From 34de1e7eb1548c8f27b83f3061fdede9424766c5 Mon Sep 17 00:00:00 2001 From: Samuel Laferriere Date: Tue, 28 Jan 2025 11:30:08 -0500 Subject: [PATCH] ci: migrate from circleci to github actions (#20) * ci: add test-golang workflow * ci: delete circleci yml file This was used by op, we are moving to using github actions for our fork * ci: fix linter by using golangci-lint action * ci: use golangci-lint v1.61 to match mise.toml requirement * ci: use mise in ci to install correct versions of dependencies * ci: remove setup-go step because go already installed by mise in previous step * ci: build contracts that are needed for op-e2e tests * ci: use caching for forge artifacts * ci: remove slow op-program build don't think we are using it... testing * ci: make go-lint job run in parallel, and update version to try to fix errors * ci: add go modules caching to speed up workflow * ci: add explicit go mod download --- .circleci/config.yml | 1852 ----------------------------- .github/workflows/test-golang.yml | 98 ++ 2 files changed, 98 insertions(+), 1852 deletions(-) delete mode 100644 .circleci/config.yml create mode 100644 .github/workflows/test-golang.yml diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index e1eb5e031772..000000000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,1852 +0,0 @@ -version: 2.1 - -parameters: - default_docker_image: - type: string - default: cimg/base:2024.01 - base_image: - type: string - default: default - # The dispatch parameters are used to manually dispatch pipelines that normally only run post-merge on develop - # from the CircleCI UI. Example configuration: - # when: - # or: - # - equal: [ "develop", <> ] - # - equal: [ true, <> ] - # Add a new `*_dispatch` parameter for any pipeline you want manual dispatch for. - main_dispatch: - type: boolean - default: true # default to running main in case the manual run cancelled an automatic run - fault_proofs_dispatch: - type: boolean - default: false - reproducibility_dispatch: - type: boolean - default: false - diff_asterisc_bytecode_dispatch: - type: boolean - default: false - kontrol_dispatch: - type: boolean - default: false - cannon_full_test_dispatch: - type: boolean - default: false - sdk_dispatch: - type: boolean - default: false - docker_publish_dispatch: - type: boolean - default: false - publish_contract_artifacts_dispatch: - type: boolean - default: false - stale_check_dispatch: - type: boolean - default: false - contracts_coverage_dispatch: - type: boolean - default: false - -orbs: - go: circleci/go@1.8.0 - gcp-cli: circleci/gcp-cli@3.0.1 - slack: circleci/slack@4.10.1 - shellcheck: circleci/shellcheck@3.2.0 - codecov: codecov/codecov@5.0.3 - utils: ethereum-optimism/circleci-utils@1.0.8 - -commands: - gcp-oidc-authenticate: - description: "Authenticate with GCP using a CircleCI OIDC token." - parameters: - project_id: - type: env_var_name - default: GCP_PROJECT_ID - workload_identity_pool_id: - type: env_var_name - default: GCP_WIP_ID - workload_identity_pool_provider_id: - type: env_var_name - default: GCP_WIP_PROVIDER_ID - service_account_email: - type: env_var_name - default: GCP_SERVICE_ACCOUNT_EMAIL - gcp_cred_config_file_path: - type: string - default: /home/circleci/gcp_cred_config.json - oidc_token_file_path: - type: string - default: /home/circleci/oidc_token.json - steps: - - run: - name: "Create OIDC credential configuration" - command: | - # Store OIDC token in temp file - echo $CIRCLE_OIDC_TOKEN > << parameters.oidc_token_file_path >> - # Create a credential configuration for the generated OIDC ID Token - gcloud iam workload-identity-pools create-cred-config \ - "projects/${<< parameters.project_id >>}/locations/global/workloadIdentityPools/${<< parameters.workload_identity_pool_id >>}/providers/${<< parameters.workload_identity_pool_provider_id >>}"\ - --output-file="<< parameters.gcp_cred_config_file_path >>" \ - --service-account="${<< parameters.service_account_email >>}" \ - --credential-source-file=<< parameters.oidc_token_file_path >> - - run: - name: "Authenticate with GCP using OIDC" - command: | - # Configure gcloud to leverage the generated credential configuration - gcloud auth login --brief --cred-file "<< parameters.gcp_cred_config_file_path >>" - # Configure ADC - echo "export GOOGLE_APPLICATION_CREDENTIALS='<< parameters.gcp_cred_config_file_path >>'" | tee -a "$BASH_ENV" - - check-changed: - description: "Conditionally halts a step if certain modules change" - parameters: - patterns: - type: string - description: "Comma-separated list of dependencies" - no_go_deps: - type: string - default: "" - description: "If set, does not trigger on `go.mod` / `go.sum` changes." - steps: - - run: - name: "Check for changes" - environment: - CHECK_CHANGED_NO_GO_DEPS: "<>" - command: | - cd ops/check-changed - pip3 install -r requirements.txt - python3 main.py "<>" - - install-contracts-dependencies: - description: "Install the dependencies for the smart contracts" - steps: - - run: - name: Install dependencies - command: | - # Manually craft the submodule update command in order to take advantage - # of the -j parameter, which speeds it up a lot. - git submodule update --init --recursive --force -j 8 - working_directory: packages/contracts-bedrock - - notify-failures-on-develop: - description: "Notify Slack" - parameters: - channel: - type: string - default: C03N11M0BBN - mentions: - type: string - default: "" - steps: - - slack/notify: - channel: << parameters.channel >> - event: fail - template: basic_fail_1 - branch_pattern: develop - mentions: "<< parameters.mentions >>" - - run-contracts-check: - parameters: - command: - description: Just command that runs the check - type: string - steps: - - run: - name: <> - command: | - git reset --hard - just <> - git diff --exit-code - working_directory: packages/contracts-bedrock - when: always - environment: - FOUNDRY_PROFILE: ci - -jobs: - cannon-go-lint-and-test: - machine: true - resource_class: ethereum-optimism/latitude-1 - parameters: - skip_slow_tests: - type: boolean - default: false - notify: - description: Whether to notify on failure - type: boolean - default: false - mips_word_size: - type: integer - default: 32 - steps: - - utils/checkout-with-mise - - check-changed: - patterns: cannon,packages/contracts-bedrock/src/cannon,op-preimage,go.mod - - attach_workspace: - at: "." - - run: - name: prep Cannon results dir - command: | - mkdir -p ./tmp/test-results - mkdir -p ./tmp/testlogs - - run: - name: build Cannon example binaries - command: make elf # only compile ELF binaries with Go, we do not have MIPS GCC for creating the debug-dumps. - working_directory: cannon/testdata/example - - run: - name: Cannon Go lint - command: | - make lint - working_directory: cannon - - when: - condition: - equal: [32, <>] - steps: - - run: - name: Cannon Go 32-bit tests - command: | - export SKIP_SLOW_TESTS=<> - TIMEOUT="10m" - if [ "$SKIP_SLOW_TESTS" == "false" ]; then - TIMEOUT="30m" - fi - gotestsum --format=testname --junitfile=../tmp/test-results/cannon-32.xml --jsonfile=../tmp/testlogs/log-32.json \ - -- -timeout=$TIMEOUT -parallel=$(nproc) -coverpkg=github.com/ethereum-optimism/optimism/cannon/... -coverprofile=coverage-32.out ./... - working_directory: cannon - - codecov/upload: - disable_search: true - files: ./cannon/coverage-32.out - flags: cannon-go-tests-32 - - when: - condition: - equal: [64, <>] - steps: - - run: - name: Cannon Go 64-bit tests - command: | - export SKIP_SLOW_TESTS=<> - TIMEOUT="10m" - if [ "$SKIP_SLOW_TESTS" == "false" ]; then - TIMEOUT="30m" - fi - gotestsum --format=testname --junitfile=../tmp/test-results/cannon-64.xml --jsonfile=../tmp/testlogs/log-64.json \ - -- --tags=cannon64 -timeout=$TIMEOUT -parallel=$(nproc) -coverpkg=github.com/ethereum-optimism/optimism/cannon/... -coverprofile=coverage-64.out ./... - working_directory: cannon - - codecov/upload: - disable_search: true - files: ./cannon/coverage-64.out - flags: cannon-go-tests-64 - - store_test_results: - path: ./tmp/test-results - - store_artifacts: - path: ./tmp/testlogs - when: always - - when: - condition: <> - steps: - - notify-failures-on-develop: - mentions: "@proofs-team" - - cannon-build-test-vectors: - docker: - - image: <> - resource_class: large - steps: - - utils/checkout-with-mise - - check-changed: - patterns: cannon/mipsevm/tests/open_mips_tests/test - - run: - name: Install dependencies - command: | - sudo apt-get update - sudo apt-get install -y binutils-mips-linux-gnu - pip install capstone pyelftools - - run: - name: Build MIPS test vectors - command: | - python3 maketests.py && git diff --exit-code - working_directory: cannon/mipsevm/tests/open_mips_tests - - diff-asterisc-bytecode: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - run: - name: Check `RISCV.sol` bytecode - working_directory: packages/contracts-bedrock - command: | - # Clone asterisc @ the pinned version to fetch remote `RISCV.sol` - ASTERISC_REV="v$(yq '.tools.asterisc' ../../mise.toml)" - REMOTE_ASTERISC_PATH="./src/vendor/asterisc/RISCV_Remote.sol" - git clone https://github.com/ethereum-optimism/asterisc \ - -b $ASTERISC_REV && \ - cp ./asterisc/rvsol/src/RISCV.sol $REMOTE_ASTERISC_PATH - - # Replace import paths - sed -i -e 's/@optimism\///' $REMOTE_ASTERISC_PATH - # Replace legacy interface paths - sed -i -e 's/src\/cannon\/interfaces\//interfaces\/cannon\//g' $REMOTE_ASTERISC_PATH - sed -i -e 's/src\/dispute\/interfaces\//interfaces\/dispute\//g' $REMOTE_ASTERISC_PATH - # Replace contract name - sed -i -e 's/contract RISCV/contract RISCV_Remote/' $REMOTE_ASTERISC_PATH - - # Install deps - forge install - - # Diff bytecode, with both contracts compiled in the local environment. - REMOTE_ASTERISC_CODE="$(forge inspect RISCV_Remote bytecode | tr -d '\n')" - LOCAL_ASTERISC_CODE="$(forge inspect RISCV bytecode | tr -d '\n')" - if [ "$REMOTE_ASTERISC_CODE" != "$LOCAL_ASTERISC_CODE" ]; then - echo "Asterisc bytecode mismatch. Local version does not match remote. Diff:" - diff <(echo "$REMOTE_ASTERISC_CODE") <(echo "$LOCAL_ASTERISC_CODE") - else - echo "Asterisc version up to date." - fi - - notify-failures-on-develop: - mentions: "@clabby @proofs-team" - - contracts-bedrock-build: - docker: - - image: <> - resource_class: large - parameters: - build_args: - description: Forge build arguments - type: string - default: "" - profile: - description: Profile to use for building - type: string - default: ci - steps: - - utils/checkout-with-mise - - install-contracts-dependencies - - run: - name: Print forge version - command: forge --version - - run: - name: Pull artifacts - command: bash scripts/ops/pull-artifacts.sh - working_directory: packages/contracts-bedrock - - run: - name: Build contracts - command: forge build <> - environment: - FOUNDRY_PROFILE: <> - working_directory: packages/contracts-bedrock - - persist_to_workspace: - root: "." - paths: - - "packages/contracts-bedrock/cache" - - "packages/contracts-bedrock/artifacts" - - "packages/contracts-bedrock/forge-artifacts" - - "packages/contracts-bedrock/deploy-config/devnetL1.json" - - "packages/contracts-bedrock/deployments/devnetL1" - - notify-failures-on-develop - - check-kontrol-build: - docker: - - image: <> - resource_class: xlarge - steps: - - utils/checkout-with-mise - - attach_workspace: { at: "." } - - install-contracts-dependencies - - check-changed: - patterns: contracts-bedrock - - setup_remote_docker: - docker_layer_caching: true - - run: - name: Run Kontrol build - command: just kontrol-summary-full - working_directory: packages/contracts-bedrock - - run: - name: Build Kontrol summary files - command: forge build ./test/kontrol/proofs - working_directory: packages/contracts-bedrock - - notify-failures-on-develop - - docker-build: - environment: - DOCKER_BUILDKIT: 1 - parameters: - docker_tags: - description: Docker image tags, comma-separated - type: string - docker_name: - description: "Docker buildx bake target" - type: string - default: "" - registry: - description: Docker registry - type: string - default: "us-docker.pkg.dev" - repo: - description: Docker repo - type: string - default: "oplabs-tools-artifacts/images" - save_image_tag: - description: Save docker image with given tag - type: string - default: "" - platforms: - description: Platforms to build for, comma-separated - type: string - default: "linux/amd64" - publish: - description: Publish the docker image (multi-platform, all tags) - type: boolean - default: false - release: - description: Run the release script - type: boolean - default: false - resource_class: - description: Docker resoruce class - type: string - default: medium - machine: - image: <> - resource_class: "<>" - docker_layer_caching: true # we rely on this for faster builds, and actively warm it up for builds with common stages - steps: - - utils/checkout-with-mise - - attach_workspace: - at: /tmp/docker_images - - run: - command: mkdir -p /tmp/docker_images - - when: - condition: - or: - - "<>" - - "<>" - steps: - - gcp-cli/install - - when: - condition: - or: - - "<>" - - "<>" - steps: - - gcp-oidc-authenticate - - run: - name: Build - command: | - # Check to see if DOCKER_HUB_READ_ONLY_TOKEN is set (i.e. we are in repo) before attempting to use secrets. - # Building should work without this read only login, but may get rate limited. - if [[ -v DOCKER_HUB_READ_ONLY_TOKEN ]]; then - echo "$DOCKER_HUB_READ_ONLY_TOKEN" | docker login -u "$DOCKER_HUB_READ_ONLY_USER" --password-stdin - fi - - export REGISTRY="<>" - export REPOSITORY="<>" - export IMAGE_TAGS="$(echo -ne "<>" | sed "s/[^a-zA-Z0-9\n,]/-/g")" - export GIT_COMMIT="$(git rev-parse HEAD)" - export GIT_DATE="$(git show -s --format='%ct')" - export PLATFORMS="<>" - - echo "Checking git tags pointing at $GIT_COMMIT:" - tags_at_commit=$(git tag --points-at $GIT_COMMIT) - echo "Tags at commit:\n$tags_at_commit" - - filtered_tags=$(echo "$tags_at_commit" | grep "^<>/" || true) - echo "Filtered tags: $filtered_tags" - - if [ -z "$filtered_tags" ]; then - export GIT_VERSION="untagged" - else - sorted_tags=$(echo "$filtered_tags" | sed "s/<>\///" | sort -V) - echo "Sorted tags: $sorted_tags" - - # prefer full release tag over "-rc" release candidate tag if both exist - full_release_tag=$(echo "$sorted_tags" | grep -v -- "-rc" || true) - if [ -z "$full_release_tag" ]; then - export GIT_VERSION=$(echo "$sorted_tags" | tail -n 1) - else - export GIT_VERSION=$(echo "$full_release_tag" | tail -n 1) - fi - fi - - echo "Setting GIT_VERSION=$GIT_VERSION" - - # Create, start (bootstrap) and use a *named* docker builder - # This allows us to cross-build multi-platform, - # and naming allows us to use the DLC (docker-layer-cache) - docker buildx create --driver=docker-container --name=buildx-build --bootstrap --use - - DOCKER_OUTPUT_DESTINATION="" - if [ "<>" == "true" ]; then - gcloud auth configure-docker <> - echo "Building for platforms $PLATFORMS and then publishing to registry" - DOCKER_OUTPUT_DESTINATION="--push" - if [ "<>" != "" ]; then - echo "ERROR: cannot save image to docker when publishing to registry" - exit 1 - fi - else - if [ "<>" == "" ]; then - echo "Running $PLATFORMS build without destination (cache warm-up)" - DOCKER_OUTPUT_DESTINATION="" - elif [[ $PLATFORMS == *,* ]]; then - echo "ERROR: cannot perform multi-arch (platforms: $PLATFORMS) build while also loading the result into regular docker" - exit 1 - else - echo "Running single-platform $PLATFORMS build and loading into docker" - DOCKER_OUTPUT_DESTINATION="--load" - fi - fi - - # Let them cook! - docker buildx bake \ - --progress plain \ - --builder=buildx-build \ - -f docker-bake.hcl \ - $DOCKER_OUTPUT_DESTINATION \ - <> - - no_output_timeout: 45m - - when: - condition: "<>" - steps: - - notify-failures-on-develop - - when: - condition: "<>" - steps: - - run: - name: Save - command: | - IMAGE_NAME="<>/<>/<>:<>" - docker save -o /tmp/docker_images/<>.tar $IMAGE_NAME - - persist_to_workspace: - root: /tmp/docker_images - paths: # only write the one file, to avoid concurrent workspace-file additions - - "<>.tar" - - when: - condition: "<>" - steps: - - run: - name: Tag - command: | - ./ops/scripts/ci-docker-tag-op-stack-release.sh <>/<> $CIRCLE_TAG $CIRCLE_SHA1 - - when: - condition: - or: - - and: - - "<>" - - "<>" - - and: - - "<>" - - equal: [develop, << pipeline.git.branch >>] - steps: - - gcp-oidc-authenticate: - service_account_email: GCP_SERVICE_ATTESTOR_ACCOUNT_EMAIL - - run: - name: Sign - command: | - VER=$(yq '.tools.binary_signer' mise.toml) - wget -O - "https://github.com/ethereum-optimism/binary_signer/archive/refs/tags/v${VER}.tar.gz" | tar xz - cd "binary_signer-${VER}/signer" - - IMAGE_PATH="<>/<>/<>:<>" - echo $IMAGE_PATH - pip3 install -r requirements.txt - - python3 ./sign_image.py --command="sign"\ - --attestor-project-name="$ATTESTOR_PROJECT_NAME"\ - --attestor-name="$ATTESTOR_NAME"\ - --image-path="$IMAGE_PATH"\ - --signer-logging-level="INFO"\ - --attestor-key-id="//cloudkms.googleapis.com/v1/projects/$ATTESTOR_PROJECT_NAME/locations/global/keyRings/$ATTESTOR_NAME-key-ring/cryptoKeys/$ATTESTOR_NAME-key/cryptoKeyVersions/1" - - # Verify newly published images (built on AMD machine) will run on ARM - check-cross-platform: - docker: - - image: <> - resource_class: arm.medium - parameters: - registry: - description: Docker registry - type: string - default: "us-docker.pkg.dev" - repo: - description: Docker repo - type: string - default: "oplabs-tools-artifacts/images" - op_component: - description: "Name of op-stack component (e.g. op-node)" - type: string - default: "" - docker_tag: - description: "Tag of docker image" - type: string - default: "<>" - steps: - - setup_remote_docker - - run: - name: "Verify Image Platform" - command: | - image_name="<>/<>/<>:<>" - echo "Retrieving Docker image manifest: $image_name" - MANIFEST=$(docker manifest inspect $image_name) - - echo "Verifying 'linux/arm64' is supported..." - SUPPORTED_PLATFORM=$(echo "$MANIFEST" | jq -r '.manifests[] | select(.platform.architecture == "arm64" and .platform.os == "linux")') - echo $SUPPORT_PLATFORM - if [ -z "$SUPPORTED_PLATFORM" ]; then - echo "Platform 'linux/arm64' not supported by this image" - exit 1 - fi - - run: - name: "Pull and run docker image" - command: | - image_name="<>/<>/<>:<>" - docker pull $image_name || exit 1 - docker run $image_name <> --version || exit 1 - - contracts-bedrock-frozen-code: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - attach_workspace: { at: "." } - - install-contracts-dependencies - - check-changed: - patterns: contracts-bedrock - - run: - name: Check if target branch is develop - command: | - # Get PR number from CIRCLE_PULL_REQUEST - PR_NUMBER=$(echo $CIRCLE_PULL_REQUEST | rev | cut -d/ -f1 | rev) - - # Use GitHub API to get target branch - TARGET_BRANCH=$(curl -s "https://api.github.com/repos/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/pulls/${PR_NUMBER}" | jq -r .base.ref) - - # If the target branch is not develop, do not run this check - if [ "$TARGET_BRANCH" != "develop" ]; then - echo "Target branch is not develop, skipping frozen files check" - exit 0 - fi - - run: - name: Check frozen files - command: just check-frozen-code - working_directory: packages/contracts-bedrock - - contracts-bedrock-tests: - circleci_ip_ranges: true - docker: - - image: <> - resource_class: xlarge - parameters: - test_list: - description: List of test files to run - type: string - test_command: - description: Test command to execute (test or coverage) - type: string - default: test - test_flags: - description: Additional flags to pass to the test command - type: string - default: "" - test_timeout: - description: Timeout for running tests - type: string - default: 15m - test_profile: - description: Profile to use for testing - type: string - default: ci - steps: - - utils/checkout-with-mise - - attach_workspace: { at: "." } - - install-contracts-dependencies - - run: - name: Check if test list is empty - command: | - TEST_FILES=$(<>) - if [ -z "$TEST_FILES" ]; then - echo "No test files to run. Exiting early." - circleci-agent step halt - fi - working_directory: packages/contracts-bedrock - - check-changed: - patterns: contracts-bedrock,op-node - - run: - name: Print dependencies - command: just dep-status - working_directory: packages/contracts-bedrock - - run: - name: Print forge version - command: forge --version - working_directory: packages/contracts-bedrock - - run: - name: Pull artifacts - command: bash scripts/ops/pull-artifacts.sh - working_directory: packages/contracts-bedrock - - run: - name: Build go-ffi - command: just build-go-ffi - working_directory: packages/contracts-bedrock - - run: - name: Run tests - command: | - TEST_FILES=$(<>) - TEST_FILES=$(echo "$TEST_FILES" | circleci tests split --split-by=timings) - TEST_FILES=$(echo "$TEST_FILES" | sed 's|^test/||') - MATCH_PATH="./test/{$(echo "$TEST_FILES" | paste -sd "," -)}" - forge <> <> --match-path "$MATCH_PATH" - environment: - FOUNDRY_PROFILE: <> - working_directory: packages/contracts-bedrock - no_output_timeout: <> - - run: - name: Print failed test traces - command: just test-rerun - environment: - FOUNDRY_PROFILE: ci - working_directory: packages/contracts-bedrock - when: on_fail - - run: - name: Lint forge test names - command: just lint-forge-tests-check-no-build - working_directory: packages/contracts-bedrock - - save_cache: - name: Save Go build cache - key: golang-build-cache-contracts-bedrock-tests-{{ checksum "go.sum" }} - paths: - - "/root/.cache/go-build" - - notify-failures-on-develop - - contracts-bedrock-coverage: - circleci_ip_ranges: true - docker: - - image: <> - resource_class: xlarge - parameters: - test_flags: - description: Additional flags to pass to the test command - type: string - default: "" - test_timeout: - description: Timeout for running tests - type: string - default: 15m - test_profile: - description: Profile to use for testing - type: string - default: ci - steps: - - utils/checkout-with-mise - - attach_workspace: { at: "." } - - install-contracts-dependencies - - check-changed: - patterns: contracts-bedrock,op-node - - run: - name: Print dependencies - command: just dep-status - working_directory: packages/contracts-bedrock - - run: - name: Print forge version - command: forge --version - working_directory: packages/contracts-bedrock - - run: - name: Pull artifacts - command: bash scripts/ops/pull-artifacts.sh - working_directory: packages/contracts-bedrock - - run: - name: Install lcov - command: | - sudo apt-get update - sudo apt-get install -y lcov - - run: - name: Write pinned block number for cache key - command: | - just print-pinned-block-number > ./pinnedBlockNumber.txt - cat pinnedBlockNumber.txt - working_directory: packages/contracts-bedrock - - restore_cache: - name: Restore forked state - key: forked-state-contracts-bedrock-tests-upgrade-{{ checksum "packages/contracts-bedrock/pinnedBlockNumber.txt" }} - - run: - name: Run coverage tests - command: just coverage-lcov-all <> - environment: - FOUNDRY_PROFILE: <> - ETH_RPC_URL: https://ci-mainnet-l1-archive.optimism.io - working_directory: packages/contracts-bedrock - no_output_timeout: <> - - run: - name: Print failed test traces - command: just test-rerun - environment: - FOUNDRY_PROFILE: <> - ETH_RPC_URL: https://ci-mainnet-l1-archive.optimism.io - working_directory: packages/contracts-bedrock - when: on_fail - - codecov/upload: - disable_search: true - files: ./packages/contracts-bedrock/lcov-all.info - flags: contracts-bedrock-tests - - notify-failures-on-develop - - contracts-bedrock-tests-upgrade: - circleci_ip_ranges: true - docker: - - image: <> - resource_class: large - steps: - - utils/checkout-with-mise - - attach_workspace: { at: "." } - - install-contracts-dependencies - - check-changed: - patterns: contracts-bedrock,op-node - - run: - name: Print dependencies - command: just dep-status - working_directory: packages/contracts-bedrock - - run: - name: Print forge version - command: forge --version - working_directory: packages/contracts-bedrock - - run: - name: Pull artifacts - command: bash scripts/ops/pull-artifacts.sh - working_directory: packages/contracts-bedrock - - run: - name: Write pinned block number for cache key - command: | - just print-pinned-block-number > ./pinnedBlockNumber.txt - cat pinnedBlockNumber.txt - working_directory: packages/contracts-bedrock - - restore_cache: - name: Restore forked state - key: forked-state-contracts-bedrock-tests-upgrade-{{ checksum "packages/contracts-bedrock/pinnedBlockNumber.txt" }} - - run: - name: Run tests - command: just test-upgrade - environment: - FOUNDRY_FUZZ_SEED: 42424242 - FOUNDRY_FUZZ_RUNS: 1 - FOUNDRY_PROFILE: ci - ETH_RPC_URL: https://ci-mainnet-l1-archive.optimism.io - working_directory: packages/contracts-bedrock - no_output_timeout: 15m - - run: - name: Print failed test traces - command: just test-upgrade-rerun - environment: - FOUNDRY_FUZZ_SEED: 42424242 - FOUNDRY_FUZZ_RUNS: 1 - FOUNDRY_PROFILE: ci - ETH_RPC_URL: https://ci-mainnet-l1-archive.optimism.io - working_directory: packages/contracts-bedrock - when: on_fail - - save_cache: - name: Save Go build cache - key: golang-build-cache-contracts-bedrock-tests-{{ checksum "go.sum" }} - paths: - - "/root/.cache/go-build" - - save_cache: - name: Save forked state - key: forked-state-contracts-bedrock-tests-upgrade-{{ checksum "packages/contracts-bedrock/pinnedBlockNumber.txt" }} - when: always - paths: - - "/root/.foundry/cache" - - notify-failures-on-develop - - contracts-bedrock-checks: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - attach_workspace: { at: "." } - - install-contracts-dependencies - - check-changed: - patterns: contracts-bedrock,op-node - - run: - name: print forge version - command: forge --version - - run-contracts-check: - command: check-kontrol-summaries-unchanged - - run-contracts-check: - command: semgrep-test-validity-check - - run-contracts-check: - command: semgrep - - run-contracts-check: - command: semver-lock-no-build - - run-contracts-check: - command: semver-diff-check-no-build - - run-contracts-check: - command: validate-deploy-configs - - run-contracts-check: - command: lint - - run-contracts-check: - command: snapshots-check-no-build - - run-contracts-check: - command: interfaces-check-no-build - - run-contracts-check: - command: size-check - - run-contracts-check: - command: unused-imports-check-no-build - - run-contracts-check: - command: validate-spacers-no-build - - todo-issues: - parameters: - check_closed: - type: boolean - default: true - machine: - image: <> - steps: - - utils/checkout-with-mise - - run: - name: Install ripgrep - command: sudo apt-get install -y ripgrep - - run: - name: Check TODO issues - command: ./ops/scripts/todo-checker.sh --verbose <<#parameters.check_closed>> --check-closed <> - - notify-failures-on-develop - - fuzz-golang: - parameters: - package_name: - description: Go package name - type: string - on_changes: - description: changed pattern to fire fuzzer on - type: string - uses_artifacts: - description: should load in foundry artifacts - type: boolean - default: false - docker: - - image: <> - resource_class: xlarge - steps: - - utils/checkout-with-mise - - check-changed: - patterns: "<>" - - attach_workspace: - at: "." - if: ${{ uses_artifacts }} - - run: - name: Fuzz - command: | - make fuzz - working_directory: "<>" - - run: - name: Copy fuzz artifacts - command: | - mkdir -p fuzzdata - find ./<> -type d -name "fuzz" -exec sh -c 'cp -r "{}"/* fuzzdata/ 2>/dev/null || true' \; - when: always - - store_artifacts: - path: ./fuzzdata - when: always - - go-lint: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - run: - name: run Go linter - command: | - make lint-go - working_directory: . - - go-tests: - parameters: - notify: - description: Whether to notify on failure - type: boolean - default: false - mentions: - description: Slack user or group to mention when notifying of failures - type: string - default: "" - resource_class: - description: Machine resource class - type: string - default: ethereum-optimism/latitude-1-go-e2e - no_output_timeout: - description: Timeout for when CircleCI kills the job if there's no output - type: string - default: 60m - test_timeout: - description: Timeout for running tests - type: string - default: 10m - environment_overrides: - description: Environment overrides - type: string - default: "" - packages: - description: List of packages to test - type: string - machine: true - resource_class: <> - steps: - - utils/checkout-with-mise - - attach_workspace: - at: "." - - run: - name: build op-program-client - command: make op-program-client - working_directory: op-program - - run: - name: build op-program-host - command: make op-program-host - working_directory: op-program - - run: - name: build cannon - command: make cannon - - run: - name: run tests - no_output_timeout: <> - command: | - mkdir -p ./tmp/test-results && mkdir -p ./tmp/testlogs - cd op-e2e && make pre-test && cd .. - - packages=( - <> - ) - formatted_packages="" - for package in "${packages[@]}"; do - formatted_packages="$formatted_packages ./$package/..." - done - - export ENABLE_KURTOSIS=true - export OP_E2E_CANNON_ENABLED="false" - export OP_E2E_SKIP_SLOW_TEST=true - export OP_E2E_USE_HTTP=true - export ENABLE_ANVIL=true - export SEPOLIA_RPC_URL="https://ci-sepolia-l1-archive.optimism.io" - export MAINNET_RPC_URL="https://ci-mainnet-l1-archive.optimism.io" - export PARALLEL=$(nproc) - export OP_TESTLOG_FILE_LOGGER_OUTDIR=$(realpath ./tmp/testlogs) - - <> - - gotestsum --format=testname \ - --junitfile=./tmp/test-results/results.xml \ - --jsonfile=./tmp/testlogs/log.json \ - --rerun-fails=3 \ - --rerun-fails-max-failures=50 \ - --packages="$formatted_packages" \ - -- -parallel=$PARALLEL -coverprofile=coverage.out -timeout=<> - - codecov/upload: - disable_search: true - files: ./coverage.out - - store_test_results: - path: ./tmp/test-results - - run: - name: Compress test logs - command: tar -czf testlogs.tar.gz -C ./tmp testlogs - when: always - - store_artifacts: - path: testlogs.tar.gz - when: always - - when: - condition: "<>" - steps: - - notify-failures-on-develop: - mentions: "<>" - - sanitize-op-program: - docker: - - image: <> - resource_class: large - steps: - - utils/checkout-with-mise - - run: - name: Install tools - command: | - sudo apt-get update - sudo apt-get install -y binutils-mips-linux-gnu - - run: - name: Build cannon - command: make cannon - - run: - name: Build op-program - command: make op-program - - run: - name: Sanitize op-program client - command: make sanitize-program GUEST_PROGRAM=../op-program/bin/op-program-client.elf - working_directory: cannon - - - cannon-prestate-quick: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - restore_cache: - name: Restore cannon prestate cache - key: cannon-prestate-{{ checksum "./cannon/bin/cannon" }}-{{ checksum "op-program/bin/op-program-client.elf" }} - - run: - name: Build prestates - command: make cannon-prestates - - save_cache: - key: cannon-prestate-{{ checksum "./cannon/bin/cannon" }}-{{ checksum "op-program/bin/op-program-client.elf" }} - name: Save Cannon prestate to cache - paths: - - "op-program/bin/prestate*.bin.gz" - - "op-program/bin/meta*.json" - - "op-program/bin/prestate-proof*.json" - - persist_to_workspace: - root: . - paths: - - "op-program/bin/prestate*" - - "op-program/bin/meta*" - - "cannon/bin" - - cannon-prestate: - docker: - - image: <> - steps: - - utils/checkout-with-mise - - setup_remote_docker - - run: - name: Build prestates - command: make reproducible-prestate - - persist_to_workspace: - root: . - paths: - - "op-program/bin/prestate*" - - "op-program/bin/meta*" - - publish-cannon-prestates: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - attach_workspace: - at: "." - - gcp-cli/install - - gcp-oidc-authenticate: - gcp_cred_config_file_path: /tmp/gcp_cred_config.json - oidc_token_file_path: /tmp/oidc_token.json - - run: - name: Upload cannon prestates - command: | - # Use the actual hash for tags (hash can be found by reading releases.json) - PRESTATE_HASH=$(jq -r .pre ./op-program/bin/prestate-proof.json) - PRESTATE_MT64_HASH=$(jq -r .pre ./op-program/bin/prestate-proof-mt64.json) - PRESTATE_INTEROP_HASH=$(jq -r .pre ./op-program/bin/prestate-proof-interop.json) - - BRANCH_NAME=$(echo "<< pipeline.git.branch >>" | tr '/' '-') - echo "Publishing ${PRESTATE_HASH}, ${PRESTATE_MT64_HASH}, ${PRESTATE_INTEROP_HASH} as ${BRANCH_NAME}" - if [[ "" != "<< pipeline.git.branch >>" ]] - then - # Upload the git commit info for each prestate since this won't be recorded in releases.json - (echo "Commit=<< pipeline.git.revision >>" && echo "Prestate=${PRESTATE_HASH}") | gsutil cp - "gs://oplabs-network-data/proofs/op-program/cannon/${BRANCH_NAME}.bin.gz.txt" - (echo "Commit=<< pipeline.git.revision >>" && echo "Prestate: ${PRESTATE_MT64_HASH}") | gsutil cp - "gs://oplabs-network-data/proofs/op-program/cannon/${BRANCH_NAME}-mt64.bin.gz.txt" - (echo "Commit=<< pipeline.git.revision >>" && echo "Prestate: ${PRESTATE_INTEROP_HASH}") | gsutil cp - "gs://oplabs-network-data/proofs/op-program/cannon/${BRANCH_NAME}-interop.bin.gz.txt" - - - # Use the branch name for branches to provide a consistent URL - PRESTATE_HASH="${BRANCH_NAME}" - PRESTATE_MT64_HASH="${BRANCH_NAME}-mt64" - PRESTATE_INTEROP_HASH="${BRANCH_NAME}-interop" - fi - gsutil cp ./op-program/bin/prestate.bin.gz \ - "gs://oplabs-network-data/proofs/op-program/cannon/${PRESTATE_HASH}.bin.gz" - - gsutil cp ./op-program/bin/prestate-mt64.bin.gz \ - "gs://oplabs-network-data/proofs/op-program/cannon/${PRESTATE_MT64_HASH}.bin.gz" - - gsutil cp ./op-program/bin/prestate-interop.bin.gz \ - "gs://oplabs-network-data/proofs/op-program/cannon/${PRESTATE_INTEROP_HASH}.bin.gz" - - notify-failures-on-develop: - mentions: "@proofs-team" - - preimage-reproducibility: - docker: - - image: <> - steps: - - utils/checkout-with-mise - - setup_remote_docker - - run: make -C op-program verify-reproducibility - - notify-failures-on-develop: - mentions: "@proofs-team" - - cannon-stf-verify: - docker: - - image: <> - steps: - - utils/checkout-with-mise - - setup_remote_docker - - run: - name: Build cannon - command: make cannon - - run: - name: Verify the Cannon STF - command: make -C ./cannon cannon-stf-verify - - notify-failures-on-develop: - mentions: "@proofs-team" - - semgrep-scan: - parameters: - diff_branch: - type: string - default: develop - scan_command: - type: string - default: semgrep ci --timeout=100 - environment: - TEMPORARY_BASELINE_REF: << parameters.diff_branch >> - SEMGREP_REPO_URL: << pipeline.project.git_url >> - SEMGREP_BRANCH: << pipeline.git.branch >> - SEMGREP_COMMIT: << pipeline.git.revision >> - docker: - - image: returntocorp/semgrep - resource_class: xlarge - steps: - - checkout # no need to use mise here since the docker image contains the only dependency - - unless: - condition: - equal: ["develop", << pipeline.git.branch >>] - steps: - - run: - # Scan changed files in PRs, block on new issues only (existing issues ignored) - # Do a full scan when scanning develop, otherwise do an incremental scan. - name: "Conditionally set BASELINE env var" - command: | - echo 'export SEMGREP_BASELINE_REF=${TEMPORARY_BASELINE_REF}' >> $BASH_ENV - - run: - name: "Set environment variables" # for PR comments and in-app hyperlinks to findings - command: | - echo 'export SEMGREP_PR_ID=${CIRCLE_PULL_REQUEST##*/}' >> $BASH_ENV - echo 'export SEMGREP_JOB_URL=$CIRCLE_BUILD_URL' >> $BASH_ENV - echo 'export SEMGREP_REPO_NAME=$CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME' >> $BASH_ENV - - run: - name: "Semgrep scan" - # --timeout (in seconds) limits the time per rule and file. - # SEMGREP_TIMEOUT is the same, but docs have conflicting defaults (5s in CLI flag, 1800 in some places) - # https://semgrep.dev/docs/troubleshooting/semgrep-app#if-the-job-is-aborted-due-to-taking-too-long - command: << parameters.scan_command >> - # If semgrep hangs, stop the scan after 20m, to prevent a useless 5h job - no_output_timeout: 20m - - notify-failures-on-develop - - bedrock-go-tests: # just a helper, that depends on all the actual test jobs - docker: - - image: <> - resource_class: medium - steps: - - run: echo Done - - fpp-verify: - circleci_ip_ranges: true - docker: - - image: cimg/go:1.21 - steps: - - utils/checkout-with-mise - - run: - name: verify-sepolia - command: | - make verify-sepolia - working_directory: op-program - - notify-failures-on-develop: - mentions: "@proofs-team" - - op-program-compat: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - run: - name: compat-sepolia - command: | - make verify-compat - working_directory: op-program - - check-generated-mocks-op-node: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - check-changed: - patterns: op-node - - run: - name: check-generated-mocks - command: make generate-mocks-op-node && git diff --exit-code - - check-generated-mocks-op-service: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - utils/checkout-with-mise - - check-changed: - patterns: op-service - - run: - name: check-generated-mocks - command: make generate-mocks-op-service && git diff --exit-code - - kontrol-tests: - docker: - - image: <> - resource_class: xlarge - steps: - - utils/checkout-with-mise - - install-contracts-dependencies - - check-changed: - no_go_deps: "true" - patterns: contracts-bedrock/test/kontrol,contracts-bedrock/src/L1/OptimismPortal\.sol,contracts-bedrock/src/L1/OptimismPortal2\.sol,contracts-bedrock/src/L1/L1CrossDomainMessenger\.sol,contracts-bedrock/src/L1/L1ERC721Bridge\.sol,contracts-bedrock/src/L1/L1StandardBridge\.sol,contracts-bedrock/src/L1/ResourceMetering\.sol,contracts-bedrock/src/universal/StandardBridge\.sol,contracts-bedrock/src/universal/ERC721Bridge\.sol,contracts-bedrock/src/universal/CrossDomainMessenger\.sol - - setup_remote_docker: - docker_layer_caching: true - - run: - name: Run Kontrol Tests - command: | - curl -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $RV_COMPUTE_TOKEN" \ - https://api.github.com/repos/runtimeverification/optimism-ci/actions/workflows/optimism-ci.yaml/dispatches \ - -d '{ - "ref": "master", - "inputs": { - "branch_name": "<>", - "extra_args": "script", - "statuses_sha": "<< pipeline.git.revision >>", - "org": "ethereum-optimism", - "repository": "optimism" - } - }' - working_directory: ./packages/contracts-bedrock - - notify-failures-on-develop - - publish-contract-artifacts: - machine: true - resource_class: ethereum-optimism/latitude-1 - steps: - - gcp-cli/install - - gcp-oidc-authenticate: - gcp_cred_config_file_path: /tmp/gcp_cred_config.json - oidc_token_file_path: /tmp/oidc_token.json - project_id: GCP_TOOLS_ARTIFACTS_PROJECT_ID - service_account_email: GCP_CONTRACTS_PUBLISHER_SERVICE_ACCOUNT_EMAIL - - utils/checkout-with-mise - - install-contracts-dependencies - - run: - name: Pull artifacts - command: bash scripts/ops/pull-artifacts.sh - working_directory: packages/contracts-bedrock - - run: - name: Build contracts - environment: - FOUNDRY_PROFILE: ci - command: just forge-build - working_directory: packages/contracts-bedrock - - run: - name: Publish artifacts - command: bash scripts/ops/publish-artifacts.sh - working_directory: packages/contracts-bedrock - - go-release: - parameters: - module: - description: Go Module Name - type: string - filename: - description: Goreleaser config file - default: .goreleaser.yaml - type: string - docker: - - image: <> - resource_class: large - steps: - - setup_remote_docker - - gcp-cli/install - - gcp-oidc-authenticate: - gcp_cred_config_file_path: /tmp/gcp_cred_config.json - oidc_token_file_path: /tmp/oidc_token.json - - utils/checkout-with-mise - - run: - name: Configure Docker - command: | - gcloud auth configure-docker us-docker.pkg.dev - - run: - name: Run goreleaser - command: | - goreleaser release --clean -f ./<>/<> - - stale-check: - docker: - - image: cimg/python:3.11 - steps: - - run: - name: Run Stale Check Script - command: | - git clone --branch main --depth 1 https://github.com/ethereum-optimism/circleci-utils.git /tmp/circleci-utils - cd /tmp/circleci-utils/stale-check - pip3 install -r requirements.txt - python3 stale-check.py --repo "ethereum-optimism/${CIRCLE_PROJECT_REPONAME}" --github-token "${STALE_GITHUB_TOKEN}" - -workflows: - main: - when: - and: - - or: - # Trigger on new commits - - equal: [webhook, << pipeline.trigger_source >>] - # Trigger on manual triggers if explicitly requested - - equal: [true, << pipeline.parameters.main_dispatch >>] - - not: - equal: [scheduled_pipeline, << pipeline.trigger_source >>] - jobs: - - contracts-bedrock-build: - name: contracts-bedrock-build - # Build with just core + script contracts. - build_args: --deny-warnings --skip test - - check-kontrol-build: - requires: - - contracts-bedrock-build - - contracts-bedrock-tests: - # Test everything except PreimageOracle.t.sol since it's slow. - name: contracts-bedrock-tests - test_list: find test -name "*.t.sol" -not -name "PreimageOracle.t.sol" - - contracts-bedrock-tests: - # PreimageOracle test is slow, run it separately to unblock CI. - name: contracts-bedrock-tests-preimage-oracle - test_list: find test -name "PreimageOracle.t.sol" - - contracts-bedrock-tests: - # Heavily fuzz any fuzz tests within added or modified test files. - name: contracts-bedrock-tests-heavy-fuzz-modified - test_list: git diff origin/develop...HEAD --name-only --diff-filter=AM -- './test/**/*.t.sol' | sed 's|packages/contracts-bedrock/||' - test_timeout: 1h - test_profile: ciheavy - - contracts-bedrock-coverage: - # Generate coverage reports. - name: contracts-bedrock-coverage - test_timeout: 1h - test_profile: cicoverage - # need this requires to ensure that all FFI JSONs exist - requires: - - contracts-bedrock-build - - contracts-bedrock-tests-upgrade: - name: contracts-bedrock-tests-upgrade - - contracts-bedrock-checks: - requires: - - contracts-bedrock-build - - contracts-bedrock-frozen-code: - requires: - - contracts-bedrock-build - - diff-asterisc-bytecode - - semgrep-scan: - name: semgrep-scan-local - scan_command: semgrep scan --timeout=100 --config .semgrep/rules/ --error . - - semgrep-scan: - name: semgrep-test - scan_command: semgrep scan --test --config .semgrep/rules/ .semgrep/tests/ - - go-lint - - fuzz-golang: - name: fuzz-golang-<> - on_changes: <> - matrix: - parameters: - package_name: - - op-challenger - - op-node - - op-service - - op-chain-ops - - fuzz-golang: - name: cannon-fuzz - package_name: cannon - on_changes: cannon,packages/contracts-bedrock/src/cannon - uses_artifacts: true - requires: ["contracts-bedrock-build"] - - fuzz-golang: - name: op-e2e-fuzz - package_name: op-e2e - on_changes: op-e2e,packages/contracts-bedrock/src - uses_artifacts: true - requires: ["contracts-bedrock-build"] - - go-tests: - environment_overrides: | - export PARALLEL=24 - packages: | - op-alt-da - op-batcher - op-chain-ops - op-node - op-proposer - op-challenger - op-dispute-mon - op-conductor - op-program - op-service - op-supervisor - op-deployer - op-e2e/system - op-e2e/e2eutils - op-e2e/opgeth - op-e2e/interop - op-e2e/actions - op-e2e/faultproofs - packages/contracts-bedrock/scripts/checks - op-dripper - requires: - - contracts-bedrock-build - - cannon-prestate-quick - - op-program-compat - - bedrock-go-tests: - requires: - - go-lint - - cannon-build-test-vectors - - cannon-go-lint-and-test-32-bit - - cannon-go-lint-and-test-64-bit - - check-generated-mocks-op-node - - check-generated-mocks-op-service - - op-program-compat - # Not needed for the devnet but we want to make sure they build successfully - - cannon-docker-build - - op-dispute-mon-docker-build - - op-program-docker-build - - op-supervisor-docker-build - - proofs-tools-docker-build - - go-tests - - sanitize-op-program - - docker-build: - name: <>-docker-build - docker_tags: <>,<> - save_image_tag: <> - matrix: - parameters: - docker_name: - - op-node - - op-batcher - - op-program - - op-proposer - - op-challenger - - proofs-tools - - op-dispute-mon - - op-conductor - - da-server - - op-supervisor - - cannon - - op-dripper - - cannon-prestate-quick - - sanitize-op-program: - requires: - - cannon-prestate-quick - - check-generated-mocks-op-node - - check-generated-mocks-op-service - - cannon-go-lint-and-test: - name: cannon-go-lint-and-test-<>-bit - requires: - - contracts-bedrock-build - skip_slow_tests: true - notify: true - matrix: - parameters: - mips_word_size: [32, 64] - - cannon-build-test-vectors - - todo-issues: - name: todo-issues-check - check_closed: false - - shellcheck/check: - name: shell-check - # We don't need the `exclude` key as the orb detects the `.shellcheckrc` - dir: . - ignore-dirs: ./packages/contracts-bedrock/lib - - go-release-deployer: - jobs: - - go-release: - filters: - tags: - only: /^op-deployer.*/ - branches: - ignore: /.*/ - module: op-deployer - context: - - oplabs-gcr-release - - release: - when: - not: - equal: [scheduled_pipeline, << pipeline.trigger_source >>] - jobs: - # Wait for approval on the release - - hold: - type: approval - filters: - tags: - only: /^(da-server|proofs-tools|cannon|ufm-[a-z0-9\-]*|op-[a-z0-9\-]*)\/v.*/ - branches: - ignore: /.*/ - # Standard (medium) cross-platform docker images go here - - docker-build: - matrix: - parameters: - docker_name: - - op-node - - op-batcher - - op-proposer - - op-challenger - - op-dispute-mon - - op-conductor - - da-server - - op-ufm - - op-supervisor - - op-deployer - - cannon - - op-dripper - name: <>-docker-release - docker_tags: <> - platforms: "linux/amd64,linux/arm64" - publish: true - release: true - filters: - tags: - only: /^<>\/v.*/ - branches: - ignore: /.*/ - context: - - oplabs-gcr-release - requires: - - hold - # Checks for cross-platform images go here - - check-cross-platform: - matrix: - parameters: - op_component: - - op-node - - op-batcher - - op-proposer - - op-challenger - - op-dispute-mon - - op-conductor - - da-server - - op-ufm - - op-supervisor - - op-deployer - - cannon - - op-dripper - name: <>-cross-platform - requires: - - op-node-docker-release - - op-batcher-docker-release - - op-proposer-docker-release - - op-challenger-docker-release - - op-dispute-mon-docker-release - - op-conductor-docker-release - - da-server-docker-release - - op-ufm-docker-release - - op-supervisor-docker-release - - cannon-docker-release - - op-dripper-docker-release - # Standard (xlarge) AMD-only docker images go here - - docker-build: - matrix: - parameters: - docker_name: - - proofs-tools - name: <>-docker-release - resource_class: xlarge - docker_tags: <> - publish: true - release: true - filters: - tags: - only: /^<>\/v.*/ - branches: - ignore: /.*/ - context: - - oplabs-gcr-release - requires: - - hold - - cannon-prestate: - filters: - tags: - only: /^op-program\/v.*/ - branches: - ignore: /.*/ - - publish-cannon-prestates: - context: - - slack - - oplabs-network-optimism-io-bucket - requires: - - hold - - cannon-prestate - filters: - tags: - only: /^op-program\/v.*/ - branches: - ignore: /.*/ - - scheduled-todo-issues: - when: - equal: [build_four_hours, <>] - jobs: - - todo-issues: - name: todo-issue-checks - context: - - slack - - scheduled-fpp: - when: - equal: [build_hourly, <>] - jobs: - - fpp-verify: - context: - - slack - - oplabs-fpp-nodes - - develop-publish-contract-artifacts: - when: - or: - - equal: ["develop", <>] - - equal: - [true, <>] - jobs: - - publish-contract-artifacts - - develop-fault-proofs: - when: - and: - - or: - - equal: ["develop", <>] - - equal: [true, <>] - - not: - equal: [scheduled_pipeline, << pipeline.trigger_source >>] - jobs: - - cannon-prestate - - cannon-stf-verify: - context: - - slack - - contracts-bedrock-build: - build_args: --deny-warnings --skip test - context: - - slack - - go-tests: - name: op-e2e-cannon-tests - notify: true - mentions: "@proofs-team" - no_output_timeout: 60m - test_timeout: 59m - resource_class: ethereum-optimism/latitude-fps-1 - environment_overrides: | - export OP_E2E_CANNON_ENABLED="true" - export PARALLEL=24 - packages: | - op-e2e/faultproofs - context: - - slack - requires: - - contracts-bedrock-build - - cannon-prestate - - publish-cannon-prestates: - context: - - slack - - oplabs-network-optimism-io-bucket - requires: - - cannon-prestate - - op-e2e-cannon-tests - filters: - branches: - only: - - develop - - develop-kontrol-tests: - when: - and: - - or: - - equal: ["develop", <>] - - equal: [true, <>] - - not: - equal: [scheduled_pipeline, << pipeline.trigger_source >>] - jobs: - - kontrol-tests: - context: - - slack - - runtimeverification - - scheduled-cannon-full-tests: - when: - or: - - equal: [build_four_hours, <>] - - equal: [true, << pipeline.parameters.cannon_full_test_dispatch >>] - jobs: - - contracts-bedrock-build: - build_args: --deny-warnings --skip test - - cannon-go-lint-and-test: - name: cannon-go-lint-and-test-<>-bit - requires: - - contracts-bedrock-build - skip_slow_tests: false - notify: true - context: - - slack - matrix: - parameters: - mips_word_size: [32, 64] - - scheduled-docker-publish: - when: - or: - - equal: [build_daily, <>] - # Trigger on manual triggers if explicitly requested - - equal: [true, << pipeline.parameters.docker_publish_dispatch >>] - jobs: - - docker-build: - matrix: - parameters: - docker_name: - - op-node - - op-batcher - - op-program - - op-proposer - - op-challenger - - op-dispute-mon - - op-conductor - - op-supervisor - - cannon - - op-dripper - name: <>-docker-publish - docker_tags: <>,<> - platforms: "linux/amd64,linux/arm64" - publish: true - context: - - oplabs-gcr - - slack - - check-cross-platform: - matrix: - parameters: - op_component: - - op-node - - op-batcher - - op-program - - op-proposer - - op-challenger - - op-dispute-mon - - op-conductor - - op-supervisor - - cannon - - op-dripper - name: <>-cross-platform - requires: - - <>-docker-publish - - scheduled-preimage-reproducibility: - when: - or: - - equal: [build_daily, <>] - # Trigger on manual triggers if explicitly requested - - equal: [true, << pipeline.parameters.reproducibility_dispatch >>] - jobs: - - preimage-reproducibility: - context: slack - - scheduled-stale-check: - when: - or: - - equal: [build_daily, <>] - # Trigger on manual triggers if explicitly requested - - equal: [true, << pipeline.parameters.stale_check_dispatch >>] - jobs: - - stale-check: - context: github-token-stale-check diff --git a/.github/workflows/test-golang.yml b/.github/workflows/test-golang.yml new file mode 100644 index 000000000000..7aba27824a7a --- /dev/null +++ b/.github/workflows/test-golang.yml @@ -0,0 +1,98 @@ +name: Go + +on: + push: + branches: [eigenda-develop] + pull_request: + +jobs: + go-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: "1.22" + + - name: Install and run golangci-lint + uses: golangci/golangci-lint-action@v6 + with: + version: v1.61.0 + args: -E goimports,sqlclosecheck,bodyclose,asciicheck,misspell,errorlint --timeout 5m -e "errors.As" -e "errors.Is" ./... + + build-and-cache-contracts: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: jdx/mise-action@v2 + with: + version: 2024.12.14 # [default: latest] mise version to install + install: true # [default: true] run `mise install` + cache: true # [default: true] cache mise using GitHub's cache + experimental: true # [default: false] enable experimental features + - uses: actions/cache@v3 + id: cache-artifacts + with: + path: packages/contracts-bedrock/forge-artifacts + # If any of the contracts file changes, the cache key will change, forcing a rebuild of the forge artifacts + key: ${{ runner.os }}-forge-${{ hashFiles('packages/contracts-bedrock/src/**/*.sol') }} + - name: Build contracts if cache miss + if: steps.cache-artifacts.outputs.cache-hit != 'true' + run: make build-contracts + + go-tests: + needs: [build-and-cache-contracts] + runs-on: ubuntu-latest + strategy: + matrix: + packages: + - op-batcher + - op-node + - op-e2e/system/altda + - op-e2e/actions/altda + steps: + - uses: actions/checkout@v4 + + - uses: jdx/mise-action@v2 + with: + version: 2024.12.14 # [default: latest] mise version to install + install: true # [default: true] run `mise install` + cache: true # [default: true] cache mise using GitHub's cache + experimental: true # [default: false] enable experimental features + + - name: Restore cached forge artifacts cached + uses: actions/cache@v3 + id: cache-restore + with: + path: packages/contracts-bedrock/forge-artifacts + key: ${{ runner.os }}-forge-${{ hashFiles('packages/contracts-bedrock/src/**/*.sol') }} + + # Cache has been stored in the build-and-cache-contracts job, so if this fails there's a problem + - name: Check cache restore + if: steps.cache-restore.outputs.cache-hit != 'true' + run: | + echo "Cache restore failed" + exit 1 + + # We use mise to install golang instead of the setup-go action, + # so we need to do the cache setup ourselves + - name: Go Module Cache + uses: actions/cache@v3 + id: go-cache + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + # Add explicit download on cache miss + # go test runs `go mod download` implicitly, but this separation is nice to see how long downloading vs running tests takes + - name: Download Go modules + if: steps.go-cache.outputs.cache-hit != 'true' + run: go mod download + + - name: Run tests + run: | + go test -timeout=10m ./${{ matrix.packages }}/...