From ac56dcb0b115d0904be3fa35ce2c1f97489d050c Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Tue, 29 Oct 2024 10:16:24 +0100 Subject: [PATCH 1/8] chore(ci): add docker workflows --- .github/workflows/common-docker.yml | 166 ++++++++++++++++++ .../workflows/fhevm-smart-contracts-dev.yml | 35 ++++ .github/workflows/fhevm-smart-contracts.yml | 32 ++++ 3 files changed, 233 insertions(+) create mode 100644 .github/workflows/common-docker.yml create mode 100644 .github/workflows/fhevm-smart-contracts-dev.yml create mode 100644 .github/workflows/fhevm-smart-contracts.yml diff --git a/.github/workflows/common-docker.yml b/.github/workflows/common-docker.yml new file mode 100644 index 00000000..7220c836 --- /dev/null +++ b/.github/workflows/common-docker.yml @@ -0,0 +1,166 @@ +name: Docker Build and Push + +on: + workflow_call: + secrets: + BLOCKCHAIN_ACTIONS_TOKEN: + required: true + GRAVITON_BUILDER_SSH_PRIVATE_KEY: + required: true + inputs: + ref: + type: string + required: false + default: "" + working-directory: + type: string + required: true + docker-context: + type: string + required: false + default: "." + image-name: + type: string + required: true + image-dev-name: + type: string + required: false + image-dev-description: + type: string + required: false + push_image: + type: boolean + default: true + required: false + runs_on: + type: string + required: false + default: "ubuntu-latest" + generate-dev-image: + type: boolean + default: false + required: false + docker-file: + type: string + default: "ci.dockerfile" + required: false + docker-file-dev: + type: string + default: "dev.dockerfile" + required: false + graviton-build-host: + type: string + required: false + default: "ec2-15-188-101-126.eu-west-3.compute.amazonaws.com" + arm-build: + type: boolean + default: true + required: false + cache-from: + type: string + required: false + default: "type=gha" + cache-to: + type: string + required: false + default: "type=gha,mode=max" + outputs: + image_name: + description: "Image Name with Tag generated by this task" + value: "${{ jobs.build-and-push-docker.outputs.image_name }}" + +jobs: + build-and-push-docker: + runs-on: ${{ inputs.runs_on }} + outputs: + image_name: ${{ steps.export-image.outputs.image }} + env: + HOME: ${{ inputs.runs_on != 'ubuntu-latest' && '/root' || '/home/runner' }} + steps: + - name: Checkout Project + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Set up SSH + if: inputs.arm-build + uses: MrSquaare/ssh-setup-action@2d028b70b5e397cf8314c6eaea229a6c3e34977a # v3.1.0 + with: + host: ${{ inputs.graviton-build-host }} + private-key: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} + private-key-name: docker_builder_arm + + - name: Set up Docker Buildx + if: inputs.arm-build + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + with: + platforms: linux/amd64,linux/arm64 + append: | + - endpoint: "ssh://ec2-user@${{ inputs.graviton-build-host }}" + platforms: linux/arm64 + + - name: Login to GitHub Container Registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Echo github event + run: echo "Github event ==> ${{ github.event_name }}" + + - name: Current branch sha + if: github.event_name != 'release' + run: | + echo "DOCKER_TAG_IMAGE=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" + - name: Current Tag + if: github.event_name == 'release' + run: | + echo "DOCKER_TAG_IMAGE=${{ github.ref_name }}" >> "$GITHUB_ENV" + + - name: Docker Build and Push + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + with: + context: ${{ inputs.docker-context }} + build-args: | + BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} + file: ${{ inputs.working-directory }}/operations/docker/${{ inputs.docker-file }} + push: ${{ inputs.push_image }} + pull: false + tags: ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }},ghcr.io/zama-ai/${{ inputs.image-name }}:latest + cache-from: ${{ inputs.cache-from }} + cache-to: ${{ inputs.cache-to }} + + - name: Extract Docker metadata + if: ${{ inputs.generate-dev-image }} + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + annotations: | + org.opencontainers.image.description="${{ inputs.image-dev-description }}" + labels: | + zama.kms.version=${{ env.DOCKER_TAG_IMAGE }} + zama.kms.description="${{ inputs.image-dev-description }}" + images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }} + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: index + + - name: Docker Build and Push Dev Image + if: ${{ inputs.generate-dev-image }} + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 + timeout-minutes: 360 + with: + context: ${{ inputs.docker-context }} + platforms: linux/amd64,linux/arm64 + build-args: | + BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} + file: ${{ inputs.working-directory }}/operations/docker/${{ inputs.docker-file-dev }} + push: ${{ inputs.push_image }} + pull: false + tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + + - name: Export image name + id: export-image + run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}" \ No newline at end of file diff --git a/.github/workflows/fhevm-smart-contracts-dev.yml b/.github/workflows/fhevm-smart-contracts-dev.yml new file mode 100644 index 00000000..6b18d461 --- /dev/null +++ b/.github/workflows/fhevm-smart-contracts-dev.yml @@ -0,0 +1,35 @@ +name: "Docker: fhEVM smart contracts" + +on: + push: + branches: ["sc-workflows"] + +jobs: + docker-smart-contracts: + uses: ./.github/workflows/common-docker.yml + permissions: + contents: "read" + id-token: "write" + packages: "write" + with: + working-directory: "." + push_image: true + image-name: "fhevm-smart-contracts" + image-dev-name: "fhevm-smart-contracts-dev" + generate-dev-image: true + docker-file-dev: "dev.dockerfile" + image-dev-description: "fhEVM smart contracts dev Image" + arm-build: true + + secrets: + BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} + GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} + + done: + runs-on: ubuntu-latest + name: Pipeline Done + steps: + - name: Success + run: echo Pipeline Done + needs: + - docker-smart-contracts \ No newline at end of file diff --git a/.github/workflows/fhevm-smart-contracts.yml b/.github/workflows/fhevm-smart-contracts.yml new file mode 100644 index 00000000..bb1109eb --- /dev/null +++ b/.github/workflows/fhevm-smart-contracts.yml @@ -0,0 +1,32 @@ +name: "Docker: fhEVM smart contracts (ci)" + +on: + release: + types: [published] + +jobs: + docker-smart-contracts: + uses: ./.github/workflows/common-docker.yml + permissions: + contents: "read" + id-token: "write" + packages: "write" + with: + working-directory: "." + push_image: true + image-name: "fhevm-smart-contracts" + docker-file: "ci.dockerfile" + arm-build: true + + secrets: + BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} + GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} + + done: + runs-on: ubuntu-latest + name: Pipeline Done + steps: + - name: Success + run: echo Pipeline Done + needs: + - docker-smart-contracts From ff64316ad755915ecbe9a0fd8144f4ac0b2fb4aa Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Tue, 29 Oct 2024 10:16:39 +0100 Subject: [PATCH 2/8] chore(ci): add dockerfiles --- operations/docker/ci.dockerfile | 17 +++++++++++++++++ operations/docker/dev.dockerfile | 27 +++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 operations/docker/ci.dockerfile create mode 100644 operations/docker/dev.dockerfile diff --git a/operations/docker/ci.dockerfile b/operations/docker/ci.dockerfile new file mode 100644 index 00000000..a1b0a98e --- /dev/null +++ b/operations/docker/ci.dockerfile @@ -0,0 +1,17 @@ +FROM node:20 + +# Set the working directory inside the container +WORKDIR /app +COPY package.json ./ + +# Install the dependencies +RUN npm install + +COPY .env.example.deployment ./ +COPY lib ./lib/ +COPY tasks ./tasks/ +COPY gateway ./gateway/ +COPY *.sh ./ +COPY *.ts ./ +COPY tsconfig.json ./ +COPY *.sh ./ \ No newline at end of file diff --git a/operations/docker/dev.dockerfile b/operations/docker/dev.dockerfile new file mode 100644 index 00000000..eff60413 --- /dev/null +++ b/operations/docker/dev.dockerfile @@ -0,0 +1,27 @@ +FROM node:20 + +# Set the working directory inside the container +WORKDIR /app +COPY package.json ./ + +# Install the dependencies +RUN npm install + +COPY .env.example.deployment ./ +COPY lib ./lib/ +COPY tasks ./tasks/ +COPY gateway ./gateway/ +COPY *.sh ./ +COPY *.ts ./ +COPY tsconfig.json ./ + +RUN cp .env.example.deployment .env +RUN ./precompute-addresses.sh + +RUN npx hardhat clean + +RUN PRIVATE_KEY_FHEVM_DEPLOYER=$(grep PRIVATE_KEY_FHEVM_DEPLOYER .env | cut -d '"' -f 2) +RUN NUM_KMS_SIGNERS=$(grep NUM_KMS_SIGNERS .env | cut -d '"' -f 2) + +RUN npx hardhat compile:specific --contract lib +RUN npx hardhat compile:specific --contract gateway From 825478fe985d3fcb8be006624e0743b389ee4e0f Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Tue, 29 Oct 2024 10:41:04 +0100 Subject: [PATCH 3/8] chore(ci): update dev image --- .../workflows/fhevm-smart-contracts-dev.yml | 35 ------------------- .github/workflows/fhevm-smart-contracts.yml | 12 ++++--- 2 files changed, 8 insertions(+), 39 deletions(-) delete mode 100644 .github/workflows/fhevm-smart-contracts-dev.yml diff --git a/.github/workflows/fhevm-smart-contracts-dev.yml b/.github/workflows/fhevm-smart-contracts-dev.yml deleted file mode 100644 index 6b18d461..00000000 --- a/.github/workflows/fhevm-smart-contracts-dev.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: "Docker: fhEVM smart contracts" - -on: - push: - branches: ["sc-workflows"] - -jobs: - docker-smart-contracts: - uses: ./.github/workflows/common-docker.yml - permissions: - contents: "read" - id-token: "write" - packages: "write" - with: - working-directory: "." - push_image: true - image-name: "fhevm-smart-contracts" - image-dev-name: "fhevm-smart-contracts-dev" - generate-dev-image: true - docker-file-dev: "dev.dockerfile" - image-dev-description: "fhEVM smart contracts dev Image" - arm-build: true - - secrets: - BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} - GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }} - - done: - runs-on: ubuntu-latest - name: Pipeline Done - steps: - - name: Success - run: echo Pipeline Done - needs: - - docker-smart-contracts \ No newline at end of file diff --git a/.github/workflows/fhevm-smart-contracts.yml b/.github/workflows/fhevm-smart-contracts.yml index bb1109eb..731e34ae 100644 --- a/.github/workflows/fhevm-smart-contracts.yml +++ b/.github/workflows/fhevm-smart-contracts.yml @@ -1,8 +1,8 @@ -name: "Docker: fhEVM smart contracts (ci)" +name: "fhEVM smart contracts Docker image" on: - release: - types: [published] + push: + branches: ["sc-workflows"] jobs: docker-smart-contracts: @@ -15,7 +15,11 @@ jobs: working-directory: "." push_image: true image-name: "fhevm-smart-contracts" + image-dev-name: "fhevm-smart-contracts-dev" + generate-dev-image: true docker-file: "ci.dockerfile" + docker-file-dev: "dev.dockerfile" + image-dev-description: "fhEVM smart contracts dev Image" arm-build: true secrets: @@ -29,4 +33,4 @@ jobs: - name: Success run: echo Pipeline Done needs: - - docker-smart-contracts + - docker-smart-contracts \ No newline at end of file From a9c0d75fbea5c798fca1c708c972f29115c86b83 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Tue, 29 Oct 2024 11:41:03 +0100 Subject: [PATCH 4/8] chore(ci): fix build platforms --- .github/workflows/common-docker.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/common-docker.yml b/.github/workflows/common-docker.yml index 7220c836..4ea2d0f8 100644 --- a/.github/workflows/common-docker.yml +++ b/.github/workflows/common-docker.yml @@ -120,6 +120,7 @@ jobs: uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 with: context: ${{ inputs.docker-context }} + platforms: linux/amd64,linux/arm64 build-args: | BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }} file: ${{ inputs.working-directory }}/operations/docker/${{ inputs.docker-file }} From 1a633fb0e401d4d4aee474e4e15b52dcc38b792f Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Tue, 29 Oct 2024 11:57:48 +0100 Subject: [PATCH 5/8] chore(ci): fix commitlint --- .github/workflows/common-docker.yml | 2 +- .github/workflows/fhevm-smart-contracts.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/common-docker.yml b/.github/workflows/common-docker.yml index 4ea2d0f8..6796e5e1 100644 --- a/.github/workflows/common-docker.yml +++ b/.github/workflows/common-docker.yml @@ -164,4 +164,4 @@ jobs: - name: Export image name id: export-image - run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}" \ No newline at end of file + run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}" diff --git a/.github/workflows/fhevm-smart-contracts.yml b/.github/workflows/fhevm-smart-contracts.yml index 731e34ae..eeeb6c85 100644 --- a/.github/workflows/fhevm-smart-contracts.yml +++ b/.github/workflows/fhevm-smart-contracts.yml @@ -33,4 +33,4 @@ jobs: - name: Success run: echo Pipeline Done needs: - - docker-smart-contracts \ No newline at end of file + - docker-smart-contracts From cde6d2932cf5954b13c97627eb4a03a70b8fc179 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Tue, 29 Oct 2024 12:49:26 +0100 Subject: [PATCH 6/8] chore(ci): update push branch --- .github/workflows/fhevm-smart-contracts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fhevm-smart-contracts.yml b/.github/workflows/fhevm-smart-contracts.yml index eeeb6c85..0bf5c722 100644 --- a/.github/workflows/fhevm-smart-contracts.yml +++ b/.github/workflows/fhevm-smart-contracts.yml @@ -2,7 +2,7 @@ name: "fhEVM smart contracts Docker image" on: push: - branches: ["sc-workflows"] + branches: ["main"] jobs: docker-smart-contracts: From 19f3b420b0e29f8eed57ca7748c03d8b162c1ddb Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Wed, 30 Oct 2024 10:54:38 +0100 Subject: [PATCH 7/8] fix: zama.fhevm version --- .github/workflows/common-docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/common-docker.yml b/.github/workflows/common-docker.yml index 6796e5e1..9a35f04c 100644 --- a/.github/workflows/common-docker.yml +++ b/.github/workflows/common-docker.yml @@ -138,8 +138,8 @@ jobs: annotations: | org.opencontainers.image.description="${{ inputs.image-dev-description }}" labels: | - zama.kms.version=${{ env.DOCKER_TAG_IMAGE }} - zama.kms.description="${{ inputs.image-dev-description }}" + zama.fhevm.version=${{ env.DOCKER_TAG_IMAGE }} + zama.fhevm.description="${{ inputs.image-dev-description }}" images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }} env: DOCKER_METADATA_ANNOTATIONS_LEVELS: index From 1df04fa4ad403d2c4c6d31d55546bd293520d246 Mon Sep 17 00:00:00 2001 From: 0xawaz Date: Wed, 30 Oct 2024 10:55:23 +0100 Subject: [PATCH 8/8] fix: remove duplicate --- operations/docker/ci.dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/operations/docker/ci.dockerfile b/operations/docker/ci.dockerfile index a1b0a98e..e5360aaf 100644 --- a/operations/docker/ci.dockerfile +++ b/operations/docker/ci.dockerfile @@ -13,5 +13,4 @@ COPY tasks ./tasks/ COPY gateway ./gateway/ COPY *.sh ./ COPY *.ts ./ -COPY tsconfig.json ./ -COPY *.sh ./ \ No newline at end of file +COPY tsconfig.json ./ \ No newline at end of file