test(halo2_ivc): add Layer C1 in-circuit verification tests #12219
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| - "hotfix**" | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| branches-ignore: | |
| - "hotfix**" # hotfix are handled by the push trigger | |
| concurrency: | |
| group: ci-build-test-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-ubuntu: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-22.04 | |
| gnu_target: x86_64-unknown-linux-gnu | |
| musl_target: x86_64-unknown-linux-musl | |
| - os: ubuntu-22.04-arm | |
| gnu_target: aarch64-unknown-linux-gnu | |
| musl_target: aarch64-unknown-linux-musl | |
| runs-on: ${{ matrix.os }} | |
| outputs: | |
| eras: ${{ steps.eras-test-lab.outputs.eras }} | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Install stable toolchain, tools, and restore cache | |
| uses: ./.github/workflows/actions/toolchain-and-cache | |
| with: | |
| targets: ${{ matrix.gnu_target }},${{ matrix.musl_target }} | |
| cache-version: 22.04-${{ vars.CACHE_VERSION }} | |
| cargo-tools: cargo-deb | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install musl toolchain prerequisites | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y musl-tools build-essential pkg-config | |
| # We separate the build in 2 steps as we want to avoid side effects with Rust feature unification. | |
| - name: Cargo build - Tooling | |
| if: matrix.os == 'ubuntu-22.04' | |
| shell: bash | |
| run: cargo build --release --bins --package mithril-end-to-end | |
| - name: Build Mithril workspace & publish artifacts | |
| uses: ./.github/workflows/actions/build-upload-mithril-artifact | |
| with: | |
| binaries-build-args: --bins --package mithril-aggregator --package mithril-signer --package mithril-client-cli --package mithril-relay --target=${{ matrix.musl_target }} | |
| libraries-build-args: --package mithril-stm --package mithril-client --features rustls,full,unstable | |
| binaries-to-check-static: mithril-aggregator,mithril-signer,mithril-client,mithril-relay | |
| binaries-build-target: ${{ matrix.musl_target }} | |
| - name: Build Debian packages | |
| shell: bash | |
| run: | | |
| cargo deb --no-build --package mithril-aggregator --target=${{ matrix.musl_target }} | |
| cargo deb --no-build --package mithril-signer --target=${{ matrix.musl_target }} | |
| cargo deb --no-build --package mithril-client-cli --target=${{ matrix.musl_target }} | |
| cargo deb --no-build --package mithril-relay --target=${{ matrix.musl_target }} | |
| - name: Publish Debian packages | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: mithril-deb-packages-${{ runner.os }}-${{ runner.arch }} | |
| path: target/debian/*.deb | |
| if-no-files-found: error | |
| - name: Publish End-to-end runner (${{ runner.os }}-${{ runner.arch }}) | |
| if: matrix.os == 'ubuntu-22.04' | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: mithril-tooling-${{ runner.os }}-${{ runner.arch }} | |
| path: | | |
| target/release/mithril-end-to-end | |
| target/release/load-aggregator | |
| if-no-files-found: error | |
| - name: Prepare test lab eras | |
| if: matrix.os == 'ubuntu-22.04' | |
| id: eras-test-lab | |
| run: | | |
| ERAS=$(./target/${{ matrix.musl_target }}/release/mithril-aggregator era list --json) | |
| echo "Test Lab Eras: $ERAS" | |
| echo "eras=$ERAS" >> $GITHUB_OUTPUT | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [macos-14, windows-latest] | |
| include: | |
| # Only build client on windows & mac | |
| - os: macos-14 | |
| binaries-build-args: --bins --package mithril-client-cli | |
| libraries-build-args: --package mithril-stm --package mithril-client --features rustls,full,unstable | |
| - os: windows-latest | |
| binaries-build-args: --bins --package mithril-client-cli | |
| libraries-build-args: --package mithril-stm --package mithril-client --features rustls,full,unstable | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Install stable toolchain and restore cache | |
| uses: ./.github/workflows/actions/toolchain-and-cache | |
| with: | |
| cache-version: ${{ vars.CACHE_VERSION }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Mithril workspace & publish artifacts | |
| uses: ./.github/workflows/actions/build-upload-mithril-artifact | |
| with: | |
| binaries-build-args: ${{ matrix.binaries-build-args }} | |
| libraries-build-args: ${{ matrix.libraries-build-args }} | |
| binaries-to-check-static: mithril-client | |
| common-build-args: ${{ matrix.common-build-args }} | |
| build-test-wasm: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 22 | |
| - name: Install stable toolchain, tools, and restore cache | |
| uses: ./.github/workflows/actions/toolchain-and-cache | |
| with: | |
| cache-version: ${{ vars.CACHE_VERSION }}-wasm | |
| cargo-tools: wasm-pack | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build 'mithril-client-wasm' library | |
| shell: bash | |
| working-directory: mithril-client-wasm | |
| env: | |
| WASM_PACK_ARGS: --release | |
| run: make build | |
| - name: Prepare 'mithril-client-wasm' package | |
| shell: bash | |
| working-directory: mithril-client-wasm | |
| run: | | |
| cp LICENSE ./mithril-client-wasm/ && cp npm/README.md . | |
| npm pack | |
| - name: Build a fake aggregator | |
| shell: bash | |
| run: cargo build -p mithril-aggregator-fake | |
| - name: Start a fake aggregator | |
| shell: bash | |
| run: cargo run -p mithril-aggregator-fake -- -p 8000 & | |
| - name: Test 'mithril-client-wasm' - Chrome | |
| shell: bash | |
| run: | | |
| wasm-pack test --headless --chrome mithril-client-wasm --release | |
| - name: Test 'mithril-client-wasm' - Firefox | |
| shell: bash | |
| run: | | |
| wasm-pack test --headless --firefox mithril-client-wasm --release | |
| - name: Test 'mithril-client-wasm' - NodeJS | |
| shell: bash | |
| run: | | |
| wasm-pack test --node mithril-client-wasm --release --features test-node | |
| - name: Publish Mithril Distribution (WASM) | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: mithril-distribution-wasm | |
| path: | | |
| mithril-client-wasm/*-mithril-client-wasm-*.tgz | |
| if-no-files-found: error | |
| test-rust: | |
| uses: ./.github/workflows/test-rust.yml | |
| with: | |
| # Run all tests, including slow tests, if "run-slow-tests" label is in the PR labels | |
| include-slow-tests: ${{ contains(github.event.pull_request.labels.*.name, 'run-slow-tests') }} | |
| check: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Install stable toolchain, tools, and restore cache | |
| uses: ./.github/workflows/actions/toolchain-and-cache | |
| with: | |
| cache-version: ${{ vars.CACHE_VERSION }} | |
| cargo-tools: cargo-machete cargo-sort clippy-sarif sarif-fmt | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install prettier | |
| shell: bash | |
| run: npm install -g prettier | |
| - name: Ensure Cargo.lock is up to date | |
| if: success() || failure() | |
| # Notes: | |
| # - this step MUST run before any other cargo steps to avoid them updating the `Cargo.lock` file | |
| # - `mithril-build-script` is targeted as it's the project with the fewest dependencies in the workspace | |
| run: cargo check --locked -p mithril-build-script | |
| - name: Clippy Check | |
| if: success() || failure() | |
| run: | | |
| cargo clippy \ | |
| --all-features --all-targets --no-deps --message-format=json \ | |
| | clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt | |
| # Make this step fail if any warning has been found | |
| if [[ $(cat rust-clippy-results.sarif | jq '.runs[0].results') != "[]" ]]; then | |
| false | |
| fi | |
| - name: Upload clippy analysis results to GitHub | |
| if: success() || failure() | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: rust-clippy-results.sarif | |
| wait-for-processing: true | |
| - name: Cargo fmt | |
| if: success() || failure() | |
| shell: bash | |
| run: cargo fmt --check | |
| - name: Cargo sort | |
| if: success() || failure() | |
| shell: bash | |
| run: cargo sort -w -c | |
| - name: Cargo machete (check unused dependencies) | |
| if: success() || failure() | |
| shell: bash | |
| run: cargo machete | |
| - name: Dependency & Vulnerabilities Review | |
| if: github.event_name == 'pull_request' | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| base-ref: ${{ github.event.pull_request.base.sha || 'main' }} | |
| head-ref: ${{ github.event.pull_request.head.sha || github.ref }} | |
| # GHSA-cq8v-f236-94qc: 'rand' unsoundness in the `rand::rng()` API path; | |
| # we receive `rand@0.8.6` transitively through `libp2p-core`. | |
| # Remove this exemption once `libp2p` upgrades to `rand >= 0.9.3`. | |
| allow-ghsas: GHSA-cq8v-f236-94qc | |
| - name: Check networks.json validity | |
| if: success() || failure() | |
| run: jq . networks.json | |
| - name: Check `mithril-client-wasm` Cargo.toml and package.json versions matches | |
| if: success() || failure() | |
| shell: bash | |
| run: | | |
| WASM_PACKAGE_JSON_VERSION=$(cat mithril-client-wasm/package.json | jq -r '.version') | |
| WASM_CRATE_VERSION=$(cargo metadata --quiet --no-deps | jq -r '.packages[] | select(.name=="mithril-client-wasm") | .version') | |
| if [[ $WASM_CRATE_VERSION != $WASM_PACKAGE_JSON_VERSION ]]; then | |
| echo "::error ::Version mismatch detected for mithril-client-wasm!" | |
| echo "Cargo.toml version: $WASM_CRATE_VERSION" | |
| echo "package.json version: $WASM_PACKAGE_JSON_VERSION" | |
| exit 1 | |
| fi | |
| - name: Check code formatting | |
| if: success() || failure() | |
| run: make check-format | |
| licenses: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| ## Note about deny command options: | |
| ## `--no-default-features` is only available when running against one crate | |
| # Global | |
| - deny-args: "" | |
| manifest-path: ./Cargo.toml | |
| - deny-args: "--all-features" | |
| manifest-path: ./Cargo.toml | |
| - deny-args: "--features rug-backend" | |
| manifest-path: ./Cargo.toml | |
| - deny-args: "--features num-integer-backend" | |
| manifest-path: ./Cargo.toml | |
| # Mithril Client | |
| - deny-args: "" | |
| manifest-path: mithril-client/Cargo.toml | |
| - deny-args: "--all-features" | |
| manifest-path: mithril-client/Cargo.toml | |
| - deny-args: "--no-default-features" | |
| manifest-path: mithril-client/Cargo.toml | |
| # Mithril Client WASM | |
| - deny-args: "" | |
| manifest-path: mithril-client-wasm/Cargo.toml | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: EmbarkStudios/cargo-deny-action@v2 | |
| with: | |
| command: check licenses | |
| arguments: ${{ matrix.deny-args }} | |
| log-level: error | |
| manifest-path: ${{ matrix.manifest-path }} | |
| e2e: | |
| runs-on: ubuntu-24.04 | |
| needs: [build-ubuntu] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: ["std"] | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras) }} | |
| next_era: [""] | |
| cardano_node_version: ["10.5.2", "10.6.2", "10.7.1"] | |
| hard_fork_latest_era_at_epoch: [0] | |
| run_id: ["#1"] | |
| extra_args: | |
| [ | |
| "--aggregate-signature-type=Concatenation --check-client-cli-snapshot-converter", | |
| ] | |
| include: | |
| # Include a test for partial decentralization with leader/follower signer registration and P2P signature registration with Haskell DMQ node (without fallback signature delayer) | |
| - mode: "leader-follower-dmq-haskell-skip-delayer" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: [""] | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--skip-signature-delayer --number-of-aggregators=2 --use-relays --relay-signer-registration-mode=passthrough --relay-signature-registration-mode=p2p --aggregate-signature-type=Concatenation --use-dmq --dmq-node-flavor=haskell --dmq-node-version 0.4.2.0" | |
| # Include a test for partial decentralization with leader/follower signer registration and P2P signature registration with Haskell DMQ node (with fallback signature delayer) | |
| - mode: "leader-follower-dmq-haskell-with-delayer" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: [""] | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--number-of-aggregators=2 --use-relays --relay-signer-registration-mode=passthrough --relay-signature-registration-mode=p2p --aggregate-signature-type=Concatenation --use-dmq --dmq-node-flavor=haskell --dmq-node-version 0.4.2.0" | |
| # Include a test for partial decentralization with leader/follower signer registration and P2P signature registration with fake DMQ node | |
| - mode: "leader-follower-dmq-fake" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: [""] | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--number-of-aggregators=2 --use-relays --relay-signer-registration-mode=passthrough --relay-signature-registration-mode=p2p --aggregate-signature-type=Concatenation --use-dmq --dmq-node-flavor=fake" | |
| # Include a test for partial decentralization with leader/follower signer registration and P2P signature registration with Mithril relay | |
| - mode: "leader-follower-relay" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: [""] | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--number-of-aggregators=2 --use-relays --relay-signer-registration-mode=passthrough --relay-signature-registration-mode=p2p --aggregate-signature-type=Concatenation" | |
| # Include a test for full dedentralization P2P signer registration and P2P signature registration | |
| - mode: "decentralized" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: "" | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--number-of-aggregators=2 --use-relays --relay-signer-registration-mode=p2p --relay-signature-registration-mode=p2p --aggregate-signature-type=Concatenation" | |
| # Include a test for the era switch without regenesis | |
| - mode: "std-era-switch-no-genesis" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[1] }} | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--aggregate-signature-type=Concatenation" | |
| # Include a test for the era switch with regenesis | |
| - mode: "std-era-genesis" | |
| era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[0] }} | |
| next_era: ${{ fromJSON(needs.build-ubuntu.outputs.eras)[1] }} | |
| cardano_node_version: "10.6.2" | |
| hard_fork_latest_era_at_epoch: 0 | |
| run_id: "#1" | |
| extra_args: "--mithril-era-regenesis-on-switch --aggregate-signature-type=Concatenation" | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Download binaries | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-${{ runner.os }}-${{ runner.arch }} | |
| path: ./bin | |
| - name: Download rust test runner | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-tooling-${{ runner.os }}-${{ runner.arch }} | |
| path: ./ | |
| - run: | | |
| chmod +x ./bin/mithril-aggregator | |
| chmod +x ./bin/mithril-client | |
| chmod +x ./bin/mithril-signer | |
| chmod +x ./bin/mithril-relay | |
| chmod +x ./mithril-end-to-end | |
| mkdir artifacts | |
| - name: Test | |
| uses: nick-fields/retry@v4 | |
| with: | |
| shell: bash | |
| max_attempts: 3 | |
| retry_on_exit_code: 2 | |
| timeout_minutes: 10 | |
| warning_on_retry: true | |
| command: | | |
| cat > ./mithril-end-to-end.sh << EOF | |
| #!/bin/bash | |
| set -x | |
| ./mithril-end-to-end -vvv \\ | |
| --bin-directory ./bin \\ | |
| --work-directory=./artifacts \\ | |
| --devnet-scripts-directory=./mithril-test-lab/mithril-devnet \\ | |
| --mithril-era=${{ matrix.era }} \\ | |
| --cardano-node-version ${{ matrix.cardano_node_version }} \\ | |
| --cardano-hard-fork-latest-era-at-epoch ${{ matrix.hard_fork_latest_era_at_epoch }} ${{ matrix.extra_args }} \\ | |
| EOF | |
| # If there is a next era, we need to specify it with '--mithril-next-era' | |
| if [[ "${{ matrix.next_era }}" != "" ]]; then | |
| echo " --mithril-next-era=${{ matrix.next_era }}" >> ./mithril-end-to-end.sh | |
| fi | |
| chmod u+x ./mithril-end-to-end.sh | |
| ./mithril-end-to-end.sh | |
| EXIT_CODE=$? | |
| rm ./mithril-end-to-end.sh | |
| exit $EXIT_CODE | |
| - name: Upload E2E Tests Artifacts | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: mithril-e2e-tests-artifacts-run_${{ github.run_number }}-attempt_${{ github.run_attempt }}-mode_${{ matrix.mode }}-era_${{ matrix.era }}-cardano-${{ matrix.cardano_node_version }}-fork-${{ matrix.hard_fork_latest_era_at_epoch }}-run_id_${{ matrix.run_id }} | |
| path: | | |
| ./artifacts/* | |
| # including node.sock makes the upload fails so exclude them: | |
| !./artifacts/**/node.sock | |
| # exclude cardano tools, saving ~500mb of data: | |
| !./artifacts/devnet/bin/ | |
| if-no-files-found: error | |
| docker-mithril: | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build | |
| - check | |
| - licenses | |
| - test-rust | |
| - e2e | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project: | |
| [ | |
| mithril-aggregator, | |
| mithril-client-cli, | |
| mithril-signer, | |
| mithril-relay, | |
| ] | |
| include: | |
| - project: mithril-client-cli | |
| package: mithril-client | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| PUSH_PACKAGES: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith('refs/heads/hotfix', github.ref)) }} | |
| REGISTRY: ghcr.io | |
| PACKAGE: ${{ github.repository_owner }}/${{ matrix.package != '' && matrix.package || matrix.project }} | |
| DOCKER_FILE: ./${{ matrix.project }}/Dockerfile.ci | |
| CONTEXT: . | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Get short SHA | |
| id: slug | |
| run: echo "sha8=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.PACKAGE }} | |
| tags: | | |
| unstable | |
| type=raw,value=${{ github.base_ref || github.ref_name }}-${{ steps.slug.outputs.sha8 }} | |
| - name: Download built artifacts (Linux-X64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-Linux-X64 | |
| path: ${{ matrix.project }}/bin-linux-amd64 | |
| - name: Download built artifacts (Linux-ARM64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-Linux-ARM64 | |
| path: ${{ matrix.project }}/bin-linux-arm64 | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: ${{ env.CONTEXT }} | |
| file: ${{ env.DOCKER_FILE }} | |
| push: ${{ env.PUSH_PACKAGES }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| publish-crate-test: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Install stable toolchain | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: stable | |
| - name: Publish package to crates.io | |
| uses: ./.github/workflows/actions/publish-rust-crates | |
| with: | |
| dry_run: "true" | |
| packages: mithril-stm, mithril-build-script, mithril-common, mithril-aggregator-client, mithril-aggregator-discovery, mithril-cardano-node-internal-database, mithril-client, mithril-merkle-tree | |
| publish-npm-test: | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - package: mithril-client-wasm | |
| tag: latest | |
| access: public | |
| api_token_secret_name: NPM_API_TOKEN_MITHRIL_CLIENT_WASM | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Install stable toolchain, tools, and restore cache | |
| uses: ./.github/workflows/actions/toolchain-and-cache | |
| with: | |
| cache-version: ${{ vars.CACHE_VERSION }}-wasm | |
| cargo-tools: wasm-pack | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish package to npm (dry-run) | |
| uses: ./.github/workflows/actions/publish-npm-package | |
| with: | |
| dry_run: "true" | |
| package_dir: ${{ matrix.package }} | |
| access: ${{ matrix.access }} | |
| api_token: ${{ secrets[matrix.api_token_secret_name] }} | |
| unstable-release: | |
| if: vars.PUBLISH_UNSTABLE_RELEASE_IN_CI == 'true' && github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith('refs/heads/hotfix', github.ref)) | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build | |
| - build-test-wasm | |
| - build-test-explorer | |
| - test-rust | |
| - e2e | |
| - check | |
| - licenses | |
| - publish-crate-test | |
| - publish-npm-test | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Prepare packaging | |
| run: mkdir package | |
| - name: Get short SHA | |
| id: slug | |
| run: echo "sha8=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Download built artifacts (Linux-X64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-Linux-X64 | |
| path: ./package-Linux-X64 | |
| - name: Download Debian packages (Linux-X64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-deb-packages-Linux-X64 | |
| path: ./package | |
| - name: Download built artifacts (Linux-ARM64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-Linux-ARM64 | |
| path: ./package-Linux-ARM64 | |
| - name: Download Debian packages (Linux-ARM64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-deb-packages-Linux-ARM64 | |
| path: ./package | |
| - name: Download built artifacts (macOS-ARM64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-macOS-ARM64 | |
| path: ./package-macOS-ARM64 | |
| - name: Download built artifacts (Windows-X64) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-Windows-X64 | |
| path: ./package-Windows-X64 | |
| - name: Download built artifacts (Explorer) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: explorer-build | |
| path: ./package-explorer | |
| - name: Prepare distribution package | |
| uses: ./.github/workflows/actions/prepare-distribution | |
| with: | |
| tag: unstable | |
| download-url-base: ${{ github.server_url }}/${{ github.repository }}/releases/download/unstable | |
| gpg-secret-key: ${{ secrets.GPG_SECRET_KEY }} | |
| compatibility-table: '{ "release-mainnet": "⛔", "release-preprod": "⛔", "pre-release-preview": "⛔", "testing-preview": "✔" }' | |
| - name: Delete unstable release and associated tag | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if gh release view unstable -R ${{ github.repository }} &>/dev/null; then | |
| gh release delete unstable --cleanup-tag -y -R ${{ github.repository }} | |
| else | |
| echo "Release 'unstable' not found, skipping deletion." | |
| fi | |
| - name: Update unstable release | |
| uses: softprops/action-gh-release@v3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag_name: unstable | |
| prerelease: true | |
| name: Unstable Development Builds | |
| files: package/* | |
| generate_release_notes: true | |
| body_path: ./release-notes-addon.txt | |
| append_body: true | |
| deploy-testing: | |
| if: vars.DEPLOY_NETWORKS_IN_CI == 'true' && (github.event_name == 'push' || github.event_name == 'pull_request') | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: [testing-preview] | |
| include: | |
| - environment: testing-preview | |
| environment_prefix: testing | |
| cardano_network: preview | |
| mithril_use_p2p_network: true | |
| mithril_p2p_use_dmq_protocol: true | |
| mithril_p2p_use_real_dmq_node: true | |
| mithril_api_domain: api.mithril.network | |
| mithril_protocol_parameters: | | |
| { | |
| k = 1944 | |
| m = 16948 | |
| phi_f = 0.2 | |
| } | |
| mithril_signers: | | |
| { | |
| "1" = { | |
| type = "verified", | |
| pool_id = "", | |
| }, | |
| "2" = { | |
| type = "verified", | |
| pool_id = "", | |
| }, | |
| "3" = { | |
| type = "verified", | |
| pool_id = "", | |
| }, | |
| } | |
| terraform_backend_bucket: hydra-terraform-admin | |
| google_region: europe-west1 | |
| google_zone: europe-west1-b | |
| google_machine_type: e2-highmem-8 | |
| google_compute_instance_boot_disk_size: 200 | |
| google_compute_instance_data_disk_size: 250 | |
| environment: ${{ matrix.environment }} | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - docker-mithril | |
| defaults: | |
| run: | |
| working-directory: mithril-infra | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Get Docker image id | |
| run: echo "DOCKER_IMAGE_ID=${{ github.base_ref || github.ref_name }}-$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| - name: ${{ env.DEPLOY == 'true' && 'Apply' || 'Plan' }} terraform infrastructure | |
| uses: ./.github/workflows/actions/deploy-terraform-infrastructure | |
| env: | |
| DEPLOY: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
| with: | |
| dry_run: ${{ env.DEPLOY == 'true' && 'false' || 'true' }} | |
| terraform_backend_bucket: ${{ matrix.terraform_backend_bucket }} | |
| environment_prefix: ${{ matrix.environment_prefix }} | |
| environment: ${{ matrix.environment }} | |
| cardano_network: ${{ matrix.cardano_network }} | |
| cardano_node_version: ${{ vars.CARDANO_NODE_VERSION }} | |
| cardano_node_docker_registry: ${{ vars.CARDANO_NODE_DOCKER_REGISTRY }} | |
| dmq_node_version: ${{ vars.DMQ_NODE_VERSION }} | |
| dmq_node_docker_registry: ${{ vars.DMQ_NODE_DOCKER_REGISTRY }} | |
| google_region: ${{ matrix.google_region }} | |
| google_zone: ${{ matrix.google_zone }} | |
| google_machine_type: ${{ matrix.google_machine_type }} | |
| google_compute_instance_boot_disk_size: ${{ matrix.google_compute_instance_boot_disk_size }} | |
| google_compute_instance_data_disk_size: ${{ matrix.google_compute_instance_data_disk_size }} | |
| google_compute_instance_ssh_keys_environment: testing | |
| google_application_credentials: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} | |
| mithril_use_p2p_network: ${{ matrix.mithril_use_p2p_network }} | |
| mithril_p2p_use_dmq_protocol: ${{ matrix.mithril_p2p_use_dmq_protocol }} | |
| mithril_p2p_use_real_dmq_node: ${{ matrix.mithril_p2p_use_real_dmq_node }} | |
| mithril_p2p_network_bootstrap_peer: ${{ vars.MITHRIL_P2P_NETWORK_BOOTSTRAP_PEER }} | |
| mithril_api_domain: ${{ matrix.mithril_api_domain }} | |
| mithril_image_id: ${{ env.DOCKER_IMAGE_ID }} | |
| mithril_protocol_parameters: ${{ toJSON(matrix.mithril_protocol_parameters) }} | |
| mithril_signers: ${{ toJSON(matrix.mithril_signers) }} | |
| mithril_genesis_secret_key: ${{ secrets.GENESIS_SECRET_KEY }} | |
| mithril_genesis_verification_key_url: ${{ vars.GENESIS_VERIFICATION_KEY_URL }} | |
| mithril_era_reader_address_url: ${{ vars.ERA_READER_ADDRESS_URL }} | |
| mithril_era_reader_verification_key_url: ${{ vars.ERA_READER_VERIFICATION_KEY_URL }} | |
| mithril_era_reader_secret_key: ${{ secrets.ERA_READER_SECRET_KEY }} | |
| mithril_aggregator_signed_entity_types: ${{ vars.AGGREGATOR_SIGNED_ENTITY_TYPES }} | |
| mithril_aggregator_aggregate_signature_type: ${{ vars.AGGREGATOR_AGGREGATE_SIGNATURE_TYPE }} | |
| mithril_aggregator_cdn_cname: ${{ vars.AGGREGATOR_CDN_CNAME }} | |
| mithril_aggregator_snapshot_use_cdn_domain: ${{ vars.AGGREGATOR_USE_CDN_DOMAIN }} | |
| mithril_aggregator_snapshot_compression_algorithm: ${{ vars.AGGREGATOR_SNAPSHOT_COMPRESSION_ALGORITHM }} | |
| mithril_aggregator_zstandard_parameters_level: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_LEVEL }} | |
| mithril_aggregator_zstandard_parameters_workers: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_WORKERS }} | |
| mithril_aggregator_blockfrost_parameters: ${{ secrets.AGGREGATOR_BLOCKFROST_PARAMETERS }} | |
| mithril_aggregator_allow_unparsable_block: ${{ vars.AGGREGATOR_ALLOW_UNPARSABLE_BLOCK }} | |
| mithril_aggregator_cardano_blocks_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_BLOCKS_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }} | |
| mithril_aggregator_cardano_blocks_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_BLOCKS_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }} | |
| mithril_aggregator_cardano_blocks_transactions_signing_config_security_parameter: ${{ vars.AGGREGATOR_CARDANO_BLOCKS_TRANSACTIONS_SIGNING_CONFIG_SECURITY_PARAMETER }} | |
| mithril_aggregator_cardano_blocks_transactions_signing_config_step: ${{ vars.AGGREGATOR_CARDANO_BLOCKS_TRANSACTIONS_SIGNING_CONFIG_STEP }} | |
| mithril_aggregator_cardano_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }} | |
| mithril_aggregator_cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }} | |
| mithril_aggregator_cardano_transactions_signing_config_security_parameter: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_SECURITY_PARAMETER }} | |
| mithril_aggregator_cardano_transactions_signing_config_step: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_STEP }} | |
| mithril_aggregator_ancillary_signer_type: ${{ vars.AGGREGATOR_ANCILLARY_SIGNER_TYPE }} | |
| mithril_aggregator_ancillary_signer_secret_key: ${{ secrets.AGGREGATOR_ANCILLARY_SIGNER_SECRET_KEY }} | |
| mithril_aggregator_ancillary_signer_gcp_kms_resource_name: ${{ secrets.AGGREGATOR_ANCILLARY_SIGNER_GCP_KMS_RESOURCE_NAME }} | |
| mithril_aggregator_ancillary_signer_gcp_kms_credentials: ${{ secrets.AGGREGATOR_ANCILLARY_SIGNER_GCP_KMS_CREDENTIALS }} | |
| mithril_aggregator_custom_origin_tag_white_list: ${{ vars.AGGREGATOR_CUSTOM_ORIGIN_TAG_WHITE_LIST }} | |
| prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }} | |
| prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }} | |
| prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }} | |
| prometheus_ingest_username: ${{ secrets.PROMETHEUS_INGEST_USERNAME }} | |
| prometheus_ingest_password: ${{ secrets.PROMETHEUS_INGEST_PASSWORD }} | |
| loki_auth_username: ${{ secrets.LOKI_AUTH_USERNAME }} | |
| loki_auth_password: ${{ secrets.LOKI_AUTH_PASSWORD }} | |
| loki_ingest_host: ${{ vars.LOKI_INGEST_HOST }} | |
| loki_ingest_username: ${{ secrets.LOKI_INGEST_USERNAME }} | |
| loki_ingest_password: ${{ secrets.LOKI_INGEST_PASSWORD }} | |
| cargo-doc: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Install stable toolchain and restore cache | |
| uses: ./.github/workflows/actions/toolchain-and-cache | |
| with: | |
| cache-version: ${{ vars.CACHE_VERSION }} | |
| cargo-tools: clippy-sarif sarif-fmt | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate cargo doc | |
| run: | | |
| # Force `--lib` to avoid a collision between the client lib and the client cli binary who share | |
| # the same name (we only want to document those anyway) | |
| cargo doc --no-deps --lib -p mithril-stm -p mithril-common \ | |
| -p mithril-cardano-node-chain -p mithril-cardano-node-internal-database \ | |
| -p mithril-aggregator-client -p mithril-aggregator-discovery -p mithril-build-script -p mithril-cli-helper \ | |
| -p mithril-dmq -p mithril-doc -p mithril-doc-derive \ | |
| -p mithril-era -p mithril-merkle-tree -p mithril-metric -p mithril-persistence -p mithril-resource-pool \ | |
| -p mithril-ticker -p mithril-signed-entity-lock -p mithril-signed-entity-preloader \ | |
| -p mithril-aggregator -p mithril-signer -p mithril-client -p mithril-client-cli \ | |
| -p mithril-api-spec -p mithril-test-http-server \ | |
| --all-features --message-format=json \ | |
| | clippy-sarif | tee rust-cargo-doc-results.sarif | sarif-fmt | |
| # Update tool sarif metadata from "clippy" to "cargo-doc" (since it's set this way by clippy-sarif) | |
| contents=$(cat rust-cargo-doc-results.sarif \ | |
| | jq '.runs[].tool.driver.name = "cargo-doc"' \ | |
| | jq '.runs[].tool.driver.informationUri = "https://doc.rust-lang.org/cargo/commands/cargo-doc.html"' \ | |
| ) | |
| echo -E "${contents}" > rust-cargo-doc-results.sarif | |
| # Make this step fail if any warning has been found | |
| if [[ $(cat rust-cargo-doc-results.sarif | jq '.runs[0].results') != "[]" ]]; then | |
| false | |
| fi | |
| - name: Upload cargo-doc results to GitHub | |
| if: success() || failure() | |
| uses: github/codeql-action/upload-sarif@v4 | |
| with: | |
| sarif_file: rust-cargo-doc-results.sarif | |
| wait-for-processing: true | |
| - name: Publish Mithril-rust-doc | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: mithril-rust-doc | |
| if-no-files-found: error | |
| path: | | |
| target/doc/ | |
| build-docusaurus: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| cache: "npm" | |
| cache-dependency-path: docs/website/package-lock.json | |
| - name: Install dependencies | |
| working-directory: docs/website | |
| run: npm ci | |
| - name: Build Docusaurus site | |
| working-directory: docs/website | |
| run: | | |
| npm run build | |
| - name: Publish Docusaurus build | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: docusaurus-build | |
| if-no-files-found: error | |
| path: | | |
| docs/website/build/* | |
| build-test-explorer: | |
| runs-on: ubuntu-24.04 | |
| needs: build-test-wasm | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Download built artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-distribution-wasm | |
| path: mithril-client-wasm | |
| - name: Unpack 'mithril-client-wasm' package | |
| working-directory: mithril-client-wasm | |
| run: tar -xvzf *.tgz && mv package/dist . | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| cache: "npm" | |
| cache-dependency-path: mithril-explorer/package-lock.json | |
| - name: Install dependencies | |
| working-directory: mithril-explorer | |
| run: npm ci | |
| - name: Test explorer | |
| working-directory: mithril-explorer | |
| run: make test | |
| - name: Build Explorer (stable) | |
| working-directory: mithril-explorer | |
| run: make build | |
| - name: Publish Explorer build (stable) | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: explorer-build | |
| if-no-files-found: error | |
| path: | | |
| mithril-explorer/out/* | |
| - name: Build Explorer (unstable) | |
| working-directory: mithril-explorer | |
| env: | |
| BASE_PATH: "/explorer/unstable" | |
| UNSTABLE: "1" | |
| run: make build | |
| - name: Publish Explorer build (unstable) | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: explorer-build-unstable | |
| if-no-files-found: error | |
| path: | | |
| mithril-explorer/out/* | |
| build-open-api-ui: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6 | |
| - name: Build OpenAPI UI | |
| uses: Legion2/swagger-ui-action@v1 | |
| with: | |
| output: out/ | |
| spec-file: ./openapi.yaml | |
| version: ^5.0.0 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish OpenAPI UI build | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: openapi-ui-build | |
| if-no-files-found: error | |
| path: | | |
| out/* | |
| publish-docs: | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - cargo-doc | |
| - build-docusaurus | |
| - build-test-explorer | |
| - build-open-api-ui | |
| - check | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| steps: | |
| - name: Download mithril-rust-doc artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: mithril-rust-doc | |
| path: ./github-pages/rust-doc | |
| - name: Download Docusaurus build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: docusaurus-build | |
| path: ./github-pages/doc | |
| - name: Download and unpack Explorer build (stable) | |
| shell: bash | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| # Note: If the tag is omitted, 'gh release' commands uses the latest released version | |
| LAST_DISTRIBUTION=$(gh release view -R ${{ github.repository }} --json "tagName" --jq ".tagName") | |
| gh release download -R ${{ github.repository }} --pattern "mithril-explorer-${LAST_DISTRIBUTION}*" | |
| mkdir -p ./github-pages/explorer/ | |
| tar xvf mithril-explorer-${LAST_DISTRIBUTION}.tar.gz --directory=./github-pages/explorer/ | |
| - name: Download Explorer build (unstable) | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: explorer-build-unstable | |
| path: ./github-pages/explorer/unstable | |
| - name: Download OpenAPI UI build | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: openapi-ui-build | |
| path: ./github-pages/openapi-ui | |
| - name: Add CNAME, .nojekyll & Redirect | |
| run: | | |
| echo "mithril.network" > ./github-pages/CNAME | |
| touch ./github-pages/.nojekyll | |
| echo '<!DOCTYPE html><html><head><meta http-equiv="Refresh" content="0; URL=https://mithril.network/doc"></head></html>' > ./github-pages/index.html | |
| # Remove the index.html from the url to avoid a display issue that duplicates the content of the page | |
| sed -i '1s/^/<script type="text\/javascript"> if (window.location.href.endsWith("\/index.html")) { end_of_clean_url = window.location.href.lastIndexOf("\/"); window.location.href = window.location.href.substring(0, end_of_clean_url); } <\/script>\n/' ./github-pages/doc/index.html | |
| - name: Configure GitHub Pages | |
| uses: actions/configure-pages@v6 | |
| - name: Upload GitHub Pages artifact | |
| uses: actions/upload-pages-artifact@v5 | |
| with: | |
| path: ./github-pages | |
| - name: Deploy GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v5 |