Skip to content

Commit 4aaee2b

Browse files
mattstammattstam
committed
feat: dockerize
1 parent a4a6ef3 commit 4aaee2b

File tree

5 files changed

+372
-6
lines changed

5 files changed

+372
-6
lines changed

.github/workflows/docker.yml

Lines changed: 218 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,218 @@
1+
name: Build and Push Images
2+
3+
on:
4+
push:
5+
branches:
6+
- '**'
7+
paths:
8+
- 'workflows/**'
9+
- 'crates/**'
10+
- 'bin/**'
11+
- 'Cargo.toml'
12+
merge_group:
13+
14+
env:
15+
ECR_REPOSITORY: public.ecr.aws/succinct-labs/prover
16+
17+
jobs:
18+
build-amd64:
19+
runs-on:
20+
[
21+
'runs-on',
22+
'runner=32cpu-linux-x64',
23+
'run-id=${{ github.run_id }}',
24+
'hdd=41',
25+
'spot=false',
26+
'tag=gpu',
27+
'disk=large',
28+
]
29+
steps:
30+
- name: Add SHORT_SHA env property with commit short sha
31+
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
32+
33+
# https://github.com/orgs/community/discussions/25678
34+
- name: Delete huge unnecessary tools folder
35+
run: |
36+
df -h
37+
sudo rm -rf /opt/hostedtoolcache
38+
sudo rm -rf /usr/share/dotnet
39+
sudo rm -rf /usr/local/share/boost
40+
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
41+
df -h
42+
43+
- name: Checkout repo
44+
uses: actions/checkout@v4
45+
with:
46+
submodules: true
47+
48+
- name: Setup CI
49+
uses: ./.github/actions/setup
50+
51+
- name: Configure AWS credentials
52+
uses: 'aws-actions/configure-aws-credentials@v1'
53+
with:
54+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
55+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
56+
aws-region: ${{ secrets.AWS_REGION }}
57+
58+
- name: Set up Docker
59+
uses: docker/setup-buildx-action@v3
60+
with:
61+
platforms: linux/amd64,linux/arm64
62+
63+
- name: Set up NVIDIA Container Toolkit
64+
run: |
65+
distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
66+
curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
67+
curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
68+
sudo apt-get update && sudo apt-get install -y nvidia-container-toolkit
69+
sudo systemctl restart docker
70+
71+
- name: Login to Amazon ECR Public
72+
uses: aws-actions/amazon-ecr-login@v2
73+
with:
74+
registry-type: public
75+
76+
- name: Build and Push AMD64 GPU image
77+
uses: docker/build-push-action@v5
78+
with:
79+
context: .
80+
file: ./Dockerfile.gpu
81+
platforms: linux/amd64
82+
push: true
83+
tags: ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-amd64
84+
build-args: |
85+
PRIVATE_PULL_TOKEN=${{ secrets.PRIVATE_PULL_TOKEN }}
86+
cache-from: type=gha
87+
cache-to: type=gha,mode=max
88+
89+
- name: Build and Push AMD64 CPU image
90+
uses: docker/build-push-action@v5
91+
with:
92+
context: .
93+
file: ./Dockerfile.cpu
94+
platforms: linux/amd64
95+
push: true
96+
tags: ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-amd64
97+
build-args: |
98+
PRIVATE_PULL_TOKEN=${{ secrets.PRIVATE_PULL_TOKEN }}
99+
cache-from: type=gha
100+
cache-to: type=gha,mode=max
101+
102+
build-arm64:
103+
runs-on:
104+
[
105+
'runs-on',
106+
'runner=32cpu-linux-arm64',
107+
'run-id=${{ github.run_id }}',
108+
'hdd=41',
109+
'spot=false',
110+
'tag=gpu',
111+
'disk=large',
112+
]
113+
steps:
114+
- name: Add SHORT_SHA env property with commit short sha
115+
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
116+
117+
- name: Delete huge unnecessary tools folder
118+
run: |
119+
df -h
120+
sudo rm -rf /opt/hostedtoolcache
121+
sudo rm -rf /usr/share/dotnet
122+
sudo rm -rf /usr/local/share/boost
123+
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
124+
df -h
125+
126+
- name: Checkout repo
127+
uses: actions/checkout@v4
128+
with:
129+
submodules: true
130+
131+
- name: Setup CI
132+
uses: ./.github/actions/setup
133+
134+
- name: Configure AWS credentials
135+
uses: 'aws-actions/configure-aws-credentials@v1'
136+
with:
137+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
138+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
139+
aws-region: ${{ secrets.AWS_REGION }}
140+
141+
- name: Set up Docker
142+
uses: docker/setup-buildx-action@v3
143+
144+
- name: Set up NVIDIA Container Toolkit
145+
run: |
146+
distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
147+
curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
148+
curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
149+
sudo apt-get update && sudo apt-get install -y nvidia-container-toolkit
150+
sudo systemctl restart docker
151+
152+
- name: Login to Amazon ECR Public
153+
uses: aws-actions/amazon-ecr-login@v2
154+
with:
155+
registry-type: public
156+
157+
- name: Build and Push ARM64 GPU image
158+
uses: docker/build-push-action@v5
159+
with:
160+
context: .
161+
file: ./Dockerfile.gpu
162+
platforms: linux/arm64
163+
push: true
164+
tags: ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-arm64
165+
build-args: |
166+
PRIVATE_PULL_TOKEN=${{ secrets.PRIVATE_PULL_TOKEN }}
167+
cache-from: type=gha
168+
cache-to: type=gha,mode=max
169+
170+
- name: Build and Push ARM64 CPU image
171+
uses: docker/build-push-action@v5
172+
with:
173+
context: .
174+
file: ./Dockerfile.cpu
175+
platforms: linux/arm64
176+
push: true
177+
tags: ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-arm64
178+
build-args: |
179+
PRIVATE_PULL_TOKEN=${{ secrets.PRIVATE_PULL_TOKEN }}
180+
cache-from: type=gha
181+
cache-to: type=gha,mode=max
182+
183+
create-manifest:
184+
needs: [build-amd64, build-arm64]
185+
runs-on: ubuntu-latest
186+
steps:
187+
- name: Add SHORT_SHA env property with commit short sha
188+
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
189+
190+
- name: Configure AWS credentials
191+
uses: 'aws-actions/configure-aws-credentials@v1'
192+
with:
193+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
194+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
195+
aws-region: ${{ secrets.AWS_REGION }}
196+
197+
- name: Login to Amazon ECR Public
198+
uses: aws-actions/amazon-ecr-login@v2
199+
with:
200+
registry-type: public
201+
202+
- name: Create and push GPU manifest
203+
run: |
204+
docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }} \
205+
${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-amd64 \
206+
${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-arm64
207+
docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-gpu:latest \
208+
${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-amd64 \
209+
${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-arm64
210+
211+
- name: Create and push CPU manifest
212+
run: |
213+
docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }} \
214+
${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-amd64 \
215+
${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-arm64
216+
docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-cpu:latest \
217+
${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-amd64 \
218+
${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-arm64

Dockerfile.cpu

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
# Build stage
2+
FROM rustlang/rust:nightly-slim AS build
3+
4+
# Install necessary packages for building
5+
RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
6+
DEBIAN_FRONTEND=noninteractive apt-get install -y \
7+
openssl \
8+
libssl-dev \
9+
pkg-config \
10+
protobuf-compiler \
11+
build-essential \
12+
wget \
13+
tar \
14+
libclang-dev \
15+
curl \
16+
git
17+
18+
# Install Go (needed for native-gnark)
19+
ENV GO_VERSION=1.22.1
20+
ARG TARGETARCH
21+
RUN wget -q https://golang.org/dl/go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
22+
tar -C /usr/local -xzf go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
23+
rm go$GO_VERSION.linux-${TARGETARCH}.tar.gz
24+
ENV PATH=$PATH:/usr/local/go/bin
25+
26+
# Prepare for git dependencies
27+
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
28+
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
29+
30+
# Copy the entire workspace (including root Cargo.toml and all crates)
31+
COPY . /app
32+
WORKDIR /app
33+
34+
ENV VERGEN_CARGO_PROFILE=release
35+
36+
# Build only the prover binary
37+
RUN --mount=type=ssh \
38+
--mount=type=cache,target=/usr/local/cargo/registry \
39+
--mount=type=cache,target=/usr/local/cargo/git \
40+
--mount=type=cache,target=/app/target \
41+
cargo build --release -p spn-prover && \
42+
cp target/release/spn-prover /prover-temp
43+
44+
# Runtime stage
45+
FROM debian:bookworm-slim AS runtime
46+
47+
# Install necessary runtime dependencies and Docker
48+
RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
49+
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
50+
ca-certificates \
51+
gcc \
52+
libc6-dev \
53+
wget \
54+
curl \
55+
gnupg && \
56+
update-ca-certificates && \
57+
install -m 0755 -d /etc/apt/keyrings && \
58+
curl -fsSL --insecure https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
59+
chmod a+r /etc/apt/keyrings/docker.gpg && \
60+
echo \
61+
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
62+
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
63+
tee /etc/apt/sources.list.d/docker.list > /dev/null && \
64+
DEBIAN_FRONTEND=noninteractive apt-get update && \
65+
DEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io && \
66+
DEBIAN_FRONTEND=noninteractive apt-get clean && \
67+
rm -rf /var/lib/apt/lists/*
68+
69+
# Set up working directory
70+
WORKDIR /app
71+
72+
# Copy the built binary from the build stage
73+
COPY --from=build /prover-temp /app/prover
74+
75+
# Set the command to run the prover binary
76+
CMD ["/app/prover"]

Dockerfile.gpu

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
# Build stage
2+
FROM rustlang/rust:nightly-slim AS build
3+
4+
# Install necessary packages for building
5+
RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
6+
DEBIAN_FRONTEND=noninteractive apt-get install -y \
7+
openssl \
8+
libssl-dev \
9+
pkg-config \
10+
protobuf-compiler \
11+
build-essential \
12+
wget \
13+
tar \
14+
libclang-dev \
15+
curl \
16+
git
17+
18+
# Install Go (needed for native-gnark)
19+
ENV GO_VERSION=1.22.1
20+
ARG TARGETARCH
21+
RUN wget -q https://golang.org/dl/go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
22+
tar -C /usr/local -xzf go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
23+
rm go$GO_VERSION.linux-${TARGETARCH}.tar.gz
24+
ENV PATH=$PATH:/usr/local/go/bin
25+
26+
# Prepare for git dependencies
27+
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
28+
RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
29+
30+
# Copy the entire workspace (including root Cargo.toml and all crates)
31+
COPY . /app
32+
WORKDIR /app
33+
34+
ENV VERGEN_CARGO_PROFILE=release
35+
36+
# Build only the prover binary
37+
RUN --mount=type=ssh \
38+
--mount=type=cache,target=/usr/local/cargo/registry \
39+
--mount=type=cache,target=/usr/local/cargo/git \
40+
--mount=type=cache,target=/app/target \
41+
cargo build --release -p spn-prover && \
42+
cp target/release/spn-prover /prover-temp
43+
44+
# Runtime stage
45+
FROM --platform=linux/amd64 nvidia/cuda:12.5.0-runtime-ubuntu22.04 as runtime
46+
47+
# Install necessary runtime dependencies and Docker
48+
RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
49+
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
50+
ca-certificates \
51+
gcc \
52+
libc6-dev \
53+
wget \
54+
curl \
55+
gnupg && \
56+
update-ca-certificates && \
57+
install -m 0755 -d /etc/apt/keyrings && \
58+
curl -fsSL --insecure https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
59+
chmod a+r /etc/apt/keyrings/docker.gpg && \
60+
echo \
61+
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
62+
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
63+
tee /etc/apt/sources.list.d/docker.list > /dev/null && \
64+
DEBIAN_FRONTEND=noninteractive apt-get update && \
65+
DEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io && \
66+
DEBIAN_FRONTEND=noninteractive apt-get clean && \
67+
rm -rf /var/lib/apt/lists/*
68+
69+
# Set up working directory
70+
WORKDIR /app
71+
72+
# Copy the built binary from the build stage
73+
COPY --from=build /prover-temp /app/prover
74+
75+
# Set the command to run the prover binary
76+
CMD ["/app/prover"]

GETTING_STARTED.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44

55
- [A GPU machine](https://docs.succinct.xyz/docs/sp1/generating-proofs/hardware-acceleration)
66
- [A wallet with sepolia ETH](https://sepolia-faucet.pk910.de/)
7+
- You'll export the wallet private key to run your prover from the command line, so it's
8+
recommended to have a wallet without many funds.
79

810
## Step 1: Create a prover
911

bin/cli/src/main.rs

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -107,12 +107,6 @@ async fn main() -> Result<()> {
107107
// Print with a title.
108108
println!("\nCalibration Results:");
109109
println!("{table}\n");
110-
111-
// Print suggestion for next steps.
112-
println!("To start proving with these parameters, run:\n");
113-
println!(" spn prove --privateKey <privateKey> \\");
114-
println!(" --estimatedThroughput {} \\", metrics.throughput);
115-
println!(" --bidAmount {}\n", metrics.bid_amount);
116110
}
117111
Args::Prove(args) => {
118112
spn_utils::init_logger(spn_utils::LogFormat::Pretty);

0 commit comments

Comments
 (0)