name: Lint on: push: branches: ["*"] pull_request: env: CARGO_TERM_COLOR: always permissions: actions: read contents: read concurrency: group: lint-${{ github.ref }} cancel-in-progress: true jobs: fmt: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh "${VERSION}" "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 components: rustfmt - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - uses: actions/cache@v4 with: path: target key: ${{ runner.os }}-target-fmt-${{ hashFiles('**/Cargo.lock') }}-nightly-2025-09-14 restore-keys: ${{ runner.os }}-target-fmt- - run: cargo +nightly-2025-09-14 fmt --all -- --check clippy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh "${VERSION}" "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 components: clippy - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - uses: actions/cache@v4 with: path: target key: ${{ runner.os }}-target-clippy-${{ hashFiles('**/Cargo.lock') }}-nightly-2025-09-14 restore-keys: ${{ runner.os }}-target-clippy- - run: cargo +nightly-2025-09-14 clippy --all --all-targets --all-features -- -D warnings deny: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh "${VERSION}" "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install cargo-deny run: cargo install cargo-deny --locked --version 0.18.2 - run: cargo deny check --hide-inclusion-graph -c .cargo-deny.toml --show-stats -D warnings taplo: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - name: Install taplo run: | TAPLO_VERSION=0.9.3 cargo install taplo-cli --locked --version ${TAPLO_VERSION} - run: taplo fmt --check - run: taplo lint machete: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh "${VERSION}" "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install cargo-machete run: cargo +nightly-2025-09-14 install --git https://github.com/bnjbvr/cargo-machete --locked cargo-machete - run: cargo machete host_smoke: runs-on: ubuntu-latest env: POL_PROOF_DEV_MODE: true LOCAL_DEMO_RUN_SECS: 120 LOCAL_DEMO_VALIDATORS: 1 LOCAL_DEMO_EXECUTORS: 1 NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_KZGRS_PARAMS_PATH: ${{ github.workspace }}/.tmp/kzgrs_test_params CARGO_INCREMENTAL: 0 CARGO_PROFILE_DEV_DEBUG: 0 RUSTFLAGS: -C debuginfo=0 RUST_LOG: info,libp2p_swarm=debug,libp2p_quic=debug steps: - uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - name: Set temp dir run: | echo "TMPDIR=${{ runner.temp }}" >> "$GITHUB_ENV" echo "CARGO_TARGET_DIR=${{ runner.temp }}/target-local" >> "$GITHUB_ENV" echo "NOMOS_LOG_DIR=${{ runner.temp }}/local-logs" >> "$GITHUB_ENV" echo "NOMOS_STATE_DIR=${{ runner.temp }}/nomos-state" >> "$GITHUB_ENV" rm -rf "${{ runner.temp }}/local-logs" "${{ runner.temp }}/nomos-state" mkdir -p "${{ runner.temp }}/local-logs" "${{ runner.temp }}/nomos-state" - name: Clean workspace caches run: | rm -rf .tmp/nomos-* testing-framework/assets/stack/kzgrs_test_params mkdir -p .tmp - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | set -euo pipefail if command -v sudo >/dev/null 2>&1; then sudo apt-get update sudo apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm else apt-get update apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Restore cached nomos binaries id: restore-nomos-bins-host uses: actions/cache@v4 with: path: ${{ github.workspace }}/.tmp/nomos-binaries.tar.gz key: ${{ runner.os }}-nomos-binaries-${{ env.VERSION }}-${{ env.NOMOS_BUNDLE_VERSION }} - name: Download nomos binaries artifact (fallback) if: steps.restore-nomos-bins-host.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ARTIFACT_NAME: nomos-binaries-${{ runner.os }}-${{ env.VERSION }}-${{ env.NOMOS_BUNDLE_VERSION }} run: | set -euo pipefail mkdir -p "${TMPDIR}" artifact_id=$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts" --paginate -F per_page=100 \ --jq '.artifacts[] | select(.name=="'"${ARTIFACT_NAME}"'") | .id' | head -n1) if [ -z "$artifact_id" ]; then echo "Nomos binaries artifact ${ARTIFACT_NAME} not found; building host bundle locally." ./scripts/build-bundle.sh --platform host --output "${GITHUB_WORKSPACE}/.tmp/nomos-binaries-host-${VERSION}.tar.gz" exit 0 fi gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip" > "${TMPDIR}/nomos-binaries.zip" unzip -o "${TMPDIR}/nomos-binaries.zip" -d "${TMPDIR}" found_tar="$(find "${TMPDIR}" -name 'nomos-binaries-*.tar.gz' -maxdepth 2 | head -n1)" if [ -z "$found_tar" ]; then echo "Expected a nomos-binaries tar.gz in downloaded artifact" >&2 exit 1 fi mkdir -p "${GITHUB_WORKSPACE}/.tmp" mv "$found_tar" "${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" - name: Normalize host bundle path run: | set -euo pipefail mkdir -p .tmp SRC="${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" DEST="${GITHUB_WORKSPACE}/.tmp/nomos-binaries-host-${VERSION}.tar.gz" if [ -f "${SRC}" ]; then mv "${SRC}" "${DEST}" echo "NOMOS_BINARIES_TAR=${DEST}" >> "$GITHUB_ENV" else echo "Expected ${SRC} not found" >&2 exit 1 fi - name: Run host demo (scripted) env: NOMOS_TESTS_KEEP_LOGS: "true" RUST_LOG: "info" NOMOS_LOG_DIR: "${{ runner.temp }}/local-logs" run: | scripts/run-examples.sh -t 120 -v 1 -e 1 host - name: Collect host demo logs (on failure) if: failure() run: | if [ -d "${NOMOS_LOG_DIR}" ]; then tar -czf "${RUNNER_TEMP}/local-logs.tgz" -C "$(dirname "${NOMOS_LOG_DIR}")" "$(basename "${NOMOS_LOG_DIR}")" echo "Local logs tar: $(realpath ${RUNNER_TEMP}/local-logs.tgz)" find "${NOMOS_LOG_DIR}" -type f -print else echo "No local logs directory at ${NOMOS_LOG_DIR}" fi - name: Upload host smoke logs if: failure() id: upload-local-logs uses: actions/upload-artifact@v4 with: name: host-smoke-logs path: ${{ runner.temp }}/local-logs.tgz if-no-files-found: error - name: Print host smoke logs download URL if: failure() env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh api "repos/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/artifacts" \ --jq '.artifacts[] | select(.name=="host-smoke-logs") | "host-smoke-logs: \(.archive_download_url)"' || true compose_smoke: runs-on: ubuntu-latest env: TMPDIR: ${{ github.workspace }}/.tmp NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_TESTNET_IMAGE: nomos-testnet:${{ github.run_id }} DOCKER_BUILDKIT: 1 CARGO_INCREMENTAL: 0 CARGO_PROFILE_DEV_DEBUG: 0 RUSTFLAGS: -C debuginfo=0 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Load versions run: | set -euo pipefail if [ ! -f versions.env ]; then echo "versions.env missing; populate VERSION, NOMOS_NODE_REV, NOMOS_BUNDLE_VERSION" >&2 exit 1 fi set -a . versions.env set +a cat versions.env >> "$GITHUB_ENV" : "${VERSION:?Missing VERSION}" : "${NOMOS_NODE_REV:?Missing NOMOS_NODE_REV}" : "${NOMOS_BUNDLE_VERSION:?Missing NOMOS_BUNDLE_VERSION}" - name: Prepare workspace tmpdir run: mkdir -p "$TMPDIR" - name: Restore cached nomos binaries id: restore-nomos-bins uses: actions/cache@v4 with: path: ${{ github.workspace }}/.tmp/nomos-binaries.tar.gz key: ${{ runner.os }}-nomos-binaries-${{ env.VERSION }}-${{ env.NOMOS_BUNDLE_VERSION }} - name: Download nomos binaries artifact (fallback) if: steps.restore-nomos-bins.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ARTIFACT_NAME: nomos-binaries-${{ runner.os }}-${{ env.VERSION }}-${{ env.NOMOS_BUNDLE_VERSION }} run: | set -euo pipefail download_dir="${TMPDIR}/nomos-binaries-download" rm -rf "${download_dir}" mkdir -p "${download_dir}" artifact_id=$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts" --paginate -F per_page=100 \ --jq '.artifacts[] | select(.name=="'"${ARTIFACT_NAME}"'") | .id' | head -n1) if [ -z "$artifact_id" ]; then echo "Nomos binaries artifact ${ARTIFACT_NAME} not found; building linux bundle locally." ./scripts/build-bundle.sh --platform linux --output "${GITHUB_WORKSPACE}/.tmp/nomos-binaries-linux-${VERSION}.tar.gz" exit 0 fi gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip" > "${download_dir}/nomos-binaries.zip" unzip -o "${download_dir}/nomos-binaries.zip" -d "${download_dir}" found_tar="$(find "${download_dir}" -name 'nomos-binaries-*.tar.gz' -maxdepth 2 | head -n1)" if [ -z "$found_tar" ]; then echo "Expected a nomos-binaries tar.gz in downloaded artifact" >&2 exit 1 fi mv "${found_tar}" "${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" - name: Normalize linux bundle path run: | set -euo pipefail mkdir -p .tmp SRC="${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" DEST="${GITHUB_WORKSPACE}/.tmp/nomos-binaries-linux-${VERSION}.tar.gz" if [ -f "${SRC}" ]; then mv "${SRC}" "${DEST}" echo "NOMOS_BINARIES_TAR=${DEST}" >> "$GITHUB_ENV" else echo "Expected ${SRC} not found" >&2 exit 1 fi - name: Set compose target dir run: echo "CARGO_TARGET_DIR=${RUNNER_TEMP}/target-compose" >> "$GITHUB_ENV" - name: Install Rust toolchain uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | set -euo pipefail if command -v sudo >/dev/null 2>&1; then sudo apt-get update sudo apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm else apt-get update apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm fi - name: Free disk space for compose build run: | set -euo pipefail sudo rm -rf /usr/share/dotnet /opt/ghc /opt/hostedtoolcache/CodeQL || true docker system prune -af --volumes || true - name: Cache cargo registry uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Run compose mixed workload binary env: POL_PROOF_DEV_MODE: "true" COMPOSE_NODE_PAIRS: "1x1" NOMOS_TESTNET_IMAGE: ${{ env.NOMOS_TESTNET_IMAGE }} COMPOSE_RUNNER_HOST: "127.0.0.1" NOMOS_TIME_BACKEND: "monotonic" NOMOS_KZGRS_PARAMS_PATH: "/kzgrs_test_params/kzgrs_test_params" RUST_BACKTRACE: "1" NOMOS_TESTS_TRACING: "true" RUST_LOG: "info" NOMOS_LOG_LEVEL: "info" NOMOS_LOG_DIR: "${{ github.workspace }}/.tmp/compose-logs" run: | mkdir -p "$TMPDIR" scripts/run-examples.sh -t 120 -v 1 -e 1 compose - name: Show compose runner log env: LOG_DIR: "${{ github.workspace }}/.tmp/compose-logs" run: | if [ -f "${LOG_DIR}/runner.log" ]; then echo "=== runner.log (tail) ===" tail -n 200 "${LOG_DIR}/runner.log" else echo "runner.log not found under ${LOG_DIR}" fi - name: Collect compose logs if: failure() run: | mkdir -p ci-artifacts/compose if [ -d "${TMPDIR}/compose-logs" ]; then tar -czf ci-artifacts/compose/node-logs.tgz -C "${TMPDIR}/compose-logs" . echo "Node logs tar: $(realpath ci-artifacts/compose/node-logs.tgz)" find "${TMPDIR}/compose-logs" -type f -print fi mkdir -p ci-artifacts/compose docker ps -a --filter "name=nomos-compose-" --format '{{.ID}} {{.Names}} {{.Status}}' > ci-artifacts/compose/containers.txt || true echo "Containers list: $(realpath ci-artifacts/compose/containers.txt)" for id in $(docker ps -a --filter "name=nomos-compose-" -q); do docker logs "$id" > "ci-artifacts/compose/${id}.log" 2>&1 || true echo "Container log: $(realpath ci-artifacts/compose/${id}.log)" done - name: Upload compose artifacts if: failure() uses: actions/upload-artifact@v4 with: name: compose-mixed-workload-logs path: ci-artifacts if-no-files-found: ignore - name: Cleanup compose containers if: always() run: | ids=$(docker ps -a --filter "name=nomos-compose-" -q) if [ -n "$ids" ]; then docker rm -f $ids fi