0xPolygonZero · 0xaatif · Jul 8, 2024 · Jul 2, 2024 · Jul 2, 2024 · Jul 2, 2024
@@ -0,0 +1,4 @@
+[build]
+# https://github.com/rust-lang/rust/pull/124129
+# https://github.com/dtolnay/linkme/pull/88
+rustflags = ["-Z", "linker-features=-lld"]
@@ -0,0 +1,28 @@
+# this is loosely based on `docker init`'s rust template.
+
+**/.DS_Store
+**/.classpath
+**/.dockerignore
+# **/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/secrets.dev.yaml
+**/values.dev.yaml
+/bin
+/target
+LICENSE
+README.md
@@ -12,24 +12,15 @@ on:
 
 jobs:
   docker:
-    name: Build and run leader and worker docker images for regression check
+    name: Regression test docker images
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Build leader docker container
-        run: |
-          docker build --progress plain -t leader:${{ github.ref_name }} -f leader.Dockerfile .
+      - run: |
+          docker build --progress=plain --build-arg=PROFILE=dev --build-arg=ENTRYPOINT=leader --tag scratch .
+          docker run --rm scratch --help
 
-      - name: Run leader docker container
-        run: |
-          docker run --rm leader:${{ github.ref_name }} --help
-
-      - name: Build worker docker container
-        run: |
-          docker build --progress plain -t worker:${{ github.ref_name }} -f worker.Dockerfile .
-
-      - name: Run worker docker container
-        run: |
-          docker run --rm worker:${{ github.ref_name }} --help
+          docker build --progress=plain --build-arg=PROFILE=dev --build-arg=ENTRYPOINT=worker --tag scratch .
+          docker run --rm scratch --help
@@ -38,7 +38,7 @@ jobs:
         id: meta_leader
         uses: docker/metadata-action@v5
         with:
-          images: | 
+          images: |
             name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LEADER }}
           tags: |
             type=ref,event=branch
@@ -49,8 +49,7 @@ jobs:
       - name: Push to GitHub Container Registry - Leader
         uses: docker/build-push-action@v3
         with:
-          context: .
-          file: ./leader.Dockerfile
+          build-args: ["ENTRYPOINT=leader"]
           push: true
           # platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta_leader.outputs.tags }}
@@ -73,8 +72,7 @@ jobs:
       - name: Push to GitHub Container Registry - Worker
         uses: docker/build-push-action@v3
         with:
-          context: .
-          file: ./worker.Dockerfile
+          build-args: ["ENTRYPOINT=worker"]
           push: true
           # platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta_worker.outputs.tags }}

@@ -1,18 +1,20 @@
 [workspace]
-members = ["mpt_trie",
-    "smt_trie",
-    "proof_gen",
-    "trace_decoder",
+members = [
+    "compat",
     "evm_arithmetization",
+    "mpt_trie",
     "proc_macro",
-    "zero_bin/leader",
-    "zero_bin/worker",
+    "proof_gen",
+    "smt_trie",
+    "trace_decoder",
     "zero_bin/common",
+    "zero_bin/leader",
     "zero_bin/ops",
-    "zero_bin/verifier",
+    "zero_bin/prover",
     "zero_bin/rpc",
-    "zero_bin/prover", 
-    "compat"]
+    "zero_bin/verifier",
+    "zero_bin/worker",
+]
 resolver = "2"
 
 [workspace.package]
@@ -24,7 +26,7 @@ keywords = ["cryptography", "STARK", "plonky2", "ethereum", "zk"]
 categories = ["cryptography::cryptocurrencies"]
 
 [workspace.dependencies]
-alloy = { git = "https://github.com/alloy-rs/alloy", tag='v0.1.1', default-features = false, features = [
+alloy = { git = "https://github.com/alloy-rs/alloy", tag = 'v0.1.1', default-features = false, features = [
     "consensus",
     "reqwest",
     "json-rpc",
@@ -36,7 +38,7 @@ alloy = { git = "https://github.com/alloy-rs/alloy", tag='v0.1.1', default-featu
     "providers",
     "transports",
     "transport-http",
-    "rpc-types-debug"
+    "rpc-types-debug",
 ] }
 anyhow = "1.0.86"
 async-stream = "0.3.5"

@@ -0,0 +1,116 @@
+# syntax=docker/dockerfile:1
+# This is loosely based on `docker init`'s rust template.
+# For a completely clean build, run something like this:
+# ```
+# docker build --build-arg=PROFILE=dev --build-arg=ENTRYPOINT=leader --no-cache
+# ```
+
+#############
+# Build stage
+#############
+# - `/src` is the repo directory.
+# - `/artifacts` is $CARGO_TARGET_DIR.
+# - `/output` is where the binaries go.
+
+ARG BUILD_BASE=rustlang/rust:nightly-bullseye-slim
+FROM ${BUILD_BASE} AS build
+
+# Install build dependencies.
+RUN apt-get update && apt-get install -y \
+    # for jemalloc
+    libjemalloc-dev \
+    libjemalloc2 \
+    make \
+    # for openssl
+    libssl-dev \
+    pkg-config \
+    # clean the image
+    && rm -rf /var/lib/apt/lists/*
+
+ARG PROFILE=release
+# forward the docker argument so that the script below can read it
+ENV PROFILE=${PROFILE}
+
+# Build the application.
+RUN \
+    # mount the repository so we don't have to COPY it in
+    --mount=type=bind,source=.,target=/src \
+    # cache artifacts and the cargo registry to speed up subsequent builds
+    --mount=type=cache,target=/artifacts \
+    --mount=type=cache,target=/usr/local/cargo/registry/ \
+    # run the build
+    <<EOF
+set -eux
+
+# need to change workdir instead of using --manifest-path because we need
+# .cargo/config.toml
+cd /src
+
+# use the cache mount
+# (we will not be able to to write to e.g `/src/target` because it is bind-mounted)
+CARGO_TARGET_DIR=/artifacts cargo build --locked "--profile=${PROFILE}" --all
+
+# narrow the find call to SUBDIR because if we just copy out all executables
+# we will break the cache invariant
+if [ "$PROFILE" = "dev" ]; then
+    SUBDIR=debug # edge case
+else
+    SUBDIR=$PROFILE
+fi
+
+# maxdepth because binaries are in the root
+# - other folders contain build scripts etc.
+mkdir /output
+find "/artifacts/$SUBDIR" \
+    -maxdepth 1 \
+    -type f \
+    -executable \
+    -not -name '*.so' \
+    -exec cp '{}' /output \; \
+    -print
+
+EOF
+
+##################
+# Final executable
+##################
+FROM debian:bullseye-slim AS final
+
+# Install runtime dependencies.
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    libjemalloc2 \
+    libssl-dev \
+    tini \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=build /output/* /usr/local/bin/
+RUN <<EOF
+set -eux
+: smoke test executables
+find /usr/local/bin -type f -executable -print0 \
+    | xargs --null --replace --verbose tini -- {} --help
+EOF
+
+# can't refer to docker args in an ENTRYPOINT directive, so go through a symlink
+ARG ENTRYPOINT
+RUN ln --symbolic --verbose -- "$(which ${ENTRYPOINT})" /entrypoint
+ENTRYPOINT [ "tini", "--", "/entrypoint" ]
+
+# TODO(0xaatif): https://github.com/0xPolygonZero/zk_evm/issues/356
+#                this is bad practice
+COPY .env /
+
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    user
+USER user
+