stratum-mining · plebhash · Mar 20, 2026 · Mar 20, 2026
diff --git a/.github/workflows/lockfiles.yaml b/.github/workflows/lockfiles.yaml
@@ -31,44 +31,3 @@ jobs:
 
           # while bitcoin-core-sv2 crate is still a lib crate, no need to lock it so we skip it here
           # whenever we implement a binary executable for bitcoin-core-sv2, we will need to cover it here
-
-  stratum-freshness:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Get latest stratum commit on main
-        id: stratum
-        run: |
-          LATEST=$(git ls-remote https://github.com/stratum-mining/stratum refs/heads/main | cut -f1)
-          echo "latest_sha=$LATEST" >> "$GITHUB_OUTPUT"
-          echo "Latest stratum main commit: $LATEST"
-
-      - name: Check lockfiles pin the latest stratum-core
-        run: |
-          LATEST="${{ steps.stratum.outputs.latest_sha }}"
-          FAILED=0
-
-          for lockfile in pool-apps/Cargo.lock miner-apps/Cargo.lock integration-tests/Cargo.lock; do
-            PINNED=$(grep -oP 'git\+https://github\.com/stratum-mining/stratum\?branch=main#\K[0-9a-f]+' "$lockfile" | head -1)
-
-            if [ -z "$PINNED" ]; then
-              echo "WARNING: No stratum-core git pin found in $lockfile"
-              continue
-            fi
-
-            if [ "$PINNED" != "$LATEST" ]; then
-              echo "FAIL: $lockfile is stale (pinned=$PINNED, latest=$LATEST)"
-              FAILED=1
-            else
-              echo "OK: $lockfile is up to date ($PINNED)"
-            fi
-          done
-
-          if [ "$FAILED" -eq 1 ]; then
-            echo ""
-            echo "Lockfiles are not pinned to the latest stratum-core commit."
-            echo "Run 'cargo update -p stratum-core' in each workspace to update them."
-            exit 1
-          fi
diff --git a/.github/workflows/stratum-core-sync.yaml b/.github/workflows/stratum-core-sync.yaml
@@ -0,0 +1,132 @@
+name: Stratum Core Sync
+
+on:
+  # Immediate trigger from upstream automation in stratum repo.
+  repository_dispatch:
+    types:
+      - stratum-main-updated
+
+  # Manual fallback.
+  workflow_dispatch:
+
+  # Optional safety net in case dispatch integration fails.
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+concurrency:
+  group: stratum-core-sync
+  cancel-in-progress: false
+
+jobs:
+  sync-stratum-core-lockfiles:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT }}
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Detect latest and pinned stratum SHAs
+        id: detect
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          # Latest commit on stratum main.
+          LATEST_SHA="$(git ls-remote https://github.com/stratum-mining/stratum refs/heads/main | cut -f1)"
+          if [ -z "${LATEST_SHA}" ]; then
+            echo "Could not determine latest stratum main SHA."
+            exit 1
+          fi
+
+          # Current pinned SHA from pool-apps lockfile (same source URL pattern used in previous freshness check).
+          PINNED_SHA="$(grep -oP 'git\+https://github\.com/stratum-mining/stratum\?branch=main#\K[0-9a-f]+' pool-apps/Cargo.lock | head -1 || true)"
+          if [ -z "${PINNED_SHA}" ]; then
+            echo "Could not determine pinned stratum SHA from pool-apps/Cargo.lock."
+            exit 1
+          fi
+
+          SHORT_SHA="${LATEST_SHA:0:7}"
+
+          if [ "${PINNED_SHA}" = "${LATEST_SHA}" ]; then
+            echo "stratum-core is already up to date: ${PINNED_SHA}"
+            echo "update_needed=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "stratum-core update needed: pinned=${PINNED_SHA}, latest=${LATEST_SHA}"
+            echo "update_needed=true" >> "$GITHUB_OUTPUT"
+          fi
+
+          echo "latest_sha=${LATEST_SHA}" >> "$GITHUB_OUTPUT"
+          echo "pinned_sha=${PINNED_SHA}" >> "$GITHUB_OUTPUT"
+          echo "short_sha=${SHORT_SHA}" >> "$GITHUB_OUTPUT"
+
+      - name: Update all workspace lockfiles to latest stratum-core
+        if: steps.detect.outputs.update_needed == 'true'
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          # Update lockfiles in all relevant workspaces in one run.
+          cargo update -p stratum-core --manifest-path pool-apps/Cargo.toml
+          cargo update -p stratum-core --manifest-path miner-apps/Cargo.toml
+          cargo update -p stratum-core --manifest-path integration-tests/Cargo.toml
+
+      - name: Verify lockfiles pin latest stratum SHA
+        if: steps.detect.outputs.update_needed == 'true'
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          LATEST_SHA="${{ steps.detect.outputs.latest_sha }}"
+          FAILED=0
+
+          for lockfile in pool-apps/Cargo.lock miner-apps/Cargo.lock integration-tests/Cargo.lock; do
+            PINNED_SHA="$(grep -oP 'git\+https://github\.com/stratum-mining/stratum\?branch=main#\K[0-9a-f]+' "$lockfile" | head -1 || true)"
+
+            if [ -z "${PINNED_SHA}" ]; then
+              echo "FAIL: No stratum SHA pin found in ${lockfile}"
+              FAILED=1
+              continue
+            fi
+
+            if [ "${PINNED_SHA}" != "${LATEST_SHA}" ]; then
+              echo "FAIL: ${lockfile} pins ${PINNED_SHA}, expected ${LATEST_SHA}"
+              FAILED=1
+            else
+              echo "OK: ${lockfile} updated to ${PINNED_SHA}"
+            fi
+          done
+
+          if [ "${FAILED}" -eq 1 ]; then
+            echo "One or more lockfiles failed to pin latest stratum main SHA."
+            exit 1
+          fi
+
+      - name: Create PR with all lockfile updates
+        if: steps.detect.outputs.update_needed == 'true'
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.PAT }}
+          commit-message: "chore(deps): update stratum-core to ${{ steps.detect.outputs.short_sha }}"
+          branch: "ci/update-stratum-core-${{ steps.detect.outputs.short_sha }}"
+          title: "chore(deps): update stratum-core to ${{ steps.detect.outputs.short_sha }}"
+          body: |
+            This PR updates all workspace lockfiles to the latest `stratum` main commit.
+
+            - Latest upstream SHA: `${{ steps.detect.outputs.latest_sha }}`
+            - Previously pinned SHA: `${{ steps.detect.outputs.pinned_sha }}`
+
+            Updated lockfiles:
+            - `pool-apps/Cargo.lock`
+            - `miner-apps/Cargo.lock`
+            - `integration-tests/Cargo.lock`
+          delete-branch: true