Fix pcr0 extraction in docker compose script and correctly shutdown op-proposer-tee (#246)

dailinsubjam · web-flow · commit 956dd0fe3985 · 2025-10-23T14:59:51.000-07:00
* fix pcr0 extraction

* stopping op-proposer-tee in script

* revert to old pcr0 extraction as the new pattern breaks the old pattern

* try to fix pcr0 extraction

* upload op-proposer-tee
diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml
@@ -403,3 +403,65 @@ jobs:
             TARGET_BASE_IMAGE=alpine:3.22
             TARGETOS=linux
             TARGETARCH=amd64
+
+  build-op-proposer-tee:
+    needs: prepare-deployment
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download deployment artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: deployment-artifacts
+
+      - name: Verify deployment files are present
+        run: |
+          echo "=== Verifying downloaded files ==="
+          ls -la espresso/deployment/ || echo "No deployment directory"
+          ls -la espresso/deployment/deployer/ || echo "No deployer directory"
+          ls -la packages/contracts-bedrock/ || echo "No contracts-bedrock directory"
+
+      - name: Copy config for op-proposer
+        run: |
+          mkdir -p packages/contracts-bedrock/lib/superchain-registry/ops/testdata/monorepo
+          echo "Config prepared for op-proposer"
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGE_PREFIX }}/op-proposer-tee
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha,prefix={{branch}}-,enable={{is_default_branch}}
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value=pr-${{ github.event.number }},enable=${{ github.event_name == 'pull_request' }}
+
+      - name: Build and push OP Proposer TEE
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: espresso/docker/op-stack/Dockerfile
+          target: op-proposer-target
+          platforms: linux/amd64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            TARGET_BASE_IMAGE=alpine:3.22
+            TARGETOS=linux
+            TARGETARCH=amd64
+
diff --git a/espresso/docker/op-batcher-tee/run-enclave.sh b/espresso/docker/op-batcher-tee/run-enclave.sh
@@ -69,7 +69,8 @@ echo "Build completed successfully"
 
 # Extract PCR0 from build output
 # Works whether the line is `... PCR0: 0xABCD ...` or `... PCR0=abcd123 ...`
-PCR0="$(sed -n -E 's/.*PCR0[:=][[:space:]]*(0[xX])?([[:xdigit:]]+).*/\2/p;q' /tmp/build_output.log)"
+PCR0="$(grep -m1 -oE 'PCR0[=:][[:space:]]*(0x)?[[:xdigit:]]{64,}' /tmp/build_output.log \
+       | sed -E 's/^PCR0[=:][[:space:]]*(0x)?//')"
 
 
 # Get batch authenticator address from deployment state
diff --git a/espresso/scripts/shutdown.sh b/espresso/scripts/shutdown.sh
@@ -7,7 +7,7 @@ docker compose down -v
 
 # Stop and remove containers built from op-batcher-tee:espresso image
 echo "Stopping containers built from op-batcher-tee:espresso image..."
-CONTAINERS=$(docker ps -q --filter "ancestor=op-batcher-tee:espresso")
+CONTAINERS=$(docker ps -aq --filter "ancestor=op-batcher-tee:espresso")
 if [ ! -z "$CONTAINERS" ]; then
     echo "Stopping containers: $CONTAINERS"
     docker stop $CONTAINERS
@@ -17,6 +17,18 @@ else
     echo "No running containers found with op-batcher-tee:espresso image"
 fi
 
+# Stop and remove containers built from op-proposer-tee:espresso image
+echo "Stopping containers built from op-proposer-tee:espresso image..."
+PROPOSER_CONTAINERS=$(docker ps -aq --filter "ancestor=op-proposer-tee:espresso")
+if [ ! -z "$PROPOSER_CONTAINERS" ]; then
+    echo "Stopping containers: $PROPOSER_CONTAINERS"
+    docker stop $PROPOSER_CONTAINERS 2>/dev/null || true
+    docker rm $PROPOSER_CONTAINERS 2>/dev/null || true
+    echo "Containers stopped and removed"
+else
+    echo "No containers found with op-proposer-tee:espresso image"
+fi
+
 # Stop and remove batcher-enclaver containers that run the eif
 echo "Stopping batcher-enclaver containers..."
 ENCLAVE_CONTAINERS=$(docker ps -aq --filter "name=batcher-enclaver-")
