name: Build Circuits on: push: tags: - "v*.*.*" pull_request: branches: - main workflow_dispatch: inputs: tag: description: "Tag to release. Must follow the format of 'vX.Y.Z'." required: true jobs: setup: name: Configure Environment runs-on: ubuntu-latest outputs: version: ${{ steps.define-version.outputs.version }} tag: ${{ steps.define-version.outputs.tag }} steps: - name: Define version id: define-version env: # Use the tag name if it is available, otherwise use the input version. # For PR testing, use a test version based on PR number and commit SHA. TAG: ${{ (github.ref_type == 'tag' && github.ref_name) || inputs.tag || format('v0.0.0-pr{0}-{1}', github.event.pull_request.number || '0', github.sha) }} run: | if [ -z "$TAG" ]; then echo "Could not determine tag." exit 1 fi # For pull requests, allow test versions with format v0.0.0-pr* if [[ "$TAG" =~ ^v0\.0\.0-pr ]]; then echo "Using test version for PR: $TAG" VERSION="$TAG" elif [[ ! "$TAG" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "TAG must follow the format of 'vX.Y.Z'. Value: '$TAG'." exit 2 else # Parse Version: Take only the vX.Y.Z part. VERSION=$(echo $TAG | cut -d'-' -f1) fi # Export the tag and version. echo "tag=$TAG" >> $GITHUB_OUTPUT echo "version=$VERSION" >> $GITHUB_OUTPUT generate-proving-keys: name: Generate ${{ matrix.circuit.display }} Proving Key runs-on: ubuntu-latest needs: - setup strategy: fail-fast: false matrix: circuit: - name: pol display: PoL file: pol.circom dir: mantle - name: poq display: PoQ file: poq.circom dir: blend - name: zksign display: ZKSign file: signature.circom dir: mantle - name: poc display: PoC file: poc.circom dir: mantle env: VERSION: ${{ needs.setup.outputs.version }} PTAU_URL: "https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_17.ptau" PTAU_FILE: "powersOfTau28_hez_final_17.ptau" steps: - name: Install Rust Toolchain uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 with: toolchain: stable cache: false - name: Install Circom run: | git clone https://github.com/iden3/circom.git cd circom RUSTFLAGS="-A dead_code" cargo build --release RUSTFLAGS="-A dead_code" cargo install --path circom circom --version - name: Checkout uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709 - name: Initialise Submodules run: git submodule update --init --recursive - name: Setup Node.js uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b with: node-version: '20' - name: Install snarkjs run: npm install -g snarkjs@latest - name: Cache Powers of Tau id: cache-ptau uses: actions/cache@v4 with: path: ${{ env.PTAU_FILE }} key: ptau-${{ env.PTAU_FILE }} - name: Download Powers of Tau if: steps.cache-ptau.outputs.cache-hit != 'true' run: | echo "Downloading Powers of Tau file (this may take a while, ~3GB)..." curl -L -o "${{ env.PTAU_FILE }}" "${{ env.PTAU_URL }}" echo "Download complete." - name: Generate Proving Key run: | cd ${{ matrix.circuit.dir }} circom --r1cs --O2 ${{ matrix.circuit.file }} snarkjs groth16 setup ${CIRCUIT_NAME}.r1cs ../${{ env.PTAU_FILE }} ${{ matrix.circuit.name }}-0.zkey head -c 32 /dev/urandom | xxd -p -c 256 | snarkjs zkey contribute ${{ matrix.circuit.name }}-0.zkey ${{ matrix.circuit.name }}.zkey --name="RELEASE" -v snarkjs zkey export verificationkey ${{ matrix.circuit.name }}.zkey ${{ matrix.circuit.name }}_verification_key.json env: CIRCUIT_NAME: ${{ matrix.circuit.file == 'signature.circom' && 'signature' || matrix.circuit.name }} - name: Upload Proving Key uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: ${{ matrix.circuit.name }}-proving-key path: | ${{ matrix.circuit.dir }}/${{ matrix.circuit.name }}.zkey ${{ matrix.circuit.dir }}/${{ matrix.circuit.name }}_verification_key.json build-linux: name: Build Linux Binaries (Native) runs-on: ubuntu-latest needs: - setup - generate-proving-keys env: VERSION: ${{ needs.setup.outputs.version }} OS: linux ARCH: x86_64 steps: - name: Install Rust Toolchain uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 with: toolchain: stable cache: false - name: Install Circom run: | git clone https://github.com/iden3/circom.git cd circom RUSTFLAGS="-A dead_code" cargo build --release RUSTFLAGS="-A dead_code" cargo install --path circom circom --version - name: Checkout uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709 - name: Initialise Submodules run: git submodule update --init --recursive - name: Setup Dependencies working-directory: rapidsnark run: sudo apt update -y - name: Install Dependencies [Prover] run: sudo apt install -y build-essential cmake libgmp-dev libsodium-dev nasm curl m4 - name: Install Dependencies [Witness Generator] run: sudo apt install nlohmann-json3-dev - name: Replace Prover Makefile # TODO: Make a fork generate the appropriate Linux Makefile run: cp .github/resources/prover/Makefile rapidsnark/Makefile - name: Compile Prover and Verifier working-directory: rapidsnark run: | ./build_gmp.sh host make host_linux_x86_64_static - name: Bundle Rapidsnark Prover env: BINARY_NAME: prover BUNDLE_NAME: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} RAPIDSNARK_DIR: rapidsnark/package run: | BUNDLE_DIR="${BUNDLE_NAME}/${BINARY_NAME}" mkdir -p "$BUNDLE_DIR" mv "${RAPIDSNARK_DIR}"/bin/${BINARY_NAME} "$BUNDLE_DIR/" tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Bundle Rapidsnark Verifier env: BINARY_NAME: verifier BUNDLE_NAME: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} RAPIDSNARK_DIR: rapidsnark/package run: | BUNDLE_DIR="${BUNDLE_NAME}/${BINARY_NAME}" mkdir -p "$BUNDLE_DIR" mv "${RAPIDSNARK_DIR}"/bin/${BINARY_NAME} "$BUNDLE_DIR/" tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Upload Rapidsnark Prover uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz - name: Upload Rapidsnark Verifier uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz - name: Compile PoL Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoL" circuit-name-binary: "pol" circuit-path: "mantle/pol.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile PoQ Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoQ" circuit-name-binary: "poq" circuit-path: "blend/poq.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile ZKSign Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "ZKSign" circuit-name-binary: "zksign" circuit-path: "mantle/signature.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile PoC Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoC" circuit-name-binary: "poc" circuit-path: "mantle/poc.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Download PoL Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: pol-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/pol-artifact - name: Download PoQ Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: poq-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/poq-artifact - name: Download ZKSign Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: zksign-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/zksign-artifact - name: Download PoC Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: poc-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/poc-artifact - name: Download All Proving Key Artifacts uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: pattern: "*-proving-key" path: proving-keys/ - name: Create Unified Release Bundle env: BUNDLE_NAME: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} run: | # Create the bundle directory structure mkdir -p "${BUNDLE_NAME}"/{pol,poq,zksign,poc} # Create VERSION file echo "${{ env.VERSION }}" > "${BUNDLE_NAME}/VERSION" # Move witness generators into their respective circuit directories mv witness-generators/pol-artifact/pol "${BUNDLE_NAME}/pol/witness_generator" mv witness-generators/pol-artifact/pol.dat "${BUNDLE_NAME}/pol/witness_generator.dat" mv witness-generators/poq-artifact/poq "${BUNDLE_NAME}/poq/witness_generator" mv witness-generators/poq-artifact/poq.dat "${BUNDLE_NAME}/poq/witness_generator.dat" mv witness-generators/zksign-artifact/signature "${BUNDLE_NAME}/zksign/witness_generator" mv witness-generators/zksign-artifact/signature.dat "${BUNDLE_NAME}/zksign/witness_generator.dat" mv witness-generators/poc-artifact/poc "${BUNDLE_NAME}/poc/witness_generator" mv witness-generators/poc-artifact/poc.dat "${BUNDLE_NAME}/poc/witness_generator.dat" # Restore execute permissions on witness generators chmod +x "${BUNDLE_NAME}/pol/witness_generator" chmod +x "${BUNDLE_NAME}/poq/witness_generator" chmod +x "${BUNDLE_NAME}/zksign/witness_generator" chmod +x "${BUNDLE_NAME}/poc/witness_generator" # Copy proving keys and verification keys into each circuit directory cp proving-keys/pol-proving-key/pol.zkey "${BUNDLE_NAME}/pol/proving_key.zkey" cp proving-keys/pol-proving-key/pol_verification_key.json "${BUNDLE_NAME}/pol/verification_key.json" cp proving-keys/poq-proving-key/poq.zkey "${BUNDLE_NAME}/poq/proving_key.zkey" cp proving-keys/poq-proving-key/poq_verification_key.json "${BUNDLE_NAME}/poq/verification_key.json" cp proving-keys/zksign-proving-key/zksign.zkey "${BUNDLE_NAME}/zksign/proving_key.zkey" cp proving-keys/zksign-proving-key/zksign_verification_key.json "${BUNDLE_NAME}/zksign/verification_key.json" cp proving-keys/poc-proving-key/poc.zkey "${BUNDLE_NAME}/poc/proving_key.zkey" cp proving-keys/poc-proving-key/poc_verification_key.json "${BUNDLE_NAME}/poc/verification_key.json" # Create tarball tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Upload Unified Release Bundle uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz build-windows: name: Build Windows Binaries (Native) runs-on: windows-latest needs: - setup - generate-proving-keys env: VERSION: ${{ needs.setup.outputs.version }} OS: windows ARCH: x86_64 steps: - name: Setup MSYS2 uses: msys2/setup-msys2@v2.28.0 # FIXME: Ideally use the hash to avoid supply chain attacks. Currently unable to. with: update: true install: >- base-devel mingw-w64-x86_64-toolchain make git - name: Install Rust Toolchain uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 with: toolchain: stable cache: false - name: Install Circom run: | git clone https://github.com/iden3/circom.git cd circom $env:RUSTFLAGS="-A dead_code"; cargo build --release $env:RUSTFLAGS="-A dead_code"; cargo install --path circom circom --version - name: Checkout uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709 - name: Initialise Submodules run: git submodule update --init --recursive - name: Install Dependencies [Witness Generator] shell: msys2 {0} run: | # nlohmann/json mkdir -p /include/nlohmann/ wget -O /include/nlohmann/json.hpp https://github.com/nlohmann/json/releases/download/v3.12.0/json.hpp # mman-win32 git clone https://github.com/alitrack/mman-win32.git pushd mman-win32 ./configure --prefix= # Path: / make make install popd - name: Install Dependencies [Prover] shell: msys2 {0} run: pacman --noconfirm -Sy --needed cmake nasm mingw-w64-ucrt-x86_64-libsodium - name: Replace Prover Makefile # TODO: Make a fork generate the appropriate Windows Makefile shell: msys2 {0} run: cp .github/resources/prover/Makefile rapidsnark/Makefile - name: Replace Prover CMakeLists shell: msys2 {0} run: cp .github/resources/prover/${{ env.OS }}.src-CMakeLists.txt rapidsnark/src/CMakeLists.txt - name: Patch Windows mman shell: msys2 {0} run: cp .github/resources/prover/${{ env.OS }}.mman_patch.hpp /include/mman_patch.hpp - name: Add uio.h headers shell: msys2 {0} run: cp .github/resources/prover/${{ env.OS }}.uio.h /include/sys/uio.h - name: Replace build_gmp shell: msys2 {0} run: cp .github/resources/prover/${{ env.OS }}.build_gmp.sh rapidsnark/build_gmp.sh - name: Compile Prover and Verifier shell: msys2 {0} working-directory: rapidsnark run: | ./build_gmp.sh host make host_windows_x86_64_static - name: Bundle Rapidsnark Prover shell: msys2 {0} env: BINARY_NAME: prover BUNDLE_NAME: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} RAPIDSNARK_DIR: rapidsnark/package run: | BUNDLE_DIR="${BUNDLE_NAME}/${BINARY_NAME}" mkdir -p "$BUNDLE_DIR" mv "${RAPIDSNARK_DIR}"/bin/${BINARY_NAME}.exe "$BUNDLE_DIR/" tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Bundle Rapidsnark Verifier shell: msys2 {0} env: BINARY_NAME: verifier BUNDLE_NAME: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} RAPIDSNARK_DIR: rapidsnark/package run: | BUNDLE_DIR="${BUNDLE_NAME}/${BINARY_NAME}" mkdir -p "$BUNDLE_DIR" mv "${RAPIDSNARK_DIR}"/bin/${BINARY_NAME}.exe "$BUNDLE_DIR/" tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Upload Rapidsnark Prover uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz - name: Upload Rapidsnark Verifier uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz - name: Compile PoL Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoL" circuit-name-binary: "pol" circuit-path: "mantle/pol.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile PoQ Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoQ" circuit-name-binary: "poq" circuit-path: "blend/poq.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile ZKSign Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "ZKSign" circuit-name-binary: "zksign" circuit-path: "mantle/signature.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile PoC Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoC" circuit-name-binary: "poc" circuit-path: "mantle/poc.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Download PoL Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: pol-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/pol-artifact - name: Download PoQ Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: poq-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/poq-artifact - name: Download ZKSign Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: zksign-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/zksign-artifact - name: Download PoC Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: poc-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/poc-artifact - name: Download All Proving Key Artifacts uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: pattern: "*-proving-key" path: proving-keys/ - name: Create Unified Release Bundle shell: msys2 {0} env: BUNDLE_NAME: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} run: | # Create the bundle directory structure mkdir -p "${BUNDLE_NAME}"/{pol,poq,zksign,poc} # Create VERSION file echo "${{ env.VERSION }}" > "${BUNDLE_NAME}/VERSION" # Move witness generators into their respective circuit directories mv witness-generators/pol-artifact/pol.exe "${BUNDLE_NAME}/pol/witness_generator.exe" mv witness-generators/pol-artifact/pol.dat "${BUNDLE_NAME}/pol/witness_generator.dat" mv witness-generators/poq-artifact/poq.exe "${BUNDLE_NAME}/poq/witness_generator.exe" mv witness-generators/poq-artifact/poq.dat "${BUNDLE_NAME}/poq/witness_generator.dat" mv witness-generators/zksign-artifact/signature.exe "${BUNDLE_NAME}/zksign/witness_generator.exe" mv witness-generators/zksign-artifact/signature.dat "${BUNDLE_NAME}/zksign/witness_generator.dat" mv witness-generators/poc-artifact/poc.exe "${BUNDLE_NAME}/poc/witness_generator.exe" mv witness-generators/poc-artifact/poc.dat "${BUNDLE_NAME}/poc/witness_generator.dat" # Copy proving keys and verification keys into each circuit directory cp proving-keys/pol-proving-key/pol.zkey "${BUNDLE_NAME}/pol/proving_key.zkey" cp proving-keys/pol-proving-key/pol_verification_key.json "${BUNDLE_NAME}/pol/verification_key.json" cp proving-keys/poq-proving-key/poq.zkey "${BUNDLE_NAME}/poq/proving_key.zkey" cp proving-keys/poq-proving-key/poq_verification_key.json "${BUNDLE_NAME}/poq/verification_key.json" cp proving-keys/zksign-proving-key/zksign.zkey "${BUNDLE_NAME}/zksign/proving_key.zkey" cp proving-keys/zksign-proving-key/zksign_verification_key.json "${BUNDLE_NAME}/zksign/verification_key.json" cp proving-keys/poc-proving-key/poc.zkey "${BUNDLE_NAME}/poc/proving_key.zkey" cp proving-keys/poc-proving-key/poc_verification_key.json "${BUNDLE_NAME}/poc/verification_key.json" # Create tarball tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Upload Unified Release Bundle uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz build-macos: name: Build MacOS Binaries (Native) runs-on: macos-latest needs: - setup - generate-proving-keys env: VERSION: ${{ needs.setup.outputs.version }} ARCH: aarch64 OS: macos steps: - name: Install Rust Toolchain uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 with: toolchain: stable cache: false - name: Install Circom run: | git clone https://github.com/iden3/circom.git cd circom RUSTFLAGS="-A dead_code" cargo build --release RUSTFLAGS="-A dead_code" cargo install --path circom circom --version - name: Checkout uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709 - name: Initialise Submodules run: git submodule update --init --recursive - name: Setup Dependencies run: mkdir include - name: Install Dependencies [Witness Generator] run: brew install nlohmann-json - name: Install Dependencies [Prover] run: brew install nasm m4 - name: Compile Prover and Verifier working-directory: rapidsnark run: | ./build_gmp.sh macos_arm64 make macos_arm64 - name: Bundle Rapidsnark Prover env: BINARY_NAME: prover BUNDLE_NAME: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} RAPIDSNARK_DIR: rapidsnark/package_macos_arm64 run: | BUNDLE_DIR="${BUNDLE_NAME}/${BINARY_NAME}" mkdir -p "$BUNDLE_DIR" mv "${RAPIDSNARK_DIR}/bin/${BINARY_NAME}" "$BUNDLE_DIR/" tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Bundle Rapidsnark Verifier env: BINARY_NAME: verifier BUNDLE_NAME: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} RAPIDSNARK_DIR: rapidsnark/package_macos_arm64 run: | BUNDLE_DIR="${BUNDLE_NAME}/${BINARY_NAME}" mkdir -p "$BUNDLE_DIR" mv "${RAPIDSNARK_DIR}/bin/${BINARY_NAME}" "$BUNDLE_DIR/" tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Upload Rapidsnark Prover uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: prover-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz - name: Upload Rapidsnark Verifier uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: verifier-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz - name: Compile PoL Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoL" circuit-name-binary: "pol" circuit-path: "mantle/pol.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile PoQ Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoQ" circuit-name-binary: "poq" circuit-path: "blend/poq.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile ZKSign Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "ZKSign" circuit-name-binary: "zksign" circuit-path: "mantle/signature.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Compile PoC Witness Generator uses: ./.github/actions/compile-witness-generator with: circuit-name-display: "PoC" circuit-name-binary: "poc" circuit-path: "mantle/poc.circom" version: ${{ env.VERSION }} os: ${{ env.OS }} arch: ${{ env.ARCH }} - name: Download PoL Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: pol-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/pol-artifact - name: Download PoQ Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: poq-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/poq-artifact - name: Download ZKSign Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: zksign-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/zksign-artifact - name: Download PoC Witness Generator uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: poc-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} path: witness-generators/poc-artifact - name: Download All Proving Key Artifacts uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: pattern: "*-proving-key" path: proving-keys/ - name: Create Unified Release Bundle env: BUNDLE_NAME: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }} run: | # Create the bundle directory structure mkdir -p "${BUNDLE_NAME}"/{pol,poq,zksign,poc} # Create VERSION file echo "${{ env.VERSION }}" > "${BUNDLE_NAME}/VERSION" # Move witness generators into their respective circuit directories mv witness-generators/pol-artifact/pol "${BUNDLE_NAME}/pol/witness_generator" mv witness-generators/pol-artifact/pol.dat "${BUNDLE_NAME}/pol/witness_generator.dat" mv witness-generators/poq-artifact/poq "${BUNDLE_NAME}/poq/witness_generator" mv witness-generators/poq-artifact/poq.dat "${BUNDLE_NAME}/poq/witness_generator.dat" mv witness-generators/zksign-artifact/signature "${BUNDLE_NAME}/zksign/witness_generator" mv witness-generators/zksign-artifact/signature.dat "${BUNDLE_NAME}/zksign/witness_generator.dat" mv witness-generators/poc-artifact/poc "${BUNDLE_NAME}/poc/witness_generator" mv witness-generators/poc-artifact/poc.dat "${BUNDLE_NAME}/poc/witness_generator.dat" # Restore execute permissions on witness generators chmod +x "${BUNDLE_NAME}/pol/witness_generator" chmod +x "${BUNDLE_NAME}/poq/witness_generator" chmod +x "${BUNDLE_NAME}/zksign/witness_generator" chmod +x "${BUNDLE_NAME}/poc/witness_generator" # Copy proving keys and verification keys into each circuit directory cp proving-keys/pol-proving-key/pol.zkey "${BUNDLE_NAME}/pol/proving_key.zkey" cp proving-keys/pol-proving-key/pol_verification_key.json "${BUNDLE_NAME}/pol/verification_key.json" cp proving-keys/poq-proving-key/poq.zkey "${BUNDLE_NAME}/poq/proving_key.zkey" cp proving-keys/poq-proving-key/poq_verification_key.json "${BUNDLE_NAME}/poq/verification_key.json" cp proving-keys/zksign-proving-key/zksign.zkey "${BUNDLE_NAME}/zksign/proving_key.zkey" cp proving-keys/zksign-proving-key/zksign_verification_key.json "${BUNDLE_NAME}/zksign/verification_key.json" cp proving-keys/poc-proving-key/poc.zkey "${BUNDLE_NAME}/poc/proving_key.zkey" cp proving-keys/poc-proving-key/poc_verification_key.json "${BUNDLE_NAME}/poc/verification_key.json" # Create tarball tar -czf "${BUNDLE_NAME}.tar.gz" "${BUNDLE_NAME}" - name: Upload Unified Release Bundle uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 with: name: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz path: nomos-circuits-${{ env.VERSION }}-${{ env.OS }}-${{ env.ARCH }}.tar.gz publish-release: name: Create Release runs-on: ubuntu-latest # Only create releases for tags, not for PRs if: github.ref_type == 'tag' || github.event_name == 'workflow_dispatch' needs: - setup - generate-proving-keys - build-linux - build-windows - build-macos env: TAG: ${{ needs.setup.outputs.tag }} VERSION: ${{ needs.setup.outputs.version }} outputs: upload_url: ${{ steps.create_release.outputs.upload_url }} steps: - name: Create Release uses: actions/create-release@4c11c9fe1dcd9636620a16455165783b20fc7ea0 id: create_release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ env.TAG }} release_name: Circom Circuits ${{ env.VERSION }} body: | This is a release of Circom Circuits ${{ env.VERSION }}. ## Changelog - feature(X): new feature - fix(Y): bug description - feature: performance improvement on Z ## Checklist Before publishing please ensure: - [ ] Description is complete - [ ] Changelog is correct - [ ] Assets for all platforms exist - [ ] Pre-release is checked if necessary - [ ] Remove this checklist before publishing the release. draft: true prerelease: true upload-artifacts: name: Upload Unified Bundles to Release runs-on: ubuntu-latest # Only upload to release for tags, not for PRs if: github.ref_type == 'tag' || github.event_name == 'workflow_dispatch' needs: - setup - publish-release strategy: fail-fast: false matrix: platform: - os: linux arch: x86_64 - os: macos arch: aarch64 - os: windows arch: x86_64 env: UPLOAD_URL: ${{ needs.publish-release.outputs.upload_url }} ARTIFACT_NAME: nomos-circuits-${{ needs.setup.outputs.version }}-${{ matrix.platform.os }}-${{ matrix.platform.arch }}.tar.gz steps: - name: Download Unified Bundle uses: actions/download-artifact@448e3f862ab3ef47aa50ff917776823c9946035b with: name: ${{ env.ARTIFACT_NAME }} - name: Upload Unified Bundle to Release uses: actions/upload-release-asset@ef2adfe8cb8ebfa540930c452c576b3819990faa env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ env.UPLOAD_URL }} asset_path: ${{ env.ARTIFACT_NAME }} asset_name: ${{ env.ARTIFACT_NAME }} asset_content_type: application/octet-stream