CDN Whitelist #3281

Workflow file for this run

	name: Build

	on:
	push:
	branches:
	- main
	- release-*
	tags:
	# YYYYMMDD
	- "20[0-9][0-9][0-1][0-9][0-3][0-9]*"
	schedule:
	- cron: "0 0 * * 1"
	pull_request:
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	env:
	RUSTFLAGS: '--cfg async_executor_impl="async-std" --cfg async_channel_impl="async-std"'
	RUST_LOG: info,libp2p=off,node=error

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Fix submodule permissions check
	run: \|
	git config --global --add safe.directory '*'

	- name: Install Foundry
	uses: foundry-rs/foundry-toolchain@v1

	- name: Install just command runner
	run: \|
	sudo snap install --edge --classic just
	just --version

	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Enable Rust Caching
	uses: Swatinem/rust-cache@v2
	with:
	prefix-key: v1-rust

	- name: Build
	# Build in release without `testing` feature, this should work without `hotshot_example` config.
	run: \|
	cargo build --locked --release --workspace

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	name: x86_64-unknown-linux-gnu-services
	path: \|
	target/release/orchestrator
	target/release/cdn-broker
	target/release/cdn-marshal
	target/release/cdn-whitelist
	target/release/state-relay-server
	target/release/state-prover
	target/release/sequencer
	target/release/cli
	target/release/commitment-task
	target/release/submit-transactions
	target/release/reset-storage
	target/release/deploy
	target/release/keygen
	target/release/permissionless-builder
	target/release/nasty-client

	build-arm:
	runs-on: buildjet-4vcpu-ubuntu-2204-arm
	steps:
	- name: Fix submodule permissions check
	run: \|
	git config --global --add safe.directory '*'

	- name: Install Foundry
	uses: foundry-rs/foundry-toolchain@v1

	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Enable Rust Caching
	uses: Swatinem/rust-cache@v2

	- name: Build
	run: \|
	cargo build --locked --release --workspace

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	name: aarch64-unknown-linux-gnu-services
	path: \|
	target/release/orchestrator
	target/release/cdn-broker
	target/release/cdn-marshal
	target/release/cdn-whitelist
	target/release/state-relay-server
	target/release/state-prover
	target/release/sequencer
	target/release/cli
	target/release/commitment-task
	target/release/submit-transactions
	target/release/reset-storage
	target/release/deploy
	target/release/keygen
	target/release/permissionless-builder
	target/release/nasty-client

	build-dockers:
	runs-on: ubuntu-latest
	needs: [build, build-arm]
	outputs:
	sequencer-tag: ${{ steps.sequencer.outputs.tags }}
	cdn-broker-tag: ${{ steps.cdn-broker.outputs.tags }}
	cdn-marshal-tag: ${{ steps.cdn-marshal.outputs.tags }}
	cdn-whitelist-tag: ${{ steps.cdn-whitelist.outputs.tags }}
	state-relay-server-tag: ${{ steps.state-relay-server.outputs.tags }}
	prover-service-tag: ${{ steps.prover-service.outputs.tags }}
	orchestrator-tag: ${{ steps.orchestrator.outputs.tags }}
	commitment-task-tag: ${{ steps.commitment-task.outputs.tags }}
	submit-transactions-tag: ${{ steps.submit-transactions.outputs.tags }}
	deploy-tag: ${{ steps.deploy.outputs.tags }}
	builder-tag: ${{ steps.builder.outputs.tags }}
	nasty-client-tag: ${{ steps.nasty-client.outputs.tags }}
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4
	with:
	submodules: recursive

	- name: Download executables AMD
	uses: actions/download-artifact@v3
	with:
	name: x86_64-unknown-linux-gnu-services
	path: target/amd64/release

	- name: Download executables ARM
	uses: actions/download-artifact@v3
	with:
	name: aarch64-unknown-linux-gnu-services
	path: target/arm64/release

	- name: Setup Docker BuildKit (buildx)
	uses: docker/setup-buildx-action@v3

	- name: Login to Github Container Repo
	uses: docker/login-action@v3
	if: github.event_name != 'pull_request'
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Generate sequencer docker metadata
	uses: docker/metadata-action@v5
	id: sequencer
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/sequencer

	- name: Generate cdn-broker docker metadata
	uses: docker/metadata-action@v5
	id: cdn-broker
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/cdn-broker

	- name: Generate cdn-marshal docker metadata
	uses: docker/metadata-action@v5
	id: cdn-marshal
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/cdn-marshal

	- name: Generate cdn-whitelist docker metadata
	uses: docker/metadata-action@v5
	id: cdn-whitelist
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/cdn-whitelist

	- name: Generate state-relay-server docker metadata
	uses: docker/metadata-action@v5
	id: state-relay-server
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/state-relay-server

	- name: Generate prover-service docker metadata
	uses: docker/metadata-action@v5
	id: prover-service
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/prover-service

	- name: Generate orchestrator docker metadata
	uses: docker/metadata-action@v5
	id: orchestrator
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/orchestrator

	- name: Generate commitment task docker metadata
	uses: docker/metadata-action@v5
	id: commitment-task
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/commitment-task

	- name: Generate submit-transactions docker metadata
	uses: docker/metadata-action@v5
	id: submit-transactions
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/submit-transactions

	- name: Generate deploy metadata
	uses: docker/metadata-action@v5
	id: deploy
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/deploy

	- name: Generate builder metadata
	uses: docker/metadata-action@v5
	id: builder
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/builder

	- name: Generate nasty-client metadata
	uses: docker/metadata-action@v5
	id: nasty-client
	with:
	images: ghcr.io/espressosystems/espresso-sequencer/nasty-client

	- name: Build and push sequencer docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/sequencer.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.sequencer.outputs.tags }}
	labels: ${{ steps.sequencer.outputs.labels }}

	- name: Build and push cdn-broker docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/cdn-broker.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.cdn-broker.outputs.tags }}
	labels: ${{ steps.cdn-broker.outputs.labels }}

	- name: Build and push cdn-marshal docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/cdn-marshal.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.cdn-marshal.outputs.tags }}
	labels: ${{ steps.cdn-marshal.outputs.labels }}

	- name: Build and push cdn-whitelist docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/cdn-whitelist.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.cdn-whitelist.outputs.tags }}
	labels: ${{ steps.cdn-whitelist.outputs.labels }}

	- name: Build and push state-relay-server docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/state-relay-server.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.state-relay-server.outputs.tags }}
	labels: ${{ steps.state-relay-server.outputs.labels }}

	- name: Build and push prover-service docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/prover-service.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.prover-service.outputs.tags }}
	labels: ${{ steps.prover-service.outputs.labels }}

	- name: Build and push orchestrator docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/orchestrator.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.orchestrator.outputs.tags }}
	labels: ${{ steps.orchestrator.outputs.labels }}

	- name: Build and push commitment-task docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/commitment-task.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.commitment-task.outputs.tags }}
	labels: ${{ steps.commitment-task.outputs.labels }}

	- name: Build and push submit-transactions docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/submit-transactions.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.submit-transactions.outputs.tags }}
	labels: ${{ steps.submit-transactions.outputs.labels }}

	- name: Build and push deploy docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/deploy.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.deploy.outputs.tags }}
	labels: ${{ steps.deploy.outputs.labels }}

	- name: Build and push builder docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/permissionless-builder.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.builder.outputs.tags }}
	labels: ${{ steps.builder.outputs.labels }}

	- name: Build and push nasty-client docker
	uses: docker/build-push-action@v5
	with:
	context: ./
	file: ./docker/nasty-client.Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'pull_request' }}
	tags: ${{ steps.nasty-client.outputs.tags }}
	labels: ${{ steps.nasty-client.outputs.labels }}

	test-demo:
	if: ${{ github.event_name != 'pull_request' }}
	runs-on: ubuntu-latest
	needs: [build-dockers]
	steps:
	- name: Install just command runner
	run: \|
	sudo snap install --edge --classic just
	just --version

	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Pull docker images
	run: \|
	docker pull ${{ needs.build-dockers.outputs.sequencer-tag }}
	docker pull ${{ needs.build-dockers.outputs.cdn-broker-tag }}
	docker pull ${{ needs.build-dockers.outputs.cdn-marshal-tag }}
	docker pull ${{ needs.build-dockers.outputs.cdn-whitelist-tag }}
	docker pull ${{ needs.build-dockers.outputs.state-relay-server-tag }}
	docker pull ${{ needs.build-dockers.outputs.prover-service-tag }}
	docker pull ${{ needs.build-dockers.outputs.orchestrator-tag }}
	docker pull ${{ needs.build-dockers.outputs.commitment-task-tag }}
	docker pull ${{ needs.build-dockers.outputs.submit-transactions-tag }}
	docker pull ${{ needs.build-dockers.outputs.deploy-tag }}
	docker pull ${{ needs.build-dockers.outputs.builder-tag }}
	docker pull ${{ needs.build-dockers.outputs.nasty-client-tag }}
	- name: Tag new docker images
	run: \|
	docker tag ${{ needs.build-dockers.outputs.sequencer-tag }} ghcr.io/espressosystems/espresso-sequencer/sequencer:main
	docker tag ${{ needs.build-dockers.outputs.cdn-broker-tag }} ghcr.io/espressosystems/espresso-sequencer/cdn-broker:main
	docker tag ${{ needs.build-dockers.outputs.cdn-marshal-tag }} ghcr.io/espressosystems/espresso-sequencer/cdn-marshal:main
	docker tag ${{ needs.build-dockers.outputs.cdn-whitelist-tag }} ghcr.io/espressosystems/espresso-sequencer/cdn-whitelist:main
	docker tag ${{ needs.build-dockers.outputs.state-relay-server-tag }} ghcr.io/espressosystems/espresso-sequencer/state-relay-server:main
	docker tag ${{ needs.build-dockers.outputs.prover-service-tag }} ghcr.io/espressosystems/espresso-sequencer/prover-service:main
	docker tag ${{ needs.build-dockers.outputs.orchestrator-tag }} ghcr.io/espressosystems/espresso-sequencer/orchestrator:main
	docker tag ${{ needs.build-dockers.outputs.commitment-task-tag }} ghcr.io/espressosystems/espresso-sequencer/commitment-task:main
	docker tag ${{ needs.build-dockers.outputs.submit-transactions-tag }} ghcr.io/espressosystems/espresso-sequencer/submit-transactions:main
	docker tag ${{ needs.build-dockers.outputs.deploy-tag }} ghcr.io/espressosystems/espresso-sequencer/deploy:main
	docker tag ${{ needs.build-dockers.outputs.builder-tag }} ghcr.io/espressosystems/espresso-sequencer/builder:main
	docker tag ${{ needs.build-dockers.outputs.nasty-client-tag }} ghcr.io/espressosystems/espresso-sequencer/nasty-client:main

	- name: Test docker demo
	run: \|
	just demo &
	timeout 600 scripts/smoke-test-demo

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CDN Whitelist #3281

Workflow file

CDN Whitelist #3281

Jobs

Run details

Workflow file for this run