Skip to content

Commit

Permalink
chore(ci): add fhevm coprocessor docker workflows (#105)
Browse files Browse the repository at this point in the history
* chore(ci): update dockerfile var

* chore(ci): add fhevm-coprocessor

* chore(ci): update Dockerfile

* chore(ci): pin protobuf version

* chore(ci): disable generate-dev-image

* chore(ci): disable hadolint

* chore(ci): update Dockerfile

* chore(ci): add non root user

* chore(ci): add proto

* chore(ci): enable hadolint

* chore(ci): add docker-common to paths

* chore(ci): update workflow trigger

* chore(ci): restrict push to main/release
  • Loading branch information
0xawaz authored Nov 6, 2024
1 parent 0a81019 commit b10f4f8
Show file tree
Hide file tree
Showing 4 changed files with 82 additions and 14 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/common-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,13 +82,13 @@ jobs:

- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: ${{ inputs.working-directory }}/contracts/operations/docker/${{ inputs.docker-file }}
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
failure-threshold: none

- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
if: ${{ inputs.generate-dev-image }}
with:
dockerfile: ${{ inputs.working-directory }}/contracts/operations/docker/${{ inputs.docker-file-dev }}
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
failure-threshold: none

- name: Set up SSH
Expand Down Expand Up @@ -134,7 +134,7 @@ jobs:
platforms: linux/amd64,linux/arm64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/contracts/operations/docker/${{ inputs.docker-file }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
push: ${{ inputs.push_image }}
pull: false
tags: ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }},ghcr.io/zama-ai/${{ inputs.image-name }}:latest
Expand Down Expand Up @@ -164,7 +164,7 @@ jobs:
platforms: linux/amd64,linux/arm64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/contracts/operations/docker/${{ inputs.docker-file-dev }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
push: ${{ inputs.push_image }}
pull: false
tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest
Expand Down
46 changes: 46 additions & 0 deletions .github/workflows/fhevm-coprocessor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: "fhEVM Coprocessor Docker Image"

on:
push:
branches:
- main
- amina/fhevm-coprocessor-workflows
paths:
- .github/workflows/fhevm-coprocessor.yml
- .github/workflows/common-docker.yml
- fhevm-engine/coprocessor/**
release:
types:
- published

concurrency:
group: fhevm-coprocessor
cancel-in-progress: true

jobs:
docker-coprocessor:
uses: ./.github/workflows/common-docker.yml
permissions:
contents: "read"
id-token: "write"
packages: "write"
with:
working-directory: "."
push_image: ${{ github.event_name == 'release' || github.ref_name == 'main' }}
image-name: "fhevm-coprocessor"
generate-dev-image: false
docker-file: "fhevm-engine/coprocessor/Dockerfile"
arm-build: true

secrets:
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}

done:
runs-on: ubuntu-latest
name: Pipeline Done
steps:
- name: Success
run: echo Pipeline Done
needs:
- docker-coprocessor
12 changes: 9 additions & 3 deletions .github/workflows/fhevm-smart-contracts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,16 @@ name: "fhEVM smart contracts Docker Image"

on:
push:
branches: ["main"]
branches:
- main
- amina/fhevm-coprocessor-workflows
paths:
- .github/workflows/fhevm-smart-contracts.yml
- .github/workflows/common-docker.yml
- contracts/**
release:
types:
- published

concurrency:
group: fhevm-smart-contracts
Expand All @@ -24,8 +30,8 @@ jobs:
image-name: "fhevm-smart-contracts"
image-dev-name: "fhevm-smart-contracts-dev"
generate-dev-image: true
docker-file: "ci.dockerfile"
docker-file-dev: "dev.dockerfile"
docker-file: "contracts/operations/docker/ci.dockerfile"
docker-file-dev: "contracts/operations/docker/dev.dockerfile"
image-dev-description: "fhevm smart contracts dev image"
arm-build: true

Expand Down
30 changes: 23 additions & 7 deletions fhevm-engine/coprocessor/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,15 +1,31 @@
# Stage 1: Build
FROM rust:1.82.0-bullseye AS build

RUN apt-get update
RUN apt-get install -y protobuf-compiler
WORKDIR /app

# we assume we're in the root directory
ADD . /app/
# Install dependencies
RUN apt-get update && \
apt-get install -y --no-install-recommends protobuf-compiler=3.12.4* && \
rm -rf /var/lib/apt/lists/*

RUN cd /app/fhevm-engine/coprocessor && SQLX_OFFLINE=true cargo build --release
COPY ./fhevm-engine/ ./fhevm-engine/
COPY ./proto/ ./proto/

FROM debian:bullseye
WORKDIR /app/fhevm-engine/coprocessor

COPY --from=build /app/fhevm-engine/target/release/coprocessor /usr/local/bin
RUN cargo fetch && \
SQLX_OFFLINE=true cargo build --release

# Stage 2: Final image
FROM debian:bullseye-slim

RUN useradd -m zama

COPY --from=build /app/fhevm-engine/target/release/coprocessor /usr/local/bin/

RUN chown zama:zama /usr/local/bin/coprocessor && \
chmod 500 /usr/local/bin/coprocessor

USER zama

ENTRYPOINT ["/usr/local/bin/coprocessor"]

0 comments on commit b10f4f8

Please sign in to comment.