feat: dockerize (#10)

mattstam · web-flow · commit 874716724de6 · 2025-05-12T14:29:27.000-07:00
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,212 @@
+name: Build and Push Images
+
+on:
+    push:
+        branches:
+            - '**'
+        paths:
+            - 'workflows/**'
+            - 'crates/**'
+            - 'bin/**'
+            - 'Dockerfile.gpu'
+            - 'Dockerfile.cpu'
+            - 'Cargo.toml'
+    merge_group:
+
+env:
+    ECR_REPOSITORY: public.ecr.aws/succinct-labs/prover
+
+jobs:
+    build-amd64:
+        runs-on:
+            [
+                'runs-on',
+                'runner=32cpu-linux-x64',
+                'run-id=${{ github.run_id }}',
+                'hdd=41',
+                'spot=false',
+                'tag=gpu',
+                'disk=large',
+            ]
+        steps:
+            - name: Add SHORT_SHA env property with commit short sha
+              run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
+
+            # https://github.com/orgs/community/discussions/25678
+            - name: Delete huge unnecessary tools folder
+              run: |
+                  df -h
+                  sudo rm -rf /opt/hostedtoolcache
+                  sudo rm -rf /usr/share/dotnet
+                  sudo rm -rf /usr/local/share/boost
+                  sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+                  df -h
+
+            - name: Checkout repo
+              uses: actions/checkout@v4
+              with:
+                  submodules: true
+
+            - name: Setup CI
+              uses: ./.github/actions/setup
+
+            - name: Configure AWS credentials
+              uses: 'aws-actions/configure-aws-credentials@v1'
+              with:
+                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Set up Docker
+              uses: docker/setup-buildx-action@v3
+              with:
+                  platforms: linux/amd64,linux/arm64
+
+            - name: Set up NVIDIA Container Toolkit
+              run: |
+                  distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
+                  curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
+                  curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
+                  sudo apt-get update && sudo apt-get install -y nvidia-container-toolkit
+                  sudo systemctl restart docker
+
+            - name: Login to Amazon ECR Public
+              uses: aws-actions/amazon-ecr-login@v2
+              with:
+                  registry-type: public
+
+            - name: Build and Push AMD64 GPU Image
+              uses: docker/build-push-action@v5
+              with:
+                  context: .
+                  file: ./Dockerfile.gpu
+                  platforms: linux/amd64
+                  push: true
+                  tags: ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-amd64
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
+
+            - name: Build and Push AMD64 CPU Image
+              uses: docker/build-push-action@v5
+              with:
+                  context: .
+                  file: ./Dockerfile.cpu
+                  platforms: linux/amd64
+                  push: true
+                  tags: ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-amd64
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
+
+    build-arm64:
+        runs-on:
+            [
+                'runs-on',
+                'runner=32cpu-linux-arm64',
+                'run-id=${{ github.run_id }}',
+                'hdd=41',
+                'spot=false',
+                'tag=gpu',
+                'disk=large',
+            ]
+        steps:
+            - name: Add SHORT_SHA env property with commit short sha
+              run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
+
+            - name: Delete huge unnecessary tools folder
+              run: |
+                  df -h
+                  sudo rm -rf /opt/hostedtoolcache
+                  sudo rm -rf /usr/share/dotnet
+                  sudo rm -rf /usr/local/share/boost
+                  sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+                  df -h
+
+            - name: Checkout repo
+              uses: actions/checkout@v4
+              with:
+                  submodules: true
+
+            - name: Setup CI
+              uses: ./.github/actions/setup
+
+            - name: Configure AWS credentials
+              uses: 'aws-actions/configure-aws-credentials@v1'
+              with:
+                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Set up Docker
+              uses: docker/setup-buildx-action@v3
+
+            - name: Set up NVIDIA Container Toolkit
+              run: |
+                  distribution=$(. /etc/os-release;echo $ID$VERSION_ID)
+                  curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
+                  curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
+                  sudo apt-get update && sudo apt-get install -y nvidia-container-toolkit
+                  sudo systemctl restart docker
+
+            - name: Login to Amazon ECR Public
+              uses: aws-actions/amazon-ecr-login@v2
+              with:
+                  registry-type: public
+
+            - name: Build and Push ARM64 GPU Image
+              uses: docker/build-push-action@v5
+              with:
+                  context: .
+                  file: ./Dockerfile.gpu
+                  platforms: linux/arm64
+                  push: true
+                  tags: ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-arm64
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
+
+            - name: Build and Push ARM64 CPU Image
+              uses: docker/build-push-action@v5
+              with:
+                  context: .
+                  file: ./Dockerfile.cpu
+                  platforms: linux/arm64
+                  push: true
+                  tags: ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-arm64
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
+
+    create-manifest:
+        needs: [build-amd64, build-arm64]
+        runs-on: ubuntu-latest
+        steps:
+            - name: Add SHORT_SHA env property with commit short sha
+              run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV
+
+            - name: Configure AWS credentials
+              uses: 'aws-actions/configure-aws-credentials@v1'
+              with:
+                  aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+                  aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+                  aws-region: ${{ secrets.AWS_REGION }}
+
+            - name: Login to Amazon ECR Public
+              uses: aws-actions/amazon-ecr-login@v2
+              with:
+                  registry-type: public
+
+            - name: Create and push GPU manifest
+              run: |
+                  docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }} \
+                    ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-amd64 \
+                    ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-arm64
+                  docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-gpu:latest \
+                    ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-amd64 \
+                    ${{ env.ECR_REPOSITORY }}-gpu:${{ env.SHORT_SHA }}-arm64
+
+            - name: Create and push CPU manifest
+              run: |
+                  docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }} \
+                    ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-amd64 \
+                    ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-arm64
+                  docker buildx imagetools create -t ${{ env.ECR_REPOSITORY }}-cpu:latest \
+                    ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-amd64 \
+                    ${{ env.ECR_REPOSITORY }}-cpu:${{ env.SHORT_SHA }}-arm64
diff --git a/Dockerfile.cpu b/Dockerfile.cpu
@@ -0,0 +1,82 @@
+# Build stage
+FROM rustlang/rust:nightly-slim AS build
+
+# Install necessary packages for building
+RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y \
+	openssl \
+	libssl-dev \
+	pkg-config \
+	protobuf-compiler \
+	build-essential \
+	wget \
+	tar \
+	libclang-dev \
+	curl \
+	git
+
+# Install Go (needed for native-gnark)
+ENV GO_VERSION=1.22.1
+ARG TARGETARCH
+RUN wget -q https://golang.org/dl/go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
+	tar -C /usr/local -xzf go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
+	rm go$GO_VERSION.linux-${TARGETARCH}.tar.gz
+ENV PATH=$PATH:/usr/local/go/bin
+
+# Install sp1up and the SP1 toolchain
+ENV SP1_HOME="/root/.sp1"
+ENV PATH="${SP1_HOME}/bin:${PATH}"
+RUN curl -L https://sp1.succinct.xyz | bash && \
+    sp1up
+
+# Prepare for git dependencies
+ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
+RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+# Copy the entire workspace (including root Cargo.toml and all crates)
+COPY . /app
+WORKDIR /app
+
+ENV VERGEN_CARGO_PROFILE=release
+
+# Build only the node binary
+RUN --mount=type=ssh \
+	--mount=type=cache,target=/usr/local/cargo/registry \
+	--mount=type=cache,target=/usr/local/cargo/git \
+	--mount=type=cache,target=/app/target \
+	cargo build --release -p node && \
+	cp target/release/node /node-temp
+
+# Runtime stage
+FROM debian:bookworm-slim AS runtime
+
+# Install necessary runtime dependencies and Docker
+RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+	ca-certificates \
+	gcc \
+	libc6-dev \
+	wget \
+	curl \
+	gnupg && \
+	update-ca-certificates && \
+	install -m 0755 -d /etc/apt/keyrings && \
+	curl -fsSL --insecure https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+	chmod a+r /etc/apt/keyrings/docker.gpg && \
+	echo \
+	"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
+	"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+	tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+	DEBIAN_FRONTEND=noninteractive apt-get update && \
+	DEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io && \
+	DEBIAN_FRONTEND=noninteractive apt-get clean && \
+	rm -rf /var/lib/apt/lists/*
+
+# Set up working directory
+WORKDIR /app
+
+# Copy the built binary from the build stage
+COPY --from=build /node-temp /app/node
+
+# Set the entrypoint to run the node binary
+ENTRYPOINT ["/app/node"]
diff --git a/Dockerfile.gpu b/Dockerfile.gpu
@@ -0,0 +1,82 @@
+# Build stage
+FROM rustlang/rust:nightly-slim AS build
+
+# Install necessary packages for building
+RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    openssl \
+    libssl-dev \
+    pkg-config \
+    protobuf-compiler \
+    build-essential \
+    wget \
+    tar \
+    libclang-dev \
+    curl \
+    git
+
+# Install Go (needed for native-gnark)
+ENV GO_VERSION=1.22.1
+ARG TARGETARCH
+RUN wget -q https://golang.org/dl/go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
+    tar -C /usr/local -xzf go$GO_VERSION.linux-${TARGETARCH}.tar.gz && \
+    rm go$GO_VERSION.linux-${TARGETARCH}.tar.gz
+ENV PATH=$PATH:/usr/local/go/bin
+
+# Install sp1up and the SP1 toolchain
+ENV SP1_HOME="/root/.sp1"
+ENV PATH="${SP1_HOME}/bin:${PATH}"
+RUN curl -L https://sp1.succinct.xyz | bash && \
+    sp1up
+
+# Prepare for git dependencies
+ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
+RUN mkdir -p -m 0700 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
+
+# Copy the entire workspace (including root Cargo.toml and all crates)
+COPY . /app
+WORKDIR /app
+
+ENV VERGEN_CARGO_PROFILE=release
+
+# Build only the node binary
+RUN --mount=type=ssh \
+    --mount=type=cache,target=/usr/local/cargo/registry \
+    --mount=type=cache,target=/usr/local/cargo/git \
+    --mount=type=cache,target=/app/target \
+    cargo build --release -p node && \
+    cp target/release/node /node-temp
+
+# Runtime stage
+FROM --platform=linux/amd64 nvidia/cuda:12.5.0-runtime-ubuntu22.04 AS runtime
+
+# Install necessary runtime dependencies and Docker
+RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+    ca-certificates \
+    gcc \
+    libc6-dev \
+    wget \
+    curl \
+    gnupg && \
+    update-ca-certificates && \
+    install -m 0755 -d /etc/apt/keyrings && \
+    curl -fsSL --insecure https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
+    chmod a+r /etc/apt/keyrings/docker.gpg && \
+    echo \
+    "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+    "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+    tee /etc/apt/sources.list.d/docker.list > /dev/null && \
+    DEBIAN_FRONTEND=noninteractive apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y docker-ce docker-ce-cli containerd.io && \
+    DEBIAN_FRONTEND=noninteractive apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+# Set up working directory
+WORKDIR /app
+
+# Copy the built binary from the build stage
+COPY --from=build /node-temp /app/node
+
+# Set the entrypoint to run the node binary
+ENTRYPOINT ["/app/node"]
diff --git a/GETTING_STARTED.md b/GETTING_STARTED.md
@@ -4,6 +4,8 @@
 
 - [A GPU machine](https://docs.succinct.xyz/docs/sp1/generating-proofs/hardware-acceleration)
 - [A wallet with sepolia ETH](https://sepolia-faucet.pk910.de/)
+- You'll export the wallet private key to run your prover from the command line, so it's
+  recommended to have a wallet without many funds.
 
 ## Step 1: Create a prover
 
diff --git a/bin/cli/Cargo.toml b/bin/cli/Cargo.toml
diff --git a/bin/cli/src/main.rs b/bin/cli/src/main.rs
