matter-labs
diff --git a/‎.github/workflows/build-contract-verifier-template.yml‎
Lines changed: 144 additions & 61 deletions b/‎.github/workflows/build-contract-verifier-template.yml‎
Lines changed: 144 additions & 61 deletions
@@ -13,44 +13,37 @@ on:
         description: "Optional suffix to override tag name generation"
         type: string
         required: false
-      action:
-        description: "Action with docker image"
-        type: string
-        default: "push"
-        required: false
       compilers:
         description: 'JSON of required compilers and their versions'
         type: string
         required: false
         default: '[{ "zksolc": ["1.3.14", "1.3.16", "1.3.17", "1.3.1", "1.3.7", "1.3.18", "1.3.19", "1.3.21"] } , { "zkvyper": ["1.3.13"] }]'
-jobs:
-  build-images:
-    name: Build and Push Docker Images
-    env:
-      IMAGE_TAG_SUFFIX: ${{ inputs.image_tag_suffix }}
-    runs-on: ${{ fromJSON('["matterlabs-ci-runner-high-performance", "matterlabs-ci-runner-arm"]')[contains(matrix.platforms, 'arm')] }}
-    strategy:
-      matrix:
-        components:
-          - contract-verifier
-          - verified-sources-fetcher
-        platforms:
-          - linux/amd64
+      action:
+        type: string
+        default: non-push
+        required: false
 
+jobs:
+  prepare-contracts:
+    name: Prepare contracts
+    runs-on: matterlabs-ci-runner-high-performance
     steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           submodules: "recursive"
 
-      - name: setup-env
+      - name: Prepare ENV
+        shell: bash
         run: |
           echo ZKSYNC_HOME=$(pwd) >> $GITHUB_ENV
           echo CI=1 >> $GITHUB_ENV
           echo $(pwd)/bin >> $GITHUB_PATH
+          echo $HOME/.local/bin >> $GITHUB_PATH
           echo CI=1 >> .env
           echo IN_DOCKER=1 >> .env
 
       - name: Download contracts
+        shell: bash
         run: |
           commit_sha=$(git submodule status contracts | awk '{print $1}' | tr -d '-')
           page=1
@@ -80,8 +73,41 @@ jobs:
           tar -C ./contracts -zxf l2-contracts.tar.gz
           tar -C ./contracts -zxf system-contracts.tar.gz
 
-      - name: pre-download compilers
+      - name: Install Apt dependencies
         if: env.BUILD_CONTRACTS == 'true'
+        shell: bash
+        run: |
+          sudo apt-get update && sudo apt-get install -y libssl-dev pkg-config
+
+      - name: Install Node
+        if: env.BUILD_CONTRACTS == 'true'
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version: 20
+          cache: 'npm'
+
+      - name: Install Yarn
+        if: env.BUILD_CONTRACTS == 'true'
+        run: npm install -g yarn
+
+      - name: Setup rust
+        if: env.BUILD_CONTRACTS == 'true'
+        uses: actions-rust-lang/setup-rust-toolchain@1fbea72663f6d4c03efaab13560c8a24cfd2a7cc # v1.9.0
+        with:
+          toolchain: nightly-2024-08-01
+
+      - name: Install foundry-zksync
+        if: env.BUILD_CONTRACTS == 'true'
+        run: |
+          mkdir ./foundry-zksync
+          curl -LO https://github.com/matter-labs/foundry-zksync/releases/download/nightly-15bec2f861b3b4c71e58f85e2b2c9dd722585aa8/foundry_nightly_linux_amd64.tar.gz
+          tar zxf foundry_nightly_linux_amd64.tar.gz -C ./foundry-zksync
+          chmod +x ./foundry-zksync/forge ./foundry-zksync/cast
+          echo "$PWD/foundry-zksync" >> $GITHUB_PATH
+
+      - name: Pre-download compilers
+        if: env.BUILD_CONTRACTS == 'true'
+        shell: bash
         run: |
           # Download needed versions of vyper compiler
           # Not sanitized due to unconventional path and tags
@@ -98,59 +124,116 @@ jobs:
             chmod +x "./hardhat-nodejs/compilers-v2/$compiler/${compiler}-v${version}"
           done
 
-      - name: start-services
+      - name: Install zkstack
+        if: env.BUILD_CONTRACTS == 'true'
+        run: |
+          ./zkstack_cli/zkstackup/install --path ./zkstack_cli/zkstackup/zkstackup
+          zkstackup --local || true
+
+      - name: build contracts
+        if: env.BUILD_CONTRACTS == 'true'
+        shell: bash
         run: |
-          echo "IMAGE_TAG_SUFFIX=${{ env.IMAGE_TAG_SUFFIX }}" >> .env
-          run_retried docker compose pull zk postgres
-          docker compose up -d zk postgres
-          ci_run pre_download_compilers.sh
-          ci_run sccache --start-server
+          cp etc/tokens/{test,localhost}.json
+          zkstack dev contracts
+
+      - name: Upload contracts
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        with:
+          name: contacts-verifier
+          path: |
+            ./contracts
+
+  build-images:
+    name: Build and Push Docker Images
+    needs: prepare-contracts
+    runs-on: ${{ fromJSON('["matterlabs-ci-runner-high-performance", "matterlabs-ci-runner-arm"]')[contains(matrix.platforms, 'arm')] }}
+    strategy:
+      matrix:
+        components:
+          - contract-verifier
+          - verified-sources-fetcher
+        platforms:
+          - linux/amd64
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          submodules: "recursive"
 
-      - name: init
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Setup env
+        shell: bash
         run: |
-          ci_run git config --global --add safe.directory /usr/src/zksync
-          ci_run git config --global --add safe.directory /usr/src/zksync/sdk/binaryen
-          ci_run git config --global --add safe.directory /usr/src/zksync/contracts/system-contracts
-          ci_run git config --global --add safe.directory /usr/src/zksync/contracts
-          ci_run ./bin/zk || true
-          ci_run run_retried curl -LO https://storage.googleapis.com/matterlabs-setup-keys-us/setup-keys/setup_2\^26.key
-
-      - name: install zkstack
+          echo ZKSYNC_HOME=$(pwd) >> $GITHUB_ENV
+          echo CI=1 >> $GITHUB_ENV
+          echo $(pwd)/bin >> $GITHUB_PATH
+          echo CI=1 >> .env
+          echo IN_DOCKER=1 >> .env
+
+      - name: Download setup key
+        shell: bash
         run: |
-          ci_run ./zkstack_cli/zkstackup/install -g --path ./zkstack_cli/zkstackup/zkstackup || true
-          ci_run zkstackup -g --local
+          if [ -f "/setup_2^26.key" ]; then
+            cp '/setup_2^26.key' './setup_2^26.key'
+          else
+            run_retried curl -LO https://storage.googleapis.com/matterlabs-setup-keys-us/setup-keys/setup_2\^26.key
+          fi
 
-      - name: build contracts
-        if: env.BUILD_CONTRACTS == 'true'
+      - name: Set env vars
+        shell: bash
         run: |
-          ci_run cp etc/tokens/{test,localhost}.json
-          ci_run zkstack dev contracts
+          echo PLATFORM=$(echo ${{ matrix.platforms }} | tr '/' '-') >> $GITHUB_ENV
+          echo IMAGE_TAG_SHA=$(git rev-parse --short HEAD) >> $GITHUB_ENV
+          # Support for custom tag suffix
+          if [ -n "${{ inputs.image_tag_suffix }}" ]; then
+            echo IMAGE_TAG_SHA_TS="${{ inputs.image_tag_suffix }}" >> $GITHUB_ENV
+          else
+            echo IMAGE_TAG_SHA_TS=$(git rev-parse --short HEAD)-$(date +%s) >> $GITHUB_ENV
+          fi
+
+      - name: Download contracts
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: contacts-verifier
+          path: |
+            ./contracts
 
-      - name: Login to Docker registries
+      - name: login to Docker registries
         if: ${{ inputs.action == 'push' }}
+        shell: bash
         run: |
-          ci_run docker login -u ${{ secrets.DOCKERHUB_USER }} -p ${{ secrets.DOCKERHUB_TOKEN }}
-          ci_run gcloud auth configure-docker us-docker.pkg.dev -q
-
-      - name: update-images
-        env:
-          DOCKER_ACTION: ${{ inputs.action }}
-          COMPONENT: ${{ matrix.components }}
-          PLATFORM: ${{ matrix.platforms }}
-        run: |
-          ci_run run_retried rustup default nightly-2024-05-07
-          platform=$(echo $PLATFORM | tr '/' '-')
-          ci_run zk docker $DOCKER_ACTION --custom-tag=${IMAGE_TAG_SUFFIX} --platform=${PLATFORM} $COMPONENT
-      - name: Show sccache stats
-        if: always()
+          docker login -u ${{ secrets.DOCKERHUB_USER }} -p ${{ secrets.DOCKERHUB_TOKEN }}
+          gcloud auth configure-docker us-docker.pkg.dev -q
+
+      - name: Build and push
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+        with:
+          context: .
+          load: true
+          platforms: ${{ matrix.platforms }}
+          file: docker/${{ matrix.components }}/Dockerfile
+          build-args: |
+            SCCACHE_GCS_BUCKET=matterlabs-infra-sccache-storage
+            SCCACHE_GCS_SERVICE_ACCOUNT=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com
+            SCCACHE_GCS_RW_MODE=READ_WRITE
+            RUSTC_WRAPPER=sccache
+          tags: |
+            us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/${{ matrix.components }}:${{ env.IMAGE_TAG_SHA_TS }}-${{ env.PLATFORM }}
+            matterlabs/${{ matrix.components }}:${{ env.IMAGE_TAG_SHA_TS }}-${{ env.PLATFORM }}
+
+      - name: Push docker image
+        if: ${{ inputs.action == 'push' }}
         run: |
-          ci_run sccache --show-stats || true
-          ci_run cat /tmp/sccache_log.txt || true
+          docker push us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/${{ matrix.components }}:${{ env.IMAGE_TAG_SHA_TS }}-${{ env.PLATFORM }}
+          docker push matterlabs/${{ matrix.components }}:${{ env.IMAGE_TAG_SHA_TS }}-${{ env.PLATFORM }}
+
 
   create_manifest:
     name: Create release manifest
-    # TODO: After migraton switch to CI
-    runs-on: matterlabs-default-infra-runners
+    runs-on: matterlabs-ci-runner
     needs: build-images
     if: ${{ inputs.action == 'push' }}
     strategy: