diff --git a/.github/workflows/contracts-cron-image.yml b/.github/workflows/contracts-cron-image.yml new file mode 100644 index 0000000000..61bd123cec --- /dev/null +++ b/.github/workflows/contracts-cron-image.yml @@ -0,0 +1,43 @@ +name: Contracts Cron Image + +on: + push: + branches: + - master + workflow_dispatch: + +permissions: + contents: read + packages: write + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Prepare image metadata + id: prep + run: | + IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/contracts-cron" + IMAGE_NAME="$(echo "${IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')" + echo "image_name=${IMAGE_NAME}" >> "${GITHUB_OUTPUT}" + + - name: Build and push image + uses: docker/build-push-action@v5 + with: + context: ./contracts + file: ./contracts/dockerfile + push: true + tags: | + ${{ steps.prep.outputs.image_name }}:latest + ${{ steps.prep.outputs.image_name }}:${{ github.sha }} + diff --git a/contracts/.dockerignore b/contracts/.dockerignore new file mode 100644 index 0000000000..d859f53a59 --- /dev/null +++ b/contracts/.dockerignore @@ -0,0 +1,3 @@ +node_modules +artifacts +.env diff --git a/contracts/dockerfile b/contracts/dockerfile new file mode 100644 index 0000000000..151e5431a8 --- /dev/null +++ b/contracts/dockerfile @@ -0,0 +1,62 @@ +FROM node:22 + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update \ + && apt-get install -y --no-install-recommends \ + ca-certificates \ + curl \ + git \ + openssh-client \ + build-essential \ + python3 \ + && rm -rf /var/lib/apt/lists/* + +# Preload GitHub host key for SSH-based dependencies. +RUN mkdir -p /root/.ssh \ + && ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts + +RUN git config --global url."https://github.com/".insteadOf "git@github.com:" + +ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.39/supercronic-linux-amd64 \ + SUPERCRONIC_SHA1SUM=c98bbf82c5f648aaac8708c182cc83046fe48423 \ + SUPERCRONIC=supercronic-linux-amd64 + +RUN curl -fsSLO "$SUPERCRONIC_URL" \ + && echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \ + && chmod +x "$SUPERCRONIC" \ + && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \ + && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic + +WORKDIR /app + +# Enable pnpm via corepack and install dependencies first for better caching. +COPY pnpm-lock.yaml package.json pnpm-workspace.yaml ./ +RUN corepack enable \ + && pnpm install --frozen-lockfile + +# Copy the rest of the contracts workspace. +COPY . . + +RUN pnpm hardhat compile + +ENV PROVIDER_URL="" \ + SONIC_PROVIDER_URL="" \ + PLUME_PROVIDER_URL="" \ + HOODI_PROVIDER_URL="" \ + BEACON_PROVIDER_URL="" \ + DEFENDER_API_KEY="" \ + DEFENDER_API_SECRET="" \ + HARDHAT_NETWORK="" + +# Cron configuration for supercronic. +# Each Hardhat task runs with a 7 minute offset, ensuring sequential execution. +RUN cat <<'EOF' > /etc/cronjob +0 * * * * cd /app && pnpm hardhat snapBalances --network ${HARDHAT_NETWORK:-mainnet} +8 * * * * cd /app && pnpm hardhat verifyBalances --network ${HARDHAT_NETWORK:-mainnet} +10 * * * * cd /app && pnpm hardhat verifyDeposits --network ${HARDHAT_NETWORK:-mainnet} +12 * * * * cd /app && pnpm hardhat autoValidatorDeposits --network ${HARDHAT_NETWORK:-mainnet} +14 * * * * cd /app && pnpm hardhat autoValidatorWithdrawals --network ${HARDHAT_NETWORK:-mainnet} +EOF + +ENTRYPOINT ["supercronic", "/etc/cronjob"] diff --git a/contracts/pnpm-workspace.yaml b/contracts/pnpm-workspace.yaml new file mode 100644 index 0000000000..ea077fcb5f --- /dev/null +++ b/contracts/pnpm-workspace.yaml @@ -0,0 +1,15 @@ +ignoredBuiltDependencies: + - '@arbitrum/nitro-contracts' + - core-js-pure + - es5-ext + - secp256k1 + - utf-8-validate + - web3 + - web3-bzz + - web3-shh + +onlyBuiltDependencies: + - '@trufflesuite/bigint-buffer' + - bigint-buffer + - bufferutil + - keccak