name: Lint on: push: branches: ["*"] pull_request: env: CARGO_TERM_COLOR: always NOMOS_NODE_REV: d2dd5a5084e1daef4032562c77d41de5e4d495f8 NOMOS_BUNDLE_VERSION: v4 permissions: actions: read contents: read pages: write id-token: write concurrency: group: lint-${{ github.ref }} cancel-in-progress: true jobs: fmt: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 components: rustfmt - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - uses: actions/cache@v4 with: path: target key: ${{ runner.os }}-target-fmt-${{ hashFiles('**/Cargo.lock') }}-nightly-2025-09-14 restore-keys: ${{ runner.os }}-target-fmt- - run: cargo +nightly-2025-09-14 fmt --all -- --check clippy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 components: clippy - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - uses: actions/cache@v4 with: path: target key: ${{ runner.os }}-target-clippy-${{ hashFiles('**/Cargo.lock') }}-nightly-2025-09-14 restore-keys: ${{ runner.os }}-target-clippy- - run: cargo +nightly-2025-09-14 clippy --all --all-targets --all-features -- -D warnings deny: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install cargo-deny run: cargo install cargo-deny --locked --version 0.18.2 - run: cargo deny check --hide-inclusion-graph -c .cargo-deny.toml --show-stats -D warnings taplo: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - name: Install taplo run: | TAPLO_VERSION=0.9.3 cargo install taplo-cli --locked --version ${TAPLO_VERSION} - run: taplo fmt --check - run: taplo lint machete: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - name: Install nomos circuits run: | ./scripts/setup-nomos-circuits.sh v0.3.1 "$HOME/.nomos-circuits" echo "NOMOS_CIRCUITS=$HOME/.nomos-circuits" >> "$GITHUB_ENV" - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install cargo-machete run: cargo +nightly-2025-09-14 install --git https://github.com/bnjbvr/cargo-machete --locked cargo-machete - run: cargo machete host_smoke: runs-on: ubuntu-latest env: VERSION: ${{ env.VERSION }} POL_PROOF_DEV_MODE: true LOCAL_DEMO_RUN_SECS: 120 LOCAL_DEMO_VALIDATORS: 1 LOCAL_DEMO_EXECUTORS: 1 NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_KZGRS_PARAMS_PATH: ${{ github.workspace }}/.tmp/kzgrs_test_params CARGO_INCREMENTAL: 0 CARGO_PROFILE_DEV_DEBUG: 0 RUSTFLAGS: -C debuginfo=0 RUST_LOG: info,libp2p_swarm=debug,libp2p_quic=debug steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - name: Set temp dir run: | echo "TMPDIR=${{ runner.temp }}" >> "$GITHUB_ENV" echo "CARGO_TARGET_DIR=${{ runner.temp }}/target-local" >> "$GITHUB_ENV" echo "NOMOS_LOG_DIR=${{ runner.temp }}/local-logs" >> "$GITHUB_ENV" echo "NOMOS_STATE_DIR=${{ runner.temp }}/nomos-state" >> "$GITHUB_ENV" rm -rf "${{ runner.temp }}/local-logs" "${{ runner.temp }}/nomos-state" mkdir -p "${{ runner.temp }}/local-logs" "${{ runner.temp }}/nomos-state" - name: Clean workspace caches run: | rm -rf .tmp/nomos-* testing-framework/assets/stack/kzgrs_test_params mkdir -p .tmp - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | set -euo pipefail if command -v sudo >/dev/null 2>&1; then sudo apt-get update sudo apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm else apt-get update apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Restore cached nomos binaries id: restore-nomos-bins-host uses: actions/cache@v4 with: path: ${{ github.workspace }}/.tmp/nomos-binaries.tar.gz key: ${{ runner.os }}-nomos-binaries-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} - name: Download nomos binaries artifact (fallback) if: steps.restore-nomos-bins-host.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ARTIFACT_NAME: nomos-binaries-${{ runner.os }}-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} run: | set -euo pipefail mkdir -p "${TMPDIR}" artifact_id=$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts" --paginate -F per_page=100 \ --jq '.artifacts[] | select(.name=="'"${ARTIFACT_NAME}"'") | .id' | head -n1) if [ -z "$artifact_id" ]; then echo "Nomos binaries artifact ${ARTIFACT_NAME} not found. Run build-binaries workflow." >&2 exit 1 fi gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip" > "${TMPDIR}/nomos-binaries.zip" unzip -o "${TMPDIR}/nomos-binaries.zip" -d "${TMPDIR}" mv "${TMPDIR}/nomos-binaries.tar.gz" "${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" - name: Normalize host bundle path run: | set -euo pipefail mkdir -p .tmp SRC="${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" DEST="${GITHUB_WORKSPACE}/.tmp/nomos-binaries-host-${VERSION}.tar.gz" if [ -f "${SRC}" ]; then mv "${SRC}" "${DEST}" echo "NOMOS_BINARIES_TAR=${DEST}" >> "$GITHUB_ENV" else echo "Expected ${SRC} not found" >&2 exit 1 fi - name: Run host demo (scripted) env: NOMOS_TESTS_KEEP_LOGS: "true" RUST_LOG: "info" NOMOS_LOG_DIR: "${{ runner.temp }}/local-logs" run: | scripts/run-examples.sh -t 60 -v 1 -e 1 host - name: Collect host demo logs (on failure) if: failure() run: | if [ -d "${NOMOS_LOG_DIR}" ]; then tar -czf "${RUNNER_TEMP}/local-logs.tgz" -C "$(dirname "${NOMOS_LOG_DIR}")" "$(basename "${NOMOS_LOG_DIR}")" echo "Local logs tar: $(realpath ${RUNNER_TEMP}/local-logs.tgz)" find "${NOMOS_LOG_DIR}" -type f -print else echo "No local logs directory at ${NOMOS_LOG_DIR}" fi - name: Upload host smoke logs if: failure() id: upload-local-logs uses: actions/upload-artifact@v4 with: name: host-smoke-logs path: ${{ runner.temp }}/local-logs.tgz if-no-files-found: error - name: Print host smoke logs download URL if: failure() env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh api "repos/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/artifacts" \ --jq '.artifacts[] | select(.name=="host-smoke-logs") | "host-smoke-logs: \(.archive_download_url)"' || true compose_smoke: runs-on: ubuntu-latest env: VERSION: ${{ env.VERSION }} TMPDIR: ${{ github.workspace }}/.tmp NOMOS_CIRCUITS: ${{ github.workspace }}/.tmp/nomos-circuits NOMOS_TESTNET_IMAGE: nomos-testnet:${{ github.run_id }} DOCKER_BUILDKIT: 1 CARGO_INCREMENTAL: 0 CARGO_PROFILE_DEV_DEBUG: 0 RUSTFLAGS: -C debuginfo=0 steps: - name: Checkout repository uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - name: Prepare workspace tmpdir run: mkdir -p "$TMPDIR" - name: Restore cached nomos binaries id: restore-nomos-bins uses: actions/cache@v4 with: path: ${{ github.workspace }}/.tmp/nomos-binaries.tar.gz key: ${{ runner.os }}-nomos-binaries-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} - name: Download nomos binaries artifact (fallback) if: steps.restore-nomos-bins.outputs.cache-hit != 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} ARTIFACT_NAME: nomos-binaries-${{ runner.os }}-${{ env.NOMOS_NODE_REV }}-${{ env.NOMOS_BUNDLE_VERSION }} run: | set -euo pipefail download_dir="${TMPDIR}/nomos-binaries-download" rm -rf "${download_dir}" mkdir -p "${download_dir}" artifact_id=$(gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts" --paginate -F per_page=100 \ --jq '.artifacts[] | select(.name=="'"${ARTIFACT_NAME}"'") | .id' | head -n1) if [ -z "$artifact_id" ]; then echo "Nomos binaries artifact ${ARTIFACT_NAME} not found. Run build-binaries workflow." >&2 exit 1 fi gh api -X GET "repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip" > "${download_dir}/nomos-binaries.zip" unzip -o "${download_dir}/nomos-binaries.zip" -d "${download_dir}" mv "${download_dir}/nomos-binaries.tar.gz" "${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" - name: Normalize linux bundle path run: | set -euo pipefail mkdir -p .tmp SRC="${GITHUB_WORKSPACE}/.tmp/nomos-binaries.tar.gz" DEST="${GITHUB_WORKSPACE}/.tmp/nomos-binaries-linux-${VERSION}.tar.gz" if [ -f "${SRC}" ]; then mv "${SRC}" "${DEST}" echo "NOMOS_BINARIES_TAR=${DEST}" >> "$GITHUB_ENV" else echo "Expected ${SRC} not found" >&2 exit 1 fi - name: Set compose target dir run: echo "CARGO_TARGET_DIR=${RUNNER_TEMP}/target-compose" >> "$GITHUB_ENV" - name: Install Rust toolchain uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - name: Install system dependencies (Linux) if: runner.os == 'Linux' run: | set -euo pipefail if command -v sudo >/dev/null 2>&1; then sudo apt-get update sudo apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm else apt-get update apt-get install -y clang llvm-dev libclang-dev pkg-config cmake libssl-dev rsync libgmp10 libgmp-dev libgomp1 nasm fi - name: Free disk space for compose build run: | set -euo pipefail sudo rm -rf /usr/share/dotnet /opt/ghc /opt/hostedtoolcache/CodeQL || true docker system prune -af --volumes || true - name: Cache cargo registry uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: | ${{ runner.os }}-cargo- - name: Run compose mixed workload binary env: POL_PROOF_DEV_MODE: "true" COMPOSE_NODE_PAIRS: "1x1" NOMOS_TESTNET_IMAGE: ${{ env.NOMOS_TESTNET_IMAGE }} COMPOSE_RUNNER_HOST: "127.0.0.1" NOMOS_TIME_BACKEND: "monotonic" NOMOS_KZGRS_PARAMS_PATH: "/kzgrs_test_params/kzgrs_test_params" RUST_BACKTRACE: "1" NOMOS_TESTS_TRACING: "true" RUST_LOG: "info" NOMOS_LOG_LEVEL: "info" NOMOS_LOG_DIR: "${{ github.workspace }}/.tmp/compose-logs" run: | mkdir -p "$TMPDIR" scripts/run-examples.sh -t 60 -v 1 -e 1 compose - name: Show compose runner log env: LOG_DIR: "${{ github.workspace }}/.tmp/compose-logs" run: | if [ -f "${LOG_DIR}/runner.log" ]; then echo "=== runner.log (tail) ===" tail -n 200 "${LOG_DIR}/runner.log" else echo "runner.log not found under ${LOG_DIR}" fi - name: Collect compose logs if: failure() run: | mkdir -p ci-artifacts/compose if [ -d "${TMPDIR}/compose-logs" ]; then tar -czf ci-artifacts/compose/node-logs.tgz -C "${TMPDIR}/compose-logs" . echo "Node logs tar: $(realpath ci-artifacts/compose/node-logs.tgz)" find "${TMPDIR}/compose-logs" -type f -print fi mkdir -p ci-artifacts/compose docker ps -a --filter "name=nomos-compose-" --format '{{.ID}} {{.Names}} {{.Status}}' > ci-artifacts/compose/containers.txt || true echo "Containers list: $(realpath ci-artifacts/compose/containers.txt)" for id in $(docker ps -a --filter "name=nomos-compose-" -q); do docker logs "$id" > "ci-artifacts/compose/${id}.log" 2>&1 || true echo "Container log: $(realpath ci-artifacts/compose/${id}.log)" done - name: Upload compose artifacts if: failure() uses: actions/upload-artifact@v4 with: name: compose-mixed-workload-logs path: ci-artifacts if-no-files-found: ignore - name: Cleanup compose containers if: always() run: | ids=$(docker ps -a --filter "name=nomos-compose-" -q) if [ -n "$ids" ]; then docker rm -f $ids fi book: runs-on: ubuntu-latest env: RUSTUP_TOOLCHAIN: nightly-2025-09-14 steps: - uses: actions/checkout@v4 - name: Load versions run: | if [ -f versions.env ]; then cat versions.env >> "$GITHUB_ENV" fi - uses: dtolnay/rust-toolchain@master with: toolchain: nightly-2025-09-14 - uses: actions/cache@v4 with: path: | ~/.cargo/registry ~/.cargo/git key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: Install mdBook toolchain run: | MDBOOK_VERSION=0.4.40 LINKCHECK_VERSION=0.7.7 MERMAID_VERSION=0.14.0 cargo +nightly-2025-09-14 install --locked mdbook --version ${MDBOOK_VERSION} cargo +nightly-2025-09-14 install mdbook-linkcheck --version ${LINKCHECK_VERSION} cargo +nightly-2025-09-14 install --locked mdbook-mermaid --version ${MERMAID_VERSION} cargo +nightly-2025-09-14 install --locked typos-cli --version 1.23.6 - name: Spell check (typos) run: typos --format brief book/src - name: Markdown lint run: npx -y markdownlint-cli2 "book/src/**/*.md" - name: Build book run: mdbook build book -d target/book - name: Add .nojekyll run: touch target/book/.nojekyll - name: Check links run: mdbook-linkcheck -s book - name: Setup Pages if: github.event_name == 'push' && github.ref == 'refs/heads/master' uses: actions/configure-pages@v4 - name: Upload book artifact for Pages if: github.event_name == 'push' && github.ref == 'refs/heads/master' uses: actions/upload-pages-artifact@v3 with: path: target/book deploy_book: if: github.event_name == 'push' && github.ref == 'refs/heads/master' needs: book runs-on: ubuntu-latest environment: name: github-pages url: ${{ steps.deployment.outputs.page_url }} permissions: pages: write id-token: write steps: - name: Deploy to GitHub Pages id: deployment uses: actions/deploy-pages@v4