Skip to content

feat: adopt announcePlannedUpgrade for PDPVerifier#234

Merged
wjmelements merged 4 commits intoFilOzone:mainfrom
Chaitu-Tatipamula:feat/announce-planned-upgrade-pdp
Nov 26, 2025
Merged

feat: adopt announcePlannedUpgrade for PDPVerifier#234
wjmelements merged 4 commits intoFilOzone:mainfrom
Chaitu-Tatipamula:feat/announce-planned-upgrade-pdp

Conversation

@Chaitu-Tatipamula
Copy link
Contributor

@Chaitu-Tatipamula Chaitu-Tatipamula commented Nov 26, 2025
edited
Loading

Summary

Adopts the announcePlannedUpgrade flow for PDPVerifier, mirroring the pattern used by FilecoinWarmStorageService and ServiceProviderRegistry.

Changes

  • Add PlannedUpgrade struct, nextUpgrade storage and UpgradeAnnounced event
  • Implement:
    • announcePlannedUpgrade(PlannedUpgrade) – owner-only, validates code size and afterEpoch > block.number
    • getNextUpgrade() -> (address nextImplementation, uint96 afterEpoch)
  • Update migration / upgrade logic:
    • migrate()external onlyProxy onlyOwner reinitializer(2) emitting ContractUpgraded(VERSION, implementation)
    • _authorizeUpgrade() now checks newImplementation == nextUpgrade.nextImplementation and block.number >= nextUpgrade.afterEpoch, then clears nextUpgrade
  • Add upgrade scripts in tools/ to:
    • Announce a planned upgrade for the PDPVerifier proxy
    • Execute the upgrade via upgradeToAndCall after verifying the plan and epoch

Tests

  • test/ERC1967Proxy.t.sol

    • testUpgradeImplementation:
      • now announces a PlannedUpgrade on the proxy and rolls past afterEpoch before calling upgradeToAndCall
    • testUpgradeFromNonOwnerNoGood:
      • announces a PlannedUpgrade as the owner
      • then asserts that a non‑owner upgradeToAndCall still reverts

  • test/PDPVerifier.t.sol (PDPVerifierMigrateTest)

    • add pdpVerifier pointing at the MyERC1967Proxy instance
    • new tests:
      • testAnnouncePlannedUpgrade – happy path: announce, verify getNextUpgrade, then upgrade after afterEpoch
      • testAnnouncePlannedUpgradeOnlyOwner – non‑owner announce reverts
      • testAnnouncePlannedUpgradeInvalidImplementation – invalid nextImplementation (no code) reverts
      • testAnnouncePlannedUpgradeInvalidEpochafterEpoch <= block.number reverts
    • testMigrate:
      • first upgrade: announce + roll + upgradeToAndCallmigrate() runs and emits ContractUpgraded
      • second upgrade: announce a new plan, roll again, and expect InvalidInitialization() from the second upgradeToAndCall

Closes: FilOzone/filecoin-services#355

@Chaitu-Tatipamula Chaitu-Tatipamula force-pushed the feat/announce-planned-upgrade-pdp branch from c209428 to 48b0e95 Compare November 26, 2025 14:23
@Chaitu-Tatipamula Chaitu-Tatipamula mentioned this pull request Nov 26, 2025
Merged
@rjan90 rjan90 requested a review from wjmelements November 26, 2025 16:26
@rjan90 rjan90 moved this to 🔎 Awaiting review in PDP Nov 26, 2025
@Chaitu-Tatipamula Chaitu-Tatipamula force-pushed the feat/announce-planned-upgrade-pdp branch from f966cb3 to f19e5fc Compare November 26, 2025 17:21
wjmelements
wjmelements requested changes Nov 26, 2025
View reviewed changes
@Chaitu-Tatipamula
fix: made nextUpgrade public and some resolutions
d82f193 
- made nextUpgrade public removed the getter
- reverted the one-step process only have the 2 step mechanism
- some fixes in scripts
wjmelements
wjmelements reviewed Nov 26, 2025
View reviewed changes
tools/upgrade.sh
Comment on lines 75 to 79
else
# Old one-step mechanism: direct upgrade without announcement
echo "No planned upgrade detected, using one-step mechanism (direct upgrade)"
echo "WARNING: This is the legacy upgrade path. For new deployments, use announce-planned-upgrade.sh first."
fi
Copy link
Contributor

@wjmelements wjmelements Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pending upgrade being zero means that they did not announcePlannedUpgrade or that the upgrade was already completed.

Copy link
Contributor

@wjmelements wjmelements Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See how cast call behaves when the call reverts due to missing method. It is probably not going to return ZERO_ADDRESS.

Copy link
Contributor Author

@Chaitu-Tatipamula Chaitu-Tatipamula Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it is giving exit codes so i was able to distinguish that way, please check now

wjmelements pushed a commit to FilOzone/filecoin-services that referenced this pull request Nov 26, 2025
@Chaitu-Tatipamula
feat: add announcePlannedUpgrade flow for ServiceProviderRegistry (#356)
55e6e67 
## Summary

This PR covers the `ServiceProviderRegistry` side of [FS
#355](#355) by
adopting the `announcePlannedUpgrade` pattern already used by
`FilecoinWarmStorageService`. PDPVerifier changes are implemented in a
separate PR in [`pdp`](FilOzone/pdp#234) and are
not included here.

## Changes

### ServiceProviderRegistry contract

- Add `PlannedUpgrade` struct and `nextUpgrade` storage field
- Add `UpgradeAnnounced(PlannedUpgrade)` event
- Implement:
- `announcePlannedUpgrade(PlannedUpgrade plannedUpgrade)` — owner-only,
validates code size and `afterEpoch > block.number`, stores the plan and
emits `UpgradeAnnounced`
- `getNextUpgrade() returns (address nextImplementation, uint96
afterEpoch)` — exposes the planned upgrade via the proxy
- Update `_authorizeUpgrade(address newImplementation)` to:
  - Require `newImplementation == nextUpgrade.nextImplementation`
  - Require `block.number >= nextUpgrade.afterEpoch`
  - Clear the stored plan on successful upgrade
- Update `migrate(string newVersion)` to:
  - `public onlyProxy onlyOwner reinitializer(2)`
- Emit `ContractUpgraded(newVersion, ERC1967Utils.getImplementation())`

### Upgrade scripts

- Add `tools/announce-planned-upgrade-registry.sh`
- Announces a planned upgrade for a `ServiceProviderRegistry` proxy
using `announcePlannedUpgrade((address,uint96))`
- Add `tools/upgrade-registry.sh`
  - Reads `getNextUpgrade()` from the registry proxy
  - Verifies the planned implementation and `afterEpoch`
- Calls `upgradeToAndCall(address,bytes)` with `migrate(string)` and the
desired version
- Verifies the final implementation using the standard ERC-1967
implementation slot
(`0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`)

### Tests

- Extend `ServiceProviderRegistryTest` to cover:
- `testAnnouncePlannedUpgrade` — happy-path announce and gated upgrade
flow
  - `testAnnouncePlannedUpgradeOnlyOwner` — only the owner can announce
- `testAnnouncePlannedUpgradeInvalidImplementation` — revert on
non-contract implementation
- `testAnnouncePlannedUpgradeInvalidEpoch` — revert when `afterEpoch <=
block.number`
  - `testOnlyOwnerCanUpgrade` — validates that:
    - Non-owner upgrades revert
    - Owner can upgrade after a valid announcement and epoch gating


Closes : #355
@wjmelements wjmelements added the enhancement New feature or request label Nov 26, 2025
@wjmelements wjmelements merged commit 8a34a37 into FilOzone:main Nov 26, 2025
3 checks passed
@github-project-automation github-project-automation bot moved this from 🔎 Awaiting review to 🎉 Done in PDP Nov 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wjmelements wjmelements wjmelements approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

PDP
Status: 🎉 Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: announcePlannedUpgrade

2 participants

@Chaitu-Tatipamula @wjmelements