Skip to content

Commit

Permalink
chore(ci): add go-ethereum-coprocessor ci workflows (#22)
Browse files Browse the repository at this point in the history
* chore(ci): add geth-coprocessor ci workflows

* chore(ci): fix submodule secret

* chore(ci): update Dockerfiles

* chore(ci): fix hadolint

* chore(ci): refactor

* Add only fhevm-engine from fhevm-backend as a submodule

* fix: update path to fhevm-go-coproc

* fix: fix typo

* chore(build): enable push

* debug: debug docker build

* debug: fix -buildvcs=false

* debug: test geth-ethereum-coprocessor

* debug: replace go run with go build/install

* fix: fix git-lfs pkg

* fix: fix git-lfs pkg for devnode

* fix: fix hadolint

* fix: update image name

* chore(build): update base image

* chore(build): enable push

* chore(build): replace ADD and add required dependencies

* fix: add libc6-compat

* ci: update push image
  • Loading branch information
0xawaz authored Nov 15, 2024
1 parent f9b0050 commit 49d6f41
Show file tree
Hide file tree
Showing 9 changed files with 326 additions and 65 deletions.
194 changes: 194 additions & 0 deletions .github/workflows/common-docker.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
name: Docker Build and Push

on:
workflow_call:
secrets:
BLOCKCHAIN_ACTIONS_TOKEN:
required: true
GRAVITON_BUILDER_SSH_PRIVATE_KEY:
required: true
SUBMODULES_CHECKOUT_TOKEN:
required: true
inputs:
ref:
type: string
required: false
default: ""
working-directory:
type: string
required: true
docker-context:
type: string
required: false
default: "."
image-name:
type: string
required: true
image-dev-name:
type: string
required: false
image-dev-description:
type: string
required: false
push_image:
type: boolean
default: true
required: false
runs_on:
type: string
required: false
default: "ubuntu-latest"
generate-dev-image:
type: boolean
default: false
required: false
docker-file:
type: string
default: "ci.dockerfile"
required: false
docker-file-dev:
type: string
default: "dev.dockerfile"
required: false
graviton-build-host:
type: string
required: false
default: "ec2-15-188-101-126.eu-west-3.compute.amazonaws.com"
arm-build:
type: boolean
default: true
required: false
cache-from:
type: string
required: false
default: "type=gha"
cache-to:
type: string
required: false
default: "type=gha,mode=max"
outputs:
image_name:
description: "Image Name with Tag generated by this task"
value: "${{ jobs.build-and-push-docker.outputs.image_name }}"

jobs:
dockerfile-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run hadolint
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
failure-threshold: none

- name: Run hadolint dev
uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
if: ${{ inputs.generate-dev-image }}
with:
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
failure-threshold: none

build-and-push-docker:
runs-on: ${{ inputs.runs_on }}
outputs:
image_name: ${{ steps.export-image.outputs.image }}
env:
HOME: ${{ inputs.runs_on != 'ubuntu-latest' && '/root' || '/home/runner' }}
steps:
- name: Checkout Project
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ secrets.SUBMODULES_CHECKOUT_TOKEN }}
ref: ${{ inputs.ref_to_geth }}
lfs: true
submodules: recursive

- name: Set up SSH
if: inputs.arm-build
uses: MrSquaare/ssh-setup-action@2d028b70b5e397cf8314c6eaea229a6c3e34977a # v3.1.0
with:
host: ${{ inputs.graviton-build-host }}
private-key: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}
private-key-name: docker_builder_arm

- name: Set up Docker Buildx
if: inputs.arm-build
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
with:
platforms: linux/amd64,linux/arm64
append: |
- endpoint: "ssh://ec2-user@${{ inputs.graviton-build-host }}"
platforms: linux/arm64
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Echo github event
run: echo "Github event ==> ${{ github.event_name }}"

- name: Current branch sha
if: github.event_name != 'release'
run: |
echo "DOCKER_TAG_IMAGE=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
- name: Current Tag
if: github.event_name == 'release'
run: |
echo "DOCKER_TAG_IMAGE=${{ github.ref_name }}" >> "$GITHUB_ENV"
- name: Docker Build and Push
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
push: ${{ inputs.push_image }}
pull: false
tags: ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }},ghcr.io/zama-ai/${{ inputs.image-name }}:latest
cache-from: ${{ inputs.cache-from }}
cache-to: ${{ inputs.cache-to }}

- name: Extract Docker metadata
if: ${{ inputs.generate-dev-image }}
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
annotations: |
org.opencontainers.image.description="${{ inputs.image-dev-description }}"
labels: |
zama.fhevm.version=${{ env.DOCKER_TAG_IMAGE }}
zama.fhevm.description="${{ inputs.image-dev-description }}"
images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }}
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: index

- name: Docker Build and Push Dev Image
if: ${{ inputs.generate-dev-image }}
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
timeout-minutes: 360
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
push: ${{ inputs.push_image }}
pull: false
tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}

- name: Export image name
id: export-image
run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}"

needs:
- dockerfile-lint
47 changes: 47 additions & 0 deletions .github/workflows/fhevm-geth-coprocessor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: "fhEVM Geth Coprocessor Docker Image"

on:
push:
branches:
- main
- amina/geth-ci-workflows
release:
types:
- published
- prereleased

concurrency:
group: geth-coprocessor-${{ github.ref_name }}
cancel-in-progress: false

jobs:
docker-geth-coprocessor:
uses: ./.github/workflows/common-docker.yml
permissions:
contents: "read"
id-token: "write"
packages: "write"
with:
working-directory: "."
push_image: ${{ github.event_name == 'release' || github.ref_name == 'main' }}
image-name: "go-ethereum-coprocessor"
image-dev-name: "go-ethereum-coprocessor-dev"
generate-dev-image: true
docker-file: "Dockerfile"
docker-file-dev: "Dockerfile.dev"
image-dev-description: "geth coprocessor dev image"
arm-build: true

secrets:
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}
SUBMODULES_CHECKOUT_TOKEN: ${{ secrets.SUBMODULES_CHECKOUT_TOKEN }}

done:
runs-on: ubuntu-latest
name: Pipeline Done
steps:
- name: Success
run: echo Pipeline Done
needs:
- docker-geth-coprocessor
3 changes: 3 additions & 0 deletions .gitmodules
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,6 @@
[submodule "fhevm-go-coproc"]
path = fhevm-go-coproc
url = [email protected]:zama-ai/fhevm-go-coproc.git
[submodule "libs/fhevm-backend"]
path = libs/fhevm-backend
url = https://github.com/zama-ai/fhevm-backend.git
3 changes: 3 additions & 0 deletions .hadolint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
ignored:
- DL3018
- DL3008
42 changes: 22 additions & 20 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,28 +1,30 @@
# Support setting various labels on the final image
ARG COMMIT=""
ARG VERSION=""
ARG BUILDNUM=""

# Build Geth in a stock Go builder container
FROM golang:1.22-alpine as builder
FROM golang:1.22-alpine3.20 AS build

RUN apk add --no-cache gcc musl-dev linux-headers git
# Install dependencies
RUN apk update &&\
apk add --no-cache \
gcc musl-dev linux-headers git git-lfs

ADD . /go-ethereum
RUN cd /go-ethereum && go run build/ci.go install -static ./cmd/geth
WORKDIR /go-ethereum

# Pull Geth into a second stage deploy alpine container
FROM alpine:latest
# Copy codebase and build Geth
COPY . .
RUN go run build/ci.go install -static ./cmd/geth

RUN apk add --no-cache ca-certificates
COPY --from=builder /go-ethereum/build/bin/geth /usr/local/bin/

EXPOSE 8545 8546 30303 30303/udp
ENTRYPOINT ["geth"]
# Final Stage
FROM alpine:3.20.3

# Install ca-certificates
RUN apk update &&\
apk add --no-cache ca-certificates

# Add some metadata labels to help programmatic image consumption
ARG COMMIT=""
ARG VERSION=""
ARG BUILDNUM=""
# Copy the Geth binary from the builder stage
COPY --from=build /go-ethereum/build/bin/geth /usr/local/bin/

LABEL commit="$COMMIT" version="$VERSION" buildnum="$BUILDNUM"
# Expose required ports
EXPOSE 8545 8546 30303 30303/udp

# Set entrypoint
ENTRYPOINT ["geth"]
55 changes: 55 additions & 0 deletions Dockerfile.dev
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
FROM golang:1.22-alpine AS build

# Use ARG values for tool versions
ARG TARGETARCH
ARG PRYSM_VERSION=v5.0.3

# Install dependencies
RUN apk update &&\
apk add --no-cache \
libc6-compat gcc make musl-dev linux-headers git git-lfs curl

# Download and set up Prysm binaries
RUN curl -L https://github.com/prysmaticlabs/prysm/releases/download/${PRYSM_VERSION}/beacon-chain-${PRYSM_VERSION}-linux-${TARGETARCH} -o /usr/bin/prysm-beacon &&\
curl -L https://github.com/prysmaticlabs/prysm/releases/download/${PRYSM_VERSION}/validator-${PRYSM_VERSION}-linux-${TARGETARCH} -o /usr/bin/prysm-validator &&\
curl -L https://github.com/prysmaticlabs/prysm/releases/download/${PRYSM_VERSION}/prysmctl-${PRYSM_VERSION}-linux-${TARGETARCH} -o /usr/bin/prysm-ctl &&\
chmod +x /usr/bin/prysm-beacon /usr/bin/prysm-validator /usr/bin/prysm-ctl

WORKDIR /go-ethereum

# Copy and build the Geth source code
COPY . .
RUN go build ./cmd/bootnode && make geth

# Set up final image
FROM alpine:3.20.3

# Install dependencies
RUN apk update &&\
apk add --no-cache \
libc6-compat

# Create necessary directories
RUN mkdir -p /val-data /rpc-data /usr/share/devnet-resources /val-data/consensus/beacondata/network-keys

# Copy built binaries and scripts from build
COPY --from=build /go-ethereum/bootnode /usr/bin/
COPY --from=build /go-ethereum/build/bin/geth /usr/bin/
COPY --from=build /usr/bin/prysm-beacon /usr/bin/prysm-validator /usr/bin/prysm-ctl /usr/bin/

# Copy config files and scripts
COPY --from=build /go-ethereum/local-testnet/prep/execution/genesis.json /usr/share/devnet-resources/
COPY --from=build /go-ethereum/local-testnet/prep/boot.key /usr/share/devnet-resources/
COPY --from=build /go-ethereum/local-testnet/prep/node1/keystore/ /val-data/keystore/
COPY --from=build /go-ethereum/local-testnet/prep/consensus/config.yml /usr/share/devnet-resources/consensus-config.yml
COPY --from=build /go-ethereum/local-testnet/prep/consensus/validator-beacon-static-network-keys /val-data/consensus/beacondata/network-keys
COPY --from=build /go-ethereum/scripts/run-single-node-devnet.sh /entrypoint.sh
COPY --from=build /go-ethereum/scripts/faucet.sh /usr/bin/faucet

WORKDIR /

# Set environment variable
ENV VALIDATOR_ACCOUNT=0x1181a1fb7b6de97d4cb06da82a0037df1ffe32d0

# Define entrypoint
ENTRYPOINT ["/entrypoint.sh"]
Loading

0 comments on commit 49d6f41

Please sign in to comment.