Merge branch 'main' into tx-to-optional-address

.github/scripts/rate_limit_check.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+
+
+api_endpoint="https://api.github.com/users/zksync-era-bot"
+wait_time=60
+max_retries=60
+retry_count=0
+
+while [[ $retry_count -lt $max_retries ]]; do
+  response=$(run_retried curl -s -w "%{http_code}" -o temp.json "$api_endpoint")
+  http_code=$(echo "$response" | tail -n1)
+
+  if [[ "$http_code" == "200" ]]; then
+    echo "Request successful. Not rate-limited."
+    cat temp.json
+    rm temp.json
+    exit 0
+  elif [[ "$http_code" == "403" ]]; then
+    rate_limit_exceeded=$(jq -r '.message' temp.json | grep -i "API rate limit exceeded")
+    if [[ -n "$rate_limit_exceeded" ]]; then
+      retry_count=$((retry_count+1))
+      echo "API rate limit exceeded. Retry $retry_count of $max_retries. Retrying in $wait_time seconds..."
+      sleep $wait_time
+    else
+      echo "Request failed with HTTP status $http_code."
+      cat temp.json
+      rm temp.json
+      exit 1
+    fi
+  else
+    echo "Request failed with HTTP status $http_code."
+    cat temp.json
+    rm temp.json
+    exit 1
+  fi
+done
+
+echo "Reached the maximum number of retries ($max_retries). Exiting."
+rm temp.json
+exit 1

.github/workflows/build-base.yml

@@ -0,0 +1,159 @@
+name: Build base Docker image
+on:
+  workflow_dispatch:
+    inputs:
+      repo_ref:
+        description: "git reference of the zksync-era to build"
+        required: true
+        default: main
+jobs:
+  build-images:
+    name: Build and Push Docker Images
+    runs-on: ${{ fromJSON('["matterlabs-ci-runner-high-performance", "matterlabs-ci-runner-arm"]')[contains(matrix.arch, 'arm')] }}
+    outputs:
+      image_tag_sha: ${{ steps.get-sha.outputs.image_tag_sha }}
+    # Needed to push to Gihub Package Registry
+    permissions:
+      packages: write
+      contents: read
+    env:
+      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+      REPO_REF: ${{ github.event.inputs.repo_ref }}
+    strategy:
+      matrix:
+        name: [ build-base ]
+        repository: [ zksync-build-base ]
+        arch: [ amd64, arm64 ]
+
+    steps:
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
+        with:
+          submodules: "recursive"
+
+      - name: Login to google container registry
+        run: |
+          gcloud auth configure-docker us-docker.pkg.dev -q
+
+      - name: Login to DockerHub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get tag
+        id: get-sha
+        run: |
+          echo IMAGE_TAG_SHA=$(git rev-parse --short HEAD) >> $GITHUB_ENV
+          echo image_tag_sha=$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Build and push
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+        with:
+          push: true
+          context: .
+          file: docker/build-base/Dockerfile
+          labels: |
+            org.opencontainers.image.source=https://github.com/matter-labs/zksync-era
+            org.opencontainers.image.licenses="MIT OR Apache-2.0"
+          tags: |
+            matterlabs/zksync-build-base:${{ steps.get-sha.outputs.image_tag_sha }}-${{ matrix.arch }}
+            us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:${{ steps.get-sha.outputs.image_tag_sha }}-${{ matrix.arch }}
+            ghcr.io/${{ github.repository_owner }}/zksync-build-base:${{ steps.get-sha.outputs.image_tag_sha }}-${{ matrix.arch }}
+
+  multiarch_manifest:
+    # Needed to push to Gihub Package Registry
+    permissions:
+      packages: write
+      contents: read
+    needs: [ build-images ]
+    env:
+      IMAGE_TAG_SUFFIX: ${{ needs.build-images.outputs.image_tag_sha }}
+    runs-on: [ matterlabs-ci-runner-high-performance ]
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Login to google container registry
+        run: |
+          gcloud auth configure-docker us-docker.pkg.dev -q
+
+      - name: Login to DockerHub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create and push multi-arch manifests for Dockerhub
+        shell: bash
+        run: |
+          images=("zksync-build-base")
+          archs=("amd64" "arm64")
+
+          for img in "${images[@]}"; do
+            multiarch_tag="matterlabs/zksync-build-base:latest"
+            individual_images=()
+
+            for arch in "${archs[@]}"; do
+              TAG="$IMAGE_TAG_SUFFIX"
+              docker pull matterlabs/zksync-build-base:${TAG}-${arch} --platform linux/${arch}
+              individual_images+=("matterlabs/zksync-build-base:${TAG}-${arch}")
+            done
+
+            docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
+          done
+
+      - name: Create and push multi-arch manifests for GitHub Container Registry
+        shell: bash
+        run: |
+          images=("zksync-build-base")
+          archs=("amd64" "arm64")
+
+          for img in "${images[@]}"; do
+            multiarch_tag="ghcr.io/${{ github.repository_owner }}/zksync-build-base:latest"
+            individual_images=()
+
+            for arch in "${archs[@]}"; do
+              TAG="$IMAGE_TAG_SUFFIX"
+              docker pull ghcr.io/${{ github.repository_owner }}/zksync-build-base:${TAG}-${arch} --platform linux/${arch}
+              individual_images+=("ghcr.io/${{ github.repository_owner }}/zksync-build-base:${TAG}-${arch}")
+            done
+
+            docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
+          done
+
+      - name: Create and push multi-arch manifests for Google Artifact Registry
+        shell: bash
+        run: |
+          images=("zksync-build-base")
+          archs=("amd64" "arm64")
+
+          for img in "${images[@]}"; do
+            multiarch_tag="us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:latest"
+            individual_images=()
+
+            for arch in "${archs[@]}"; do
+              TAG="$IMAGE_TAG_SUFFIX"
+              docker pull us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:${TAG}-${arch} --platform linux/${arch}
+              individual_images+=("us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:${TAG}-${arch}")
+            done
+
+            docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
+          done

.github/workflows/ci.yml

@@ -111,7 +111,7 @@ jobs:
     name: Build core images
     needs: changed_files
     if: ${{ (needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
-    uses: ./.github/workflows/build-core-template.yml
+    uses: ./.github/workflows/new-build-core-template.yml
     with:
       image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
       action: "build"
@@ -136,7 +136,7 @@ jobs:
     name: Build contract verifier
     needs: changed_files
     if: ${{ (needs.changed_files.outputs.core == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
-    uses: ./.github/workflows/build-contract-verifier-template.yml
+    uses: ./.github/workflows/new-build-contract-verifier-template.yml
     with:
       image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
       action: "build"
@@ -148,7 +148,7 @@ jobs:
     name: Build prover images
     needs: changed_files
     if: ${{ (needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
-    uses: ./.github/workflows/build-prover-template.yml
+    uses: ./.github/workflows/new-build-prover-template.yml
     with:
       image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
       action: "build"
@@ -162,12 +162,10 @@ jobs:
     name: Build prover images with avx512 instructions
     needs: changed_files
     if: ${{ (needs.changed_files.outputs.prover == 'true' || needs.changed_files.outputs.all == 'true') && !contains(github.ref_name, 'release-please--branches') }}
-    uses: ./.github/workflows/build-witness-generator-template.yml
+    uses: ./.github/workflows/new-build-witness-generator-template.yml
     with:
       image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}-avx512
       action: "build"
-      ERA_BELLMAN_CUDA_RELEASE: ${{ vars.ERA_BELLMAN_CUDA_RELEASE }}
-      is_pr_from_fork: ${{ github.event.pull_request.head.repo.fork == true }}
       WITNESS_GENERATOR_RUST_FLAGS: "-Ctarget_feature=+avx512bw,+avx512cd,+avx512dq,+avx512f,+avx512vl"
     secrets:
       DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}