docker, build: use x86-64-v3 baseline for portable Docker images #2608
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| # We intentionally don't run push on feature branches | |
| branches: [main] | |
| pull_request: | |
| workflow_dispatch: | |
| # only one can run at a time in PRs | |
| concurrency: | |
| # If PR, cancel prev commits. head_ref = source branch name on pull_request, null if push | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| name: CI | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Set up Zig | |
| uses: mlugg/setup-zig@v2.0.5 | |
| with: | |
| version: 0.15.2 | |
| - name: Cache Zig packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/zig | |
| key: ${{ runner.os }}-zig-${{ hashFiles('build.zig.zon', 'build.zig') }} | |
| restore-keys: | | |
| ${{ runner.os }}-zig- | |
| - name: Fetch Zig dependencies | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build --fetch; then | |
| echo "Successfully fetched dependencies on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All fetch attempts failed" | |
| exit 1 | |
| - name: Set up Rust/Cargo | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| components: clippy, rustfmt | |
| - name: Verify installation | |
| run: | | |
| rustc --version | |
| cargo --version | |
| - name: Cache dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Check Rust formatting | |
| run: | | |
| cargo fmt --manifest-path rust/Cargo.toml --all -- --check | |
| - name: Run clippy on hosts | |
| run: | | |
| cargo clippy --manifest-path rust/Cargo.toml --workspace -- -D warnings | |
| - name: Lint | |
| run: zig fmt --check . | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Free disk space (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghcrunner /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force || true | |
| df -h / | |
| - name: Set up Zig | |
| uses: mlugg/setup-zig@v2.0.5 | |
| with: | |
| version: 0.15.2 | |
| - name: Set up Rust/Cargo | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| - name: Cache Zig packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/zig | |
| key: ${{ runner.os }}-zig-${{ hashFiles('build.zig.zon', 'build.zig') }} | |
| restore-keys: | | |
| ${{ runner.os }}-zig- | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: "rust -> target" | |
| key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Fetch Zig dependencies | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build --fetch; then | |
| echo "Successfully fetched dependencies on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All fetch attempts failed" | |
| exit 1 | |
| - name: build | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build all; then | |
| echo "Successfully built on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All build attempts failed" | |
| exit 1 | |
| build-all-provers: | |
| name: build-all-provers | |
| runs-on: ${{ matrix.os }} | |
| needs: build # Only run if the build job succeeds | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Free disk space (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghcrunner /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force || true | |
| df -h / | |
| - name: Set up Zig | |
| uses: mlugg/setup-zig@v2.0.5 | |
| with: | |
| version: 0.15.2 | |
| - name: Set up Rust/Cargo | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| components: clippy, rustfmt | |
| - name: Cache Zig packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/zig | |
| key: ${{ runner.os }}-zig-${{ hashFiles('build.zig.zon', 'build.zig') }} | |
| restore-keys: | | |
| ${{ runner.os }}-zig- | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: "rust -> target" | |
| key: ${{ runner.os }}-cargo-all-provers-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Fetch Zig dependencies | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build --fetch; then | |
| echo "Successfully fetched dependencies on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All fetch attempts failed" | |
| exit 1 | |
| - name: Build with all provers | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build -Dprover=all; then | |
| echo "Successfully built on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All build attempts failed" | |
| exit 1 | |
| test: | |
| name: test | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Free disk space (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghcrunner /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force || true | |
| df -h / | |
| - name: Set up Zig | |
| uses: mlugg/setup-zig@v2.0.5 | |
| with: | |
| version: 0.15.2 | |
| - name: Set up Rust/Cargo | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| - name: Cache Zig packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/zig | |
| key: ${{ runner.os }}-zig-${{ hashFiles('build.zig.zon', 'build.zig') }} | |
| restore-keys: | | |
| ${{ runner.os }}-zig- | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: "rust -> target" | |
| key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Fetch Zig dependencies | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build --fetch; then | |
| echo "Successfully fetched dependencies on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All fetch attempts failed" | |
| exit 1 | |
| - name: Run all unit tests | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build test --summary all; then | |
| echo "Successfully ran unit tests on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All unit test attempts failed" | |
| exit 1 | |
| - name: Run all sim tests | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build simtest --summary all; then | |
| echo "Successfully ran sim tests on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All sim test attempts failed" | |
| exit 1 | |
| - name: Install uv | |
| shell: bash | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.local/bin" >> "$GITHUB_PATH" | |
| - name: Generate LeanSpec fixtures | |
| working-directory: leanSpec | |
| run: uv run fill --clean --fork=devnet -n auto | |
| - name: Generate spec fixtures | |
| run: zig build spectest:generate --summary all | |
| - name: Run all spec tests | |
| run: zig build spectest:run --summary all | |
| dummy-prove: | |
| name: Dummy prove | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Free disk space (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghcrunner /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force || true | |
| df -h / | |
| - name: Set up Zig | |
| uses: mlugg/setup-zig@v2.0.5 | |
| with: | |
| version: 0.15.2 | |
| - name: Set up Rust/Cargo | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| - name: Cache Zig packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/zig | |
| key: ${{ runner.os }}-zig-${{ hashFiles('build.zig.zon', 'build.zig') }} | |
| restore-keys: | | |
| ${{ runner.os }}-zig- | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: "rust -> target" | |
| key: ${{ runner.os }}-cargo-test-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Fetch Zig dependencies | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build --fetch; then | |
| echo "Successfully fetched dependencies on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All fetch attempts failed" | |
| exit 1 | |
| - name: Run the dummy prover | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build run -Dprover=dummy -- prove --zkvm dummy; then | |
| echo "Successfully ran dummy prover on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All dummy prover attempts failed" | |
| exit 1 | |
| docker-build: | |
| name: docker-build | |
| needs: [lint, build, test, build-all-provers] | |
| strategy: | |
| matrix: | |
| builder: [ubuntu-latest, ubuntu-22.04-arm] | |
| runs-on: ${{ matrix.builder }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 # Fetch full history to get git commit info | |
| - name: Free disk space (Ubuntu) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghcrunner /opt/hostedtoolcache/CodeQL | |
| sudo docker image prune --all --force || true | |
| df -h / | |
| - name: Set up Zig | |
| uses: mlugg/setup-zig@v2.0.5 | |
| with: | |
| version: 0.15.2 | |
| - name: Set up Rust/Cargo | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: nightly | |
| - name: Cache Zig packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/zig | |
| key: ${{ runner.os }}-zig-${{ hashFiles('build.zig.zon', 'build.zig') }} | |
| restore-keys: | | |
| ${{ runner.os }}-zig- | |
| - name: Cache Rust dependencies | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| workspaces: "rust -> target" | |
| key: ${{ runner.os }}-cargo-docker-${{ hashFiles('**/Cargo.lock') }} | |
| - name: Fetch Zig dependencies | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build --fetch; then | |
| echo "Successfully fetched dependencies on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All fetch attempts failed" | |
| exit 1 | |
| - name: Build zeam natively | |
| run: | | |
| max_attempts=3 | |
| for attempt in $(seq 1 $max_attempts); do | |
| if zig build -Doptimize=ReleaseSafe -Dgit_version="$(git rev-parse --short HEAD)"; then | |
| echo "Successfully built on attempt $attempt" | |
| exit 0 | |
| fi | |
| echo "Attempt $attempt/$max_attempts failed, retrying in 5 seconds..." | |
| sleep 5 | |
| done | |
| echo "All build attempts failed" | |
| exit 1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image with pre-built binary | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile.prebuilt | |
| push: false # Don't push, just build to verify | |
| tags: zeam:ci-${{ github.run_number }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |