Skip to content

ci: Test runner with containerd and local cache #393

ci: Test runner with containerd and local cache

ci: Test runner with containerd and local cache #393

name: Publish zk-environment Docker images
on:
# Workflow dispatch, to allow building and pushing new environments.
# It will NOT mark them as latest.
workflow_dispatch:
inputs:
build_cuda:
description: "Build CUDA images or not"
type: boolean
required: false
default: false
push:
branches:
- main
paths:
- "docker/zk-environment/**"
- ".github/workflows/zk-environment-publish.yml"
pull_request:
branches:
- main
paths:
- "docker/zk-environment/**"
- ".github/workflows/zk-environment-publish.yml"
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
changed_files:
outputs:
zk_environment: ${{ steps.changed-files-yaml.outputs.zk_env_any_changed }}
zk_environment_cuda_11_8: ${{ steps.changed-files-yaml.outputs.zk_env_cuda_11_8_any_changed }}
zk_environment_cuda_12_0: ${{ steps.changed-files-yaml.outputs.zk_env_cuda_12_any_changed }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: "recursive"
- name: Get changed files
id: changed-files-yaml
uses: tj-actions/changed-files@fea790cb660e33aef4bdf07304e28fedd77dfa13 # v39
with:
files_yaml: |
zk_env:
- docker/zk-environment/Dockerfile
- .github/workflows/zk-environment-publish.yml
zk_env_cuda_11_8:
- docker/zk-environment/22.04_amd64_cuda_11_8.Dockerfile
- .github/workflows/zk-environment-publish.yml
zk_env_cuda_12:
- docker/zk-environment/22.04_amd64_cuda_12_0.Dockerfile
- .github/workflows/zk-environment-publish.yml
get_short_sha:
if: ${{ (needs.changed_files.outputs.zk_environment == 'true') || (github.event_name == 'workflow_dispatch') }}
needs: [changed_files]
runs-on: ubuntu-latest
outputs:
short_sha: ${{ steps.set_short_sha.outputs.short_sha }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: "recursive"
- name: Set short SHA
id: set_short_sha
run: echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
zk_environment:
# Build and push new environment, if workflow dispatch is requested.
if: ${{ (needs.changed_files.outputs.zk_environment == 'true') || (github.event_name == 'workflow_dispatch') }}
# Needed to push to Gihub Package Registry
permissions:
packages: write
contents: read
needs: [changed_files, get_short_sha]
name: Build and optionally push zk-environment Docker images to Docker Hub
strategy:
fail-fast: false
matrix:
include:
- runner: matterlabs-ci-runner-high-performance-test
arch: amd64
- runner: matterlabs-ci-runner-arm
arch: arm64
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: "recursive"
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
- name: Log in to Docker Hub
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch') }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch') }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and optionally push zk-environment lightweight
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
with:
file: docker/zk-environment/Dockerfile
target: rust-lightweight
tags: |
matterlabs/zk-environment:${{ needs.get_short_sha.outputs.short_sha }}-lightweight-${{ matrix.arch }}
ghcr.io/${{ github.repository_owner }}/zk-environment:${{ needs.get_short_sha.outputs.short_sha }}-lightweight-${{ matrix.arch }}
build-args: ARCH=${{ matrix.arch }}
push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch') }}
- name: Build and optionally push zk-environment lightweight Rust nightly
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
with:
file: docker/zk-environment/Dockerfile
target: rust-lightweight-nightly
tags: |
matterlabs/zk-environment:${{ needs.get_short_sha.outputs.short_sha }}-lightweight-nightly-${{ matrix.arch }}
ghcr.io/${{ github.repository_owner }}/zk-environment:${{ needs.get_short_sha.outputs.short_sha }}-lightweight-nightly-${{ matrix.arch }}
build-args: ARCH=${{ matrix.arch }}
push: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch') }}
zk_environment_multiarch_manifest:
# We'll update the 'latest' tag, only on environments generated from 'main'.
if: needs.changed_files.outputs.zk_environment == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main'
# Needed to push to Gihub Package Registry
permissions:
packages: write
contents: read
needs: [changed_files, get_short_sha, zk_environment]
# TODO: After migraton switch to CI
runs-on: [matterlabs-default-infra-runners]
steps:
- name: Login to DockerHub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create and push multi-arch zk-environment lightweight manifests for Dockerhub
shell: bash
run: |
images=("lightweight" "lightweight-nightly")
archs=("amd64" "arm64")
for img in "${images[@]}"; do
multiarch_tag="matterlabs/zk-environment:latest2.0-${img}"
individual_images=()
for arch in "${archs[@]}"; do
TAG="${{ needs.get_short_sha.outputs.short_sha }}-${img}-${arch}"
docker pull matterlabs/zk-environment:${TAG} --platform linux/${arch}
individual_images+=("matterlabs/zk-environment:${TAG}")
done
docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
done
- name: Create and push multi-arch zk-environment lightweight manifests for GitHub Container Registry
shell: bash
run: |
images=("lightweight" "lightweight-nightly")
archs=("amd64" "arm64")
for img in "${images[@]}"; do
multiarch_tag="ghcr.io/${{ github.repository_owner }}/zk-environment:latest2.0-${img}"
individual_images=()
for arch in "${archs[@]}"; do
TAG="${{ needs.get_short_sha.outputs.short_sha }}-${img}-${arch}"
docker pull ghcr.io/${{ github.repository_owner }}/zk-environment:${TAG} --platform linux/${arch}
individual_images+=("ghcr.io/${{ github.repository_owner }}/zk-environment:${TAG}")
done
docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
done
zk_environment_cuda:
# Needed to push to Gihub Package Registry
permissions:
packages: write
contents: read
needs: changed_files
runs-on: [matterlabs-ci-runner-high-performance-test]
strategy:
matrix:
cuda_version: ['11_8', '12_0']
steps:
- name: Evaluate condition
id: condition
run: |
key="zk_environment_cuda_${{ matrix.cuda_version }}"
changed_files_output=$(echo '${{ toJson(needs.changed_files.outputs) }}' | jq -r ".$key")
echo "should_run=$changed_files_output" >> "$GITHUB_OUTPUT"
- name: Checkout code
if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: "recursive"
- name: Log in to US GAR
if: ${{ (steps.condition.outputs.should_run == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
run: |
gcloud auth print-access-token --lifetime=7200 --impersonate-service-account=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
- name: Log in to Docker Hub
if: ${{ (steps.condition.outputs.should_run == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
if: ${{ (steps.condition.outputs.should_run == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
- name: Build and optionally push
if: ${{ (steps.condition.outputs.should_run == 'true') || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
with:
file: docker/zk-environment/22.04_amd64_cuda_${{ matrix.cuda_version }}.Dockerfile
push: ${{ ( github.event_name == 'push' && github.ref == 'refs/heads/main' ) || (github.event_name == 'workflow_dispatch' && inputs.build_cuda) }}
tags: |
us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zk-environment-cuda-${{ matrix.cuda_version }}:latest
matterlabs/zk-environment:cuda-${{ matrix.cuda_version }}-latest
ghcr.io/${{ github.repository_owner }}/zk-environment:cuda-${{ matrix.cuda_version }}-latest