From 42f211f166935b0e319956cf9f4f419e770e9ee0 Mon Sep 17 00:00:00 2001 From: Hanzo AI Date: Thu, 23 Apr 2026 19:20:29 -0700 Subject: [PATCH] ci: migrate to canonical docker-build reusable with matrix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Replace bespoke release.yml with canonical matrix calling hanzoai/.github/.github/workflows/docker-build.yml@main - Add .github/images.json for per-VM image configuration - Add Dockerfile.plugin (stateless scratch wrapper for pre-built VM binary) - Add workflow-sanity.yml Images built: 12 VM plugins under ghcr.io/luxfi/chains/* (servicenodevm, teleportvm removed from release — directories missing in repo) Refs: hanzoai/.github canonical Docker CI contract. --- .github/images.json | 14 +++ .github/workflows/release.yml | 154 +++++--------------------- .github/workflows/workflow-sanity.yml | 9 ++ Dockerfile.plugin | 8 ++ 4 files changed, 61 insertions(+), 124 deletions(-) create mode 100644 .github/images.json create mode 100644 .github/workflows/workflow-sanity.yml create mode 100644 Dockerfile.plugin diff --git a/.github/images.json b/.github/images.json new file mode 100644 index 0000000..07c495b --- /dev/null +++ b/.github/images.json @@ -0,0 +1,14 @@ +[ + {"vm": "evm", "image": "ghcr.io/luxfi/chains/evm", "cgo": "1"}, + {"vm": "dexvm", "image": "ghcr.io/luxfi/chains/dexvm", "cgo": "0"}, + {"vm": "aivm", "image": "ghcr.io/luxfi/chains/aivm", "cgo": "0"}, + {"vm": "bridgevm", "image": "ghcr.io/luxfi/chains/bridgevm", "cgo": "0"}, + {"vm": "graphvm", "image": "ghcr.io/luxfi/chains/graphvm", "cgo": "0"}, + {"vm": "identityvm", "image": "ghcr.io/luxfi/chains/identityvm", "cgo": "0"}, + {"vm": "keyvm", "image": "ghcr.io/luxfi/chains/keyvm", "cgo": "0"}, + {"vm": "oraclevm", "image": "ghcr.io/luxfi/chains/oraclevm", "cgo": "0"}, + {"vm": "quantumvm", "image": "ghcr.io/luxfi/chains/quantumvm", "cgo": "0"}, + {"vm": "relayvm", "image": "ghcr.io/luxfi/chains/relayvm", "cgo": "0"}, + {"vm": "thresholdvm", "image": "ghcr.io/luxfi/chains/thresholdvm", "cgo": "0"}, + {"vm": "zkvm", "image": "ghcr.io/luxfi/chains/zkvm", "cgo": "0"} +] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2c1fb72..7f964d2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,135 +6,41 @@ on: tags: ['v*'] pull_request: branches: [main] + workflow_dispatch: -env: - REGISTRY: ghcr.io/luxfi/chains +permissions: + contents: read + packages: write jobs: - build: - strategy: - matrix: - vm: - - evm - - dexvm - - aivm - - bridgevm - - graphvm - - identityvm - - keyvm - - oraclevm - - quantumvm - - relayvm - - servicenodevm - - teleportvm - - thresholdvm - - zkvm - arch: - - amd64 - - arm64 - fail-fast: false - runs-on: ${{ matrix.arch == 'arm64' && 'lux-arm64' || 'lux-amd64' }} - permissions: - contents: read - packages: write + plan: + runs-on: ubuntu-latest + outputs: + images: ${{ steps.load.outputs.images }} steps: - uses: actions/checkout@v4 + - id: load + run: echo "images=$(jq -c . .github/images.json)" >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 - with: - go-version: '1.26' - cache-key: ${{ matrix.vm }}-${{ matrix.arch }} - - - name: Build - working-directory: ${{ matrix.vm }} - env: - GONOSUMCHECK: github.com/luxfi/* - GONOSUMDB: github.com/luxfi/* - CGO_ENABLED: ${{ matrix.vm == 'evm' && '1' || '0' }} - CGO_CFLAGS: ${{ matrix.vm == 'evm' && '-O2 -D__BLST_PORTABLE__' || '' }} - run: | - go mod tidy - go build -trimpath -ldflags="-s -w" -o ../build/${{ matrix.vm }} . - - - name: Test version - run: ./build/${{ matrix.vm }} version - - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.vm }}-linux-${{ matrix.arch }} - path: build/${{ matrix.vm }} - - docker: - needs: build - if: github.event_name == 'push' + build: + needs: plan + if: github.event_name != 'pull_request' strategy: - matrix: - vm: - - evm - - dexvm - - aivm - - bridgevm - - graphvm - - identityvm - - keyvm - - oraclevm - - quantumvm - - relayvm - - servicenodevm - - teleportvm - - thresholdvm - - zkvm fail-fast: false - runs-on: lux-amd64 - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v4 - - - name: Download amd64 - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.vm }}-linux-amd64 - path: build/amd64/ - - - name: Download arm64 - uses: actions/download-artifact@v4 - with: - name: ${{ matrix.vm }}-linux-arm64 - path: build/arm64/ - - - name: Login to GHCR - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Determine tag - id: tag - run: | - if [[ "$GITHUB_REF" == refs/tags/* ]]; then - echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT - else - echo "tag=latest" >> $GITHUB_OUTPUT - fi - - - name: Build and push multi-arch - run: | - chmod +x build/amd64/${{ matrix.vm }} build/arm64/${{ matrix.vm }} - cat > Dockerfile.plugin <<'EOF' - FROM scratch - ARG TARGETARCH - COPY build/${TARGETARCH}/${{ matrix.vm }} /plugin - ENTRYPOINT ["/plugin"] - EOF - docker buildx build \ - --platform linux/amd64,linux/arm64 \ - -f Dockerfile.plugin \ - -t ${{ env.REGISTRY }}/${{ matrix.vm }}:${{ steps.tag.outputs.tag }} \ - --push . + matrix: + image: ${{ fromJson(needs.plan.outputs.images) }} + uses: hanzoai/.github/.github/workflows/docker-build.yml@main + with: + image: ${{ matrix.image.image }} + dockerfile: Dockerfile.plugin + build-args: | + VM=${{ matrix.image.vm }} + pre-build-command: | + mkdir -p build + (cd ${{ matrix.image.vm }} && \ + GONOSUMCHECK=github.com/luxfi/* \ + GONOSUMDB=github.com/luxfi/* \ + CGO_ENABLED=${{ matrix.image.cgo }} \ + CGO_CFLAGS="${{ matrix.image.cgo == '1' && '-O2 -D__BLST_PORTABLE__' || '' }}" \ + go build -trimpath -ldflags="-s -w" -o ../build/${{ matrix.image.vm }} .) + secrets: inherit diff --git a/.github/workflows/workflow-sanity.yml b/.github/workflows/workflow-sanity.yml new file mode 100644 index 0000000..7ea88e7 --- /dev/null +++ b/.github/workflows/workflow-sanity.yml @@ -0,0 +1,9 @@ +name: Workflow Sanity +on: + pull_request: + push: + branches: [main] + +jobs: + sanity: + uses: hanzoai/.github/.github/workflows/workflow-sanity.yml@main diff --git a/Dockerfile.plugin b/Dockerfile.plugin new file mode 100644 index 0000000..684d358 --- /dev/null +++ b/Dockerfile.plugin @@ -0,0 +1,8 @@ +# Plugin image: stateless FROM scratch container that serves a single +# pre-built VM plugin binary. Binary is produced by the workflow's +# pre-build-command on the native-arch runner and placed at /build/. +# syntax=docker/dockerfile:1 +FROM scratch +ARG VM +COPY build/${VM} /plugin +ENTRYPOINT ["/plugin"]