name: Lint on: push: branches: ["*"] pull_request: env: CARGO_TERM_COLOR: always NOMOS_NODE_REV: d2dd5a5084e1daef4032562c77d41de5e4d495f8 NOMOS_BUNDLE_VERSION: v4 permissions: actions: read contents: read pages: write id-token: write concurrency: group: lint-${{ github.ref }} cancel-in-progress: true jobs: fmt: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 components: rustfmt - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - uses: actions/cache@v4 with: path: target key: ${{ runner.os }}-target-fmt-${{ hashFiles('**/Cargo.lock') }}-nightly-2025-09-14 restore-keys: ${{ runner.os }}-target-fmt- - run: cargo +nightly-2025-09-14 fmt --all -- --check clippy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 components: clippy - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - uses: actions/cache@v4 with: path: target key: ${{ runner.os }}-target-clippy-${{ hashFiles('**/Cargo.lock') }}-nightly-2025-09-14 restore-keys: ${{ runner.os }}-target-clippy- - run: cargo +nightly-2025-09-14 clippy --all --all-targets --all-features -- -D warnings deny: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install cargo-deny run: cargo install cargo-deny --locked --version 0.18.2 - run: cargo deny check --hide-inclusion-graph -c .cargo-deny.toml --show-stats -D warnings taplo: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - name: Install taplo run: | TAPLO_VERSION=0.9.3 cargo install taplo-cli --locked --version ${TAPLO_VERSION} - run: taplo fmt --check - run: taplo lint machete: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install cargo-machete run: cargo +nightly-2025-09-14 install --git https://github.com/bnjbvr/cargo-machete --locked cargo-machete - run: cargo machete local_smoke: runs-on: ubuntu-latest env: POL_PROOF_DEV_MODE: true LOCAL_DEMO_RUN_SECS: 120 LOCAL_DEMO_VALIDATORS: 1 LOCAL_DEMO_EXECUTORS: 1 NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_KZGRS_PARAMS_PATH: ${{ github.workspace }}/.tmp/kzgrs_test_params CARGO_INCREMENTAL: 0 CARGO_PROFILE_DEV_DEBUG: 0 RUSTFLAGS: -C debuginfo=0 RUST_LOG: info,libp2p_swarm=debug,libp2p_quic=debug steps: - uses: actions/checkout@v4 - name: Set temp dir run: | echo "TMPDIR=${{ runner.temp }}" >> "$GITHUB_ENV" echo "CARGO_TARGET_DIR=${{ runner.temp }}/target-local" >> "$GITHUB_ENV" echo "NOMOS_LOG_DIR=${{ runner.temp }}/local-logs" >> "$GITHUB_ENV" echo "NOMOS_STATE_DIR=${{ runner.temp }}/nomos-state" >> "$GITHUB_ENV" rm -rf "${{ runner.temp }}/local-logs" "${{ runner.temp }}/nomos-state" mkdir -p "${{ runner.temp }}/local-logs" "${{ runner.temp }}/nomos-state" - name: Clean workspace caches run: | rm -rf .tmp/nomos-* testing-framework/assets/stack/kzgrs_test_params mkdir -p .tmp - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | set -euo pipefail if command -v sudo >/dev/null 2>&1; then sudo apt-get update sudo apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm else apt-get update apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Restore cached nomos binaries id: restore-nomos-bins uses: actions/cache@v4 with: path: ${{ github.workspace }}/nomos-binaries.tar.gz key: ${{ runner.os }}-nomos-binaries-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} - name: Download nomos binaries artifact (fallback) if: steps.restore-nomos-bins.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ARTIFACT_NAME: nomos-binaries-${{ runner.os }}-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} run: | set -euo pipefail artifact_id=$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts" --paginate -F per_page=100 \ --jq '.artifacts[] | select(.name=="'"${ARTIFACT_NAME}"'") | .id' | head -n1) if [ -z "$artifact_id" ]; then echo "Nomos binaries cache missing and artifact not found. Run manual build-binaries workflow." >&2 exit 1 fi gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip" > "${GITHUB_WORKSPACE}/artifact.zip" unzip -o "${GITHUB_WORKSPACE}/artifact.zip" -d "${GITHUB_WORKSPACE}" - name: Install nomos binaries and circuits run: | BIN_TAR="${GITHUB_WORKSPACE}/nomos-binaries.tar.gz" BIN_DIR="${RUNNER_TEMP}/nomos-binaries" mkdir -p "${BIN_DIR}" tar -xzf "${BIN_TAR}" -C "${BIN_DIR}" sudo cp "${BIN_DIR}/nomos-node" /usr/local/bin/ sudo cp "${BIN_DIR}/nomos-executor" /usr/local/bin/ sudo cp "${BIN_DIR}/nomos-cli" /usr/local/bin/ sudo chmod +x /usr/local/bin/nomos-node /usr/local/bin/nomos-executor /usr/local/bin/nomos-cli echo "NOMOS_NODE_BIN=/usr/local/bin/nomos-node" >> "$GITHUB_ENV" echo "NOMOS_EXECUTOR_BIN=/usr/local/bin/nomos-executor" >> "$GITHUB_ENV" if [ -d "${BIN_DIR}/circuits" ]; then echo "NOMOS_CIRCUITS=${BIN_DIR}/circuits" >> "$GITHUB_ENV" else echo "Circuits bundle missing in nomos-binaries tarball" >&2 exit 1 fi if [ -f "${BIN_DIR}/local_runner" ]; then echo "LOCAL_RUNNER_BIN=${BIN_DIR}/local_runner" >> "$GITHUB_ENV" fi - name: Download KZG params for DA (raw) run: | mkdir -p "$(dirname "${NOMOS_KZGRS_PARAMS_PATH}")" curl -fsSL "https://raw.githubusercontent.com/logos-co/nomos-node/${NOMOS_NODE_REV}/tests/kzgrs/kzgrs_test_params" \ -o "${NOMOS_KZGRS_PARAMS_PATH}" - name: Stage KZG params for local run run: | rm -rf testing-framework/assets/stack/kzgrs_test_params mkdir -p testing-framework/assets/stack/kzgrs_test_params rsync -a --delete "$NOMOS_CIRCUITS"/ testing-framework/assets/stack/kzgrs_test_params/ || true cp "${NOMOS_KZGRS_PARAMS_PATH}" testing-framework/assets/stack/kzgrs_test_params/kzgrs_test_params echo "NOMOS_KZGRS_PARAMS_PATH=${GITHUB_WORKSPACE}/testing-framework/assets/stack/kzgrs_test_params/kzgrs_test_params" >> "$GITHUB_ENV" - name: Run local runner smoke (ignored test) run: | NOMOS_TESTS_KEEP_LOGS=true LOCAL_DEMO_RUN_SECS=60 cargo +nightly-2025-09-14 test --all-features -p runner-examples --test local_runner_bin_smoke -- --ignored --nocapture - name: Show local runner logs (on failure) if: failure() run: | LOG_DIR="${NOMOS_LOG_DIR:-${RUNNER_TEMP}/local-logs}" if [ -d "$LOG_DIR" ]; then echo "Dumping *.log files from $LOG_DIR" if [ -f "$LOG_DIR/runner.log" ]; then echo "=== runner.log (tail) ===" tail -n 200 "$LOG_DIR/runner.log" fi find "$LOG_DIR" -maxdepth 2 -type f -name "*.log" ! -name "runner.log" -print -exec tail -n 200 {} \; else echo "No local logs directory at $LOG_DIR" fi - name: Archive local smoke logs if: always() run: | if [ -d "${NOMOS_LOG_DIR}" ]; then tar -czf "${RUNNER_TEMP}/local-logs.tgz" -C "$(dirname "${NOMOS_LOG_DIR}")" "$(basename "${NOMOS_LOG_DIR}")" echo "Local logs tar: $(realpath ${RUNNER_TEMP}/local-logs.tgz)" find "${NOMOS_LOG_DIR}" -type f -print else echo "No local logs directory at ${NOMOS_LOG_DIR}" fi - name: Upload local smoke logs if: failure() id: upload-local-logs uses: actions/upload-artifact@v4 with: name: local-smoke-logs path: ${{ runner.temp }}/local-logs.tgz if-no-files-found: error - name: Print local smoke logs download URL if: failure() env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh api "repos/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/artifacts" \ --jq '.artifacts[] | select(.name=="local-smoke-logs") | "local-smoke-logs: \(.archive_download_url)"' || true compose_smoke: runs-on: ubuntu-latest env: TMPDIR: ${{ github.workspace }}/.tmp NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_TESTNET_IMAGE: nomos-testnet:local DOCKER_BUILDKIT: 1 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Prepare workspace tmpdir run: mkdir -p "$TMPDIR" - name: Restore cached nomos binaries id: restore-nomos-bins-compose uses: actions/cache@v4 with: path: ${{ github.workspace }}/nomos-binaries.tar.gz key: ${{ runner.os }}-nomos-binaries-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} - name: Download nomos binaries artifact (fallback) if: steps.restore-nomos-bins-compose.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ARTIFACT_NAME: nomos-binaries-${{ runner.os }}-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} run: | set -euo pipefail artifact_id=$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts" --paginate -F per_page=100 \ --jq '.artifacts[] | select(.name=="'"${ARTIFACT_NAME}"'") | .id' | head -n1) if [ -z "$artifact_id" ]; then echo "Nomos binaries cache missing and artifact not found. Run manual build-binaries workflow." >&2 exit 1 fi gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip" > "${GITHUB_WORKSPACE}/artifact.zip" unzip -o "${GITHUB_WORKSPACE}/artifact.zip" -d "${GITHUB_WORKSPACE}" - name: Stage nomos binaries into build context run: | BIN_TAR="${GITHUB_WORKSPACE}/nomos-binaries.tar.gz" BIN_DIR="${RUNNER_TEMP}/nomos-binaries" mkdir -p "${BIN_DIR}" tar -xzf "${BIN_TAR}" -C "${BIN_DIR}" mkdir -p testing-framework/assets/stack/bin cp "${BIN_DIR}/nomos-node" testing-framework/assets/stack/bin/ cp "${BIN_DIR}/nomos-executor" testing-framework/assets/stack/bin/ cp "${BIN_DIR}/nomos-cli" testing-framework/assets/stack/bin/ rm -rf testing-framework/assets/stack/kzgrs_test_params mkdir -p testing-framework/assets/stack/kzgrs_test_params if [ -d "${BIN_DIR}/circuits" ]; then rsync -a --delete "${BIN_DIR}/circuits"/ testing-framework/assets/stack/kzgrs_test_params/ || true echo "NOMOS_CIRCUITS=${BIN_DIR}/circuits" >> "$GITHUB_ENV" echo "CIRCUITS_OVERRIDE=testing-framework/assets/stack/kzgrs_test_params" >> "$GITHUB_ENV" else echo "Circuits bundle missing in nomos-binaries tarball" >&2 exit 1 fi - name: Add top-level KZG params file for compose mount run: | curl -fsSL "https://raw.githubusercontent.com/logos-co/nomos-node/${NOMOS_NODE_REV}/tests/kzgrs/kzgrs_test_params" \ -o testing-framework/assets/stack/kzgrs_test_params/kzgrs_test_params - name: Prune docker to free space run: | docker system prune -af --volumes || true - name: Install Rust toolchain uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | set -euo pipefail if command -v sudo >/dev/null 2>&1; then sudo apt-get update sudo apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm else apt-get update apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm fi - name: Cache cargo registry uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Install circuits for host build env: NOMOS_CIRCUITS_PLATFORM: linux-x86_64 NOMOS_CIRCUITS_REBUILD_RAPIDSNARK: "0" RAPIDSNARK_FORCE_REBUILD: "0" RAPIDSNARK_BUILD_GMP: "0" RAPIDSNARK_USE_ASM: "OFF" run: | CIRCUITS_DIR="${NOMOS_CIRCUITS}" chmod +x scripts/setup-nomos-circuits.sh scripts/setup-nomos-circuits.sh v0.3.1 "$CIRCUITS_DIR" # Copy into build context so Docker doesn't need network rm -rf testing-framework/assets/stack/kzgrs_test_params mkdir -p testing-framework/assets/stack/kzgrs_test_params if command -v rsync >/dev/null 2>&1; then rsync -a --delete "$CIRCUITS_DIR"/ testing-framework/assets/stack/kzgrs_test_params/ else rm -rf testing-framework/assets/stack/kzgrs_test_params/* cp -a "$CIRCUITS_DIR"/. testing-framework/assets/stack/kzgrs_test_params/ fi echo "NOMOS_CIRCUITS=$CIRCUITS_DIR" >> "$GITHUB_ENV" echo "CIRCUITS_OVERRIDE=testing-framework/assets/stack/kzgrs_test_params" >> "$GITHUB_ENV" - name: Build compose test image env: DOCKER_CLI_HINTS: "false" IMAGE_TAG: ${{ env.NOMOS_TESTNET_IMAGE }} CIRCUITS_OVERRIDE: ${{ env.CIRCUITS_OVERRIDE }} run: | chmod +x testing-framework/assets/stack/scripts/build_test_image.sh testing-framework/assets/stack/scripts/build_test_image.sh - name: Run compose mixed workload binary env: POL_PROOF_DEV_MODE: "true" COMPOSE_NODE_PAIRS: "1x1" NOMOS_TESTNET_IMAGE: ${{ env.NOMOS_TESTNET_IMAGE }} COMPOSE_RUNNER_HOST: "127.0.0.1" RUST_BACKTRACE: "1" NOMOS_TESTS_TRACING: "true" NOMOS_LOG_DIR: "${{ github.workspace }}/.tmp/compose-logs" NOMOS_LOG_LEVEL: "info" run: | mkdir -p "$TMPDIR" cargo run -p runner-examples --bin compose_runner -- --nocapture - name: Collect compose logs if: failure() run: | mkdir -p ci-artifacts/compose if [ -d "${TMPDIR}/compose-logs" ]; then tar -czf ci-artifacts/compose/node-logs.tgz -C "${TMPDIR}/compose-logs" . echo "Node logs tar: $(realpath ci-artifacts/compose/node-logs.tgz)" find "${TMPDIR}/compose-logs" -type f -print fi mkdir -p ci-artifacts/compose docker ps -a --filter "name=nomos-compose-" --format '{{.ID}} {{.Names}} {{.Status}}' > ci-artifacts/compose/containers.txt || true echo "Containers list: $(realpath ci-artifacts/compose/containers.txt)" for id in $(docker ps -a --filter "name=nomos-compose-" -q); do docker logs "$id" > "ci-artifacts/compose/${id}.log" 2>&1 || true echo "Container log: $(realpath ci-artifacts/compose/${id}.log)" done - name: Upload compose artifacts if: failure() uses: actions/upload-artifact@v4 with: name: compose-mixed-workload-logs path: ci-artifacts if-no-files-found: ignore - name: Cleanup compose containers if: always() run: | ids=$(docker ps -a --filter "name=nomos-compose-" -q) if [ -n "$ids" ]; then docker rm -f $ids fi book: runs-on: ubuntu-latest env: RUSTUP_TOOLCHAIN: nightly-2025-09-14 steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install mdBook toolchain run: | MDBOOK_VERSION=0.4.40 LINKCHECK_VERSION=0.7.7 MERMAID_VERSION=0.14.0 cargo +nightly-2025-09-14 install --locked mdbook --version ${MDBOOK_VERSION} cargo +nightly-2025-09-14 install mdbook-linkcheck --version ${LINKCHECK_VERSION} cargo +nightly-2025-09-14 install --locked mdbook-mermaid --version ${MERMAID_VERSION} cargo +nightly-2025-09-14 install --locked typos-cli --version 1.23.6 - name: Spell check (typos) run: typos --format brief book/src - name: Markdown lint run: npx -y markdownlint-cli2 "book/src/**/*.md" - name: Build book run: mdbook build book - name: Check links run: mdbook-linkcheck -s book - name: Upload book artifact for Pages if: github.event_name == 'push' && github.ref == 'refs/heads/master' uses: actions/upload-pages-artifact@v3 with: path: target/book deploy_book: if: github.event_name == 'push' && github.ref == 'refs/heads/master' needs: book runs-on: ubuntu-latest environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} permissions: pages: write id-token: write steps: - name: Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@v4