feat: Post FOSS Dockerfiles refactoring, take 1 (#166)

# What ❔ - Prettifies Dockerfiles - Removes some unnecessary dependencies on running something outside of Docker build (there are still some, though) ## Why ❔ To make a simple `docker build` command work without any additional hacks ## Checklist   - [x] PR title corresponds to the body of PR (we generate changelog entries from PRs). - [ ] Tests for the changes have been added / updated. - [x] Documentation comments have been added / updated. - [x] Code has been formatted via `zk fmt` and `zk lint`. --------- Co-authored-by: Yury Akudovich <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Danil <[email protected]> Co-authored-by: Marcin M <[email protected]>
matter-labs · Oct 8, 2023 · 99b8aad · 99b8aad
1 parent 1e30d0b
commit 99b8aad
Show file tree

Hide file tree

Showing 22 changed files with 112 additions and 124 deletions.
diff --git a/.github/workflows/build-prover-template.yml b/.github/workflows/build-prover-template.yml
@@ -28,27 +28,14 @@ on:
         required: false
 
 jobs:
-  era-bellman-cuda:
-    name: Get era-bellman-cuda release URLs.
-    runs-on: [ubuntu-latest]
-    outputs:
-      source: ${{ steps.release.outputs.source }}
-      binary: ${{ steps.release.outputs.binary }}
-    steps:
-      - id: release
-        run: |
-          release=($(curl -v --silent https://api.github.com/repos/matter-labs/era-bellman-cuda/releases/tags/${{ inputs.ERA_BELLMAN_CUDA_RELEASE }} | jq -r ".name, .tarball_url, .assets[0].browser_download_url"))
-          echo "source=${release[1]}" >> "$GITHUB_OUTPUT"
-          echo "binary=${release[2]}" >> "$GITHUB_OUTPUT"
-
   build-images:
     name: Build and Push Docker Images
     env:
       image_tag: ${{ inputs.image_tag }}
       IMAGE_TAG_SUFFIX: ${{ inputs.image_tag_suffix }}
       RUNNER_COMPOSE_FILE: "docker-compose-runner-nightly.yml"
+      ERA_BELLMAN_CUDA_RELEASE: ${{ inputs.ERA_BELLMAN_CUDA_RELEASE }}
     runs-on: [matterlabs-ci-runner]
-    needs: [era-bellman-cuda]
     strategy:
       matrix:
         component:
@@ -65,9 +52,6 @@ jobs:
         with:
           submodules: "recursive"
 
-      - name: Prepare bellman-cuda directory
-        run: etc/scripts/prepare_era_bellman_cuda.sh ${{ needs.era-bellman-cuda.outputs.source }} ${{ needs.era-bellman-cuda.outputs.binary }}
-
       - name: setup-env
         run: |
           echo ZKSYNC_HOME=$(pwd) >> $GITHUB_ENV
@@ -113,7 +97,7 @@ jobs:
               "proof-fri-compressor"
             )
         run: |
-          nightly_components=${{env.RUST_NIGHTLY_COMPONENTS}}
+          nightly_components=${{ env.RUST_NIGHTLY_COMPONENTS }}
           ci_run docker login -u ${{ secrets.DOCKERHUB_USER }} -p ${{ secrets.DOCKERHUB_TOKEN }}
           ci_run gcloud auth configure-docker us-docker.pkg.dev,asia-docker.pkg.dev -q
 
@@ -130,6 +114,7 @@ jobs:
             ci_run echo [workspace] > Cargo.toml
             ci_run echo members = [\"prover/${underscored_name}\"] >> Cargo.toml
             ci_run cp prover/Cargo.lock Cargo.lock
+            PASSED_ENV_VARS="ERA_BELLMAN_CUDA_RELEASE"  \
             ci_run zk docker $DOCKER_ACTION $COMPONENT
           else
             ci_run zk docker $DOCKER_ACTION $COMPONENT

diff --git a/bin/ci_run b/bin/ci_run
@@ -3,4 +3,16 @@
 # Runs the command from within CI docker-compose environment.
 cd $ZKSYNC_HOME
 compose_file="${RUNNER_COMPOSE_FILE:-docker-compose-runner.yml}"
-docker-compose -f $compose_file exec -T zk $@
+
+# Pass environment variables explicitly if specified
+if [ ! -z "$PASSED_ENV_VARS" ]; then
+    env_vars_option=""
+    IFS=',' read -ra ADDR <<<"$PASSED_ENV_VARS"
+    for var in "${ADDR[@]}"; do
+        value=$(eval echo \$$var)
+        env_vars_option="${env_vars_option} -e ${var}=${value}"
+    done
+    docker-compose -f $compose_file exec -T $env_vars_option zk $@
+else
+    docker-compose -f $compose_file exec -T zk $@
+fi
diff --git a/docker/circuit-synthesizer/Dockerfile b/docker/circuit-synthesizer/Dockerfile
@@ -1,7 +1,3 @@
-# For using private GitHub dependencies, CI downdloads all crates and bellman-cuda dependency outside of the contatiner
-# Not expected to work locally
-
-# syntax=docker/dockerfile:experimental
 FROM debian:bookworm-slim as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
@@ -21,10 +17,13 @@ RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release
+RUN cargo build --release
 
 FROM debian:bookworm-slim
+
 RUN apt-get update && apt-get install -y curl openssl libpq5 ca-certificates && rm -rf /var/lib/apt/lists/*
+
 COPY core/bin/verification_key_generator_and_server/data/ /core/bin/verification_key_generator_and_server/data/
 COPY --from=builder /usr/src/zksync/target/release/zksync_circuit_synthesizer /usr/bin/
+
 ENTRYPOINT ["zksync_circuit_synthesizer"]
diff --git a/docker/contract-verifier/Dockerfile b/docker/contract-verifier/Dockerfile
@@ -1,13 +1,15 @@
-# syntax=docker/dockerfile:experimental
+# Will work locally only after building contracts first
+
 FROM rust:1.72-bookworm as builder
+
 RUN apt-get update && apt-get install -y clang && rm -rf /var/lib/apt/lists/*
 WORKDIR /usr/src/zksync
 COPY . .
-#Needed to get zkEVM package from github link with auth embedded
-# Doesn't expected to work local
-RUN CARGO_HOME=./cargo cargo build --release
+
+RUN cargo build --release
 
 FROM debian:bookworm-slim
+
 RUN apt-get update && apt-get install -y curl libpq5 ca-certificates wget python3 && rm -rf /var/lib/apt/lists/*
 
 # install zksolc
@@ -95,5 +97,6 @@ RUN mkdir -p /etc/vyper-bin/0.3.9 \
 COPY --from=builder /usr/src/zksync/target/release/zksync_contract_verifier /usr/bin/
 COPY etc/system-contracts/bootloader/build/artifacts/ /etc/system-contracts/bootloader/build/artifacts/
 COPY etc/system-contracts/artifacts-zk /etc/system-contracts/artifacts-zk
+
 # CMD tail -f /dev/null
 ENTRYPOINT ["zksync_contract_verifier"]
diff --git a/docker/cross-external-nodes-checker/Dockerfile b/docker/cross-external-nodes-checker/Dockerfile
@@ -1,21 +1,16 @@
-# For using private GitHub dependencies, CI downdloads all crates outside of the contatiner
-# Not expected to work locally
-
-# BUILDING STAGE
-# syntax=docker/dockerfile:experimental
 FROM rust:1.72-bookworm as builder
+
 RUN apt-get update && apt-get install -y clang && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release
+RUN cargo build --release
 
-# RUNNING STAGE
 FROM debian:bookworm-slim
+
 RUN apt-get update && apt-get install -y curl ca-certificates && rm -rf /var/lib/apt/lists/*
 
-# Bring the below from the building stage to the final image.
 COPY --from=builder /usr/src/zksync/target/release/cross_external_nodes_checker /usr/bin
 
-# Run the entrypoint script as the default command.
 ENTRYPOINT ["cross_external_nodes_checker"]
diff --git a/docker/external-node/Dockerfile b/docker/external-node/Dockerfile
@@ -1,23 +1,23 @@
-# For using private GitHub dependencies, CI downdloads all crates outside of the contatiner
-# Not expected to work locally
+# Will work locally only after prior contracts build
 
-# syntax=docker/dockerfile:experimental
 FROM rust:1.72-bookworm as builder
+
 RUN apt-get update && apt-get install -y clang && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release
-RUN CARGO_HOME=./cargo cargo install sqlx-cli --version 0.5.13
+RUN cargo build --release
+RUN cargo install sqlx-cli --version 0.5.13
 
 FROM debian:bookworm-slim
+
 RUN apt-get update && apt-get install -y curl libpq5 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /usr/src/zksync/target/release/zksync_external_node /usr/bin
 COPY --from=builder /usr/src/zksync/target/release/block_reverter /usr/bin
-COPY --from=builder /usr/src/zksync/cargo/bin/sqlx /usr/bin
+COPY --from=builder /usr/local/cargo/bin/sqlx /usr/bin
 COPY --from=builder /usr/src/zksync/docker/external-node/entrypoint.sh /usr/bin
-RUN chmod +x /usr/bin/entrypoint.sh
 COPY etc/system-contracts/bootloader/build/artifacts/ /etc/system-contracts/bootloader/build/artifacts/
 COPY etc/system-contracts/contracts/artifacts/ /etc/system-contracts/contracts/artifacts/
 COPY etc/system-contracts/contracts/precompiles/artifacts/ /etc/system-contracts/contracts/precompiles/artifacts/
@@ -29,4 +29,6 @@ COPY etc/ERC20/ /etc/ERC20/
 COPY etc/multivm_bootloaders/ /etc/multivm_bootloaders/
 COPY core/lib/dal/migrations/ /migrations
 
+RUN chmod +x /usr/bin/entrypoint.sh
+
 ENTRYPOINT [ "sh", "/usr/bin/entrypoint.sh"]
diff --git a/docker/local-node/Dockerfile b/docker/local-node/Dockerfile
@@ -1,5 +1,3 @@
-# syntax=docker/dockerfile:experimental
-
 # Image is always built from the server image to reuse the common parts
 # This image is expected to be built locally beforehand (implemented in the `zk` tool)
 FROM matterlabs/server-v2:latest2.0

diff --git a/docker/local-node/entrypoint.sh b/docker/local-node/entrypoint.sh
@@ -13,7 +13,7 @@ then
     echo "Initialing local environment"
     psql ${DATABASE_URL%/*} -c "create database ${DATABASE_URL##*/}"
     find /migrations -name "*up.sql" | sort | xargs printf -- ' -f %s' | xargs -t psql $DATABASE_URL
-    
+
     cd /infrastructure/zk
     # Compile configs
     yarn start config compile

diff --git a/docker/proof-fri-compressor/Dockerfile b/docker/proof-fri-compressor/Dockerfile
@@ -1,7 +1,5 @@
-# For using private GitHub dependencies, CI downdloads all crates outside of the contatiner
-# Not expected to work locally
+# Will work locally only after prior universal setup key download
 
-# syntax=docker/dockerfile:experimental
 FROM debian:bookworm-slim as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
@@ -21,9 +19,10 @@ RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release
+RUN cargo build --release
 
 FROM debian:bookworm-slim
+
 RUN apt-get update && apt-get install -y curl libpq5 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 # copy VK required for proof wrapping
@@ -33,4 +32,5 @@ COPY prover/vk_setup_data_generator_server_fri/data/ /prover/vk_setup_data_gener
 COPY setup_2\^26.key /setup_2\^26.key
 
 COPY --from=builder /usr/src/zksync/target/release/zksync_proof_fri_compressor /usr/bin/
+
 ENTRYPOINT ["zksync_proof_fri_compressor"]
diff --git a/docker/prover-fri-gateway/Dockerfile b/docker/prover-fri-gateway/Dockerfile
@@ -1,7 +1,3 @@
-# For using private GitHub dependencies, CI downdloads all crates outside of the contatiner
-# Not expected to work locally
-
-# syntax=docker/dockerfile:experimental
 FROM debian:bookworm-slim as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
@@ -21,14 +17,14 @@ RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release
+RUN cargo build --release
 
 FROM debian:bookworm-slim
 RUN apt-get update && apt-get install -y curl libpq5 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 # copy VK required for proof wrapping
 COPY prover/vk_setup_data_generator_server_fri/data/ /prover/vk_setup_data_generator_server_fri/data/
 
-
 COPY --from=builder /usr/src/zksync/target/release/zksync_prover_fri_gateway /usr/bin/
+
 ENTRYPOINT ["zksync_prover_fri_gateway"]
diff --git a/docker/prover-fri/Dockerfile b/docker/prover-fri/Dockerfile
@@ -1,7 +1,3 @@
-# For using private GitHub dependencies, CI downdloads all crates outside of the contatiner
-# Not expected to work locally
-
-# syntax=docker/dockerfile:experimental
 FROM debian:bookworm-slim as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
@@ -21,14 +17,14 @@ RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release
+RUN cargo build --release
 
 FROM debian:bookworm-slim
 RUN apt-get update && apt-get install -y curl libpq5 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 # copy VK required for protocol version
 COPY prover/vk_setup_data_generator_server_fri/data/ /prover/vk_setup_data_generator_server_fri/data/
 
-
 COPY --from=builder /usr/src/zksync/target/release/zksync_prover_fri /usr/bin/
+
 ENTRYPOINT ["zksync_prover_fri"]
diff --git a/docker/prover-gar/Dockerfile b/docker/prover-gar/Dockerfile
@@ -1,5 +1,6 @@
-# syntax=docker/dockerfile:1
-ARG PROVER_IMAGE
+# Will work locally only after prior universal key download and Docker login to the private registry
+
+ARG PROVER_IMAGE=latest
 FROM us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/prover-v2:2.0-$PROVER_IMAGE as prover
 
 FROM nvidia/cuda:11.8.0-runtime-ubuntu22.04 as app

diff --git a/docker/prover-gpu-fri-gar/Dockerfile b/docker/prover-gpu-fri-gar/Dockerfile
@@ -1,8 +1,7 @@
-# syntax=docker/dockerfile:1
 ARG PROVER_IMAGE
 FROM us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/prover-gpu-fri:2.0-$PROVER_IMAGE as prover
 
-FROM nvidia/cuda:12.0.0-runtime-ubuntu22.04 as app
+FROM nvidia/cuda:12.2.0-runtime-ubuntu22.04 as app
 
 # HACK copying to root is the only way to make Docker layer caching work for these files for some reason
 COPY *.bin /

diff --git a/docker/prover-gpu-fri/Dockerfile b/docker/prover-gpu-fri/Dockerfile
@@ -1,8 +1,4 @@
-# For using private GitHub dependencies, CI downdloads all crates outside of the contatiner
-# Not expected to work locally
-
-# syntax=docker/dockerfile:experimental
-FROM nvidia/cuda:12.0.0-devel-ubuntu22.04 as builder
+FROM nvidia/cuda:12.2.0-devel-ubuntu22.04 as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
 
@@ -14,27 +10,29 @@ ENV RUSTUP_HOME=/usr/local/rustup \
     CARGO_HOME=/usr/local/cargo \
     PATH=/usr/local/cargo/bin:$PATH
 
-ENV CUDAARCHS=75
+# Building for Nvidia L4
+ENV CUDAARCHS=89
 
 RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \
     rustup install nightly-2023-07-21 && \
     rustup default nightly-2023-07-21
 
-# Setup cmake
 RUN curl -Lo cmake-3.24.2-linux-x86_64.sh https://github.com/Kitware/CMake/releases/download/v3.24.2/cmake-3.24.2-linux-x86_64.sh && \
     chmod +x cmake-3.24.2-linux-x86_64.sh && \
     ./cmake-3.24.2-linux-x86_64.sh --skip-license --prefix=/usr/local
 
 WORKDIR /usr/src/zksync
 COPY . .
 
-RUN CARGO_HOME=./cargo cargo build --release --features "gpu"
+RUN cargo build --release --features "gpu"
 
 FROM nvidia/cuda:12.0.0-devel-ubuntu22.04
+
 RUN apt-get update && apt-get install -y curl libpq5 ca-certificates && rm -rf /var/lib/apt/lists/*
 
 # copy finalization hints required for assembly generation
 COPY prover/vk_setup_data_generator_server_fri/data/ /prover/vk_setup_data_generator_server_fri/data/
 
 COPY --from=builder /usr/src/zksync/target/release/zksync_prover_fri /usr/bin/
+
 ENTRYPOINT ["zksync_prover_fri"]
diff --git a/docker/prover/Dockerfile b/docker/prover/Dockerfile
@@ -1,12 +1,12 @@
-# For using private GitHub dependencies, CI downdloads all crates and bellman-cuda dependency outside of the contatiner
-# Not expected to work locally
+# Will work locally only after prior contracts build and universal setup key download
 
-# syntax=docker/dockerfile:experimental
 FROM nvidia/cuda:11.8.0-devel-ubuntu22.04 as builder
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update && apt-get install -y curl clang openssl libssl-dev gcc g++ \
+ARG ERA_BELLMAN_CUDA_RELEASE=latest
+
+RUN apt-get update && apt-get install -y curl jq clang openssl libssl-dev gcc g++ \
     pkg-config build-essential libclang-dev && \
     rm -rf /var/lib/apt/lists/*
 
@@ -19,11 +19,31 @@ RUN curl https://sh.rustup.rs -sSf | bash -s -- -y && \
     rustup default nightly-2023-07-21
 
 WORKDIR /usr/src/zksync
-COPY . .
+
+ENV GITHUB_OWNER=matter-labs
+ENV GITHUB_REPO=era-bellman-cuda
+
+RUN set -e; \
+    if [ "$ERA_BELLMAN_CUDA_RELEASE" = "latest" ]; then \
+    latest_release_data=$(curl --silent "https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPO}/releases"); \
+    latest_tag=$(echo "$latest_release_data" | jq -r '.[0].tag_name'); \
+    source_url="https://github.com/${GITHUB_OWNER}/${GITHUB_REPO}/archive/refs/tags/${latest_tag}.tar.gz"; \
+    binary_url="https://github.com/${GITHUB_OWNER}/${GITHUB_REPO}/releases/download/${latest_tag}/bellman-cuda.tar.gz"; \
+    else \
+    source_url="https://github.com/${GITHUB_OWNER}/${GITHUB_REPO}/archive/refs/tags/${ERA_BELLMAN_CUDA_RELEASE}.tar.gz"; \
+    binary_url="https://github.com/${GITHUB_OWNER}/${GITHUB_REPO}/releases/download/${ERA_BELLMAN_CUDA_RELEASE}/bellman-cuda.tar.gz"; \
+    fi; \
+    curl --silent --location "$source_url" --output bellman-cuda-source.tar.gz; \
+    curl --silent --location "$binary_url" --output bellman-cuda.tar.gz; \
+    mkdir -p bellman-cuda; \
+    tar xvfz bellman-cuda.tar.gz -C ./bellman-cuda; \
+    tar xvfz bellman-cuda-source.tar.gz -C ./bellman-cuda --strip-components=1
 
 ENV BELLMAN_CUDA_DIR=/usr/src/zksync/bellman-cuda
 
-RUN CARGO_HOME=./cargo cargo build --release
+COPY . .
+
+RUN cargo build --release
 
 FROM nvidia/cuda:11.8.0-runtime-ubuntu22.04 as runner
 
@@ -40,4 +60,5 @@ COPY setup_2\^26.key /etc/
 COPY core/bin/verification_key_generator_and_server/data/ /core/bin/verification_key_generator_and_server/data/
 
 COPY --from=builder /usr/src/zksync/target/release/zksync_prover /usr/bin/
+
 ENTRYPOINT ["zksync_prover"]