Use Nix for building and testing #303

Workflow file for this run

.github/workflows/pull_request.yml at 14110d2

	name: Build and Test

	on:
	push:
	branches: [ master ]
	pull_request:

	concurrency:
	# In master we want to run for every commit, in other branches — only for the last one
	group: ${{
	( github.ref == 'refs/heads/master' &&
	format('{0}/{1}/{2}', github.workflow, github.ref, github.sha) )
	\|\|
	format('{0}/{1}', github.workflow, github.ref) }}
	cancel-in-progress: true

	env:
	BOOST_VERSION: "1.80.0"
	CAA_ARTIFACT_NAME: circuits-and-assignments
	TO_ARTIFACT_NAME: transpiler-output
	INTEGRATION_TESTING_TARGETS: \|
	arithmetics_cpp_example
	polynomial_cpp_example
	poseidon_cpp_example
	merkle_tree_poseidon_cpp_example
	uint_remainder_cpp
	uint_shift_left
	uint_bit_decomposition
	uint_bit_composition
	compare_eq_cpp
	private_input_cpp

	jobs:
	handle-syncwith:
	if: github.event_name == 'pull_request'
	name: Call Reusable SyncWith Handler
	uses: NilFoundation/ci-cd/.github/workflows/reusable-handle-syncwith.yml@v1.1.2
	with:
	ci-cd-ref: 'v1.1.2'
	secrets: inherit


	prepare-targets:
	name: Prepare targets strings
	runs-on: ubuntu-22.04
	if: \|
	always() && !cancelled()
	outputs:
	evm-targets: ${{ steps.get-targets.outputs.evm-targets }}
	prover-targets: ${{ steps.get-targets.outputs.prover-targets }}
	steps:
	- name: Set targets for integration testing
	id: get-targets
	run: \|
	targets_str=$(echo "${{ env.INTEGRATION_TESTING_TARGETS }}" \| awk 'NF {print "transpiler_output_" $1}')
	echo "evm-targets<<EOF" >> $GITHUB_OUTPUT
	echo "${targets_str}" >> $GITHUB_OUTPUT
	echo "EOF" >> $GITHUB_OUTPUT

	echo "prover-targets<<EOF" >> $GITHUB_OUTPUT
	echo "${{ env.INTEGRATION_TESTING_TARGETS }}" >> $GITHUB_OUTPUT
	echo "EOF" >> $GITHUB_OUTPUT


	get-zkllvm-run:
	name: Get zkLLVM run to use artifacts from
	needs:
	- handle-syncwith
	if: \|
	always() && !cancelled() &&
	(needs.handle-syncwith.result == 'success' \|\| needs.handle-syncwith.result == 'skipped')
	runs-on: ubuntu-22.04
	outputs:
	run-id: ${{ steps.get-run-id.outputs.run-id }}
	steps:
	- name: Get run ID of zkLLVM
	id: get-run-id
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	prs_refs="${{ needs.handle-syncwith.outputs.prs-refs }}"
	zkllvm_ref="master"
	zkllvm_repo="NilFoundation/zkLLVM"

	while read -r line; do
	echo "$line"
	if [[ $line == "${zkllvm_repo}:"* ]]; then
	zkllvm_ref=$(echo "$line" \| cut -d ' ' -f 2)
	break
	fi
	done <<< "$prs_refs"

	if [[ $zkllvm_ref == refs/pull/* ]]; then
	echo "Considering reference ${zkllvm_ref} a pr ref"
	pr_number=${zkllvm_ref#refs/pull/}
	pr_number=${pr_number%/merge}
	sha=$(gh api repos/${zkllvm_repo}/pulls/$pr_number --jq '.head.sha')
	elif [[ $zkllvm_ref == refs/tags/* ]]; then
	echo "Considering reference ${zkllvm_ref} a tag"
	tag=${zkllvm_ref#refs/tags/}
	sha=$(gh api repos/${zkllvm_repo}/git/ref/tags/$tag --jq '.object.sha')
	else
	echo "Considering reference ${zkllvm_ref} a branch"
	branch=${zkllvm_ref#refs/heads/}
	# We can already fetch run_id here, but better fit to common approach with extra query by sha
	sha=$(gh api "repos/${zkllvm_repo}/actions/workflows/build_linux.yml/runs?branch=${branch}&status=completed&per_page=1" \
	--jq '.workflow_runs[0].head_sha')
	fi

	echo "Using head sha: ${sha}"
	run_id=$(gh api "repos/${zkllvm_repo}/actions/workflows/build_linux.yml/runs?head_sha=${sha}&status=completed&per_page=1" \
	--jq '.workflow_runs[0].id')
	if [ -z "${run_id}" ]; then
	echo no run ID fetched
	exit 1
	fi
	echo "Run ID: ${run_id}"
	for artifact in "${{ env.CAA_ARTIFACT_NAME }}" "${{ env.TO_ARTIFACT_NAME }}"; do
	# Check if the artifact exists in the run
	if ! gh run view ${run_id} --repo ${zkllvm_repo} \| grep "$artifact"; then
	echo "Artifact '$artifact' not found in run ${run_id}"
	exit 1
	fi
	done
	echo "run-id=${run_id}" >> $GITHUB_OUTPUT


	# This is copied from reusable-generate-proofs-linux.yml
	# Disgusting duplication, we should better move all preparation and build to nix, then
	# make testing steps a composite action.
	build-and-generate-proofs:
	name: Build prover, generate proofs for circuits
	runs-on: [self-hosted, Linux, X64, aws_autoscaling]
	needs:
	- handle-syncwith
	- get-zkllvm-run
	- prepare-targets
	if: \|
	always() && !cancelled() &&
	(needs.handle-syncwith.result == 'success' \|\| needs.handle-syncwith.result == 'skipped') &&
	(needs.get-zkllvm-run.result == 'success' \|\| needs.get-zkllvm-run.result == 'skipped') &&
	(needs.prepare-targets.result == 'success' \|\| needs.prepare-targets.result == 'skipped')
	outputs:
	artifact-name: ${{ steps.artifact-name.outputs.merged }}

	steps:
	# https://github.com/actions/checkout/issues/1552
	- name: Clean up after previous checkout
	run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*;

	- name: Checkout Crypto3
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	submodules: recursive

	- name: Checkout submodules to specified refs
	if: inputs.submodules-refs != ''
	uses: NilFoundation/ci-cd/actions/recursive-checkout@v1.2.1
	with:
	refs: ${{ needs.handle-syncwith.outputs.prs-refs }}
	paths: \|
	${{ github.workspace }}/**
	!${{ github.workspace }}/
	!${{ github.workspace }}//.git/

	# - name: Run clang-format
	# run: \|
	# if find bin -iname '.cpp' -o -iname '.hpp' \| xargs clang-format -n --Werror; then
	# echo "Code formatting is correct"
	# else
	# echo "Code formatting differs from clang-format's expectations, run 'find bin -iname .hpp -o -iname .cpp \| xargs clang-format -i'"
	# exit 1
	# fi

	- name: Run checks
	run: nix -L build .?submodules=1
	# env:
	# NIX_CONFIG: \|
	# cores = 6
	# max-jobs = 4

	- name: Set usefull strings
	id: strings
	run: \|
	echo "artifact-dir=$(realpath /__w/proof-producer/proof-producer/../artifacts)" >> $GITHUB_OUTPUT

	- name: Download circuits and assignments artifact
	uses: dawidd6/action-download-artifact@v3
	with:
	repo: NilFoundation/zkLLVM
	name: ${{ env.CAA_ARTIFACT_NAME }}
	path: ${{ steps.strings.outputs.artifact-dir }}
	run_id: ${{ needs.get-zkllvm-run.outputs.run-id }}
	github_token: ${{ secrets.GITHUB_TOKEN }}
	skip_unpack: true # It can't unpack such large files (>2Gb for some circuits)

	- name: Extract circuits and assignments artifact
	working-directory: ${{ steps.strings.outputs.artifact-dir }}
	run: \|
	unzip ${{ env.CAA_ARTIFACT_NAME }}.zip

	- name: List artifacts
	working-directory: ${{ steps.strings.outputs.artifact-dir }}
	run: find .

	- name: Make proofs for pairs
	working-directory: ${{ steps.strings.outputs.artifact-dir }}
	run: \|
	extra_args=""
	if [[ "true" == "false" ]]; then
	extra_args="--multithreaded "
	fi
	targets_str=$(echo "${{ needs.prepare-targets.outputs.prover-targets }}" \| awk '{$1=$1};1' \| sed '/^$/d' \| tr '\n' ' ' \| sed 's/ $//')
	echo "targets from input: ${targets_str}"
	${{ github.workspace }}/tests/make_proof_for_pairs.sh --use-nix ${extra_args} ${targets_str}

	- name: Download transpiler output artifact
	id: download-to-artifact
	uses: dawidd6/action-download-artifact@v3
	with:
	repo: NilFoundation/zkLLVM
	name: ${{ env.TO_ARTIFACT_NAME }}
	path: ${{ steps.strings.outputs.artifact-dir }}
	run_id: ${{ needs.get-zkllvm-run.outputs.run-id }}
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Merge proofs into transpiler output
	working-directory: ${{ steps.strings.outputs.artifact-dir }}
	run: \|
	copy_failed=0
	while read dir; do
	base_name=${dir#./transpiler_output_}

	if [[ -d "$base_name" ]]; then
	if ! cp "${base_name}/proof.bin" "${dir}/"; then
	echo "Failed to copy proof.bin to ${dir}" >&2
	copy_failed=1
	else
	echo "proof.bin added to ${dir}"
	fi
	else
	echo "Error: No matching directory found for ${dir}" >&2
	fi
	done < <(find . -type d -name "transpiler_output_*")

	if [ $copy_failed -eq 1 ]; then
	echo "One or more copy operations failed."
	exit 1
	fi

	- name: Set aritfact name
	id: artifact-name
	run: \|
	echo "merged=transpiler-output-merged-proofs" >> $GITHUB_OUTPUT

	- name: Upload merged artifact
	uses: actions/upload-artifact@v3
	with:
	name: ${{ steps.artifact-name.outputs.merged }}
	path: \|
	${{ steps.strings.outputs.artifact-dir }}/transpiler_output_*

	# TODO: add package derivation to nix, upload its result
	# - name: Upload .deb package
	# if: matrix.cpp-compiler == 'clang++' && matrix.build-type == 'Release'
	# uses: actions/upload-artifact@v4
	# with:
	# name: proof-producer.deb
	# path: \|
	# ${{ steps.strings.outputs.build-dir }}/proof-producer*.deb


	verify-proof-producer-proofs:
	name: Verify proof-producer proofs with EVM-placeholder
	needs:
	- handle-syncwith
	- build-and-generate-proofs
	- prepare-targets
	if: \|
	always() && !cancelled() &&
	(needs.handle-syncwith.result == 'success' \|\| needs.handle-syncwith.result == 'skipped') &&
	(needs.build-and-generate-proofs.result == 'success' \|\| needs.build-and-generate-proofs.result == 'skipped') &&
	(needs.prepare-targets.result == 'success' \|\| needs.prepare-targets.result == 'skipped')
	uses: NilFoundation/evm-placeholder-verification/.github/workflows/reusable-verify-proofs.yml@2a0ef5fc67e97be8e3c7b59338cf9eecd030c57d
	with:
	artifact-name: ${{ needs.build-and-generate-proofs.outputs.artifact-name }}
	evm-placeholder-verification-ref: 2a0ef5fc67e97be8e3c7b59338cf9eecd030c57d
	refs: ${{ needs.handle-syncwith.outputs.prs-refs }}
	test-names: ${{ needs.prepare-targets.outputs.evm-targets }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use Nix for building and testing #303

Workflow file

Use Nix for building and testing #303

Jobs

Run details

Workflow file for this run