July1 - updates from polygon (incl docker image fix)

.github/workflows/ci.yml

@@ -151,6 +151,31 @@ jobs:
           CARGO_INCREMENTAL: 1
           RUST_BACKTRACE: 1
 
+  test_zk_evm_proc_macro:
+    name: Test zk_evm_proc_macro
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Install nightly toolchain
+        uses: dtolnay/rust-toolchain@nightly
+
+      - name: Set up rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-on-failure: true
+
+      - name: Test in proc_macro subdirectory
+        run: cargo test --manifest-path proc_macro/Cargo.toml
+        env:
+          RUSTFLAGS: -Copt-level=3 -Cdebug-assertions -Coverflow-checks=y -Cdebuginfo=0
+          RUST_LOG: 1
+          CARGO_INCREMENTAL: 1
+          RUST_BACKTRACE: 1
+
   simple_proof_regular:
     name: Execute bash script to generate and verify a proof for a small block.
     runs-on: zero-ci

.github/workflows/docker_build.yml

@@ -0,0 +1,35 @@
+name: Docker Build & Run
+
+on:
+  push:
+    branches: [develop, main]
+  pull_request:
+    branches:
+      - "**"
+  workflow_dispatch:
+    branches:
+      - "**"
+
+jobs:
+  docker:
+    name: Build and run leader and worker docker images for regression check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build leader docker container
+        run: |
+          docker build --progress plain -t leader:${{ github.ref_name }} -f leader.Dockerfile .
+
+      - name: Run leader docker container
+        run: |
+          docker run --rm leader:${{ github.ref_name }} --help
+
+      - name: Build worker docker container
+        run: |
+          docker build --progress plain -t worker:${{ github.ref_name }} -f worker.Dockerfile .
+
+      - name: Run worker docker container
+        run: |
+          docker run --rm worker:${{ github.ref_name }} --help

.github/workflows/docker_build_push.yml

@@ -0,0 +1,83 @@
+name: Docker Build & Push
+
+on:
+  push:
+    branches: [develop, main]
+  release:
+    types: [created]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME_LEADER: ${{ github.repository }}-leader
+  IMAGE_NAME_WORKER: ${{ github.repository }}-worker
+
+jobs:
+  docker:
+    name: Build and push leader and worker docker images to GitHub Container Registry
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Leader Docker
+        id: meta_leader
+        uses: docker/metadata-action@v5
+        with:
+          images: | 
+            name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LEADER }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Push to GitHub Container Registry - Leader
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./leader.Dockerfile
+          push: true
+          # platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta_leader.outputs.tags }}
+          labels: ${{ steps.meta_leader.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Extract metadata (tags, labels) for Worker Docker
+        id: meta_worker
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME_WORKER }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+
+      - name: Push to GitHub Container Registry - Worker
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: ./worker.Dockerfile
+          push: true
+          # platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta_worker.outputs.tags }}
+          labels: ${{ steps.meta_worker.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/pr_checking.yml

@@ -1,22 +1,56 @@
 name: PR check
 
 on:
-  pull_request_target:
-    types:
-      - opened
-      - edited
-      - synchronize
+  pull_request:
+    types: [opened, reopened, synchronize]
+
+permissions:
+  pull-requests: write
 
 jobs:
-  title:
+  pr_check:
     name: Validate PR
     runs-on: ubuntu-latest
-    if: ${{ 
-      github.event.pull_request.author_association != 'CONTRIBUTOR' &&
-      github.event.pull_request.author_association != 'MEMBER' &&
-      (
-        contains(fromJSON(secrets.RESTRICTED_KEYWORDS), github.event.pull_request.title) ||
-        contains(fromJSON(secrets.RESTRICTED_KEYWORDS), github.event.pull_request.description
-      ) }}
     steps:
-      - run: gh pr close
+      - name: Set up keywords
+        id: setup_keywords
+        run: echo "RESTRICTED_KEYWORDS=$(echo '${{ secrets.RESTRICTED_KEYWORDS }}' | jq -r '.[]' | tr '\n' ' ')" >> $GITHUB_ENV
+
+      - name: Check for spam PR
+        id: check
+        run: |
+          # Initialize variables to track spam presence
+          title_is_spam=false
+          description_is_spam=false
+
+          # Check title for spam
+          for keyword in $RESTRICTED_KEYWORDS; do
+            if echo "${{ github.event.pull_request.title }}" | grep -i -q "$keyword"; then
+              title_is_spam=true
+              break
+            fi
+          done
+
+          # Check description for spam
+          for keyword in $RESTRICTED_KEYWORDS; do
+            if echo "${{ github.event.pull_request.body }}" | grep -i -q "$keyword"; then
+              description_is_spam=true
+              break
+            fi
+          done
+
+          # Set the output based on the presence of spam
+          if [ "$title_is_spam" = true ] || [ "$description_is_spam" = true ]; then
+            echo "is_spam=true" >> $GITHUB_ENV
+          else
+            echo "is_spam=false" >> $GITHUB_ENV
+          fi
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Close PR if spam are found and author is not a contributor or member
+        if: ${{ env.is_spam == 'true' && github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' }}
+        run: gh pr close ${{ github.event.pull_request.number }} --comment "Spam detected"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}