package
    SuiCLI-->>TestRunner: Upgrade output (new package ID)

    TestRunner->>SuiCLI: Call 'upgraded' Move method on new package
    SuiCLI-->>TestRunner: Transaction result

    TestRunner->>SuiNode: Query gateway object data (after upgrade)
    SuiNode-->>TestRunner: Gateway object data

    TestRunner->>TestRunner: Compare object data before and after

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Add an upgrade test for Sui that simulates the upgrade of the Sui gateway package (#3805)	✅

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.73%. Comparing base (95aab3e) to head (77a0efb).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #3866   +/-   ##
========================================
  Coverage    64.73%   64.73%           
========================================
  Files          469      469           
  Lines        34333    34333           
========================================
  Hits         22224    22224           
  Misses       11081    11081           
  Partials      1028     1028           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (7)

cmd/zetae2e/config/config.go (1)

66-66: Consistent addition to the contract export functionality.

The code properly exports the Sui gateway upgrade capability to the configuration, maintaining parity between the runner state and the exported configuration.

However, consider whether this assignment should be conditional like the GatewayPackageID and GatewayObjectID assignments above:

 if r.SuiGateway != nil {
     conf.Contracts.Sui.GatewayPackageID = config.DoubleQuotedString(r.SuiGateway.PackageID())
     conf.Contracts.Sui.GatewayObjectID = config.DoubleQuotedString(r.SuiGateway.ObjectID())
+    conf.Contracts.Sui.GatewayUpgradeCap = config.DoubleQuotedString(r.SuiGatewayUpgradeCap)
 }
-conf.Contracts.Sui.GatewayUpgradeCap = config.DoubleQuotedString(r.SuiGatewayUpgradeCap)

This would ensure consistent handling if the Sui gateway availability is a prerequisite for the upgrade capability.

pkg/contracts/sui/crypto.go (1)

19-25: Prefix constant belongs in a dedicated const block for public prefixes

You introduced suiPrivateKeyPrefix, which is great. Consider moving all Bech32-related constants (prefix, flag, etc.) into a small, dedicated block (or even its own bech32.go) to keep cryptographic primitives separated from high-level digest helpers.

contrib/localnet/orchestrator/Dockerfile.fastbuild (1)

16-18: COPY order leaks host-path assumptions

The paths contrib/localnet/sui/sui_client.yaml and e2e/contracts/sui/protocol-contracts-sui are copied unconditionally. If either path goes missing (e.g. an OSS consumer disables Sui), the build fails. Consider guarding with --chown or using build-args / build-targets to make Sui support optional.

e2e/runner/setup_sui.go (2)

49-63: Early return if account already imported

importAndActivateDeployerAccount is always invoked, even on repeated test runs; sui keytool import errors if the key already exists. Handle the “already imported” case gracefully to keep the test idempotent.

---

112-143: suiDeployGateway – ensure deterministic object-ID selection

When multiple objects of the same type exist, the last match in the loop wins, which is nondeterministic. Consider breaking once a match is found or asserting a single match to avoid flakiness:

for _, change := range resp.ObjectChanges {
    if change.Type == changeTypeCreated && strings.Contains(change.ObjectType, filter) {
        if _, exists := objectIDs[filter]; exists {
            r.Fail("multiple objects found for type %s", filter)
        }
        objectIDs[filter] = change.ObjectId
    }
}

e2e/runner/sui_gateway_upgrade.go (2)

72-73: Info log placeholder %f expects float64

time.Since(startTime).Seconds() already returns a float64.
The call site is fine, but consider formatting to a fixed precision to avoid very long decimals (e.g. %.2f).
Minor, but it improves log readability.

---

89-105: Consider retry logic after package upgrade

moveCallUpgraded is executed right after sui client upgrade.
On busy/remote validators the package might not be available immediately, causing an intermittent Object not found error.

A lightweight retry with back-off around MoveCall (or a WaitForTransaction helper) would make the E2E test deterministic.

-	tx, err := r.Clients.Sui.MoveCall(ctx, models.MoveCallRequest{ … })
-	require.NoError(r, err)
+	var tx *models.TransactionResponse
+	err := retry.Do(
+		func() error {
+			var e error
+			tx, e = r.Clients.Sui.MoveCall(ctx, models.MoveCallRequest{ … })
+			return e
+		},
+		retry.Attempts(5), retry.Delay(2*time.Second))
+	require.NoError(r, err)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f037a9 and c9ec5a4.

📒 Files selected for processing (15)

• changelog.md (1 hunks)
• cmd/zetae2e/config/config.go (1 hunks)
• cmd/zetae2e/config/contracts.go (1 hunks)
• cmd/zetae2e/local/local.go (1 hunks)
• contrib/localnet/orchestrator/Dockerfile.fastbuild (1 hunks)
• contrib/localnet/orchestrator/start-zetae2e.sh (1 hunks)
• contrib/localnet/sui/sui_client.yaml (1 hunks)
• e2e/config/config.go (1 hunks)
• e2e/contracts/sui/protocol-contracts-sui (1 hunks)
• e2e/runner/runner.go (3 hunks)
• e2e/runner/setup_sui.go (5 hunks)
• e2e/runner/sui.go (2 hunks)
• e2e/runner/sui_gateway_upgrade.go (1 hunks)
• pkg/contracts/sui/crypto.go (2 hunks)
• pkg/contracts/sui/crypto_test.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

`**/*.go`: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

**/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

• cmd/zetae2e/local/local.go
• cmd/zetae2e/config/config.go
• e2e/config/config.go
• e2e/runner/sui.go
• pkg/contracts/sui/crypto_test.go
• cmd/zetae2e/config/contracts.go
• e2e/runner/runner.go
• pkg/contracts/sui/crypto.go
• e2e/runner/sui_gateway_upgrade.go
• e2e/runner/setup_sui.go

`**/*.sh`: Review the shell scripts, point out issues relative to security, performance, and maintainability.

**/*.sh: Review the shell scripts, point out issues relative to security, performance, and maintainability.

• contrib/localnet/orchestrator/start-zetae2e.sh

🧬 Code Graph Analysis (1)

cmd/zetae2e/config/config.go (1)

e2e/config/config.go (3)

• Contracts (128-134)
• Sui (157-164)
• DoubleQuotedString (27-27)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: start-e2e-test / e2e

🔇 Additional comments (15)

changelog.md (1)

54-54: New E2E Test Entry Looks Good
The addition of the E2E test for upgrading the Sui gateway package under Tests is accurate and follows the existing changelog format.

cmd/zetae2e/local/local.go (1)

626-628: Solid addition for verifying the Sui gateway package upgrade.

The placement of this verification step after the Sui tests and before the TSS migration test is logical. This enhances the test coverage for the Sui functionality within the E2E test flow.

contrib/localnet/orchestrator/start-zetae2e.sh (1)

186-190: Clear and well-structured Sui environment setup.

The implementation follows the established pattern used for other environment setups in this script, correctly checking if the host is reachable before attempting to configure it.

contrib/localnet/sui/sui_client.yaml (1)

1-9: Well-configured Sui client settings.

The configuration correctly defines:

1. The keystore path
2. A localnet environment with appropriate RPC endpoint
3. The active environment setting

This provides the necessary configuration for the Sui client to connect to the local Sui node during tests.

pkg/contracts/sui/crypto_test.go (1)

114-140: Well-structured test for PrivateKeyBech32Secp256k1FromHex function.

The test follows best practices with table-driven test cases covering both valid and invalid inputs. The validation logic is thorough, checking for both successful conversions and appropriate error handling.

e2e/runner/runner.go (3)

130-132: Good documentation and field placement.

The field is well-documented, clearly explaining its purpose for upgrading the Sui gateway package.

---

295-295: Field properly added to copy operation.

The SuiGatewayUpgradeCap field is appropriately added to the copy operation, maintaining consistency with other Sui-related fields.

---

432-432: Field correctly added to contract address logging.

The integration with the address printing functionality is consistent with other Sui gateway fields.

cmd/zetae2e/config/contracts.go (1)

133-135: Configuration field handling is consistent.

The code follows the established pattern for handling Sui contract configuration fields.

e2e/runner/sui.go (3)

18-18: Import added for transaction status validation.

The import enables access to the TxStatusSuccess constant used in transaction validation.

---

454-458: Enhanced transaction execution with effects display.

Adding ShowEffects: true in the options enables validation of transaction status in the response.

---

461-461: Improved transaction validation.

The addition of transaction status validation strengthens the robustness of the transaction execution process by explicitly checking for success status.

contrib/localnet/orchestrator/Dockerfile.fastbuild (1)

5-11: Pin the Sui image to a digest for reproducible builds

Using the tag mainnet-v1.41.1 is better than latest, but tags can still be re-pointed. Consider pinning to a digest (@sha256:…) to guarantee byte-for-byte reproducibility.

e2e/runner/setup_sui.go (1)

105-110: Trim newline with strings.TrimSpace — good catch

The additional validation of the active address is appreciated and prevents subtle mis-configuration.

e2e/runner/sui_gateway_upgrade.go (1)

22-33: Regex is fragile to future CLI formatting changes

reGatewayPackageID relies on the │ box-drawing characters being present.
The Sui CLI could switch to plain ASCII in future releases, breaking the capture.

A more resilient pattern:

-var reGatewayPackageID = regexp.MustCompile(`│\s*PackageID: *(0x[0-9a-fA-F]+)\s*│`)
+var reGatewayPackageID = regexp.MustCompile(`PackageID:\s*(0x[0-9a-fA-F]+)`)

This still matches the current output while surviving cosmetic border changes.

[lumtis]

How to run the test?

Can you also share a screenshot of successful test completion?

[github-actions]

!!!WARNING!!!
nosec detected in the following files: e2e/runner/sui_gateway_upgrade.go, e2e/runner/setup_sui.go

Be very careful about using #nosec in code. It can be a quick way to suppress security warnings and move forward with development, it should be employed with caution. Suppressing warnings with #nosec can hide potentially serious vulnerabilities. Only use #nosec when you're absolutely certain that the security issue is either a false positive or has been mitigated in another way.

Only suppress a single rule (or a specific set of rules) within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within the #nosec annotation, e.g: /* #nosec G401 */ or //#nosec G201 G202 G203
Broad #nosec annotations should be avoided, as they can hide other vulnerabilities. The CI will block you from merging this PR until you remove #nosec annotations that do not target specific rules.

Pay extra attention to the way #nosec is being used in the files listed above.

[ws4charlie]

How to run the test?

Can you also share a screenshot of successful test completion?

Shared in the description of this PR. The command is the same make start-sui-test