Origin Automated Actions

[sparrowDom]

Summary

This PR introduces a cron runtime supervisor for the Docker deployment that:

• keeps supercronic scheduling from JSON config
• adds authenticated REST endpoints for manual action runs
• exposes API endpoints to inspect configured actions and run status

AWS KMS Signer Usage

Cron/manual actions still execute existing Hardhat tasks, so signer behavior is unchanged and continues to use the repo signer selection logic:

• If AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are present, the task path selects AWS KMS signing.
• KMS signing uses DirectKmsTransactionSigner (purrikey) with the configured relayer key id and region.
• Transactions are signed by KMS and submitted normally by the task flow.
• Transaction hashes are emitted in task logs (utils/txLogger), so run-level tx IDs are visible in container logs/Loki.

Cronjobs Configured via JSON

Cron configuration is now JSON-first:

• Source of truth: contracts/cron/cron-jobs.json
• Job schema:
  • name (string)
  • schedule (5-field cron expression)
  • enabled (boolean)
  • command (string)
• Startup rendering validates config and fails fast on:
  • invalid/malformed schema
  • duplicate names
  • invalid schedule shape
  • zero enabled jobs
• Enabled jobs are rendered to /etc/cronjob (with # <name> comments) and started via supercronic.

Cronjobs Triggered via API

A lightweight Node HTTP server is started with the container runtime and runs alongside supercronic.

• Auth:
  • Bearer token required for /api/v1/*
  • token env var: ACTION_API_BEARER_TOKEN (required)
• Trigger endpoint:
  • POST /api/v1/actions/:name/runs
  • returns 202 Accepted with:
    • runId
    • action
    • status
    • statusUrl
    • startedAt
  • includes Location header pointing to run status URL
• Execution model:
  • async execution (queued -> running -> succeeded|failed)
  • manual triggers are allowed even when enabled=false
  • parallel runs are allowed
  • bounded in-memory run history (default limit 500)

Cron Configuration / Run Status via API

• GET /api/v1/actions
  • returns configured actions with name, schedule, enabled
• GET /api/v1/runs/:runId
  • returns run lifecycle + completion metadata:
    • status
    • startedAt
    • finishedAt
    • exitCode
    • signal
• GET /healthz (no auth)
  • runtime health including whether supercronic is running

Runtime Notes

• Entrypoint now launches the supervisor (node /app/scripts/cron-supervisor.js).
• Optional runtime envs:
  • HOST (default 0.0.0.0)
  • PORT (default 8080)
  • ACTION_RUN_HISTORY_LIMIT (default 500)
  • ACTION_WORKDIR (default /app)
• Logs for a run are available in container stdout/stderr (and Loki), while API returns structured status/metadata.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.21%. Comparing base (3a8ab77) to head (868b1ec).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2854   +/-   ##
=======================================
  Coverage   48.21%   48.21%           
=======================================
  Files         112      112           
  Lines        4835     4835           
  Branches     1338     1338           
=======================================
  Hits         2331     2331           
  Misses       2500     2500           
  Partials        4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.