From 0475663b21b9f76844543d3ffe4c5b9765e09ad4 Mon Sep 17 00:00:00 2001 From: Artemii Gerasimovich Date: Wed, 12 Nov 2025 15:44:11 +0100 Subject: [PATCH 1/4] Build deployer image in CI --- .github/workflows/docker-images.yml | 54 ++++++++++++++++++++ espresso/docker/op-stack/Dockerfile | 78 ++++++++++++----------------- 2 files changed, 87 insertions(+), 45 deletions(-) diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml index e3140166c4cf3..e9fd0be4cf882 100644 --- a/.github/workflows/docker-images.yml +++ b/.github/workflows/docker-images.yml @@ -457,3 +457,57 @@ jobs: TARGET_BASE_IMAGE=alpine:3.22 TARGETOS=linux TARGETARCH=amd64 + + build-op-deployer: + needs: prepare-deployment + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Download deployment artifacts + uses: actions/download-artifact@v4 + with: + name: deployment-artifacts + + - name: Verify deployment files are present + run: | + echo "=== Verifying downloaded files ===" + ls -la packages/contracts-bedrock/ || echo "No contracts-bedrock directory" + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE_PREFIX }}/op-deployer + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,prefix={{branch}}-,enable={{is_default_branch}} + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=pr-${{ github.event.number }},enable=${{ github.event_name == 'pull_request' }} + + - name: Build and push OP Proposer TEE + uses: docker/build-push-action@v5 + with: + context: . + file: espresso/docker/op-stack/Dockerfile + target: op-deployer-target + platforms: linux/amd64 + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + TARGET_BASE_IMAGE=alpine:3.22 + TARGETOS=linux + TARGETARCH=amd64 diff --git a/espresso/docker/op-stack/Dockerfile b/espresso/docker/op-stack/Dockerfile index 04e0997a8b326..60a25ae6f640a 100644 --- a/espresso/docker/op-stack/Dockerfile +++ b/espresso/docker/op-stack/Dockerfile @@ -8,49 +8,28 @@ ARG TARGETARCH # Base builder image FROM golang:1.23.8-alpine3.20 AS builder -RUN apk add --no-cache curl netcat-openbsd tar gzip make gcc musl-dev linux-headers git jq bash +RUN apk add --no-cache \ + curl netcat-openbsd tar gzip make gcc g++ musl-dev \ + linux-headers git bash jq yq # Install mise for toolchain management RUN curl https://mise.run | MISE_INSTALL_PATH=/usr/local/bin/mise sh -# Install yq +# Install yq and dasel RUN case "$TARGETARCH" in \ - "amd64") YQ_ARCH="amd64" ;; \ - "arm64") YQ_ARCH="arm64" ;; \ - *) YQ_ARCH="amd64" ;; \ + "amd64") ARCH="amd64" ;; \ + "arm64") ARCH="arm64" ;; \ + *) ARCH="amd64" ;; \ esac && \ - wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$YQ_ARCH -O /usr/local/bin/yq && \ - chmod +x /usr/local/bin/yq + wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$ARCH -O /usr/local/bin/yq && \ + chmod +x /usr/local/bin/yq && \ + wget https://github.com/TomWright/dasel/releases/latest/download/dasel_linux_$ARCH -O /usr/local/bin/dasel && \ + chmod +x /usr/local/bin/dasel # Install versioned toolchain COPY ./mise.toml . RUN mise trust && mise install -v -y just && cp $(mise which just) /usr/local/bin/just && just --version -# Copy and download Go dependencies -COPY ./go.mod /app/go.mod -COPY ./go.sum /app/go.sum -WORKDIR /app -RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build go mod download - -# Copy source code -COPY . /app - -# Build arguments for git metadata -ARG GIT_COMMIT -ARG GIT_DATE - -# CGO builder for components that need Espresso crypto linking -FROM golang:1.23.8-alpine3.20 AS op-cgo-builder -# Install dependencies -RUN apk add musl-dev gcc g++ curl tar gzip make linux-headers git jq bash yq -# Install just from mise -COPY ./mise.toml . -RUN case $(uname -m) in \ - "arm64"|"aarch64") JUST_ARCH="aarch64" ;; \ - *) JUST_ARCH="x86_64" ;; \ - esac && \ - curl -L https://github.com/casey/just/releases/download/$(yq '.tools.just' mise.toml)/just-$(yq '.tools.just' mise.toml)-$JUST_ARCH-unknown-linux-musl.tar.gz | \ - tar xz -C /usr/local/bin just # Fetch rust libs for dynamic linking ARG ESPRESSO_SDK_VER=0.3.2 ARG ESPRESSO_SDK_HELPER_HASH_AARCH64=ec6ce7b37edd173206ad338c84a6a771a0e9dc8b184081af7440ebfc0c531a71 @@ -61,16 +40,22 @@ ADD --checksum=sha256:${ESPRESSO_SDK_HELPER_HASH_AARCH64} \ ADD --checksum=sha256:${ESPRESSO_SDK_HELPER_HASH_X86_64} \ https://github.com/EspressoSystems/espresso-network/releases/download/sdks/go/v${ESPRESSO_SDK_VER}/libespresso_crypto_helper-x86_64-unknown-linux-gnu.so \ /lib/ -# Go sources + +# Copy and download Go dependencies COPY ./go.mod /app/go.mod COPY ./go.sum /app/go.sum -# Warm-up the cache WORKDIR /app RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build go mod download + +# Copy source code COPY . /app +# Build arguments for git metadata +ARG GIT_COMMIT +ARG GIT_DATE + # Build op-node -FROM op-cgo-builder AS op-node-builder +FROM builder AS op-node-builder ARG OP_NODE_VERSION=v0.0.0 RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build cd op-node && \ CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \ @@ -78,14 +63,14 @@ RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache -o bin/op-node ./cmd/main.go # Build op-batcher -FROM op-cgo-builder AS op-batcher-builder +FROM builder AS op-batcher-builder ARG OP_BATCHER_VERSION=v0.0.0 WORKDIR /app/op-batcher ENV GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$OP_BATCHER_VERSION" RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build just op-batcher # Build enclave-tools -FROM op-cgo-builder AS enclave-tools-builder +FROM builder AS enclave-tools-builder ARG ENCLAVE_TOOLS_VERSION=v0.0.0 WORKDIR /app/op-batcher ENV GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$ENCLAVE_TOOLS_VERSION" @@ -99,11 +84,11 @@ RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build cd op-challenger && make op-challenger \ GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$OP_PROPOSER_VERSION" -FROM golang:1.23-alpine AS deployment-utils-builder -ENV GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE -RUN apk add gcc lld musl-dev # For CGO -RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build go install -ldflags '-linkmode external -extldflags "-static"' github.com/tomwright/dasel/v2/cmd/dasel@v2.8.1 -RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build go install -ldflags '-linkmode external -extldflags "-static"' github.com/mikefarah/yq/v4@v4.47.1 +# Build op-deployer +FROM builder AS op-deployer-builder +ARG OP_DEPLOER_VERSION=v0.0.0 +RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build cd op-deployer && \ + GOOS=$TARGETOS GOARCH=$TARGETARCH GITCOMMIT=$GIT_COMMIT GITDATE=$GIT_DATE VERSION="$OP_DEPLOYER_VERSION" just # Final runtime images @@ -133,7 +118,7 @@ RUN apk add gcc docker bash jq curl wget # Install enclaver for EIF creation RUN curl -L https://github.com/enclaver-io/enclaver/releases/download/v0.5.0/enclaver-linux-x86_64-v0.5.0.tar.gz | tar xz --strip-components=1 -C /usr/local/bin enclaver-linux-x86_64-v0.5.0/enclaver # Copy source code -COPY --from=op-cgo-builder /app /source +COPY --from=builder /app /source WORKDIR /source # Copy pre-built forge-artifacts from host (faster for development) COPY packages/contracts-bedrock/forge-artifacts /source/packages/contracts-bedrock/forge-artifacts @@ -178,6 +163,9 @@ CMD ["op-challenger"] FROM $TARGET_BASE_IMAGE AS op-deployer-target RUN apk add jq curl bash openssl -COPY --from=deployment-utils-builder /go/bin/dasel /usr/local/bin/ -COPY --from=deployment-utils-builder /go/bin/yq /usr/local/bin/ +COPY --from=builder /usr/local/bin/dasel /usr/local/bin/ +COPY --from=builder /usr/local/bin/yq /usr/local/bin/ +COPY --from=op-deployer-builder /app/op-deployer/bin/op-deployer /usr/local/bin +COPY /packages/contracts-bedrock/forge-artifacts /contracts +ENV DEPLOYER_ARTIFACT_LOCATOR=/contracts CMD ["op-deployer"] From a2553333a1b9dd720da25e38f3fe73476d9783d5 Mon Sep 17 00:00:00 2001 From: Artemii Gerasimovich Date: Wed, 12 Nov 2025 17:23:02 +0100 Subject: [PATCH 2/4] Fix typo --- espresso/docker/op-stack/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/espresso/docker/op-stack/Dockerfile b/espresso/docker/op-stack/Dockerfile index 60a25ae6f640a..ee2096f3441df 100644 --- a/espresso/docker/op-stack/Dockerfile +++ b/espresso/docker/op-stack/Dockerfile @@ -167,5 +167,5 @@ COPY --from=builder /usr/local/bin/dasel /usr/local/bin/ COPY --from=builder /usr/local/bin/yq /usr/local/bin/ COPY --from=op-deployer-builder /app/op-deployer/bin/op-deployer /usr/local/bin COPY /packages/contracts-bedrock/forge-artifacts /contracts -ENV DEPLOYER_ARTIFACT_LOCATOR=/contracts +ENV DEPLOYER_ARTIFACTS_LOCATOR=/contracts CMD ["op-deployer"] From 28376d676e7c6bf181c3e2d45e6fb04fbb092466 Mon Sep 17 00:00:00 2001 From: Artemii Gerasimovich Date: Wed, 12 Nov 2025 20:16:54 +0100 Subject: [PATCH 3/4] Compile contracts with optimization --- .github/workflows/docker-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml index e9fd0be4cf882..e053638520389 100644 --- a/.github/workflows/docker-images.yml +++ b/.github/workflows/docker-images.yml @@ -53,7 +53,7 @@ jobs: echo "$(pwd)/bin" >> $GITHUB_PATH - name: Compile contracts - run: just compile-contracts + run: cd packages/contracts-bedrock && just build - name: Prepare allocations run: | From ac2df865bb4be983f6660da1412fe54f7c0bab59 Mon Sep 17 00:00:00 2001 From: Artemii Gerasimovich Date: Wed, 12 Nov 2025 21:35:53 +0100 Subject: [PATCH 4/4] Add cast to deployer utils --- espresso/docker/op-stack/Dockerfile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/espresso/docker/op-stack/Dockerfile b/espresso/docker/op-stack/Dockerfile index ee2096f3441df..de599ae71f507 100644 --- a/espresso/docker/op-stack/Dockerfile +++ b/espresso/docker/op-stack/Dockerfile @@ -15,7 +15,7 @@ RUN apk add --no-cache \ # Install mise for toolchain management RUN curl https://mise.run | MISE_INSTALL_PATH=/usr/local/bin/mise sh -# Install yq and dasel +# Install yq, dasel and foundry RUN case "$TARGETARCH" in \ "amd64") ARCH="amd64" ;; \ "arm64") ARCH="arm64" ;; \ @@ -24,7 +24,13 @@ RUN case "$TARGETARCH" in \ wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_$ARCH -O /usr/local/bin/yq && \ chmod +x /usr/local/bin/yq && \ wget https://github.com/TomWright/dasel/releases/latest/download/dasel_linux_$ARCH -O /usr/local/bin/dasel && \ - chmod +x /usr/local/bin/dasel + chmod +x /usr/local/bin/dasel && \ + wget https://github.com/foundry-rs/foundry/releases/download/v1.4.4/foundry_v1.4.4_linux_$ARCH.tar.gz -O foundry.tgz && \ + tar -xzf foundry.tgz -C /usr/local/bin && \ + chmod +x /usr/local/bin/chisel && \ + chmod +x /usr/local/bin/anvil && \ + chmod +x /usr/local/bin/cast && \ + chmod +x /usr/local/bin/forge # Install versioned toolchain COPY ./mise.toml . @@ -165,6 +171,7 @@ FROM $TARGET_BASE_IMAGE AS op-deployer-target RUN apk add jq curl bash openssl COPY --from=builder /usr/local/bin/dasel /usr/local/bin/ COPY --from=builder /usr/local/bin/yq /usr/local/bin/ +COPY --from=builder /usr/local/bin/cast /usr/local/bin/ COPY --from=op-deployer-builder /app/op-deployer/bin/op-deployer /usr/local/bin COPY /packages/contracts-bedrock/forge-artifacts /contracts ENV DEPLOYER_ARTIFACTS_LOCATOR=/contracts