Skip to content

chore(deps): update trufflesecurity/trufflehog digest to 781157a #19797

chore(deps): update trufflesecurity/trufflehog digest to 781157a

chore(deps): update trufflesecurity/trufflehog digest to 781157a #19797

Workflow file for this run

name: CI
on:
pull_request:
merge_group:
push:
branches:
- staging
- trying
- '!release-please--branches--**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
changed_files:
runs-on: ubuntu-latest
name: Get changed files
outputs:
core: ${{ steps.changed-files.outputs.core_any_changed }}
prover: ${{ steps.changed-files.outputs.prover_any_changed }}
zkstack_cli: ${{ steps.changed-files.outputs.zkstack_cli_any_changed }}
docs: ${{ steps.changed-files.outputs.docs_any_changed }}
all: ${{ steps.changed-files.outputs.all_any_changed }}
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
with:
fetch-depth: 2
submodules: "recursive"
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39
with:
files_yaml: |
prover:
- 'prover/**'
- '!prover/CHANGELOG.md'
- '!prover/setup-data-cpu-keys.json'
- '!prover/setup-data-gpu-keys.json'
- '!prover/extract-setup-data-keys.sh'
- 'docker/prover*/**'
- '.github/workflows/build-prover-template.yml'
- '.github/workflows/new-build-prover-template.yml'
- '.github/workflows/build-witness-generator-template.yml'
- '.github/workflows/new-build-witness-generator-template.yml'
- '.github/workflows/ci-prover-reusable.yml'
- 'docker-compose-runner-nightly.yml'
- '!**/*.md'
- '!**/*.MD'
core:
- 'core/**'
- '!core/CHANGELOG.md'
- 'docker/contract-verifier/**'
- 'docker/external-node/**'
- 'docker/server/**'
- '.github/workflows/build-core-template.yml'
- '.github/workflows/new-build-core-template.yml'
- '.github/workflows/build-contract-verifier-template.yml'
- '.github/workflows/new-build-contract-verifier-template.yml'
- '.github/workflows/ci-core-reusable.yml'
- '.github/workflows/ci-core-lint-reusable.yml'
- 'Cargo.toml'
- 'Cargo.lock'
- 'zkstack_cli/**'
- '!**/*.md'
- '!**/*.MD'
- 'docker-compose.yml'
docs:
- '**/*.md'
- '**/*.MD'
- '.github/workflows/ci-docs-reusable.yml'
all:
- '.github/workflows/ci.yml'
- 'bin/**'
- 'etc/**'
- 'contracts/**'
- 'infrastructure/zk/**'
- 'docker/zk-environment/**'
- '!**/*.md'
- '!**/*.MD'
ci-for-core-lint:
name: CI for Core lint Components
needs: changed_files
if: contains(github.ref_name, 'release-please--branches')
uses: ./.github/workflows/ci-core-lint-reusable.yml
ci-for-core:
name: CI for Core Components
needs: changed_files
if: ${{ (needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/ci-core-reusable.yml
ci-for-prover:
needs: changed_files
if: ${{ (needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
name: CI for Prover Components
uses: ./.github/workflows/ci-prover-reusable.yml
e2e-for-prover:
name: E2E Test for Prover Components
needs: changed_files
if: ${{(needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/ci-prover-e2e.yml
ci-for-docs:
needs: changed_files
if: needs.changed_files.outputs.docs == 'true'
name: CI for Docs
uses: ./.github/workflows/ci-docs-reusable.yml
# What needs to be ran for both core and prover
ci-for-common:
needs: changed_files
if: ${{ (needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
name: CI for Common Components (prover or core)
uses: ./.github/workflows/ci-common-reusable.yml
build-core-images:
name: Build core images
needs: changed_files
if: ${{ (needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/new-build-core-template.yml
with:
image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
action: "build"
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
build-tee-prover-images:
name: Build TEE Prover images
needs: changed_files
if: ${{ (needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/build-tee-prover-template.yml
with:
image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
action: "build"
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
build-contract-verifier:
name: Build contract verifier
needs: changed_files
if: ${{ (needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/new-build-contract-verifier-template.yml
with:
image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
action: "build"
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
build-prover-images:
name: Build prover images
needs: changed_files
if: ${{ (needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/new-build-prover-template.yml
with:
image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
action: "build"
ERA_BELLMAN_CUDA_RELEASE: ${{ vars.ERA_BELLMAN_CUDA_RELEASE }}
is_pr_from_fork: ${{ github.event.pull_request.head.repo.fork == true }}
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
build-witness-generator-image-avx512:
name: Build prover images with avx512 instructions
needs: changed_files
if: ${{ (needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
uses: ./.github/workflows/new-build-witness-generator-template.yml
with:
image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}-avx512
action: "build"
WITNESS_GENERATOR_RUST_FLAGS: "-Ctarget_feature=+avx512bw,+avx512cd,+avx512dq,+avx512f,+avx512vl"
secrets:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
ci-success:
name: Github Status Check
runs-on: ubuntu-latest
if: always() && !cancelled()
needs: [ ci-for-core-lint, ci-for-common, ci-for-core, ci-for-prover, ci-for-docs, build-core-images, build-contract-verifier, build-prover-images ]
steps:
- name: Status
run: |
# This will check all jobs status in the `needs` list, and fail job if one is failed.
# Since we split prover and core to different flows, this job will be only as Required Status Check in the Pull Request.
if [[ ${{ contains(join(needs.*.result, ','), 'failure') }} == "true" ]]; then
echo "Intentionally failing to block PR from merging"
exit 1
fi