CDN Whitelist #2920
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| - nix* | |
| tags: | |
| # YYYYMMDD | |
| - "20[0-9][0-9][0-1][0-9][0-3][0-9]*" | |
| schedule: | |
| - cron: "0 0 * * 1" | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| static-build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - amd | |
| - arm | |
| steps: | |
| - name: Prepare AMD | |
| if: ${{ matrix.arch == 'amd' }} | |
| run: | | |
| echo "TARGET_TRIPLET=x86_64-unknown-linux-musl" >> $GITHUB_ENV | |
| echo "DEVSHELL=.#crossShell" >> $GITHUB_ENV | |
| - name: Prepare ARM | |
| if: ${{ matrix.arch == 'arm' }} | |
| run: | | |
| echo "TARGET_TRIPLET=aarch64-unknown-linux-musl" >> $GITHUB_ENV | |
| echo "DEVSHELL=.#armCrossShell" >> $GITHUB_ENV | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v26 | |
| - name: Enable Cachix | |
| uses: cachix/cachix-action@v14 | |
| # If PR is from a non-collaborator (e. g. dependabot) the secrets are missing and the login to cachix fails. | |
| continue-on-error: true | |
| with: | |
| name: espresso-systems-private | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| extraPullNames: nix-community | |
| skipPush: ${{ github.actor == 'dependabot[bot]' }} | |
| - name: Enable Rust Cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: "v1-${{ matrix.arch }}" | |
| - name: Initialize Nix Environment | |
| run: | | |
| nix develop $DEVSHELL --accept-flake-config --option sandbox relaxed -c echo Nix Setup Complete | |
| nix develop $DEVSHELL --accept-flake-config --option sandbox relaxed -c sh -c 'echo "CARGO_TARGET_DIR=$CARGO_TARGET_DIR"' | tee -a $GITHUB_ENV | |
| - name: Compile all executables | |
| # timeout-minutes: 120 | |
| run: | | |
| nix develop $DEVSHELL --accept-flake-config --option sandbox relaxed -c cargo build --locked --release | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.TARGET_TRIPLET }}-services | |
| path: | | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/orchestrator | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/cdn-broker | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/cdn-marshal | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/cdn-whitelist | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/state-relay-server | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/state-prover | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/sequencer | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/cli | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/commitment-task | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/submit-transactions | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/reset-storage | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/deploy | |
| ${{ env.CARGO_TARGET_DIR }}/${{ env.TARGET_TRIPLET }}/release/keygen | |
| static-dockers: | |
| runs-on: ubuntu-latest | |
| needs: static-build | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Download executables AMD | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: x86_64-unknown-linux-musl-services | |
| path: target/amd64/release | |
| - name: Download executables ARM | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: aarch64-unknown-linux-musl-services | |
| path: target/arm64/release | |
| - name: Setup Docker BuildKit (buildx) | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Github Container Repo | |
| uses: docker/login-action@v3 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate sequencer docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: sequencer | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/sequencer | |
| flavor: suffix=musl | |
| - name: Generate cdn-broker docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: cdn-broker | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/cdn-broker | |
| flavor: suffix=musl | |
| - name: Generate cdn-marshal docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: cdn-marshal | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/cdn-marshal | |
| flavor: suffix=musl | |
| - name: Generate cdn-whitelist docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: cdn-whitelist | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/cdn-whitelist | |
| flavor: suffix=musl | |
| - name: Generate state-relay-server docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: state-relay-server | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/state-relay-server | |
| flavor: suffix=musl | |
| - name: Generate prover-service docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: prover-service | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/prover-service | |
| flavor: suffix=musl | |
| - name: Generate orchestrator docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: orchestrator | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/orchestrator | |
| flavor: suffix=musl | |
| - name: Generate commitment task docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: commitment-task | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/commitment-task | |
| flavor: suffix=musl | |
| - name: Generate submit-transactions docker metadata | |
| uses: docker/metadata-action@v5 | |
| id: submit-transactions | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/submit-transactions | |
| flavor: suffix=musl | |
| - name: Generate deploy rollup metadata | |
| uses: docker/metadata-action@v5 | |
| id: deploy | |
| with: | |
| images: ghcr.io/espressosystems/espresso-sequencer/deploy | |
| flavor: suffix=musl | |
| - name: Build and push sequencer docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/sequencer.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.sequencer.outputs.tags }} | |
| labels: ${{ steps.sequencer.outputs.labels }} | |
| - name: Build and push cdn-broker docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/cdn-broker.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.cdn-broker.outputs.tags }} | |
| labels: ${{ steps.cdn-broker.outputs.labels }} | |
| - name: Build and push cdn-marshal docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/cdn-marshal.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.cdn-marshal.outputs.tags }} | |
| labels: ${{ steps.cdn-marshal.outputs.labels }} | |
| - name: Build and push cdn-whitelist docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/cdn-whitelist.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.cdn-whitelist.outputs.tags }} | |
| labels: ${{ steps.cdn-whitelist.outputs.labels }} | |
| - name: Build and push state-relay-server docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/state-relay-server.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.state-relay-server.outputs.tags }} | |
| labels: ${{ steps.state-relay-server.outputs.labels }} | |
| - name: Build and push prover-service docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/prover-service.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.prover-service.outputs.tags }} | |
| labels: ${{ steps.prover-service.outputs.labels }} | |
| - name: Build and push orchestrator docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/orchestrator.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.orchestrator.outputs.tags }} | |
| labels: ${{ steps.orchestrator.outputs.labels }} | |
| - name: Build and push commitment-task docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/commitment-task.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.commitment-task.outputs.tags }} | |
| labels: ${{ steps.commitment-task.outputs.labels }} | |
| - name: Build and push submit-transactions docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/submit-transactions.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.submit-transactions.outputs.tags }} | |
| labels: ${{ steps.submit-transactions.outputs.labels }} | |
| - name: Build and push deploy docker | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./ | |
| file: ./docker/deploy.Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.deploy.outputs.tags }} | |
| labels: ${{ steps.deploy.outputs.labels }} |