jleony/nanoreth
1
0
Fork 0
mirror of https://github.com/hl-archive-node/nanoreth.git synced 2025-12-06 02:49:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: refine the reproducible builds and add it to the release workflow (#13947)

Browse Source
This commit is contained in:
Moe Mahhouk
2025-01-23 18:47:01 +01:00
committed by GitHub
parent 28cf43cdcc
commit b97d9b4d2e
4 changed files with 68 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
.github/workflows/release.yml vendored
View File

@ -13,6 +13,8 @@ env:
OP_IMAGE_NAME: ${{ github.repository_owner }}/op-reth OP_IMAGE_NAME: ${{ github.repository_owner }}/op-reth
IMAGE_NAME: ${{ github.repository_owner }}/reth IMAGE_NAME: ${{ github.repository_owner }}/reth
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
DOCKER_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/reth
DOCKER_REPRODUCIBLE_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/reth-reproducible
jobs: jobs:
extract-version: extract-version:
@ -102,9 +104,41 @@ jobs:
name: ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}.tar.gz.asc name: ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}.tar.gz.asc
path: ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}.tar.gz.asc path: ${{ matrix.build.binary }}-${{ needs.extract-version.outputs.VERSION }}-${{ matrix.configs.target }}.tar.gz.asc
build-reproducible:
name: build and push reproducible image
runs-on: ubuntu-latest
needs: extract-version
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push reproducible image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.reproducible
push: true
tags: |
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:${{ needs.extract-version.outputs.VERSION }}
${{ env.DOCKER_REPRODUCIBLE_IMAGE_NAME }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false
draft-release: draft-release:
name: draft release name: draft release
needs: [build, extract-version] needs: [build, build-reproducible, extract-version]
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
VERSION: ${{ needs.extract-version.outputs.VERSION }} VERSION: ${{ needs.extract-version.outputs.VERSION }}
@ -188,6 +222,7 @@ jobs:
| | | | | | | | | |
| **System** | **Option** | - | **Resource** | | **System** | **Option** | - | **Resource** |
| <img src="https://simpleicons.org/icons/docker.svg" style="width: 32px;"/> | Docker | | [${{ env.IMAGE_NAME }}](https://github.com/paradigmxyz/reth/pkgs/container/reth) | | <img src="https://simpleicons.org/icons/docker.svg" style="width: 32px;"/> | Docker | | [${{ env.IMAGE_NAME }}](https://github.com/paradigmxyz/reth/pkgs/container/reth) |
| <img src="https://simpleicons.org/icons/docker.svg" style="width: 32px;"/> | Docker (Reproducible) | | [${{ env.IMAGE_NAME }}-reproducible](https://github.com/paradigmxyz/reth/pkgs/container/reth-reproducible) |
ENDBODY ENDBODY
) )
assets=() assets=()

7
Cargo.toml
View File

@ -289,13 +289,6 @@ codegen-units = 1
inherits = "release" inherits = "release"
lto = "fat" lto = "fat"
[profile.reproducible]
inherits = "release"
debug = false
panic = "abort"
codegen-units = 1
overflow-checks = true
[workspace.dependencies] [workspace.dependencies]
# reth # reth
op-reth = { path = "crates/optimism/bin" } op-reth = { path = "crates/optimism/bin" }

24
Dockerfile.reproducible
View File

@ -4,30 +4,14 @@ FROM rust:1.82-bullseye@sha256:c42c8ca762560c182ba30edda0e0d71a8604040af26723705
# Install specific version of libclang-dev # Install specific version of libclang-dev
RUN apt-get update && apt-get install -y libclang-dev=1:11.0-51+nmu5 RUN apt-get update && apt-get install -y libclang-dev=1:11.0-51+nmu5
# Clone the repository at the specific branch # Copy the project to the container
RUN git clone https://github.com/paradigmxyz/reth /app COPY ./ /app
WORKDIR /app WORKDIR /app
# Get the latest commit timestamp and set SOURCE_DATE_EPOCH
RUN SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \
echo "SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH" >> /etc/environment
# Set environment variables for reproducibility
ARG RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-Wl,--build-id=none -Clink-arg=-static-libgcc -C metadata='' --remap-path-prefix $(pwd)=."
ENV SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH \
CARGO_INCREMENTAL=0 \
LC_ALL=C \
TZ=UTC \
RUSTFLAGS="${RUSTFLAGS}"
# Set the default features if not provided
ARG FEATURES="jemalloc asm-keccak"
# Build the project with the reproducible settings # Build the project with the reproducible settings
RUN . /etc/environment && \ RUN make build-reproducible
cargo build --bin reth --features "${FEATURES}" --profile "reproducible" --locked --target x86_64-unknown-linux-gnu
RUN . /etc/environment && mv /app/target/x86_64-unknown-linux-gnu/reproducible/reth /reth RUN mv /app/target/x86_64-unknown-linux-gnu/release/reth /reth
# Create a minimal final image with just the binary # Create a minimal final image with just the binary
FROM gcr.io/distroless/cc-debian12:nonroot-6755e21ccd99ddead6edc8106ba03888cbeed41a FROM gcr.io/distroless/cc-debian12:nonroot-6755e21ccd99ddead6edc8106ba03888cbeed41a

37
Makefile
View File

@ -62,15 +62,34 @@ install-op: ## Build and install the op-reth binary under `~/.cargo/bin`.
build: ## Build the reth binary into `target` directory. build: ## Build the reth binary into `target` directory.
cargo build --bin reth --features "$(FEATURES)" --profile "$(PROFILE)" cargo build --bin reth --features "$(FEATURES)" --profile "$(PROFILE)"
SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct) # Environment variables for reproducible builds
.PHONY: reproducible # Initialize RUSTFLAGS
reproducible: ## Build the reth binary into `target` directory with reproducible builds. Only works for x86_64-unknown-linux-gnu currently RUST_BUILD_FLAGS =
SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \ # Enable static linking to ensure reproducibility across builds
CARGO_INCREMENTAL=0 \ RUST_BUILD_FLAGS += --C target-feature=+crt-static
LC_ALL=C \ # Set the linker to use static libgcc to ensure reproducibility across builds
TZ=UTC \ RUST_BUILD_FLAGS += -Clink-arg=-static-libgcc
RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-Wl,--build-id=none -Clink-arg=-static-libgcc -C metadata='' --remap-path-prefix $$(pwd)=." \ # Remove build ID from the binary to ensure reproducibility across builds
cargo build --bin reth --features "$(FEATURES)" --profile "reproducible" --locked --target x86_64-unknown-linux-gnu RUST_BUILD_FLAGS += -C link-arg=-Wl,--build-id=none
# Remove metadata hash from symbol names to ensure reproducible builds
RUST_BUILD_FLAGS += -C metadata=''
# Set timestamp from last git commit for reproducible builds
SOURCE_DATE ?= $(shell git log -1 --pretty=%ct)
# Disable incremental compilation to avoid non-deterministic artifacts
CARGO_INCREMENTAL_VAL = 0
# Set C locale for consistent string handling and sorting
LOCALE_VAL = C
# Set UTC timezone for consistent time handling across builds
TZ_VAL = UTC
.PHONY: build-reproducible
build-reproducible: ## Build the reth binary into `target` directory with reproducible builds. Only works for x86_64-unknown-linux-gnu currently
SOURCE_DATE_EPOCH=$(SOURCE_DATE) \
RUSTFLAGS="${RUST_BUILD_FLAGS} --remap-path-prefix $$(pwd)=." \
CARGO_INCREMENTAL=${CARGO_INCREMENTAL_VAL} \
LC_ALL=${LOCALE_VAL} \
TZ=${TZ_VAL} \
cargo build --bin reth --features "$(FEATURES)" --profile "release" --locked --target x86_64-unknown-linux-gnu
.PHONY: build-debug .PHONY: build-debug
build-debug: ## Build the reth binary into `target/debug` directory. build-debug: ## Build the reth binary into `target/debug` directory.