Skip to content

feat: Workflow to build protocol docker image #1713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Workflow to build protocol docker image #1713

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions .github/workflows/build-docker.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
name: Build Docker Image (manual)

on:
workflow_dispatch:
inputs:
ref:
description: "Branch, tag or commit to build the docker image from. If empty, ref that triggered the workflow will be used."
type: string
required: false
image_tag_override:
description: "Optional override of the default image tag name"
type: string
required: false

jobs:
build-image:
name: Build and Push protocol Docker Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
env:
IMAGE_NAME: protocol

steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.ref != '' && inputs.ref || github.sha }}
submodules: recursive

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

- name: Compute image tag
shell: bash
run: |
if [ -n "${{ inputs.image_tag_override }}" ]; then
IMAGE_TAG="${{ inputs.image_tag_override }}"
else
IMAGE_TAG=$(git rev-parse --short HEAD)-$(date +%s)
fi
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
echo "Computed image tag: $IMAGE_TAG"

- name: Login to GitHub Container Registry
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build & Push Docker Image
uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
with:
context: .
push: true
platforms: linux/amd64
file: docker/protocol/Dockerfile
tags: |
ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
83 changes: 83 additions & 0 deletions docker/protocol/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# syntax=docker/dockerfile:1.6

########################################
# 1) Build
########################################
FROM debian:bookworm-slim AS build

ENV DEBIAN_FRONTEND=noninteractive \
PATH=/usr/local/bin:$PATH \
YARN_CACHE_FOLDER=/tmp/yarn-cache

# Build deps
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates curl git bash coreutils openssl jq xz-utils gnupg && \
rm -rf /var/lib/apt/lists/*

# Node 18.18.0 + Yarn 1.22.19
RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
&& apt-get update && apt-get install -y --no-install-recommends nodejs=18.18.0-* \
&& npm i -g [email protected] \
&& npm cache clean --force \
&& rm -rf /var/lib/apt/lists/*

# Foundry ZKSync (pinned)
RUN curl -LO https://github.com/matter-labs/foundry-zksync/releases/download/nightly-ae913af65381734ad46c044a9495b67310bc77c4/foundry_nightly_linux_amd64.tar.gz \
&& tar zxf foundry_nightly_linux_amd64.tar.gz -C /usr/local/bin/ \
&& chmod +x /usr/local/bin/forge /usr/local/bin/cast \
&& rm foundry_nightly_linux_amd64.tar.gz

# Copy sources
WORKDIR /contracts
COPY . /contracts
RUN yarn install --frozen-lockfile

# Clean
RUN forge clean --root da-contracts
RUN yarn --cwd l1-contracts clean
RUN forge clean --root l1-contracts
RUN yarn --cwd l2-contracts clean
RUN forge clean --root l2-contracts
RUN yarn --cwd system-contracts clean
RUN forge clean --root system-contracts

# Compile contracts
RUN yarn --cwd da-contracts build:foundry
RUN yarn --cwd l1-contracts build:foundry
RUN yarn --cwd l2-contracts build:foundry
RUN yarn --cwd system-contracts build:foundry

# Check hashes
RUN yarn calculate-hashes:check

# Remove node_modules
RUN rm -rf node_modules

########################################
# 2) Runtime
########################################
FROM debian:bookworm-slim

ENV DEBIAN_FRONTEND=noninteractive \
PATH=/usr/local/bin:$PATH

# Minimal runtime deps
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates bash openssl jq && \
rm -rf /var/lib/apt/lists/*

# forge/cast
COPY --from=build /usr/local/bin/forge /usr/local/bin/forge
COPY --from=build /usr/local/bin/cast /usr/local/bin/cast

WORKDIR /contracts
COPY --from=build /contracts/l1-contracts /contracts/l1-contracts
COPY --from=build /contracts/l2-contracts /contracts/l2-contracts
COPY --from=build /contracts/system-contracts /contracts/system-contracts
COPY --from=build /contracts/da-contracts /contracts/da-contracts
COPY --from=build /contracts/lib /contracts/lib
COPY --from=build /contracts/AllContractsHashes.json /contracts/AllContractsHashes.json
COPY --from=build /contracts/SystemConfig.json /contracts/SystemConfig.json

# Sanity
RUN forge --version
Loading