Right now, doublezero is effectively in a CI blackout for external contributors. Because our current workflows are Infrastructure-First, tightly coupled to specialised 16-core runners, Linux-specific netlink calls, and sensitive DOCKERHUB_TOKENS we’ve (rightly) had to disable them for forks to protect our infra and secrets.
The Goal: Logic-First Testing
I’d like to propose we shift toward a Logic-First architecture. By decoupling the core business logic from the execution environment, we can create a Safe-Zone CI that is:
- Secret-Free: Zero dependency on API keys.
- Platform-Agnostic: Runs on standard ubuntu-latest (GitHub-hosted).
- Policy-Compliant: Safe to run on every fork PR immediately.
The Game Plan
1. Architectural Decoupling (Go & Rust)
We need to lean into Dependency Inversion to separate the Brain (Logic) from the Hands (OS/Ledger):
- In Go: Introduce interfaces for networking components (e.g., a RouteManager interface). Instead of calling the Linux Kernel directly, we call the interface. This lets us test complex routing logic on macOS or standard runners using in-memory mocks.
- In Rust: Isolate Logic crates from those requiring a full Solana validator or heavy hardware. We should be able to lint and unit-test the core crates on standard runners without the workspace choking.
2. Bifurcating the Workflows
I suggest splitting the CI into two tiers:
- Tier 1: Core CI (The Safe Zone): Covers Lints, Unit Tests for api/, config/, sdk/, controller/, and mocked networking logic. It runs on ubuntu-latest and triggers on all Fork PRs.
- Tier 2: Infrastructure CI (The Heavy Tier): E2E, Container builds, Solana validator tests, and PIM tests. These stay on our self-hosted/16c runners and remain restricted to internal branches or maintainer-triggered runs.
3. Standardizing Build Tags
We can use //go:build !infra and Rust feature flags to ensure the Core runner never tries to execute a test it isn't equipped for.
What we get out of this?
- We get Fork CI back without exposing a single secret or runner.
- Developers can finally run a lot of the suite on a Mac instead of needing a specific Linux box.
Right now, doublezero is effectively in a CI blackout for external contributors. Because our current workflows are Infrastructure-First, tightly coupled to specialised 16-core runners, Linux-specific
netlinkcalls, and sensitiveDOCKERHUB_TOKENSwe’ve (rightly) had to disable them for forks to protect our infra and secrets.The Goal: Logic-First Testing
I’d like to propose we shift toward a Logic-First architecture. By decoupling the core business logic from the execution environment, we can create a Safe-Zone CI that is:
The Game Plan
1. Architectural Decoupling (Go & Rust)
We need to lean into Dependency Inversion to separate the Brain (Logic) from the Hands (OS/Ledger):
2. Bifurcating the Workflows
I suggest splitting the CI into two tiers:
3. Standardizing Build Tags
We can use
//go:build !infraand Rust feature flags to ensure the Core runner never tries to execute a test it isn't equipped for.What we get out of this?