From 17b8157943702a172fd646d51bad04098c915bf7 Mon Sep 17 00:00:00 2001 From: Anton Baliasnikov Date: Sat, 18 Jan 2025 17:28:41 +0000 Subject: [PATCH] ci: update release process with release-please --- .github/release-please/config.json | 19 +++ .github/release-please/manifest.json | 3 + .github/workflows/build-push-docker.yml | 78 +++++---- .github/workflows/release-please.yml | 50 ++++++ .github/workflows/release.yml | 209 ++++++++---------------- Cargo.toml | 6 +- Dockerfile | 33 ++-- 7 files changed, 193 insertions(+), 205 deletions(-) create mode 100644 .github/release-please/config.json create mode 100644 .github/release-please/manifest.json create mode 100644 .github/workflows/release-please.yml diff --git a/.github/release-please/config.json b/.github/release-please/config.json new file mode 100644 index 00000000..0e87f910 --- /dev/null +++ b/.github/release-please/config.json @@ -0,0 +1,19 @@ +{ + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "release-type": "simple", + "include-component-in-tag": false, + "group-pull-request-title-pattern": "chore: release ${component} ${version}", + "draft": true, + "packages": { + ".": { + "component": "anvil-zksync", + "extra-files": [ + { + "type": "generic", + "path": "Cargo.toml" + } + ] + } + } +} diff --git a/.github/release-please/manifest.json b/.github/release-please/manifest.json new file mode 100644 index 00000000..69535c61 --- /dev/null +++ b/.github/release-please/manifest.json @@ -0,0 +1,3 @@ +{ + ".": "0.2.4" +} diff --git a/.github/workflows/build-push-docker.yml b/.github/workflows/build-push-docker.yml index e16dc783..2f66a0f7 100644 --- a/.github/workflows/build-push-docker.yml +++ b/.github/workflows/build-push-docker.yml @@ -1,56 +1,44 @@ name: Build and push Docker image + on: + workflow_call: + inputs: + tag: + type: string + description: 'The tag to use for the Docker image' + required: true push: branches: - main - tags: - - "*" -env: - PLATFORMS: 'linux/amd64,linux/arm64' concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: - set-tags: - name: Set Docker Tags - runs-on: ubuntu-latest - outputs: - base_tag: ${{ steps.set_tag.outputs.base_tag }} - steps: - - uses: actions/checkout@v4 - - - name: Set Git SHA - id: git_sha - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - - name: Determine Base Tag - id: set_tag - run: | - ts=$(date +%s%N | cut -b1-13) - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then - echo "base_tag=${{ steps.git_sha.outputs.sha_short }}-${ts}" >> $GITHUB_OUTPUT - elif [[ "${{ github.ref }}" == refs/tags/* ]]; then - echo "base_tag=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT - elif [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "base_tag=none" >> $GITHUB_OUTPUT - else - echo "Unsupported event ${GITHUB_EVENT_NAME} or ref ${GITHUB_REF}. Only refs/heads/main, refs/tags/*, and pull_request are supported." - exit 1 - fi build-push-image: name: Build and Push Docker Image runs-on: matterlabs-ci-runner-high-performance - needs: set-tags + env: + DOCKERHUB_IMAGE: us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/anvil-zksync steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + with: + ref: ${{ inputs.tag || '' }} - - name: Login to GAR + - name: Determine Base Tag + id: set_tag + shell: 'bash -ex {0}' run: | - gcloud auth configure-docker us-docker.pkg.dev -q + [ ! -z "${{ inputs.tag }}" ] && BASE_TAG="${{ inputs.tag }}" \ + || BASE_TAG="$(git rev-parse --short HEAD)-$(date +%s%N | cut -b1-13)" + echo "base_tag=${BASE_TAG}" >> "${GITHUB_OUTPUT}" + + - name: Login to GAR + run: gcloud auth configure-docker us-docker.pkg.dev -q - name: Login to GHCR uses: docker/login-action@v3 @@ -63,19 +51,27 @@ jobs: uses: docker/setup-buildx-action@v3 - name: Build and push Docker image - id: docker_build uses: docker/build-push-action@v6 + id: push with: context: . - push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) }} - platforms: ${{ env.PLATFORMS }} + push: ${{ github.event_name != 'pull_request' }} + platforms: 'linux/amd64,linux/arm64' cache-from: type=gha cache-to: type=gha,mode=max tags: | - ghcr.io/${{ github.repository_owner }}/anvil-zksync:${{ needs.set-tags.outputs.base_tag }} - us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/anvil-zksync:${{ needs.set-tags.outputs.base_tag }} + ghcr.io/${{ github.repository }}:${{ steps.set_tag.outputs.base_tag }} + ${{ env.DOCKERHUB_IMAGE }}:${{ steps.set_tag.outputs.base_tag }} + + - name: Generate docker image attestation + if: ${{ inputs.tag != '' }} + uses: actions/attest-build-provenance@v1 + with: + subject-name: ghcr.io/${{ github.repository }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true - name: Print image digest to summary run: | - echo "Image tags: ghcr.io/${{ github.repository_owner }}/anvil-zksync:${{ needs.set-tags.outputs.base_tag }}" >> $GITHUB_STEP_SUMMARY - echo "Image tags: us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/anvil-zksync:${{ needs.set-tags.outputs.base_tag }}" >> $GITHUB_STEP_SUMMARY \ No newline at end of file + echo "Image tags: ghcr.io/${{ github.repository }}:${{ steps.set_tag.outputs.base_tag }}" >> "${GITHUB_STEP_SUMMARY}" + echo "Image tags: ${{ env.DOCKERHUB_IMAGE }}:${{ steps.set_tag.outputs.base_tag }}" >> "${GITHUB_STEP_SUMMARY}" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 00000000..b5939858 --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,50 @@ +name: Release-please + +# Give permissions to the release-please bot to open and update PRs +# and commit to PRs the repository to update Cargo.lock +permissions: + contents: write + pull-requests: write + id-token: write + attestations: write + +# Run the workflow on push to the main branch and manually +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + + # Prepare the release PR with changelog updates and create github releases + # Do not publish to crates.io or upgrade dependencies + release-please: + uses: matter-labs/zksync-ci-common/.github/workflows/release-please.yaml@v1 + secrets: + slack_webhook: ${{ secrets.SLACK_WEBHOOK }} + gh_token: ${{ secrets.GITHUB_TOKEN }} + with: + config: '.github/release-please/config.json' # Specify the path to the configuration file + manifest: '.github/release-please/manifest.json' # Specify the path to the manifest file + update-cargo-lock: true # Update Cargo.lock file + publish-to-crates-io: false # Disable publishing to crates.io + upgrade-dependencies: false # Do not upgrade workspace dependencies + + # Trigger workflow to publish binaries + release-binaries: + if: ${{ needs.release-please.outputs.releases_created == 'true' }} + needs: release-please + uses: ./.github/workflows/release.yml + with: + tag: ${{ needs.release-please.outputs.tag_name }} + secrets: inherit + + # Trigger workflow to publish docker images + release-docker: + if: ${{ needs.release-please.outputs.releases_created == 'true' }} + needs: release-please + uses: ./.github/workflows/build-push-docker.yml + with: + tag: ${{ needs.release-please.outputs.tag_name }} + secrets: inherit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 553eef17..aae6d63f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,44 +1,27 @@ -# This workflow is borrowed from reth, which is borrowed from Lighthouse: -# reth: https://github.com/paradigmxyz/reth/blob/500b0fac135fe07635d871d64467326599e2b27e/.github/workflows/release.yml -# lighthouse: https://github.com/sigp/lighthouse/blob/693886b94176faa4cb450f024696cb69cda2fe58/.github/workflows/release.yml - -name: release +name: Release binaries on: - push: - tags: - - v* + workflow_call: + inputs: + tag: + type: string + description: 'The tag to use for the Docker image.' + required: true + workflow_dispatch: + inputs: + prerelease_name: + description: "Suffix to use for manual pre-release." + required: false + type: string + default: "prerelease-test" -env: - REPO_NAME: ${{ github.repository_owner }}/anvil-zksync - CARGO_TERM_COLOR: always - RUSTFLAGS: "" jobs: - extract-version: - name: extract version - runs-on: ubuntu-latest - steps: - - name: Extract version - run: echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> $GITHUB_OUTPUT - id: extract_version - outputs: - VERSION: ${{ steps.extract_version.outputs.VERSION }} build: - permissions: - id-token: write - attestations: write - name: build release + name: Build binaries strategy: matrix: - arch: - [ - x86_64-unknown-linux-gnu, - aarch64-unknown-linux-gnu, - x86_64-apple-darwin, - aarch64-apple-darwin, - ] include: - arch: x86_64-unknown-linux-gnu platform: ubuntu-24.04 @@ -50,148 +33,88 @@ jobs: platform: macos-latest runs-on: ${{ matrix.platform }} - needs: [extract-version] steps: - name: Checkout sources uses: actions/checkout@v4 + with: + ref: ${{ inputs.tag || '' }} - name: Install Rust uses: actions-rust-lang/setup-rust-toolchain@v1 with: toolchain: stable + rustflags: "" + - name: Install target run: rustup target add ${{ matrix.arch }} - - name: Run cargo clean - run: cargo clean - - # ============================== - # Builds - # ============================== - - - name: Install cross v0.2.4 from source - env: - RUSTFLAGS: "" - run: | - cargo install cross --git https://github.com/cross-rs/cross --tag v0.2.4 + - name: Install cross v0.2.5 from source + run: cargo install cross --git https://github.com/cross-rs/cross --tag v0.2.5 - name: Build anvil-zksync for ${{ matrix.arch }} run: | - if [[ "${{ matrix.arch }}" == *"linux"* ]]; then - make build-static-${{ matrix.arch }} - else - make build-${{ matrix.arch }} - fi + [[ "${{ matrix.arch }}" == *"linux"* ]] && make build-static-${{ matrix.arch }} || make build-${{ matrix.arch }} - - name: Rename and move binary + - name: Pack anvil-zksync run: | - mkdir artifacts - mv target/${{ matrix.arch }}/release/anvil-zksync ./artifacts + tar -czf anvil-zksync-${{ inputs.tag || inputs.prerelease_name }}-${{ matrix.arch }}.tar.gz \ + ./target/${{ matrix.arch }}/release/anvil-zksync - - name: Create artifacts - run: | - cd artifacts - tar -czf anvil-zksync-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz anvil-zksync* - mv *tar.gz* .. - - # ======================================================================= - # Upload artifacts - # This is required to share artifacts between different jobs - # ======================================================================= - name: Upload artifact uses: actions/upload-artifact@v4 with: - name: anvil-zksync-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz - path: anvil-zksync-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.arch }}.tar.gz + name: anvil-zksync-${{ matrix.arch }} + path: | + anvil-zksync-${{ inputs.tag || inputs.prerelease_name }}-${{ matrix.arch }}.tar.gz + ./target/${{ matrix.arch }}/release/anvil-zksync - - name: Binaries attestation - uses: actions/attest-build-provenance@v2 - with: - subject-path: ./artifacts/anvil-zksync - draft-release: - name: draft release - needs: [build, extract-version] - runs-on: ubuntu-latest - env: - VERSION: ${{ needs.extract-version.outputs.VERSION }} + upload-binaries: + name: Upload binaries permissions: - # Required to post the release contents: write + pull-requests: write + id-token: write + attestations: write + needs: build + runs-on: ubuntu-latest steps: - # This is necessary for generating the changelog. It has to come before "Download Artifacts" or else it deletes the artifacts. - name: Checkout sources uses: actions/checkout@v4 with: - fetch-depth: 0 + ref: ${{ inputs.tag || '' }} - # ============================== - # Download artifacts - # ============================== - - name: Download artifacts - uses: actions/download-artifact@v4 - - # ============================== - # Create release draft - # ============================== - - name: Generate full changelog - id: changelog - run: | - echo "CHANGELOG<> $GITHUB_OUTPUT - echo "$(git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 ${{ env.VERSION }}^)..${{ env.VERSION }})" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - - name: Generate list of contributors - id: contributors - run: | - echo "CONTRIBUTORS<> $GITHUB_OUTPUT - echo "$(git log --pretty=format:"- %aN (%aE)" $(git describe --tags --abbrev=0 ${{ env.VERSION }}^)..${{ env.VERSION }} | sort | uniq)" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT - - - name: Create release draft - env: - GITHUB_USER: ${{ github.repository_owner }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # The formatting here is borrowed from reth which borrowed it from Lighthouse (which is borrowed from OpenEthereum): https://github.com/openethereum/openethereum/blob/main/.github/workflows/build.yml + - name: Define release name + id: release_tag + shell: 'bash -ex {0}' run: | - body=$(cat <<- "ENDBODY" - - - ## 📋 Summary - - ### 🐛 Bug Fixes: - - TBD - - ### ✨ New Features: - - TBD - - ### ⚠️ Breaking Changes: - - TBD + [ ! -z "${{ inputs.tag }}" ] && TAG="${{ inputs.tag }}" \ + || TAG="$(git rev-parse --short HEAD)" + echo "tag=${TAG}" >> "${GITHUB_OUTPUT}" - ## 📜 All Changes - - ${{ steps.changelog.outputs.CHANGELOG }} - - ## ⭐ Contributors + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + pattern: "anvil-zksync-*" + path: artifacts - ${{ steps.contributors.outputs.CONTRIBUTORS }} + - name: Binaries attestation + uses: actions/attest-build-provenance@v2 + with: + subject-path: 'artifacts/**/anvil-zksync' - ## 📥 Binaries + - name: Update release-please release artifacts + if: ${{ inputs.tag != '' }} + uses: softprops/action-gh-release@v2 + with: + tag_name: ${{ inputs.tag }} + files: 'artifacts/**/anvil-zksync*.tar.gz' - | System | Architecture | Binary | - |:---:|:---:|:---:| - | | x86_64 | [anvil-zksync-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/anvil-zksync-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz) | - | | aarch64 | [anvil-zksync-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/anvil-zksync-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz) | - | | x86_64 | [anvil-zksync-${{ env.VERSION }}-x86_64-apple-darwin.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/anvil-zksync-${{ env.VERSION }}-x86_64-apple-darwin.tar.gz) | - | | aarch64 | [anvil-zksync-${{ env.VERSION }}-aarch64-apple-darwin.tar.gz](https://github.com/${{ env.REPO_NAME }}/releases/download/${{ env.VERSION }}/anvil-zksync-${{ env.VERSION }}-aarch64-apple-darwin.tar.gz) | - | | | | - ENDBODY - ) - assets=() - for asset in ./anvil-zksync-*.tar.gz*; do - assets+=("$asset/$asset") - done - tag_name="${{ env.VERSION }}" - echo "$body" | gh release create "$tag_name" "${assets[@]}" --draft -F "-" -t "Release: $tag_name" + - name: Create release + if: ${{ inputs.prerelease_name != '' }} + uses: softprops/action-gh-release@v2 + with: + name: 'anvil-zksync ${{ inputs.prerelease_name}} ${{ steps.release_tag.outputs.tag }}' + tag_name: ${{ steps.release_tag.outputs.tag }} + prerelease: true + files: 'artifacts/**/anvil-zksync*.tar.gz' diff --git a/Cargo.toml b/Cargo.toml index ca9c3040..856eba09 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -12,8 +12,12 @@ resolver = "2" [profile.dev] debug = 0 +[profile.release] +strip = "debuginfo" # Automatically strip symbols from the binary. +lto = "thin" # Enable link-time optimization. + [workspace.package] -version = "0.2.4" +version = "0.2.4" # x-release-please-version edition = "2021" authors = ["The Matter Labs Team "] homepage = "https://zksync.io/" diff --git a/Dockerfile b/Dockerfile index 578352ce..64cb014c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,19 @@ -FROM ubuntu:22.04 AS builder +FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef +WORKDIR /anvil-zksync -ENV DEBIAN_FRONTEND=noninteractive -ENV DEBCONF_NONINTERACTIVE_SEEN=true - -RUN apt-get update && apt-get install -y curl clang openssl libssl-dev gcc g++ \ - pkg-config build-essential libclang-dev linux-libc-dev liburing-dev && \ - rm -rf /var/lib/apt/lists/* - -ENV RUSTUP_HOME=/usr/local/rustup \ - CARGO_HOME=/usr/local/cargo \ - PATH=/usr/local/cargo/bin:$PATH - -RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \ - rustup install stable && \ - rustup default stable - -WORKDIR /usr/src/anvil-zksync +FROM chef AS planner COPY . . +RUN cargo chef prepare --recipe-path recipe.json -RUN cargo build --release +FROM chef AS builder +COPY --from=planner /anvil-zksync/recipe.json recipe.json +# Build dependencies - this is the caching Docker layer +RUN cargo chef cook --release --recipe-path recipe.json +# Build application +COPY . . +RUN cargo build --release --bin anvil-zksync -FROM ubuntu:22.04 +FROM ubuntu:22.04 as runtime RUN apt-get update && \ apt-get install -y \ @@ -31,6 +24,6 @@ RUN apt-get update && \ EXPOSE 8011 WORKDIR /usr/local/bin -COPY --from=builder /usr/src/anvil-zksync/target/release/anvil-zksync . +COPY --from=builder /anvil-zksync/target/release/anvil-zksync . ENTRYPOINT [ "anvil-zksync" ]