WEB3-556: Update deployment docs and scripts on Jan 22 #2182
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| merge_group: | |
| pull_request: | |
| branches: [ main, "release-*" ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| # this is needed to gain access via OIDC to the S3 bucket for caching | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| RISC0_TOOLCHAIN_VERSION: 1.88.0 | |
| FOUNDRY_VERSION: v1.5.0 | |
| RISC0_MONOREPO_REF: "main" | |
| # CARGO_LOCKED is defined as the string '--locked' in PRs targeting release branches and '' elsewhere. | |
| CARGO_LOCKED: ${{ (startsWith(github.base_ref, 'release-') || startsWith(github.base_ref, 'refs/heads/release-')) && '--locked' || '' }} | |
| jobs: | |
| # see: https://github.com/orgs/community/discussions/26822 | |
| main-status-check: | |
| if: always() | |
| needs: | |
| - check | |
| - doc | |
| - docs-rs | |
| - test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check all job status | |
| # see https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#needs-context | |
| # see https://stackoverflow.com/a/67532120/4907315 | |
| if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} | |
| run: exit 1 | |
| check: | |
| runs-on: [ self-hosted, cluster, "${{ matrix.os }}", "${{ matrix.device }}" ] | |
| strategy: | |
| # Run only on Linux with CPU. | |
| matrix: | |
| include: | |
| - os: Linux | |
| feature: default | |
| device: cpu | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Full history is required by license-check.py | |
| fetch-depth: 0 | |
| - uses: risc0/risc0/.github/actions/rustup@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - name: Install cargo-sort | |
| uses: risc0/cargo-install@b9307573043522ab0d3e3be64a51763b765b52a4 | |
| with: | |
| crate: cargo-sort | |
| version: "1.0" | |
| - name: cargo check risc0-ethereum | |
| run: | | |
| cargo fmt --all --check | |
| cargo sort --workspace --check | |
| - name: cargo check risc0-ethereum guests | |
| run: ../.github/scripts/cargo-check.sh | |
| working-directory: crates | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: ${{ env.FOUNDRY_VERSION }} | |
| - name: forge check risc0-ethereum | |
| run: forge fmt --check | |
| working-directory: contracts | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.10" | |
| - run: python license-check.py | |
| - name: check for "D0 NOT MERGE" comments | |
| run: | | |
| [ "$(grep -re 'DO[_ ]\?NOT[_ ]\?MERGE' $(git ls-tree --full-tree --name-only -r HEAD) | tee /dev/fd/2 | wc -l)" -eq "0" ] | |
| clippy: | |
| runs-on: [ self-hosted, cluster, "${{ matrix.os }}", "${{ matrix.device }}" ] | |
| strategy: | |
| # Run only on Linux with CPU. | |
| matrix: | |
| include: | |
| - os: Linux | |
| feature: default | |
| device: cpu | |
| steps: | |
| # This is a workaround from: https://github.com/actions/checkout/issues/590#issuecomment-970586842 | |
| - run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :" | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - uses: risc0/risc0/.github/actions/rustup@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - uses: risc0/risc0/.github/actions/sccache@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - uses: ./.github/actions/cargo-risczero-install | |
| with: | |
| ref: ${{ env.RISC0_MONOREPO_REF }} | |
| toolchain-version: ${{ env.RISC0_TOOLCHAIN_VERSION }} | |
| features: ${{ matrix.feature }} | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: ${{ env.FOUNDRY_VERSION }} | |
| # TODO(victor): This forge build step is required because test-utils needs the built contract artifacts. | |
| # Find a good way to remove this requirement. | |
| - run: forge build | |
| - name: cargo clippy risc0-ethereum | |
| run: cargo clippy $CARGO_LOCKED --workspace --all-targets --all-features | |
| env: | |
| RUSTFLAGS: -Dwarnings | |
| RISC0_SKIP_BUILD: true | |
| RISC0_SKIP_BUILD_KERNEL: true | |
| - name: cargo clippy risc0-ethereum guests | |
| run: ../.github/scripts/cargo-clippy.sh | |
| working-directory: crates | |
| env: | |
| RUSTFLAGS: -Dwarnings | |
| - run: sccache --show-stats | |
| test: | |
| runs-on: [ self-hosted, cluster, "${{ matrix.os }}", "${{ matrix.device }}" ] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: Linux | |
| feature: default | |
| device: cpu | |
| - os: Linux | |
| feature: cuda | |
| device: nvidia_rtx_4000_ada | |
| - os: macOS | |
| feature: default | |
| device: apple_m2_pro | |
| env: | |
| RUST_BACKTRACE: full | |
| # NOTE: cfg no_auth is used by Steel to skip tests that require a real RPC URL. | |
| # TODO(victor): Remove this along with removing Steel. | |
| RUSTFLAGS: "--cfg no_auth" | |
| steps: | |
| # This is a workaround from: https://github.com/actions/checkout/issues/590#issuecomment-970586842 | |
| - run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :" | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - if: matrix.feature == 'cuda' | |
| uses: risc0/risc0/.github/actions/cuda@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| # When building the prover from source (i.e. via the cuda flag, which activates the prove flag) protoc is required. | |
| - if: matrix.feature == 'cuda' | |
| uses: risc0/risc0/.github/actions/protoc@31ec8b4b5f7c802fe6aa3aa649ba65282c87da12 | |
| - uses: risc0/risc0/.github/actions/rustup@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - uses: risc0/risc0/.github/actions/sccache@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - uses: ./.github/actions/cargo-risczero-install | |
| with: | |
| ref: ${{ env.RISC0_MONOREPO_REF }} | |
| toolchain-version: ${{ env.RISC0_TOOLCHAIN_VERSION }} | |
| features: ${{ matrix.feature }} | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: ${{ env.FOUNDRY_VERSION }} | |
| # TODO(victor): This forge build step is required because test-utils needs the built contract artifacts. | |
| # Find a good way to remove this requirement. | |
| - run: forge build | |
| - name: cargo test | |
| run: cargo test $CARGO_LOCKED --workspace | |
| - name: cargo build with all features | |
| run: cargo build $CARGO_LOCKED --workspace --all-features | |
| - name: cargo test with all features | |
| run: cargo test $CARGO_LOCKED --workspace --all-features --timings | |
| - name: Upload timings artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cargo-timings-${{ matrix.os }}-${{ matrix.device }} | |
| path: target/cargo-timings/ | |
| retention-days: 5 | |
| - run: forge test -vvv | |
| working-directory: contracts | |
| - run: sccache --show-stats | |
| # Run the tests, including the contract integration test, using Bonsai as the prover. | |
| test-bonsai: | |
| if: ${{ startsWith(github.base_ref, 'release-') || startsWith(github.base_ref, 'refs/heads/release-') }} | |
| runs-on: [ self-hosted, cluster, Linux, cpu ] | |
| env: | |
| RUST_BACKTRACE: full | |
| # NOTE: cfg no_auth is used by Steel to skip tests that require a real RPC URL. | |
| # TODO(victor): Remove this along with removing Steel. | |
| RUSTFLAGS: "--cfg no_auth" | |
| steps: | |
| # This is a workaround from: https://github.com/actions/checkout/issues/590#issuecomment-970586842 | |
| - run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :" | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - uses: risc0/risc0/.github/actions/rustup@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - uses: risc0/risc0/.github/actions/sccache@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - uses: ./.github/actions/cargo-risczero-install | |
| with: | |
| ref: ${{ env.RISC0_MONOREPO_REF }} | |
| toolchain-version: ${{ env.RISC0_TOOLCHAIN_VERSION }} | |
| features: ${{ matrix.feature }} | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: ${{ env.FOUNDRY_VERSION }} | |
| # TODO(victor): This forge build step is required because test-utils needs the built contract artifacts. | |
| # Find a good way to remove this requirement. | |
| - run: forge build | |
| - name: cargo test | |
| run: cargo test $CARGO_LOCKED -p risc0-ethereum-test-utils --test contracts_integration | |
| env: | |
| BONSAI_API_URL: ${{ secrets.BONSAI_API_URL }} | |
| BONSAI_API_KEY: ${{ secrets.BONSAI_API_KEY }} | |
| - run: sccache --show-stats | |
| doc: | |
| runs-on: [ self-hosted, cluster, macOS, cpu ] | |
| steps: | |
| # This is a workaround from: https://github.com/actions/checkout/issues/590#issuecomment-970586842 | |
| - run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :" | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - uses: risc0/risc0/.github/actions/rustup@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| - name: Install Foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| with: | |
| version: ${{ env.FOUNDRY_VERSION }} | |
| - run: cargo doc $CARGO_LOCKED --all-features --no-deps --workspace --exclude risc0-ethereum-test-utils | |
| env: | |
| RISC0_SKIP_BUILD: true, | |
| RISC0_SKIP_BUILD_KERNEL: true, | |
| # TODO(#355) Re-enable this check. | |
| #- run: forge doc | |
| # Run as a separate job because we need to install a different set of tools. | |
| # In particular, it uses nightly Rust and _does not_ install Forge or cargo risczero. | |
| docs-rs: | |
| runs-on: [ self-hosted, cluster, macOS, cpu ] | |
| env: | |
| RUSTDOCFLAGS: "--cfg docsrs -D warnings" | |
| # Building with docs.rs config requires the nightly toolchain. | |
| # nightly-2025-05-09 corresponds to 1.88 | |
| NIGHTLY_RUST_TOOLCHAIN: nightly-2025-05-09 | |
| steps: | |
| # This is a workaround from: https://github.com/actions/checkout/issues/590#issuecomment-970586842 | |
| - run: "git checkout -f $(git -c user.name=x -c user.email=x@x commit-tree $(git hash-object -t tree /dev/null) < /dev/null) || :" | |
| - uses: actions/checkout@v4 | |
| - uses: risc0/risc0/.github/actions/rustup@76674c1a20d30fa901852374bddf27fc5d5785a6 | |
| with: | |
| # Building with docs.rs config requires the nightly toolchain. | |
| toolchain: ${{ env.NIGHTLY_RUST_TOOLCHAIN }} | |
| - run: cargo +${{ env.NIGHTLY_RUST_TOOLCHAIN }} doc -p risc0-ethereum-contracts --all-features --no-deps | |
| - run: cargo +${{ env.NIGHTLY_RUST_TOOLCHAIN }} doc -p risc0-build-ethereum --all-features --no-deps |