Skip to content

Commit

Permalink
Merge branch 'main' into updateContractsDeployDoc
Browse files Browse the repository at this point in the history
  • Loading branch information
jatZama authored Nov 28, 2024
2 parents eea682a + 4b7f71c commit efbf5bd
Show file tree
Hide file tree
Showing 330 changed files with 7,716 additions and 92,535 deletions.
178 changes: 178 additions & 0 deletions .github/workflows/common-docker.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
name: Docker Build and Push

on:
workflow_call:
secrets:
BLOCKCHAIN_ACTIONS_TOKEN:
required: true
GRAVITON_BUILDER_SSH_PRIVATE_KEY:
required: true
inputs:
ref:
type: string
required: false
default: ""
working-directory:
type: string
required: true
docker-context:
type: string
required: false
default: "."
image-name:
type: string
required: true
image-dev-name:
type: string
required: false
image-dev-description:
type: string
required: false
push_image:
type: boolean
default: true
required: false
runs_on:
type: string
required: false
default: "ubuntu-latest"
generate-dev-image:
type: boolean
default: false
required: false
docker-file:
type: string
default: "ci.dockerfile"
required: false
docker-file-dev:
type: string
default: "dev.dockerfile"
required: false
graviton-build-host:
type: string
required: false
default: "ec2-15-188-101-126.eu-west-3.compute.amazonaws.com"
arm-build:
type: boolean
default: true
required: false
cache-from:
type: string
required: false
default: "type=gha"
cache-to:
type: string
required: false
default: "type=gha,mode=max"
outputs:
image_name:
description: "Image Name with Tag generated by this task"
value: "${{ jobs.build-and-push-docker.outputs.image_name }}"

jobs:
build-and-push-docker:
runs-on: ${{ inputs.runs_on }}
outputs:
image_name: ${{ steps.export-image.outputs.image }}
env:
HOME: ${{ inputs.runs_on != 'ubuntu-latest' && '/root' || '/home/runner' }}
steps:
- name: Checkout Project
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
failure-threshold: none

- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
if: ${{ inputs.generate-dev-image }}
with:
dockerfile: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
failure-threshold: none

- name: Set up SSH
if: inputs.arm-build
uses: MrSquaare/ssh-setup-action@2d028b70b5e397cf8314c6eaea229a6c3e34977a # v3.1.0
with:
host: ${{ inputs.graviton-build-host }}
private-key: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}
private-key-name: docker_builder_arm

- name: Set up Docker Buildx
if: inputs.arm-build
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
with:
platforms: linux/amd64,linux/arm64
append: |
- endpoint: "ssh://ec2-user@${{ inputs.graviton-build-host }}"
platforms: linux/arm64
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Echo github event
run: echo "Github event ==> ${{ github.event_name }}"

- name: Current branch sha
if: github.event_name != 'release'
run: |
echo "DOCKER_TAG_IMAGE=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
- name: Current Tag
if: github.event_name == 'release'
run: |
echo "DOCKER_TAG_IMAGE=${{ github.ref_name }}" >> "$GITHUB_ENV"
- name: Docker Build and Push
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file }}
push: ${{ inputs.push_image }}
pull: false
tags: ghcr.io/zama-ai/${{ inputs.image-name }}:${{env.DOCKER_TAG_IMAGE }},ghcr.io/zama-ai/${{ inputs.image-name }}:latest
cache-from: ${{ inputs.cache-from }}
cache-to: ${{ inputs.cache-to }}

- name: Extract Docker metadata
if: ${{ inputs.generate-dev-image }}
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
with:
annotations: |
org.opencontainers.image.description="${{ inputs.image-dev-description }}"
labels: |
zama.fhevm.version=${{ env.DOCKER_TAG_IMAGE }}
zama.fhevm.description="${{ inputs.image-dev-description }}"
images: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{ env.DOCKER_TAG_IMAGE }}
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: index

- name: Docker Build and Push Dev Image
if: ${{ inputs.generate-dev-image }}
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
timeout-minutes: 360
with:
context: ${{ inputs.docker-context }}
platforms: linux/amd64,linux/arm64
build-args: |
BLOCKCHAIN_ACTIONS_TOKEN=${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
file: ${{ inputs.working-directory }}/${{ inputs.docker-file-dev }}
push: ${{ inputs.push_image }}
pull: false
tags: ghcr.io/zama-ai/${{ inputs.image-dev-name }}:${{env.DOCKER_TAG_IMAGE}},ghcr.io/zama-ai/${{ inputs.image-dev-name }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
labels: ${{ steps.meta.outputs.labels }}
annotations: ${{ steps.meta.outputs.annotations }}

- name: Export image name
id: export-image
run: echo "image=ghcr.io/zama-ai/${{inputs.image-name}}:${{env.DOCKER_TAG_IMAGE}}" >> "${GITHUB_OUTPUT}"
47 changes: 47 additions & 0 deletions .github/workflows/fhevm-coprocessor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: "fhEVM Coprocessor Docker Image"

on:
push:
branches:
- main
paths:
- .github/workflows/fhevm-coprocessor.yml
- .github/workflows/common-docker.yml
- fhevm-engine/coprocessor/**
- fhevm-engine/.sqlx
- proto/**
release:
types:
- published

concurrency:
group: fhevm-coprocessor-${{ github.ref_name }}
cancel-in-progress: false

jobs:
docker-coprocessor:
uses: ./.github/workflows/common-docker.yml
permissions:
contents: "read"
id-token: "write"
packages: "write"
with:
working-directory: "."
push_image: ${{ github.event_name == 'release' || github.ref_name == 'main' }}
image-name: "fhevm-coprocessor"
generate-dev-image: false
docker-file: "fhevm-engine/coprocessor/Dockerfile"
arm-build: true

secrets:
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}

done:
runs-on: ubuntu-latest
name: Pipeline Done
steps:
- name: Success
run: echo Pipeline Done
needs:
- docker-coprocessor
45 changes: 45 additions & 0 deletions .github/workflows/fhevm-db-migration.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: "fhEVM DB migration Docker Image"

on:
push:
branches:
- main
paths:
- .github/workflows/fhevm-coprocessor.yml
- .github/workflows/common-docker.yml
- fhevm-engine/fhevm-db/**
release:
types:
- published

concurrency:
group: fhevm-db-migration-${{ github.ref_name }}
cancel-in-progress: false

jobs:
docker-db-migration:
uses: ./.github/workflows/common-docker.yml
permissions:
contents: "read"
id-token: "write"
packages: "write"
with:
working-directory: "."
push_image: true
image-name: "fhevm-db-migration"
generate-dev-image: false
docker-file: "fhevm-engine/fhevm-db/Dockerfile"
arm-build: true

secrets:
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}

done:
runs-on: ubuntu-latest
name: Pipeline Done
steps:
- name: Success
run: echo Pipeline Done
needs:
- docker-db-migration
48 changes: 48 additions & 0 deletions .github/workflows/fhevm-smart-contracts.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: "fhEVM smart contracts Docker Image"

on:
push:
branches:
- main
paths:
- .github/workflows/fhevm-smart-contracts.yml
- .github/workflows/common-docker.yml
- contracts/**
release:
types:
- published

concurrency:
group: fhevm-smart-contracts-${{ github.ref_name }}
cancel-in-progress: false

jobs:
docker-smart-contracts:
uses: ./.github/workflows/common-docker.yml
permissions:
contents: "read"
id-token: "write"
packages: "write"
with:
working-directory: "."
push_image: true
image-name: "fhevm-smart-contracts"
image-dev-name: "fhevm-smart-contracts-dev"
generate-dev-image: true
docker-file: "contracts/operations/docker/ci.dockerfile"
docker-file-dev: "contracts/operations/docker/dev.dockerfile"
image-dev-description: "fhevm smart contracts dev image"
arm-build: true

secrets:
BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}

done:
runs-on: ubuntu-latest
name: Pipeline Done
steps:
- name: Success
run: echo Pipeline Done
needs:
- docker-smart-contracts
3 changes: 3 additions & 0 deletions .github/workflows/linkchecker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ name: Check Markdown links

on:
pull_request:
branches:
- main
push:
branches:
- main
Expand All @@ -18,3 +20,4 @@ jobs:
with:
use-quiet-mode: "yes"
use-verbose-mode: "yes"
config-file: "mlc_config.json"
24 changes: 24 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Pull request tests (contracts)

on:
pull_request:
branches:
- main

jobs:
build:
runs-on: large_ubuntu_32
strategy:
matrix:
node-version: [20.x]
steps:
- uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: ${{ matrix.node-version }}
- run: cp ./contracts/.env.example ./contracts/.env
- run: npm --prefix ./contracts ci --include=optional
- run: npm --prefix ./contracts run prettier:check
- name: "npm CI test"
run: npm --prefix ./contracts run test:mock
3 changes: 3 additions & 0 deletions .hadolint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
ignored:
- DL3018
- DL3008
1 change: 1 addition & 0 deletions contracts/.env.example
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@ export PRIVATE_KEY_COPROCESSOR_ACCOUNT="7ec8ada6642fc4ccfb7729bc29c17cf8d21b61ab
export IS_COPROCESSOR="true"

export SEPOLIA_RPC_URL="https://sepolia.infura.io/v3/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export MAINNET_RPC_URL="https://mainnet.infura.io/v3/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export ETHERSCAN_API_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
13 changes: 13 additions & 0 deletions contracts/.env.example.deployment
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
export PRIVATE_KEY_FHEVM_DEPLOYER="0c66d8cde71d2faa29d0cb6e3a567d31279b6eace67b0a9d9ba869c119843a5e"
export PRIVATE_KEY_GATEWAY_DEPLOYER="717fd99986df414889fd8b51069d4f90a50af72e542c58ee065f5883779099c6"
export ADDRESS_GATEWAY_RELAYER="0x97F272ccfef4026A1F3f0e0E879d514627B84E69"
export NUM_KMS_SIGNERS="4"
export ADDRESS_KMS_SIGNER_0="0x0971C80fF03B428fD2094dd5354600ab103201C5"
export ADDRESS_KMS_SIGNER_1="0xB68deCb047B5e6Cc82280502A7E2318c6b3E5eC6"
export ADDRESS_KMS_SIGNER_2="0xfe0fB0BCceb872ee7a6ef6c455e6E127Aef55DD7"
export ADDRESS_KMS_SIGNER_3="0x2dac5193bE0AB0eD8871399E6Ae61EAe6cc8cAE1"
export ADDRESS_COPROCESSOR_ACCOUNT="0xc9990FEfE0c27D31D0C2aa36196b085c0c4d456c"
export IS_COPROCESSOR="true"
export SEPOLIA_RPC_URL="https://sepolia.infura.io/v3/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export MAINNET_RPC_URL="https://mainnet.infura.io/v3/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export ETHERSCAN_API_KEY="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
1 change: 1 addition & 0 deletions contracts/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ node_modules
# Hardhat files
/cache
/artifacts
/types

# TypeChain files
/typechain
Expand Down
Loading

0 comments on commit efbf5bd

Please sign in to comment.