forked from OffchainLabs/nitro
-
Notifications
You must be signed in to change notification settings - Fork 9
215 lines (185 loc) · 7.2 KB
/
espresso-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
# Build the nitro-node and nitro-node-dev images on ARM64 and AMD64 hosts.
#
# The reason for building the ARM image natively instead of with QEMU is that
# the QEMU build always failed after around 40 minutes. I'm currently not sure
# why it failed. I did also run into insufficient space issuse on public runners
# so it's possible this was always the culprit.
#
# After building, the images are merged together to make a multiplatform image.
#
# The latest wavm machine is also copied and exported as an artifact. In nitro
# this seems to be later used as machine for the non-dev nitro-node build.
# For more details on that see the Dockerfile and ./scripts/download.sh
name: Espresso Docker build CI
run-name: Docker build CI triggered from @${{ github.actor }} of ${{ github.head_ref }}
on:
workflow_dispatch:
merge_group:
push:
branches:
- master
- develop
- integration
tags:
# YYYYMMDD
- "20[0-9][0-9][0-1][0-9][0-3][0-9]*"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
docker_build:
strategy:
matrix:
platform: [linux/amd64, linux/arm64]
include:
- platform: linux/amd64
runs-on: ubuntu-latest
- platform: linux/arm64
runs-on: buildjet-4vcpu-ubuntu-2204-arm
runs-on: ${{ matrix.runs-on }}
steps:
- uses: cargo-bins/cargo-binstall@main
if: matrix.runs-on == 'ubuntu-latest'
- name: Make more disk space available on public runner
if: matrix.runs-on == 'ubuntu-latest'
run: |
# rmz seems to be faster at deleting files than rm
cargo binstall -y rmz
sudo mv /home/runner/.cargo/bin/rmz /usr/local/bin/rmz
echo "Available storage before:"
sudo df -h
echo
sudo rmz -f $AGENT_TOOLSDIRECTORY
sudo rmz -f /opt/az
sudo rmz -f /opt/ghc
sudo rmz -f /opt/google
sudo rmz -f /opt/microsoft
sudo rmz -f /opt/pipx
sudo rmz -f /usr/lib/mono
sudo rmz -f /usr/local/julia*
sudo rmz -f /usr/local/lib/android
sudo rmz -f /usr/local/lib/node_modules
sudo rmz -f /usr/local/share/boost
sudo rmz -f /usr/local/share/chromium
sudo rmz -f /usr/local/share/powershell
sudo rmz -f /usr/share/az_*
sudo rmz -f /usr/share/dotnet
sudo rmz -f /usr/share/gradle-*
sudo rmz -f /usr/share/swift
echo "Available storage after:"
sudo df -h
echo
- name: Fix submodule permissions check
run: |
git config --global --add safe.directory '*'
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Github Container Repo
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build nitro-node image
uses: ./.github/actions/docker-image
with:
file: Dockerfile
images: ghcr.io/espressosystems/nitro-espresso-integration/nitro-node
target: nitro-node
platforms: ${{ matrix.platform }}
- name: Build nitro-node-dev image
uses: ./.github/actions/docker-image
id: nitro-node-dev
with:
file: Dockerfile
images: ghcr.io/espressosystems/nitro-espresso-integration/nitro-node-dev
target: nitro-node-dev
platforms: ${{ matrix.platform }}
# The module root is not identical for the ARM build so we upload
# the binary only for AMD64.
- name: Extract WAVM machine from container and print its root
if: matrix.platform == 'linux/amd64'
id: module-root
run: |
# Unfortunately, `docker cp` seems to always result in a "permission denied"
# We work around this by piping a tarball through stdout
digest="${{ steps.nitro-node-dev.outputs.digest }}"
image=ghcr.io/espressosystems/nitro-espresso-integration/nitro-node-dev@$digest
docker run --rm --entrypoint tar $image -cf - target/machines/latest | tar xf -
ls -lah target/machines/latest
module_root="$(cat "target/machines/latest/module-root.txt")"
echo "module-root=$module_root" >> $GITHUB_OUTPUT
echo -e "\x1b[1;34mWAVM module root:\x1b[0m $module_root"
- name: Upload WAVM machine as artifact
uses: actions/upload-artifact@v3
if: matrix.platform == 'linux/amd64'
with:
name: wavm-machine-${{ steps.module-root.outputs.module-root }}
path: target/machines/latest/*
if-no-files-found: error
- name: Release wasm binary
uses: softprops/action-gh-release@v1
if: matrix.platform == 'linux/amd64' && startsWith(github.ref, 'refs/tags/')
with:
files: target/machines/latest/*
- name: Check available space after CI run
if: '!cancelled()'
run: |
sudo df -h
# Merge the AMD64 and ARM64 images into the final (multiplatform) image.
#
# For documentation refer to
# https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
merge_into_multiplatform_images:
needs:
- docker_build
strategy:
matrix:
target: [nitro-node, nitro-node-dev]
include:
- target: nitro-node
image: ghcr.io/espressosystems/nitro-espresso-integration/nitro-node
- target: nitro-node-dev
image: ghcr.io/espressosystems/nitro-espresso-integration/nitro-node-dev
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Github Container Repo
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Remove digests dir
run: |
rm -rf "${{ runner.temp }}/digests"
- name: Download digests
uses: actions/download-artifact@v3
with:
name: "${{ matrix.target }}-digests"
path: "${{ runner.temp }}/digests"
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ matrix.image }}
- name: Create manifest list and push
working-directory: "${{ runner.temp }}/digests"
run: |
# Count the number of files in the directory
file_count=$(find . -type f | wc -l)
if [ "$file_count" -ne 2 ]; then
echo "Should have exactly 2 digests to combine, something went wrong"
ls -lah
exit 1
fi
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ matrix.image }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ matrix.image }}:${{ steps.meta.outputs.version }}