-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(ci): add go-ethereum-coprocessor ci workflows (#22)
* chore(ci): add geth-coprocessor ci workflows * chore(ci): fix submodule secret * chore(ci): update Dockerfiles * chore(ci): fix hadolint * chore(ci): refactor * Add only fhevm-engine from fhevm-backend as a submodule * fix: update path to fhevm-go-coproc * fix: fix typo * chore(build): enable push * debug: debug docker build * debug: fix -buildvcs=false * debug: test geth-ethereum-coprocessor * debug: replace go run with go build/install * fix: fix git-lfs pkg * fix: fix git-lfs pkg for devnode * fix: fix hadolint * fix: update image name * chore(build): update base image * chore(build): enable push * chore(build): replace ADD and add required dependencies * fix: add libc6-compat * ci: update push image
- Loading branch information
Showing
9 changed files
with
326 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,194 @@ | ||
name: Docker Build and Push | ||
|
||
on: | ||
workflow_call: | ||
secrets: | ||
BLOCKCHAIN_ACTIONS_TOKEN: | ||
required: true | ||
GRAVITON_BUILDER_SSH_PRIVATE_KEY: | ||
required: true | ||
SUBMODULES_CHECKOUT_TOKEN: | ||
required: true | ||
inputs: | ||
ref: | ||
type: string | ||
required: false | ||
default: "" | ||
working-directory: | ||
type: string | ||
required: true | ||
docker-context: | ||
type: string | ||
required: false | ||
default: "." | ||
image-name: | ||
type: string | ||
required: true | ||
image-dev-name: | ||
type: string | ||
required: false | ||
image-dev-description: | ||
type: string | ||
required: false | ||
push_image: | ||
type: boolean | ||
default: true | ||
required: false | ||
runs_on: | ||
type: string | ||
required: false | ||
default: "ubuntu-latest" | ||
generate-dev-image: | ||
type: boolean | ||
default: false | ||
required: false | ||
docker-file: | ||
type: string | ||
default: "ci.dockerfile" | ||
required: false | ||
docker-file-dev: | ||
type: string | ||
default: "dev.dockerfile" | ||
required: false | ||
graviton-build-host: | ||
type: string | ||
required: false | ||
default: "ec2-15-188-101-126.eu-west-3.compute.amazonaws.com" | ||
arm-build: | ||
type: boolean | ||
default: true | ||
required: false | ||
cache-from: | ||
type: string | ||
required: false | ||
default: "type=gha" | ||
cache-to: | ||
type: string | ||
required: false | ||
default: "type=gha,mode=max" | ||
outputs: | ||
image_name: | ||
description: "Image Name with Tag generated by this task" | ||
value: "${{ jobs.build-and-push-docker.outputs.image_name }}" | ||
|
||
jobs: | ||
dockerfile-lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- name: Run hadolint | ||
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | ||
with: | ||
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file }} | ||
failure-threshold: none | ||
|
||
- name: Run hadolint dev | ||
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | ||
if: ${{ inputs.generate-dev-image }} | ||
with: | ||
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }} | ||
failure-threshold: none | ||
|
||
build-and-push-docker: | ||
runs-on: ${{ inputs.runs_on }} | ||
outputs: | ||
image_name: ${{ steps.export-image.outputs.image }} | ||
env: | ||
HOME: ${{ inputs.runs_on != 'ubuntu-latest' && '/root' || '/home/runner' }} | ||
steps: | ||
- name: Checkout Project | ||
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | ||
with: | ||
token: ${{ secrets.SUBMODULES_CHECKOUT_TOKEN }} | ||
ref: ${{ inputs.ref_to_geth }} | ||
lfs: true | ||
submodules: recursive | ||
|
||
- name: Set up SSH | ||
if: inputs.arm-build | ||
uses: MrSquaare/ssh-setup-action@2d028b70b5e397cf8314c6eaea229a6c3e34977a # v3.1.0 | ||
with: | ||
host: ${{ inputs.graviton-build-host }} | ||
private-key: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} | ||
private-key-name: docker_builder_arm | ||
|
||
- name: Set up Docker Buildx | ||
if: inputs.arm-build | ||
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 | ||
with: | ||
platforms: linux/amd64,linux/arm64 | ||
append: | | ||
- endpoint: "ssh://ec2-user@${{ inputs.graviton-build-host }}" | ||
platforms: linux/arm64 | ||
- name: Login to GitHub Container Registry | ||
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | ||
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Echo github event | ||
run: echo "Github event ==> ${{ github.event_name }}" | ||
|
||
- name: Current branch sha | ||
if: github.event_name != 'release' | ||
run: | | ||
echo "DOCKER_TAG_IMAGE=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" | ||
- name: Current Tag | ||
if: github.event_name == 'release' | ||
run: | | ||
echo "DOCKER_TAG_IMAGE=${{ github.ref_name }}" >> "$GITHUB_ENV" | ||
- name: Docker Build and Push | ||
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | ||
with: | ||
context: ${{ inputs.docker-context }} | ||
platforms: linux/amd64,linux/arm64 | ||
build-args: | | ||
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} | ||
file: ${{ inputs.working-directory }}/${{ inputs.docker-file }} | ||
push: ${{ inputs.push_image }} | ||
pull: false | ||
tags: ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }},ghcr.io/zama-ai/${{ inputs.image-name }}:latest | ||
cache-from: ${{ inputs.cache-from }} | ||
cache-to: ${{ inputs.cache-to }} | ||
|
||
- name: Extract Docker metadata | ||
if: ${{ inputs.generate-dev-image }} | ||
id: meta | ||
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | ||
with: | ||
annotations: | | ||
org.opencontainers.image.description="${{ inputs.image-dev-description }}" | ||
labels: | | ||
zama.fhevm.version=${{ env.DOCKER_TAG_IMAGE }} | ||
zama.fhevm.description="${{ inputs.image-dev-description }}" | ||
images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }} | ||
env: | ||
DOCKER_METADATA_ANNOTATIONS_LEVELS: index | ||
|
||
- name: Docker Build and Push Dev Image | ||
if: ${{ inputs.generate-dev-image }} | ||
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | ||
timeout-minutes: 360 | ||
with: | ||
context: ${{ inputs.docker-context }} | ||
platforms: linux/amd64,linux/arm64 | ||
build-args: | | ||
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} | ||
file: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }} | ||
push: ${{ inputs.push_image }} | ||
pull: false | ||
tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
labels: ${{ steps.meta.outputs.labels }} | ||
annotations: ${{ steps.meta.outputs.annotations }} | ||
|
||
- name: Export image name | ||
id: export-image | ||
run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}" | ||
|
||
needs: | ||
- dockerfile-lint |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
name: "fhEVM Geth Coprocessor Docker Image" | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- amina/geth-ci-workflows | ||
release: | ||
types: | ||
- published | ||
- prereleased | ||
|
||
concurrency: | ||
group: geth-coprocessor-${{ github.ref_name }} | ||
cancel-in-progress: false | ||
|
||
jobs: | ||
docker-geth-coprocessor: | ||
uses: ./.github/workflows/common-docker.yml | ||
permissions: | ||
contents: "read" | ||
id-token: "write" | ||
packages: "write" | ||
with: | ||
working-directory: "." | ||
push_image: ${{ github.event_name == 'release' || github.ref_name == 'main' }} | ||
image-name: "go-ethereum-coprocessor" | ||
image-dev-name: "go-ethereum-coprocessor-dev" | ||
generate-dev-image: true | ||
docker-file: "Dockerfile" | ||
docker-file-dev: "Dockerfile.dev" | ||
image-dev-description: "geth coprocessor dev image" | ||
arm-build: true | ||
|
||
secrets: | ||
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} | ||
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} | ||
SUBMODULES_CHECKOUT_TOKEN: ${{ secrets.SUBMODULES_CHECKOUT_TOKEN }} | ||
|
||
done: | ||
runs-on: ubuntu-latest | ||
name: Pipeline Done | ||
steps: | ||
- name: Success | ||
run: echo Pipeline Done | ||
needs: | ||
- docker-geth-coprocessor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,3 +9,6 @@ | |
[submodule "fhevm-go-coproc"] | ||
path = fhevm-go-coproc | ||
url = [email protected]:zama-ai/fhevm-go-coproc.git | ||
[submodule "libs/fhevm-backend"] | ||
path = libs/fhevm-backend | ||
url = https://github.com/zama-ai/fhevm-backend.git |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
ignored: | ||
- DL3018 | ||
- DL3008 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,30 @@ | ||
# Support setting various labels on the final image | ||
ARG COMMIT="" | ||
ARG VERSION="" | ||
ARG BUILDNUM="" | ||
|
||
# Build Geth in a stock Go builder container | ||
FROM golang:1.22-alpine as builder | ||
FROM golang:1.22-alpine3.20 AS build | ||
|
||
RUN apk add --no-cache gcc musl-dev linux-headers git | ||
# Install dependencies | ||
RUN apk update &&\ | ||
apk add --no-cache \ | ||
gcc musl-dev linux-headers git git-lfs | ||
|
||
ADD . /go-ethereum | ||
RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth | ||
WORKDIR /go-ethereum | ||
|
||
# Pull Geth into a second stage deploy alpine container | ||
FROM alpine:latest | ||
# Copy codebase and build Geth | ||
COPY . . | ||
RUN go run build/ci.go install -static ./cmd/geth | ||
|
||
RUN apk add --no-cache ca-certificates | ||
COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/ | ||
|
||
EXPOSE 8545 8546 30303 30303/udp | ||
ENTRYPOINT ["geth"] | ||
# Final Stage | ||
FROM alpine:3.20.3 | ||
|
||
# Install ca-certificates | ||
RUN apk update &&\ | ||
apk add --no-cache ca-certificates | ||
|
||
# Add some metadata labels to help programmatic image consumption | ||
ARG COMMIT="" | ||
ARG VERSION="" | ||
ARG BUILDNUM="" | ||
# Copy the Geth binary from the builder stage | ||
COPY --from=build /go-ethereum/build/bin/geth /usr/local/bin/ | ||
|
||
LABEL commit="$COMMIT" version="$VERSION" buildnum="$BUILDNUM" | ||
# Expose required ports | ||
EXPOSE 8545 8546 30303 30303/udp | ||
|
||
# Set entrypoint | ||
ENTRYPOINT ["geth"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
FROM golang:1.22-alpine AS build | ||
|
||
# Use ARG values for tool versions | ||
ARG TARGETARCH | ||
ARG PRYSM_VERSION=v5.0.3 | ||
|
||
# Install dependencies | ||
RUN apk update &&\ | ||
apk add --no-cache \ | ||
libc6-compat gcc make musl-dev linux-headers git git-lfs curl | ||
|
||
# Download and set up Prysm binaries | ||
RUN curl -L https://github.com/prysmaticlabs/prysm/releases/download/${PRYSM_VERSION}/beacon-chain-${PRYSM_VERSION}-linux-${TARGETARCH} -o /usr/bin/prysm-beacon &&\ | ||
curl -L https://github.com/prysmaticlabs/prysm/releases/download/${PRYSM_VERSION}/validator-${PRYSM_VERSION}-linux-${TARGETARCH} -o /usr/bin/prysm-validator &&\ | ||
curl -L https://github.com/prysmaticlabs/prysm/releases/download/${PRYSM_VERSION}/prysmctl-${PRYSM_VERSION}-linux-${TARGETARCH} -o /usr/bin/prysm-ctl &&\ | ||
chmod +x /usr/bin/prysm-beacon /usr/bin/prysm-validator /usr/bin/prysm-ctl | ||
|
||
WORKDIR /go-ethereum | ||
|
||
# Copy and build the Geth source code | ||
COPY . . | ||
RUN go build ./cmd/bootnode && make geth | ||
|
||
# Set up final image | ||
FROM alpine:3.20.3 | ||
|
||
# Install dependencies | ||
RUN apk update &&\ | ||
apk add --no-cache \ | ||
libc6-compat | ||
|
||
# Create necessary directories | ||
RUN mkdir -p /val-data /rpc-data /usr/share/devnet-resources /val-data/consensus/beacondata/network-keys | ||
|
||
# Copy built binaries and scripts from build | ||
COPY --from=build /go-ethereum/bootnode /usr/bin/ | ||
COPY --from=build /go-ethereum/build/bin/geth /usr/bin/ | ||
COPY --from=build /usr/bin/prysm-beacon /usr/bin/prysm-validator /usr/bin/prysm-ctl /usr/bin/ | ||
|
||
# Copy config files and scripts | ||
COPY --from=build /go-ethereum/local-testnet/prep/execution/genesis.json /usr/share/devnet-resources/ | ||
COPY --from=build /go-ethereum/local-testnet/prep/boot.key /usr/share/devnet-resources/ | ||
COPY --from=build /go-ethereum/local-testnet/prep/node1/keystore/ /val-data/keystore/ | ||
COPY --from=build /go-ethereum/local-testnet/prep/consensus/config.yml /usr/share/devnet-resources/consensus-config.yml | ||
COPY --from=build /go-ethereum/local-testnet/prep/consensus/validator-beacon-static-network-keys /val-data/consensus/beacondata/network-keys | ||
COPY --from=build /go-ethereum/scripts/run-single-node-devnet.sh /entrypoint.sh | ||
COPY --from=build /go-ethereum/scripts/faucet.sh /usr/bin/faucet | ||
|
||
WORKDIR / | ||
|
||
# Set environment variable | ||
ENV VALIDATOR_ACCOUNT=0x1181a1fb7b6de97d4cb06da82a0037df1ffe32d0 | ||
|
||
# Define entrypoint | ||
ENTRYPOINT ["/entrypoint.sh"] |
Oops, something went wrong.