increase optimisation level #401
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Publish Docker Images | |
on: | |
push: | |
tags: | |
- '**' | |
branches: | |
- main | |
- holesky | |
- mainnet | |
- docker | |
- hack-merge-table | |
pull_request: | |
branches: | |
- '**' | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: false | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
jobs: | |
base: | |
name: build base | |
runs-on: ['hostname:hetzner-dedicated-6'] | |
outputs: | |
RUNNER: ${{ steps.get-label.outputs.runner_name }} | |
steps: | |
- name: Get Runner Label | |
id: get-label | |
run: | | |
if [[ "${{ runner.name }}" == *"@hetzner-dedicated-6" ]]; then | |
echo "runner_name=hostname:hetzner-dedicated-6" >> $GITHUB_OUTPUT | |
else | |
echo "runner_name=nix-128g" >> $GITHUB_OUTPUT | |
fi | |
- name: Cleanup docker build cache | |
run: | | |
docker system prune --force | |
docker builder prune --all --force | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
submodules: "recursive" | |
- name: Build base | |
env: | |
DOCKER_BUILDKIT: 1 | |
run: | | |
docker build --tag base:${{ github.sha }} --file docker/base/Dockerfile . --platform linux/amd64 --build-arg INSTRUCTION_SET="x86-64-v3" | |
build: | |
needs: base | |
runs-on: ${{needs.base.outputs.RUNNER}} | |
strategy: | |
fail-fast: false | |
matrix: | |
image: [worker] | |
include: | |
- image: worker | |
docker_file: docker/worker/Dockerfile | |
platform: linux/amd64 | |
steps: | |
- name: Get Runner Label | |
id: get-label | |
run: | | |
if [[ "${{ runner.name }}" == *"@hetzner-dedicated-6" ]]; then | |
echo "runner_name=hostname:hetzner-dedicated-6" >> $GITHUB_OUTPUT | |
else | |
echo "runner_name=nix-128g" >> $GITHUB_OUTPUT | |
fi | |
- name: Cleanup docker build cache | |
run: | | |
docker system prune --force | |
docker builder prune --all --force | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Build and push images | |
env: | |
DOCKER_BUILDKIT: 1 | |
run: | | |
TAG=$(echo ${{ github.ref_name }} | tr "[]/" -) | |
docker build \ | |
-t ${{ matrix.image }}:${{ github.sha }} \ | |
-f ${{ matrix.docker_file }} . \ | |
--platform ${{ matrix.platform }} \ | |
--build-arg INSTRUCTION_SET="x86-64-v3" \ | |
--build-arg BASE_IMAGE_TAG=${{ github.sha }} | |
lint: | |
needs: base | |
runs-on: ${{needs.base.outputs.RUNNER}} | |
steps: | |
- name: clippy | |
run: | | |
docker run --rm base:${{ github.sha }} cargo clippy --all-targets --all -- -D warnings -A incomplete-features -A clippy::needless_return -A unused | |
- name: fmt | |
run: | | |
docker run --rm base:${{ github.sha }} cargo fmt --all -- --check | |
test: | |
needs: base | |
runs-on: ${{needs.base.outputs.RUNNER}} | |
steps: | |
- name: test | |
run: | | |
docker run --rm base:${{ github.sha }} cargo test | |
private-push: | |
name: Push Docker Images to AWS | |
runs-on: ${{needs.base.outputs.RUNNER}} | |
needs: | |
- build | |
- base | |
strategy: | |
fail-fast: false | |
matrix: | |
environment: [dev, test, prod] | |
image: [worker] | |
include: | |
- environment: dev | |
aws_account_id: ${{ vars.ZKMR_DEV_AWS_ACCOUNT_ID }} | |
- environment: test | |
aws_account_id: ${{ vars.ZKMR_TEST_AWS_ACCOUNT_ID }} | |
- environment: prod | |
aws_account_id: ${{ vars.ZKMR_PROD_AWS_ACCOUNT_ID }} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ matrix.aws_account_id }}:role/github-actions-ecr-access-role | |
role-session-name: github-actions-ecr-access-role | |
aws-region: ${{ vars.ZKMR_AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Push to ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
TAG=$(echo ${{ github.ref_name }} | tr "[]/" -) | |
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:${{ github.sha }} | |
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:${TAG} | |
docker push $ECR_REGISTRY/${{ matrix.image }}:${{ github.sha }} | |
docker push $ECR_REGISTRY/${{ matrix.image }}:${TAG} | |
if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then | |
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:latest | |
docker push $ECR_REGISTRY/${{ matrix.image }}:latest | |
fi | |
if [[ ${{ github.ref }} == 'refs/tags/v'* ]]; then | |
docker tag ${{ matrix.image }}:${{ github.sha }} $ECR_REGISTRY/${{ matrix.image }}:${TAG} | |
docker push $ECR_REGISTRY/${{ matrix.image }}:${TAG} | |
fi | |
public-push: | |
name: Push Docker Images to Docker hub | |
if: contains('main holesky mainnet hack-merge-table v1_base 129/merge', github.ref_name) || startsWith(github.ref, 'refs/tags/') | |
runs-on: ${{needs.base.outputs.RUNNER}} | |
needs: | |
- build | |
- base | |
steps: | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Push to public repo | |
run: | | |
if [[ ${{ github.ref_name }} == 'main' ]]; then | |
tag=latest | |
else | |
tag=$(echo ${{ github.ref_name }} | tr "[]/" -) | |
fi | |
docker tag worker:${{ github.sha }} lagrangelabs/worker:${tag} | |
docker push lagrangelabs/worker:${tag} |