Feat/merkle proof docker

.github/workflows/contracts-cron-image.yml

@@ -0,0 +1,43 @@
+name: Contracts Cron Image
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Prepare image metadata
+        id: prep
+        run: |
+          IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/contracts-cron"
+          IMAGE_NAME="$(echo "${IMAGE_NAME}" | tr '[:upper:]' '[:lower:]')"
+          echo "image_name=${IMAGE_NAME}" >> "${GITHUB_OUTPUT}"
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./contracts
+          file: ./contracts/dockerfile
+          push: true
+          tags: |
+            ${{ steps.prep.outputs.image_name }}:latest
+            ${{ steps.prep.outputs.image_name }}:${{ github.sha }}
+

contracts/.dockerignore

@@ -0,0 +1,3 @@
+node_modules
+artifacts
+.env

contracts/dockerfile

@@ -0,0 +1,62 @@
+FROM node:22
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends \
+  ca-certificates \
+  curl \
+  git \
+  openssh-client \
+  build-essential \
+  python3 \
+  && rm -rf /var/lib/apt/lists/*
+
+# Preload GitHub host key for SSH-based dependencies.
+RUN mkdir -p /root/.ssh \
+  && ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts
+
+RUN git config --global url."https://github.com/".insteadOf "[email protected]:"
+
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.39/supercronic-linux-amd64 \
+  SUPERCRONIC_SHA1SUM=c98bbf82c5f648aaac8708c182cc83046fe48423 \
+  SUPERCRONIC=supercronic-linux-amd64
+
+RUN curl -fsSLO "$SUPERCRONIC_URL" \
+  && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
+  && chmod +x "$SUPERCRONIC" \
+  && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+  && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
+
+WORKDIR /app
+
+# Enable pnpm via corepack and install dependencies first for better caching.
+COPY pnpm-lock.yaml package.json pnpm-workspace.yaml ./
+RUN corepack enable \
+  && pnpm install --frozen-lockfile  
+
+# Copy the rest of the contracts workspace.
+COPY . .
+
+RUN pnpm hardhat compile
+
+ENV PROVIDER_URL="" \
+  SONIC_PROVIDER_URL="" \
+  PLUME_PROVIDER_URL="" \
+  HOODI_PROVIDER_URL="" \
+  BEACON_PROVIDER_URL="" \
+  DEFENDER_API_KEY="" \
+  DEFENDER_API_SECRET="" \
+  HARDHAT_NETWORK=""
+
+# Cron configuration for supercronic.
+# Each Hardhat task runs with a 7 minute offset, ensuring sequential execution.
+RUN cat <<'EOF' > /etc/cronjob
+0 * * * * cd /app && pnpm hardhat snapBalances --network ${HARDHAT_NETWORK:-mainnet}
+8 * * * * cd /app && pnpm hardhat verifyBalances --network ${HARDHAT_NETWORK:-mainnet}
+10 * * * * cd /app && pnpm hardhat verifyDeposits --network ${HARDHAT_NETWORK:-mainnet}
+12 * * * * cd /app && pnpm hardhat autoValidatorDeposits --network ${HARDHAT_NETWORK:-mainnet}
+14 * * * * cd /app && pnpm hardhat autoValidatorWithdrawals --network ${HARDHAT_NETWORK:-mainnet}
+EOF
+
+ENTRYPOINT ["supercronic", "/etc/cronjob"]

contracts/pnpm-workspace.yaml

@@ -0,0 +1,15 @@
+ignoredBuiltDependencies:
+  - '@arbitrum/nitro-contracts'
+  - core-js-pure
+  - es5-ext
+  - secp256k1
+  - utf-8-validate
+  - web3
+  - web3-bzz
+  - web3-shh
+
+onlyBuiltDependencies:
+  - '@trufflesuite/bigint-buffer'
+  - bigint-buffer
+  - bufferutil
+  - keccak