From 74ecd6528be4098f5ac5a9ae41d25898fe97a535 Mon Sep 17 00:00:00 2001 From: andrussal Date: Tue, 9 Dec 2025 15:38:33 +0100 Subject: [PATCH] Centralize versions via env, harden bundle/image builds, and add arch checks for compose --- .github/workflows/build-binaries.yml | 5 +++ .github/workflows/lint.yml | 44 ++++++++++++++++++- scripts/build-bundle.sh | 16 +++++-- scripts/run-examples.sh | 8 +++- scripts/setup-circuits-stack.sh | 6 ++- testing-framework/assets/stack/Dockerfile | 4 ++ .../assets/stack/scripts/build_test_image.sh | 4 ++ .../stack/scripts/run_nomos_executor.sh | 25 +++++++++++ .../assets/stack/scripts/run_nomos_node.sh | 25 +++++++++++ versions.env | 3 ++ 10 files changed, 132 insertions(+), 8 deletions(-) create mode 100644 versions.env diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index aae0cc4..35ca7e6 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -24,6 +24,11 @@ jobs: CARGO_TARGET_DIR: ${{ github.workspace }}/.tmp/nomos-target steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e01fd30..856e6bc 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -24,6 +24,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" @@ -50,6 +55,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" @@ -76,6 +86,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" @@ -98,6 +113,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 @@ -112,6 +132,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" @@ -133,7 +158,7 @@ jobs: host_smoke: runs-on: ubuntu-latest env: - VERSION: v0.3.1 + VERSION: ${{ env.VERSION }} POL_PROOF_DEV_MODE: true LOCAL_DEMO_RUN_SECS: 120 LOCAL_DEMO_VALIDATORS: 1 @@ -146,6 +171,11 @@ jobs: RUST_LOG: info,libp2p_swarm=debug,libp2p_quic=debug steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Set temp dir run: | echo "TMPDIR=${{ runner.temp }}" >> "$GITHUB_ENV" @@ -252,7 +282,7 @@ jobs: compose_smoke: runs-on: ubuntu-latest env: - VERSION: v0.3.1 + VERSION: ${{ env.VERSION }} TMPDIR: ${{ github.workspace }}/.tmp NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_TESTNET_IMAGE: nomos-testnet:${{ github.run_id }} @@ -263,6 +293,11 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - name: Prepare workspace tmpdir run: mkdir -p "$TMPDIR" @@ -410,6 +445,11 @@ jobs: RUSTUP_TOOLCHAIN: nightly-2025-09-14 steps: - uses: actions/checkout@v4 + - name: Load versions + run: | + if [ -f versions.env ]; then + cat versions.env >> "$GITHUB_ENV" + fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 diff --git a/scripts/build-bundle.sh b/scripts/build-bundle.sh index fb542ae..79a7ebf 100755 --- a/scripts/build-bundle.sh +++ b/scripts/build-bundle.sh @@ -29,8 +29,12 @@ if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then fi ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -DEFAULT_VERSION="v0.3.1" -DEFAULT_NODE_REV="d2dd5a5084e1daef4032562c77d41de5e4d495f8" +if [ -f "${ROOT_DIR}/versions.env" ]; then + # shellcheck disable=SC1091 + . "${ROOT_DIR}/versions.env" +fi +DEFAULT_VERSION="${VERSION:-v0.3.1}" +DEFAULT_NODE_REV="${NOMOS_NODE_REV:-d2dd5a5084e1daef4032562c77d41de5e4d495f8}" PLATFORM="host" OUTPUT="" @@ -51,8 +55,12 @@ esac VERSION="${VERSION:-${DEFAULT_VERSION}}" NOMOS_NODE_REV="${NOMOS_NODE_REV:-${DEFAULT_NODE_REV}}" + +# Normalize OUTPUT to an absolute path under the workspace. if [ -z "${OUTPUT}" ]; then OUTPUT="${ROOT_DIR}/.tmp/nomos-binaries-${PLATFORM}-${VERSION}.tar.gz" +elif [[ "${OUTPUT}" != /* ]]; then + OUTPUT="${ROOT_DIR}/${OUTPUT#./}" fi if [ "$PLATFORM" = "linux" ] && [ "$(uname -s)" != "Linux" ] && [ -z "${BUNDLE_IN_CONTAINER:-}" ]; then @@ -61,6 +69,8 @@ if [ "$PLATFORM" = "linux" ] && [ "$(uname -s)" != "Linux" ] && [ -z "${BUNDLE_I fail "Docker is required to build a Linux bundle from non-Linux host" fi echo "==> Building Linux bundle inside Docker" + # Map host OUTPUT path into container. + container_output="/workspace${OUTPUT#"${ROOT_DIR}"}" mkdir -p "${ROOT_DIR}/.tmp/cargo-linux" "${ROOT_DIR}/.tmp/nomos-node-linux-target" docker run --rm \ -e VERSION="$VERSION" \ @@ -76,7 +86,7 @@ if [ "$PLATFORM" = "linux" ] && [ "$(uname -s)" != "Linux" ] && [ -z "${BUNDLE_I -v "$ROOT_DIR":/workspace \ -w /workspace \ rust:1.80-bullseye \ - bash -c "apt-get update && apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm && ./scripts/build-bundle.sh --platform linux --output /workspace/.tmp/nomos-binaries-linux-${VERSION}.tar.gz" + bash -c "apt-get update && apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm && ./scripts/build-bundle.sh --platform linux --output \"${container_output}\"" exit 0 fi diff --git a/scripts/run-examples.sh b/scripts/run-examples.sh index ea984a7..79a23b2 100755 --- a/scripts/run-examples.sh +++ b/scripts/run-examples.sh @@ -54,8 +54,12 @@ if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then fi readonly ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -readonly DEFAULT_VERSION="v0.3.1" -readonly DEFAULT_NODE_REV="d2dd5a5084e1daef4032562c77d41de5e4d495f8" +if [ -f "${ROOT_DIR}/versions.env" ]; then + # shellcheck disable=SC1091 + . "${ROOT_DIR}/versions.env" +fi +readonly DEFAULT_VERSION="${VERSION:-v0.3.1}" +readonly DEFAULT_NODE_REV="${NOMOS_NODE_REV:-d2dd5a5084e1daef4032562c77d41de5e4d495f8}" MODE="compose" RUN_SECS_RAW="" VERSION="${VERSION:-${DEFAULT_VERSION}}" diff --git a/scripts/setup-circuits-stack.sh b/scripts/setup-circuits-stack.sh index 32de0cb..a62179d 100755 --- a/scripts/setup-circuits-stack.sh +++ b/scripts/setup-circuits-stack.sh @@ -17,7 +17,11 @@ set -euo pipefail # NOMOS_CIRCUITS_REBUILD_RAPIDSNARK - set to 1 to force rebuild (not needed for mac arm/x86 bundles) ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" -VERSION="${1:-v0.3.1}" +if [ -f "${ROOT_DIR}/versions.env" ]; then + # shellcheck disable=SC1091 + . "${ROOT_DIR}/versions.env" +fi +VERSION="${1:-${VERSION:-v0.3.1}}" STACK_DIR="${STACK_DIR:-${ROOT_DIR}/testing-framework/assets/stack/kzgrs_test_params}" HOST_DIR="${HOST_DIR:-${ROOT_DIR}/.tmp/nomos-circuits-host}" NOMOS_NODE_REV="${NOMOS_NODE_REV:-d2dd5a5084e1daef4032562c77d41de5e4d495f8}" diff --git a/testing-framework/assets/stack/Dockerfile b/testing-framework/assets/stack/Dockerfile index 5feb35f..ab31aa6 100644 --- a/testing-framework/assets/stack/Dockerfile +++ b/testing-framework/assets/stack/Dockerfile @@ -96,6 +96,10 @@ RUN set -eu; \ }; \ bin_matches_arch() { \ BIN_INFO="$(file -b testing-framework/assets/stack/bin/nomos-node 2>/dev/null || true)"; \ + case "$BIN_INFO" in \ + *ELF*);; \ + *) return 1 ;; \ + esac; \ case "$TARGET_ARCH" in \ x86_64) PATTERN="x86-64|x86_64" ;; \ aarch64|arm64) PATTERN="arm64|aarch64" ;; \ diff --git a/testing-framework/assets/stack/scripts/build_test_image.sh b/testing-framework/assets/stack/scripts/build_test_image.sh index 3ba6379..10aeb5e 100755 --- a/testing-framework/assets/stack/scripts/build_test_image.sh +++ b/testing-framework/assets/stack/scripts/build_test_image.sh @@ -6,6 +6,10 @@ set -euo pipefail # from logos-co/nomos-circuits. ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../../.." && pwd)" +if [ -f "${ROOT_DIR}/versions.env" ]; then + # shellcheck disable=SC1091 + . "${ROOT_DIR}/versions.env" +fi DOCKERFILE_PATH="${ROOT_DIR}/testing-framework/assets/stack/Dockerfile" IMAGE_TAG="${IMAGE_TAG:-nomos-testnet:local}" VERSION="${VERSION:-v0.3.1}" diff --git a/testing-framework/assets/stack/scripts/run_nomos_executor.sh b/testing-framework/assets/stack/scripts/run_nomos_executor.sh index 46f98d9..1a57bc1 100755 --- a/testing-framework/assets/stack/scripts/run_nomos_executor.sh +++ b/testing-framework/assets/stack/scripts/run_nomos_executor.sh @@ -2,6 +2,31 @@ set -e +check_binary_arch() { + if ! command -v file >/dev/null 2>&1; then + echo "Warning: 'file' command not available; skipping nomos-executor arch check" >&2 + return + fi + bin_info="$(file -b /usr/bin/nomos-executor 2>/dev/null || true)" + host_arch="$(uname -m)" + case "$bin_info" in + *"Mach-O"*) echo "nomos-executor binary is Mach-O (host bundle) but container requires Linux ELF for ${host_arch}" >&2; exit 126 ;; + *"ELF"*) : ;; + *) echo "nomos-executor binary missing or unreadable; info='${bin_info}'" >&2; exit 126 ;; + esac + case "$host_arch" in + x86_64) expected="x86-64|x86_64" ;; + aarch64|arm64) expected="arm64|aarch64" ;; + *) expected="" ;; + esac + if [ -n "$expected" ] && ! echo "$bin_info" | grep -Eqi "$expected"; then + echo "nomos-executor binary architecture mismatch: host=${host_arch}, file='${bin_info}'" >&2 + exit 126 + fi +} + +check_binary_arch + export CFG_FILE_PATH="/config.yaml" \ CFG_SERVER_ADDR="${CFG_SERVER_ADDR:-http://cfgsync:4400}" \ CFG_HOST_IP=$(hostname -i) \ diff --git a/testing-framework/assets/stack/scripts/run_nomos_node.sh b/testing-framework/assets/stack/scripts/run_nomos_node.sh index 2d95189..7d351d3 100755 --- a/testing-framework/assets/stack/scripts/run_nomos_node.sh +++ b/testing-framework/assets/stack/scripts/run_nomos_node.sh @@ -2,6 +2,31 @@ set -e +check_binary_arch() { + if ! command -v file >/dev/null 2>&1; then + echo "Warning: 'file' command not available; skipping nomos-node arch check" >&2 + return + fi + bin_info="$(file -b /usr/bin/nomos-node 2>/dev/null || true)" + host_arch="$(uname -m)" + case "$bin_info" in + *"Mach-O"*) echo "nomos-node binary is Mach-O (host bundle) but container requires Linux ELF for ${host_arch}" >&2; exit 126 ;; + *"ELF"*) : ;; + *) echo "nomos-node binary missing or unreadable; info='${bin_info}'" >&2; exit 126 ;; + esac + case "$host_arch" in + x86_64) expected="x86-64|x86_64" ;; + aarch64|arm64) expected="arm64|aarch64" ;; + *) expected="" ;; + esac + if [ -n "$expected" ] && ! echo "$bin_info" | grep -Eqi "$expected"; then + echo "nomos-node binary architecture mismatch: host=${host_arch}, file='${bin_info}'" >&2 + exit 126 + fi +} + +check_binary_arch + export CFG_FILE_PATH="/config.yaml" \ CFG_SERVER_ADDR="${CFG_SERVER_ADDR:-http://cfgsync:4400}" \ CFG_HOST_IP=$(hostname -i) \ diff --git a/versions.env b/versions.env new file mode 100644 index 0000000..cc4b197 --- /dev/null +++ b/versions.env @@ -0,0 +1,3 @@ +VERSION=v0.3.1 +NOMOS_NODE_REV=d2dd5a5084e1daef4032562c77d41de5e4d495f8 +NOMOS_BUNDLE_VERSION=v4