style(ci): lint and standardize the actions structure

.github/dependabot.yml

@@ -1,22 +1,22 @@
 version: 2
 updates:
-- package-ecosystem: cargo
-  directory: "/"
-  schedule:
-    interval: daily
-    timezone: America/New_York
-  open-pull-requests-limit: 10
-  labels:
-  - "A-dependencies"
-  - "A-rust"
-  - "P-Low :snowflake:"
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-    timezone: America/New_York
-  open-pull-requests-limit: 10
-  labels:
-  - "A-infrastructure"
-  - "A-dependencies"
-  - "P-Low :snowflake:"
+  - package-ecosystem: cargo
+    directory: '/'
+    schedule:
+      interval: daily
+      timezone: America/New_York
+    open-pull-requests-limit: 10
+    labels:
+      - 'A-dependencies'
+      - 'A-rust'
+      - 'P-Low :snowflake:'
+  - package-ecosystem: github-actions
+    directory: '/'
+    schedule:
+      interval: daily
+      timezone: America/New_York
+    open-pull-requests-limit: 10
+    labels:
+      - 'A-infrastructure'
+      - 'A-dependencies'
+      - 'P-Low :snowflake:'

.github/mergify.yml

@@ -10,7 +10,7 @@ queue_rules:
       - check-success=Test full validation sync from cached state
       - check-success=Test stable zebra-state with fake activation heights on ubuntu-latest
       - check-success=Test stable on ubuntu-latest
-      - check-success=Test stable on macOS-latest
+      - check-success=Test stable on macos-latest
       # TODO: Windows was removed for now, see https://github.com/ZcashFoundation/zebra/issues/3801
       # - check-success=Test stable on windows-latest
       - check-success=Clippy
@@ -27,7 +27,7 @@ queue_rules:
       - check-success=Test full validation sync from cached state
       - check-success=Test stable zebra-state with fake activation heights on ubuntu-latest
       - check-success=Test stable on ubuntu-latest
-      - check-success=Test stable on macOS-latest
+      - check-success=Test stable on macos-latest
       # - check-success=Test stable on windows-latest
       - check-success=Clippy
       - check-success=Rustfmt
@@ -43,21 +43,21 @@ queue_rules:
       - check-success=Test full validation sync from cached state
       - check-success=Test stable zebra-state with fake activation heights on ubuntu-latest
       - check-success=Test stable on ubuntu-latest
-      - check-success=Test stable on macOS-latest
+      - check-success=Test stable on macos-latest
       # - check-success=Test stable on windows-latest
       - check-success=Clippy
       - check-success=Rustfmt
 
 pull_request_rules:
   - name: move to urgent queue when CI passes with 1 review and not WIP targeting main
     conditions:
-      - "#approved-reviews-by>=1"
-      - "#review-threads-unresolved=0"
+      - '#approved-reviews-by>=1'
+      - '#review-threads-unresolved=0'
       - -draft
       - base=main
       - or:
-          - "label~=^P-Critical"
-          - "label~=^P-High"
+          - 'label~=^P-Critical'
+          - 'label~=^P-High'
       - label!=do-not-merge
     actions:
       queue:
@@ -66,11 +66,11 @@ pull_request_rules:
 
   - name: move to medium queue when CI passes with 1 review and not WIP targeting main
     conditions:
-      - "#approved-reviews-by>=1"
-      - "#review-threads-unresolved=0"
+      - '#approved-reviews-by>=1'
+      - '#review-threads-unresolved=0'
       - -draft
       - base=main
-      - "label~=^P-Medium"
+      - 'label~=^P-Medium'
       - label!=do-not-merge
     actions:
       queue:
@@ -79,8 +79,8 @@ pull_request_rules:
 
   - name: move to low queue when CI passes with 1 review and not WIP targeting main
     conditions:
-      - "#approved-reviews-by>=1"
-      - "#review-threads-unresolved=0"
+      - '#approved-reviews-by>=1'
+      - '#review-threads-unresolved=0'
       - -draft
       - base=main
       - label!=do-not-merge

.github/workflows/cd.yml

@@ -5,8 +5,12 @@ on:
     inputs:
       network:
         default: 'Mainnet'
+        description: 'Network to deploy: Mainnet or Testnet'
+        required: true
       checkpoint_sync:
-        default: true
+        default: 'true'
+        description: 'Use as many checkpoints as possible when syncing'
+        required: true
   push:
     branches:
       - main
@@ -32,93 +36,93 @@ jobs:
       id-token: 'write'
 
     steps:
-    - uses: actions/[email protected]
-      with:
-        persist-credentials: false
-
-    - name: Inject slug/short variables
-      uses: rlespinasse/github-slug-action@v4
-      with:
-        short-length: 7
-
-      # Automatic tag management and OCI Image Format Specification for labels
-    - name: Docker meta
-      id: meta
-      uses: docker/[email protected]
-      with:
-        # list of Docker images to use as base name for tags
-        images: |
-          ${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}
-          ${{ env.GCR_BASE }}/${{ env.GITHUB_REPOSITORY_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }}
-        # generate Docker tags based on the following events/attributes
-        tags: |
-          type=schedule
-          type=ref,event=branch
-          type=ref,event=pr
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=semver,pattern={{major}}
-          type=sha
-
-    # Setup gcloud CLI
-    - name: Authenticate to Google Cloud
-      id: auth
-      uses: google-github-actions/[email protected]
-      with:
-        workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc'
-        service_account: '[email protected]'
-        token_format: 'access_token'
-
-    - name: Set up QEMU
-      id: qemu
-      uses: docker/setup-qemu-action@v1
-      with:
-        image: tonistiigi/binfmt:latest
-        platforms: all
-
-    # Setup Docker Buildx to allow use of docker cache layers from GH
-    - name: Set up Docker Buildx
-      id: buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to Google Artifact Registry
-      uses: docker/[email protected]
-      with:
-        registry: us-docker.pkg.dev
-        username: oauth2accesstoken
-        password: ${{ steps.auth.outputs.access_token }}
-
-    - name: Login to Google Container Registry
-      uses: docker/[email protected]
-      with:
-        registry: gcr.io
-        username: oauth2accesstoken
-        password: ${{ steps.auth.outputs.access_token }}
-
-    # Build and push image to Google Artifact Registry
-    - name: Build & push
-      id: docker_build
-      uses: docker/[email protected]
-      with:
-        target: runtime
-        context: .
-        file: ./docker/Dockerfile
-        # TODO: building crates is taking too long with arm64 and it's timing out on GHA
-        # platforms: |
-        #   linux/amd64
-        #   linux/arm64
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        build-args: |
-          NETWORK=${{ github.event.inputs.network || env.NETWORK }}
-          SHORT_SHA=${{ env.GITHUB_SHA_SHORT }}
-          RUST_BACKTRACE=1
-          ZEBRA_SKIP_IPV6_TESTS="1"
-          CHECKPOINT_SYNC=${{ github.event.inputs.checkpoint_sync || true }}
-          SENTRY_DSN=${{ secrets.SENTRY_ENDPOINT }}
-        push: true
-        cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache
-        cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache,mode=max
+      - uses: actions/[email protected]
+        with:
+          persist-credentials: false
+
+      - name: Inject slug/short variables
+        uses: rlespinasse/github-slug-action@v4
+        with:
+          short-length: 7
+
+        # Automatic tag management and OCI Image Format Specification for labels
+      - name: Docker meta
+        id: meta
+        uses: docker/[email protected]
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}
+            ${{ env.GCR_BASE }}/${{ env.GITHUB_REPOSITORY_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      # Setup gcloud CLI
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/[email protected]
+        with:
+          workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc'
+          service_account: '[email protected]'
+          token_format: 'access_token'
+
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v1
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: all
+
+      # Setup Docker Buildx to allow use of docker cache layers from GH
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Google Artifact Registry
+        uses: docker/[email protected]
+        with:
+          registry: us-docker.pkg.dev
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+
+      - name: Login to Google Container Registry
+        uses: docker/[email protected]
+        with:
+          registry: gcr.io
+          username: oauth2accesstoken
+          password: ${{ steps.auth.outputs.access_token }}
+
+      # Build and push image to Google Artifact Registry
+      - name: Build & push
+        id: docker_build
+        uses: docker/[email protected]
+        with:
+          target: runtime
+          context: .
+          file: ./docker/Dockerfile
+          # TODO: building crates is taking too long with arm64 and it's timing out on GHA
+          # platforms: |
+          #   linux/amd64
+          #   linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            NETWORK=${{ github.event.inputs.network || env.NETWORK }}
+            SHORT_SHA=${{ env.GITHUB_SHA_SHORT }}
+            RUST_BACKTRACE=1
+            ZEBRA_SKIP_IPV6_TESTS="1"
+            CHECKPOINT_SYNC=${{ github.event.inputs.checkpoint_sync || true }}
+            SENTRY_DSN=${{ secrets.SENTRY_ENDPOINT }}
+          push: true
+          cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache
+          cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache,mode=max
 
   deploy-nodes:
     name: Deploy Mainnet nodes

.github/workflows/ci.patch.yml

@@ -23,7 +23,7 @@ jobs:
       fail-fast: false
       matrix:
         # TODO: Windows was removed for now, see https://github.com/ZcashFoundation/zebra/issues/3801
-        os: [ubuntu-latest, macOS-latest]
+        os: [ubuntu-latest, macos-latest]
         rust: [stable]
 
     steps:

.github/workflows/ci.yml

@@ -35,7 +35,7 @@ jobs:
       fail-fast: false
       matrix:
         # TODO: Windows was removed for now, see https://github.com/ZcashFoundation/zebra/issues/3801
-        os: [ubuntu-latest, macOS-latest]
+        os: [ubuntu-latest, macos-latest]
         rust: [stable]
 
     steps:
@@ -67,7 +67,7 @@ jobs:
         # Ubuntu runners don't have reliable network or DNS during test steps.
         # Windows runners have an unreliable network.
         shell: bash
-        if: matrix.os != 'macOS-latest'
+        if: matrix.os != 'macos-latest'
         run: echo "ZEBRA_SKIP_NETWORK_TESTS=1" >> $GITHUB_ENV
 
       - name: Minimise proptest cases on macOS and Windows
@@ -79,8 +79,8 @@ jobs:
         shell: bash
         if: matrix.os != 'ubuntu-latest'
         run: |
-             echo "PROPTEST_CASES=1" >> $GITHUB_ENV
-             echo "PROPTEST_MAX_SHRINK_ITERS=1024" >> $GITHUB_ENV
+          echo "PROPTEST_CASES=1" >> $GITHUB_ENV
+          echo "PROPTEST_MAX_SHRINK_ITERS=1024" >> $GITHUB_ENV
 
       - name: Change target output directory on Windows
         # Windows doesn't have enough space on the D: drive, so we redirect the build output to the
@@ -118,7 +118,7 @@ jobs:
 
       - name: Run zebrad large sync tests
         # Skip the entire step on Ubuntu and Windows, because the test would be skipped anyway due to ZEBRA_SKIP_NETWORK_TESTS
-        if: matrix.os == 'macOS-latest'
+        if: matrix.os == 'macos-latest'
         uses: actions-rs/[email protected]
         with:
           command: test
@@ -159,7 +159,7 @@ jobs:
       - name: Run tests with fake activation heights
         uses: actions-rs/[email protected]
         env:
-          TEST_FAKE_ACTIVATION_HEIGHTS: ""
+          TEST_FAKE_ACTIVATION_HEIGHTS: ''
         with:
           command: test
           # Note: this only runs the zebra-state crate tests,
@@ -267,18 +267,18 @@ jobs:
     continue-on-error: ${{ matrix.checks == 'advisories' }}
 
     steps:
-    - uses: actions/checkout@v2
-      with:
-        persist-credentials: false
-
-    - uses: EmbarkStudios/cargo-deny-action@v1
-      with:
-        command: check ${{ matrix.checks }}
-        args: --all-features --workspace
-
-    # this check runs with optional features off
-    # so we expect some warnings about "skip tree root was not found"
-    - uses: EmbarkStudios/cargo-deny-action@v1
-      with:
-        command: check ${{ matrix.checks }}
-        args: --workspace
+      - uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check ${{ matrix.checks }}
+          args: --all-features --workspace
+
+      # this check runs with optional features off
+      # so we expect some warnings about "skip tree root was not found"
+      - uses: EmbarkStudios/cargo-deny-action@v1
+        with:
+          command: check ${{ matrix.checks }}
+          args: --workspace