Skip to content

add final light client audit report #6580

add final light client audit report

add final light client audit report #6580

Workflow file for this run

name: Build
on:
push:
branches:
- main
- release-*
tags:
# YYYYMMDD
- "20[0-9][0-9][0-1][0-9][0-3][0-9]*"
schedule:
- cron: "0 0 * * 1"
pull_request:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
RUST_LOG: info,libp2p=off,node=error
CARGO_TERM_COLOR: always
DOCKER_PLATFORMS: ${{ github.event_name == 'pull_request' && 'linux/amd64' || 'linux/amd64,linux/arm64' }}
jobs:
build:
runs-on: buildjet-8vcpu-ubuntu-2204
steps:
- uses: rui314/setup-mold@v1
- name: Install just command runner
run: |
sudo snap install --edge --classic just
just --version
- name: Checkout Repository
uses: actions/checkout@v4
- name: Enable Rust Caching
uses: Swatinem/rust-cache@v2
with:
prefix-key: v1-rust
cache-provider: buildjet
- name: Build
# Build in release without `testing` feature, this should work without `hotshot_example` config.
run: |
cargo build --locked --release --workspace
- name: Build Espresso Dev Node
# Espresso Dev Node currently requires testing feature, so it is built separately.
run: |
cargo build --locked --release --features testing --bin espresso-dev-node
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: x86_64-unknown-linux-gnu-services
path: |
target/release/orchestrator
target/release/cdn-broker
target/release/cdn-marshal
target/release/cdn-whitelist
target/release/state-relay-server
target/release/state-prover
target/release/sequencer
target/release/cli
target/release/submit-transactions
target/release/reset-storage
target/release/utils
target/release/deploy
target/release/keygen
target/release/permissionless-builder
target/release/nasty-client
target/release/espresso-dev-node
target/release/pub-key
target/release/espresso-bridge
target/release/marketplace-solver
target/release/marketplace-builder
target/release/node-metrics
target/release/dev-rollup
build-arm:
if: github.event_name != 'pull_request'
runs-on: buildjet-8vcpu-ubuntu-2204-arm
env:
CARGO_BUILD_JOBS: '6'
steps:
- uses: rui314/setup-mold@v1
- name: Checkout Repository
uses: actions/checkout@v4
- name: Enable Rust Caching
uses: Swatinem/rust-cache@v2
with:
cache-provider: buildjet
- name: Build
run: |
cargo build --locked --release --workspace
- name: Build Espresso Dev Node
# Espresso Dev Node currently requires testing feature, so it is built separately.
run: |
cargo build --locked --release --features testing --bin espresso-dev-node
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: aarch64-unknown-linux-gnu-services
path: |
target/release/orchestrator
target/release/cdn-broker
target/release/cdn-marshal
target/release/cdn-whitelist
target/release/state-relay-server
target/release/state-prover
target/release/sequencer
target/release/cli
target/release/submit-transactions
target/release/reset-storage
target/release/utils
target/release/deploy
target/release/keygen
target/release/permissionless-builder
target/release/nasty-client
target/release/espresso-dev-node
target/release/pub-key
target/release/espresso-bridge
target/release/marketplace-solver
target/release/marketplace-builder
target/release/node-metrics
target/release/dev-rollup
build-dockers:
runs-on: ubuntu-latest
needs: [build, build-arm]
# if build_arm is skipped, run this job anyway
if: ${{ !(failure() || cancelled()) }}
outputs:
sequencer-tag: ${{ steps.sequencer.outputs.tags }}
cdn-broker-tag: ${{ steps.cdn-broker.outputs.tags }}
cdn-marshal-tag: ${{ steps.cdn-marshal.outputs.tags }}
cdn-whitelist-tag: ${{ steps.cdn-whitelist.outputs.tags }}
state-relay-server-tag: ${{ steps.state-relay-server.outputs.tags }}
prover-service-tag: ${{ steps.prover-service.outputs.tags }}
orchestrator-tag: ${{ steps.orchestrator.outputs.tags }}
submit-transactions-tag: ${{ steps.submit-transactions.outputs.tags }}
deploy-tag: ${{ steps.deploy.outputs.tags }}
builder-tag: ${{ steps.builder.outputs.tags }}
nasty-client-tag: ${{ steps.nasty-client.outputs.tags }}
espresso-dev-node-tag: ${{ steps.espresso-dev-node.outputs.tags }}
bridge-tag: ${{ steps.bridge.outputs.tags }}
marketplace-solver-tag: ${{ steps.marketplace-solver.outputs.tags }}
marketplace-builder-tag: ${{ steps.marketplace-builder.outputs.tags }}
node-validator-tag: ${{ steps.node-validator.outputs.tags }}
dev-rollup-tag: ${{ steps.dev-rollup.outputs.tags }}
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Download executables AMD
uses: actions/download-artifact@v4
with:
name: x86_64-unknown-linux-gnu-services
path: target/amd64/release
- name: Download executables ARM
if: github.event_name != 'pull_request'
uses: actions/download-artifact@v4
with:
name: aarch64-unknown-linux-gnu-services
path: target/arm64/release
- name: Setup Docker BuildKit (buildx)
uses: docker/setup-buildx-action@v3
- name: Login to Github Container Repo
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate sequencer docker metadata
uses: docker/metadata-action@v5
id: sequencer
with:
images: ghcr.io/espressosystems/espresso-sequencer/sequencer
- name: Generate cdn-broker docker metadata
uses: docker/metadata-action@v5
id: cdn-broker
with:
images: ghcr.io/espressosystems/espresso-sequencer/cdn-broker
- name: Generate cdn-marshal docker metadata
uses: docker/metadata-action@v5
id: cdn-marshal
with:
images: ghcr.io/espressosystems/espresso-sequencer/cdn-marshal
- name: Generate cdn-whitelist docker metadata
uses: docker/metadata-action@v5
id: cdn-whitelist
with:
images: ghcr.io/espressosystems/espresso-sequencer/cdn-whitelist
- name: Generate state-relay-server docker metadata
uses: docker/metadata-action@v5
id: state-relay-server
with:
images: ghcr.io/espressosystems/espresso-sequencer/state-relay-server
- name: Generate prover-service docker metadata
uses: docker/metadata-action@v5
id: prover-service
with:
images: ghcr.io/espressosystems/espresso-sequencer/prover-service
- name: Generate orchestrator docker metadata
uses: docker/metadata-action@v5
id: orchestrator
with:
images: ghcr.io/espressosystems/espresso-sequencer/orchestrator
- name: Generate submit-transactions docker metadata
uses: docker/metadata-action@v5
id: submit-transactions
with:
images: ghcr.io/espressosystems/espresso-sequencer/submit-transactions
- name: Generate deploy metadata
uses: docker/metadata-action@v5
id: deploy
with:
images: ghcr.io/espressosystems/espresso-sequencer/deploy
- name: Generate builder metadata
uses: docker/metadata-action@v5
id: builder
with:
images: ghcr.io/espressosystems/espresso-sequencer/builder
- name: Generate nasty-client metadata
uses: docker/metadata-action@v5
id: nasty-client
with:
images: ghcr.io/espressosystems/espresso-sequencer/nasty-client
- name: Generate espresso-dev-node metadata
uses: docker/metadata-action@v5
id: espresso-dev-node
with:
images: ghcr.io/espressosystems/espresso-sequencer/espresso-dev-node
- name: Generate bridge metadata
uses: docker/metadata-action@v5
id: bridge
with:
images: ghcr.io/espressosystems/espresso-sequencer/bridge
- name: Generate marketplace-solver metadata
uses: docker/metadata-action@v5
id: marketplace-solver
with:
images: ghcr.io/espressosystems/espresso-sequencer/marketplace-solver
- name: Generate marketplace-builder metadata
uses: docker/metadata-action@v5
id: marketplace-builder
with:
images: ghcr.io/espressosystems/espresso-sequencer/marketplace-builder
- name: Generate node-validator metadata
uses: docker/metadata-action@v5
id: node-validator
with:
images: ghcr.io/espressosystems/espresso-sequencer/node-validator
- name: Generate dev-rollup metadata
uses: docker/metadata-action@v5
id: dev-rollup
with:
images: ghcr.io/espressosystems/espresso-sequencer/dev-rollup
- name: Build and push sequencer docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/sequencer.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.sequencer.outputs.tags }}
labels: ${{ steps.sequencer.outputs.labels }}
- name: Build and push cdn-broker docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/cdn-broker.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.cdn-broker.outputs.tags }}
labels: ${{ steps.cdn-broker.outputs.labels }}
- name: Build and push cdn-marshal docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/cdn-marshal.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.cdn-marshal.outputs.tags }}
labels: ${{ steps.cdn-marshal.outputs.labels }}
- name: Build and push cdn-whitelist docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/cdn-whitelist.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.cdn-whitelist.outputs.tags }}
labels: ${{ steps.cdn-whitelist.outputs.labels }}
- name: Build and push state-relay-server docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/state-relay-server.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.state-relay-server.outputs.tags }}
labels: ${{ steps.state-relay-server.outputs.labels }}
- name: Build and push prover-service docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/prover-service.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prover-service.outputs.tags }}
labels: ${{ steps.prover-service.outputs.labels }}
- name: Build and push orchestrator docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/orchestrator.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.orchestrator.outputs.tags }}
labels: ${{ steps.orchestrator.outputs.labels }}
- name: Build and push submit-transactions docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/submit-transactions.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.submit-transactions.outputs.tags }}
labels: ${{ steps.submit-transactions.outputs.labels }}
- name: Build and push deploy docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/deploy.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.deploy.outputs.tags }}
labels: ${{ steps.deploy.outputs.labels }}
- name: Build and push builder docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/permissionless-builder.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.builder.outputs.tags }}
labels: ${{ steps.builder.outputs.labels }}
- name: Build and push nasty-client docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/nasty-client.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.nasty-client.outputs.tags }}
labels: ${{ steps.nasty-client.outputs.labels }}
- name: Build and push espresso-dev-node docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/espresso-dev-node.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.espresso-dev-node.outputs.tags }}
labels: ${{ steps.espresso-dev-node.outputs.labels }}
- name: Build and push bridge docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/espresso-bridge.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.bridge.outputs.tags }}
labels: ${{ steps.bridge.outputs.labels }}
- name: Build and push marketplace-solver docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/marketplace-solver.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.marketplace-solver.outputs.tags }}
labels: ${{ steps.marketplace-solver.outputs.labels }}
- name: Build and push marketplace-builder docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/marketplace-builder.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.marketplace-builder.outputs.tags }}
labels: ${{ steps.marketplace-builder.outputs.labels }}
- name: Build and push node-validator docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/node-validator.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.node-validator.outputs.tags }}
labels: ${{ steps.node-validator.outputs.labels }}
- name: Build and push dev-rollup docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/dev-rollup.Dockerfile
platforms: ${{ env.DOCKER_PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.dev-rollup.outputs.tags }}
labels: ${{ steps.dev-rollup.outputs.labels }}
test-demo:
if: ${{ github.event_name != 'pull_request' }}
runs-on: ubuntu-latest
needs: [build-dockers]
steps:
- name: Install just command runner
run: |
sudo snap install --edge --classic just
just --version
- name: Checkout Repository
uses: actions/checkout@v4
- name: Pull docker images
run: |
docker pull ${{ needs.build-dockers.outputs.sequencer-tag }}
docker pull ${{ needs.build-dockers.outputs.cdn-broker-tag }}
docker pull ${{ needs.build-dockers.outputs.cdn-marshal-tag }}
docker pull ${{ needs.build-dockers.outputs.cdn-whitelist-tag }}
docker pull ${{ needs.build-dockers.outputs.state-relay-server-tag }}
docker pull ${{ needs.build-dockers.outputs.prover-service-tag }}
docker pull ${{ needs.build-dockers.outputs.orchestrator-tag }}
docker pull ${{ needs.build-dockers.outputs.submit-transactions-tag }}
docker pull ${{ needs.build-dockers.outputs.deploy-tag }}
docker pull ${{ needs.build-dockers.outputs.builder-tag }}
docker pull ${{ needs.build-dockers.outputs.nasty-client-tag }}
docker pull ${{ needs.build-dockers.outputs.bridge-tag }}
docker pull ${{ needs.build-dockers.outputs.marketplace-solver-tag }}
docker pull ${{ needs.build-dockers.outputs.marketplace-builder-tag }}
docker pull ${{ needs.build-dockers.outputs.node-validator-tag }}
docker pull ${{ needs.build-dockers.outputs.dev-rollup-tag }}
- name: Tag new docker images
run: |
docker tag ${{ needs.build-dockers.outputs.sequencer-tag }} ghcr.io/espressosystems/espresso-sequencer/sequencer:main
docker tag ${{ needs.build-dockers.outputs.cdn-broker-tag }} ghcr.io/espressosystems/espresso-sequencer/cdn-broker:main
docker tag ${{ needs.build-dockers.outputs.cdn-marshal-tag }} ghcr.io/espressosystems/espresso-sequencer/cdn-marshal:main
docker tag ${{ needs.build-dockers.outputs.cdn-whitelist-tag }} ghcr.io/espressosystems/espresso-sequencer/cdn-whitelist:main
docker tag ${{ needs.build-dockers.outputs.state-relay-server-tag }} ghcr.io/espressosystems/espresso-sequencer/state-relay-server:main
docker tag ${{ needs.build-dockers.outputs.prover-service-tag }} ghcr.io/espressosystems/espresso-sequencer/prover-service:main
docker tag ${{ needs.build-dockers.outputs.orchestrator-tag }} ghcr.io/espressosystems/espresso-sequencer/orchestrator:main
docker tag ${{ needs.build-dockers.outputs.submit-transactions-tag }} ghcr.io/espressosystems/espresso-sequencer/submit-transactions:main
docker tag ${{ needs.build-dockers.outputs.deploy-tag }} ghcr.io/espressosystems/espresso-sequencer/deploy:main
docker tag ${{ needs.build-dockers.outputs.builder-tag }} ghcr.io/espressosystems/espresso-sequencer/builder:main
docker tag ${{ needs.build-dockers.outputs.nasty-client-tag }} ghcr.io/espressosystems/espresso-sequencer/nasty-client:main
docker tag ${{ needs.build-dockers.outputs.bridge-tag }} ghcr.io/espressosystems/espresso-sequencer/bridge:main
docker tag ${{ needs.build-dockers.outputs.marketplace-solver-tag }} ghcr.io/espressosystems/espresso-sequencer/marketplace-solver:main
docker tag ${{ needs.build-dockers.outputs.marketplace-builder-tag }} ghcr.io/espressosystems/espresso-sequencer/marketplace-builder:main
docker tag ${{ needs.build-dockers.outputs.node-validator-tag }} ghcr.io/espressosystems/espresso-sequencer/node-validator:main
docker tag ${{ needs.build-dockers.outputs.dev-rollup-tag }} ghcr.io/espressosystems/espresso-sequencer/dev-rollup:main
- name: Test docker demo
run: |
just demo &
set -o pipefail
timeout -v 600 scripts/smoke-test-demo | sed -e 's/^/smoke-test: /;'