Skip to content

ci(coprocessor): refactor coprocessor docker build #1083

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

ci(coprocessor): refactor coprocessor docker build #1083

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
160 changes: 160 additions & 0 deletions .github/workflows/coprocessor-docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,160 @@
name: coprocessor-docker-build

on:
pull_request:
push:
branches:
- main
release:
types:
- published

permissions: {}

concurrency:
group: fhevm-coprocessor-docker-build-${{ github.ref_name }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
check-changes:
name: coprocessor-docker-build/check-changes
permissions:
actions: "read" # Required to read workflow run information
contents: "read" # Required to checkout repository code
pull-requests: "read" # Required to read pull request information
runs-on: ubuntu-latest
outputs:
changes-coprocessor-cargo: ${{ steps.filter.outputs.cargo }}
changes-coprocessor-ci: ${{ steps.filter.outputs.ci }}
changes-coprocessor-gw-listener: ${{ steps.filter.outputs.coprocessor-gw-listener }}
changes-coprocessor-host-listener: ${{ steps.filter.outputs.coprocessor-host-listener }}
changes-coprocessor-sns-worker: ${{ steps.filter.outputs.coprocessor-sns-worker }}
changes-coprocessor-tfhe-worker: ${{ steps.filter.outputs.coprocessor-tfhe-worker }}
changes-coprocessor-tx-sender: ${{ steps.filter.outputs.coprocessor-tx-sender }}
changes-coprocessor-zkproof-worker: ${{ steps.filter.outputs.coprocessor-zkproof-worker }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: "false"
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
cargo:
- coprocessor/fhevm-engine/Cargo.toml
- coprocessor/fhevm-engine/Cargo.lock
ci:
- .github/workflows/coprocessor-docker-build.yml
coprocessor-gw-listener:
- coprocessor/fhevm-engine/gw-listener/**
coprocessor-host-listener:
- coprocessor/fhevm-engine/host-listener/**
- host-contracts/contracts/*Events.sol
- host-contracts/contracts/shared/**
coprocessor-sns-worker:
- coprocessor/fhevm-engine/sns-worker/**
coprocessor-tfhe-worker:
- coprocessor/fhevm-engine/tfhe-worker/**
coprocessor-tx-sender:
- coprocessor/fhevm-engine/transaction-sender/**
coprocessor-zkproof-worker:
- coprocessor/fhevm-engine/zkproof-worker/**

setup-matrix:
name: coprocessor-docker-build/setup-matrix
needs: check-changes
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: "false"
- name: Set matrix
id: set-matrix
run: |
# Build dynamic matrix based on changed components
MATRIX="matrix={\"include\":["

# SNS Worker
if [[ "${{ needs.check-changes.outputs.changes-coprocessor-sns-worker }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-cargo }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-ci }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ github.event_name }}" == "release" ]]; then

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion
MATRIX="${MATRIX}{\"image-name\":\"fhevm/coprocessor/sns-worker\",\"docker-file\":\"coprocessor/fhevm-engine/sns-worker/Dockerfile\",\"app-cache-dir\":\"fhevm-coprocessor-sns-worker\",\"component\":\"sns-worker\"},"
fi

# TFHE Worker
if [[ "${{ needs.check-changes.outputs.changes-coprocessor-tfhe-worker }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-cargo }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-ci }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ github.event_name }}" == "release" ]]; then

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion
MATRIX="${MATRIX}{\"image-name\":\"fhevm/coprocessor/tfhe-worker\",\"docker-file\":\"coprocessor/fhevm-engine/tfhe-worker/Dockerfile\",\"app-cache-dir\":\"fhevm-coprocessor-tfhe-worker\",\"component\":\"tfhe-worker\"},"
fi

# Gateway Listener
if [[ "${{ needs.check-changes.outputs.changes-coprocessor-gw-listener }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-cargo }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-ci }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ github.event_name }}" == "release" ]]; then

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion
MATRIX="${MATRIX}{\"image-name\":\"fhevm/coprocessor/gw-listener\",\"docker-file\":\"coprocessor/fhevm-engine/gw-listener/Dockerfile\",\"app-cache-dir\":\"fhevm-coprocessor-gw-listener\",\"component\":\"gw-listener\"},"
fi

# Host Listener
if [[ "${{ needs.check-changes.outputs.changes-coprocessor-host-listener }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-cargo }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-ci }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ github.event_name }}" == "release" ]]; then

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion
MATRIX="${MATRIX}{\"image-name\":\"fhevm/coprocessor/host-listener\",\"docker-file\":\"coprocessor/fhevm-engine/host-listener/Dockerfile\",\"app-cache-dir\":\"fhevm-coprocessor-host-listener\",\"component\":\"host-listener\"},"
fi

# Transaction Sender
if [[ "${{ needs.check-changes.outputs.changes-coprocessor-tx-sender }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-cargo }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-ci }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ github.event_name }}" == "release" ]]; then

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion
MATRIX="${MATRIX}{\"image-name\":\"fhevm/coprocessor/tx-sender\",\"docker-file\":\"coprocessor/fhevm-engine/transaction-sender/Dockerfile\",\"app-cache-dir\":\"fhevm-coprocessor-tx-sender\",\"component\":\"tx-sender\"},"
fi

# ZK Proof Worker
if [[ "${{ needs.check-changes.outputs.changes-coprocessor-zkproof-worker }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-cargo }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ needs.check-changes.outputs.changes-coprocessor-ci }}" == "true" || \

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion

Check notice

Code scanning / zizmor

code injection via template expansion Note

code injection via template expansion
"${{ github.event_name }}" == "release" ]]; then

Check warning

Code scanning / zizmor

code injection via template expansion Warning

code injection via template expansion
MATRIX="${MATRIX}{\"image-name\":\"fhevm/coprocessor/zkproof-worker\",\"docker-file\":\"coprocessor/fhevm-engine/zkproof-worker/Dockerfile\",\"app-cache-dir\":\"fhevm-coprocessor-zkproof-worker\",\"component\":\"zkproof-worker\"},"
fi

# Remove trailing comma and close matrix
MATRIX="${MATRIX%,}]}"
echo "$MATRIX" >> "$GITHUB_OUTPUT"
echo "$MATRIX"

build:
name: coprocessor-docker-build/${{ matrix.component }}
needs: setup-matrix
if: ${{ needs.setup-matrix.outputs.matrix != 'matrix={"include":[]}' }}
strategy:
matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
fail-fast: false
uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@3d8b1adcb5504fef30223016d459e3e38b36f9d1
secrets:
AWS_ACCESS_KEY_S3_USER: ${{ secrets.AWS_ACCESS_KEY_S3_USER }}
AWS_SECRET_KEY_S3_USER: ${{ secrets.AWS_SECRET_KEY_S3_USER }}
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
CGR_USERNAME: ${{ secrets.CGR_USERNAME }}
CGR_PASSWORD: ${{ secrets.CGR_PASSWORD }}
permissions:
actions: "read" # Required to read workflow run information
contents: "read" # Required to checkout repository code
pull-requests: "read" # Required to read pull request information
attestations: "write" # Required to create build attestations
packages: "write" # Required to publish Docker images
id-token: "write" # Required for OIDC authentication
with:
use-cgr-secrets: true
working-directory: "."
docker-context: "."
push_image: true
image-name: ${{ matrix.image-name }}
docker-file: ${{ matrix.docker-file }}
app-cache-dir: ${{ matrix.app-cache-dir }}