zama-ai · fegmorte · Jun 16, 2025 · Jun 13, 2025 · Jun 13, 2025 · Jun 13, 2025
@@ -34,19 +34,22 @@ jobs:
   docker-fhevm-coprocessor:
     needs: check-changes
     if: ${{ needs.check-changes.outputs.changes-coprocessor-gw-listener == 'true' || github.event_name == 'release' }}
-    uses: zama-ai/ci-templates/.github/workflows/docker_common.yml@44333c96991d6747e0bef6a3308bfd98b20390f8 # main
+    uses: zama-ai/ci-templates/.github/workflows/common-docker.yml@ef9d90453e0d776453026c751fbbd48e410d605a
     secrets:
-      GHCR_ACTION_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
-      GRAVITON_BUILDER_SSH_PRIVATE_KEY: ${{ secrets.GRAVITON_BUILDER_SSH_PRIVATE_KEY }}
+      BLOCKCHAIN_ACTIONS_TOKEN: ${{ secrets.BLOCKCHAIN_ACTIONS_TOKEN }}
+      AWS_ACCESS_KEY_S3_USER: ${{ secrets.AWS_ACCESS_KEY_S3_USER }}
+      AWS_SECRET_KEY_S3_USER: ${{ secrets.AWS_SECRET_KEY_S3_USER }}
     permissions:
-      contents: "read"
-      id-token: "write"
-      packages: "write"
+      actions: 'read'
+      contents: 'read'
+      pull-requests: 'read'
+      attestations: 'write'
+      packages: 'write'
+      id-token: 'write'
     with:
       working-directory: "."
       docker-context: "."
       push_image: true
       image-name: "fhevm/coprocessor/gw-listener"
-      generate-dev-image: false
-      docker-file: "coprocessor/fhevm-engine/gw-listener/Dockerfile"
-      arm-build: true
+      docker-file: "./coprocessor/fhevm-engine/gw-listener/Dockerfile"
+      app-cache-dir: 'fhevm-coprocessor-gw-listener'
@@ -13,8 +13,8 @@ WORKDIR /app/coprocessor/fhevm-engine
 RUN cargo fetch && \
     SQLX_OFFLINE=true cargo build --release -p gw-listener
 
-# Stage 2: Runtime image
-FROM cgr.dev/chainguard/glibc-dynamic:latest AS runtime
+# Stage 3: Runtime image
+FROM cgr.dev/chainguard/glibc-dynamic:latest AS prod
 
 COPY --from=builder /lib/ /lib/
 COPY --from=builder /bin/ /bin/
@@ -30,4 +30,6 @@ COPY --from=builder --chown=fhevm:fhevm /app/coprocessor/fhevm-engine/target/rel
 
 USER fhevm:fhevm
 
-CMD ["/usr/local/bin/gw_listener"]
+CMD ["/usr/local/bin/gw_listener"]
+
+FROM prod AS dev