From fcbb986d6d8cd13c59fb2e7b609cd0c2bc5c0c71 Mon Sep 17 00:00:00 2001 From: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Date: Wed, 7 Jan 2026 09:55:10 +0100 Subject: [PATCH 1/5] chore: revert to reusable-workflows@v3.1.0-rc.3 Due to an incorrectly changed caching behavior (inline without push) in the underlying docker-build composite action, the reusable-workflow using an older action is reverted to. --- .github/workflows/push-container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push-container.yaml b/.github/workflows/push-container.yaml index 97a4639fb..f14838027 100644 --- a/.github/workflows/push-container.yaml +++ b/.github/workflows/push-container.yaml @@ -52,7 +52,7 @@ jobs: && inputs.concurrency-group || format('{0}-{1}', github.workflow, (github.head_ref != '' && github.head_ref || github.ref)) }} cancel-in-progress: true - uses: celo-org/reusable-workflows/.github/workflows/docker-build.yaml@v3.1.0-rc.4 + uses: celo-org/reusable-workflows/.github/workflows/docker-build.yaml@v3.1.0-rc.3 with: runs-on: '["self-hosted", "org", "8-cpu"]' workload-id-provider: ${{ inputs.workload-id-provider }} From ea826c447cf84baecf1c03dc9daf448dffe52a07 Mon Sep 17 00:00:00 2001 From: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Date: Wed, 7 Jan 2026 09:55:31 +0100 Subject: [PATCH 2/5] fix: don't use BuildKit cache mount for /app/target on ephemeral builder --- fault-proof/Dockerfile.challenger.celo | 8 +------- fault-proof/Dockerfile.proposer.celo | 8 +------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/fault-proof/Dockerfile.challenger.celo b/fault-proof/Dockerfile.challenger.celo index f64920e52..1d94147a7 100644 --- a/fault-proof/Dockerfile.challenger.celo +++ b/fault-proof/Dockerfile.challenger.celo @@ -99,7 +99,6 @@ RUN mkdir -p fault-proof/src fault-proof/bin && \ # The || true allows this to fail gracefully since we have dummy source files RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ - --mount=type=cache,target=/app/target \ cargo build --release --bin challenger --features eigenda || true # Now copy the actual source code @@ -115,13 +114,8 @@ COPY bindings/src ./bindings/src # Use BuildKit cache mounts for faster builds RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ - --mount=type=cache,target=/app/target \ cargo build --release --bin challenger --features eigenda -# Copy binary from cache mount to filesystem so it can be copied to runtime stage -RUN --mount=type=cache,target=/app/target \ - cp /app/target/release/challenger /app/challenger - # Runtime stage (minimal image - only runtime dependencies) FROM debian:trixie-slim @@ -137,7 +131,7 @@ RUN apt-get update && apt-get install -y \ COPY resources/ ./resources/ # Copy the built challenger binary (copied from cache mount to filesystem) -COPY --from=builder /app/challenger /usr/local/bin/ +COPY --from=builder /app/target/release/challenger /usr/local/bin/ # Set the command CMD ["challenger"] diff --git a/fault-proof/Dockerfile.proposer.celo b/fault-proof/Dockerfile.proposer.celo index 04363fdca..9ed407c9e 100644 --- a/fault-proof/Dockerfile.proposer.celo +++ b/fault-proof/Dockerfile.proposer.celo @@ -99,7 +99,6 @@ RUN mkdir -p fault-proof/src fault-proof/bin && \ # The || true allows this to fail gracefully since we have dummy source files RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ - --mount=type=cache,target=/app/target \ cargo build --release --bin proposer --features eigenda || true # Now copy the actual source code @@ -115,13 +114,8 @@ COPY bindings/src ./bindings/src # Use BuildKit cache mounts for faster builds RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ - --mount=type=cache,target=/app/target \ cargo build --release --bin proposer --features eigenda -# Copy binary from cache mount to filesystem so it can be copied to runtime stage -RUN --mount=type=cache,target=/app/target \ - cp /app/target/release/proposer /app/proposer - # Runtime stage (minimal image - only runtime dependencies) FROM debian:trixie-slim @@ -137,7 +131,7 @@ RUN apt-get update && apt-get install -y \ COPY resources/ ./resources/ # Copy the built proposer binary (copied from cache mount to filesystem) -COPY --from=builder /app/proposer /usr/local/bin/ +COPY --from=builder /app/target/release/proposer /usr/local/bin/ # Set the command CMD ["proposer"] From fda9e780d08a91f23a298d944917947a55de5969 Mon Sep 17 00:00:00 2001 From: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Date: Wed, 7 Jan 2026 11:24:25 +0100 Subject: [PATCH 3/5] feat(ci): use cargo-chef to cache dependency builds --- fault-proof/Dockerfile.challenger.celo | 115 +++++-------------------- fault-proof/Dockerfile.proposer.celo | 115 +++++-------------------- 2 files changed, 46 insertions(+), 184 deletions(-) diff --git a/fault-proof/Dockerfile.challenger.celo b/fault-proof/Dockerfile.challenger.celo index 1d94147a7..d5603e023 100644 --- a/fault-proof/Dockerfile.challenger.celo +++ b/fault-proof/Dockerfile.challenger.celo @@ -19,102 +19,33 @@ RUN curl -L https://sp1.succinct.xyz | bash && \ ~/.sp1/bin/sp1up && \ ~/.sp1/bin/cargo-prove prove --version +RUN cargo install cargo-chef + +# Construct the project skeleton dynamically with +# cargo-chef (in order to cache dependency builds later) +FROM base AS planner + +COPY . . + +RUN cargo chef prepare --recipe-path recipe.json + +RUN cat recipe.json + +# build dependencies and binary FROM base AS builder -WORKDIR /app +# import the skeleton recipe +COPY --from=planner /app/recipe.json recipe.json + +# only build dependencies with cargo-chef +RUN cargo chef cook --release --recipe-path recipe.json + +# now copy the actual source code +COPY . . -# Copy workspace root Cargo files -COPY Cargo.toml Cargo.lock ./ - -# Copy all Cargo.toml files from workspace members -# This allows Cargo to resolve dependencies without source -COPY fault-proof/Cargo.toml ./fault-proof/ -COPY utils/client/Cargo.toml ./utils/client/ -COPY utils/host/Cargo.toml ./utils/host/ -COPY utils/build/Cargo.toml ./utils/build/ -COPY utils/celestia/client/Cargo.toml ./utils/celestia/client/ -COPY utils/celestia/host/Cargo.toml ./utils/celestia/host/ -COPY utils/eigenda/client/Cargo.toml ./utils/eigenda/client/ -COPY utils/eigenda/host/Cargo.toml ./utils/eigenda/host/ -COPY utils/proof/Cargo.toml ./utils/proof/ -COPY utils/signer/Cargo.toml ./utils/signer/ -COPY utils/ethereum/client/Cargo.toml ./utils/ethereum/client/ -COPY utils/ethereum/host/Cargo.toml ./utils/ethereum/host/ -COPY utils/elfs/Cargo.toml ./utils/elfs/ -COPY programs/range/ethereum/Cargo.toml ./programs/range/ethereum/ -COPY programs/range/celestia/Cargo.toml ./programs/range/celestia/ -COPY programs/range/eigenda/Cargo.toml ./programs/range/eigenda/ -COPY programs/range/utils/Cargo.toml ./programs/range/utils/ -COPY programs/aggregation/Cargo.toml ./programs/aggregation/ -COPY scripts/prove/Cargo.toml ./scripts/prove/ -COPY scripts/utils/Cargo.toml ./scripts/utils/ -COPY validity/Cargo.toml ./validity/ -COPY bindings/Cargo.toml ./bindings/ - -# Copy elf binaries needed by utils/elfs at compile time (needed before building) -COPY elf/ ./elf/ - -# Create dummy source files to satisfy Cargo's dependency resolution -# This allows us to download and compile dependencies without the actual source -RUN mkdir -p fault-proof/src fault-proof/bin && \ - mkdir -p utils/client/src utils/host/src utils/build/src && \ - mkdir -p utils/celestia/client/src utils/celestia/host/src && \ - mkdir -p utils/eigenda/client/src utils/eigenda/host/src && \ - mkdir -p utils/proof/src utils/signer/src && \ - mkdir -p utils/ethereum/client/src utils/ethereum/host/src && \ - mkdir -p utils/elfs/src && \ - mkdir -p programs/range/ethereum/src programs/range/celestia/src && \ - mkdir -p programs/range/eigenda/src programs/range/utils/src && \ - mkdir -p programs/aggregation/src && \ - mkdir -p scripts/prove/src scripts/utils/src && \ - mkdir -p validity/src bindings/src && \ - echo "fn main() {}" > fault-proof/bin/proposer.rs && \ - echo "fn main() {}" > fault-proof/bin/challenger.rs && \ - echo "" > fault-proof/src/lib.rs && \ - echo "" > utils/client/src/lib.rs && \ - echo "" > utils/host/src/lib.rs && \ - echo "" > utils/build/src/lib.rs && \ - echo "" > utils/celestia/client/src/lib.rs && \ - echo "" > utils/celestia/host/src/lib.rs && \ - echo "" > utils/eigenda/client/src/lib.rs && \ - echo "" > utils/eigenda/host/src/lib.rs && \ - echo "" > utils/proof/src/lib.rs && \ - echo "" > utils/signer/src/lib.rs && \ - echo "" > utils/ethereum/client/src/lib.rs && \ - echo "" > utils/ethereum/host/src/lib.rs && \ - echo "" > utils/elfs/src/lib.rs && \ - echo "" > programs/range/ethereum/src/lib.rs && \ - echo "" > programs/range/celestia/src/lib.rs && \ - echo "" > programs/range/eigenda/src/lib.rs && \ - echo "" > programs/range/utils/src/lib.rs && \ - echo "" > programs/aggregation/src/lib.rs && \ - echo "" > scripts/prove/src/lib.rs && \ - echo "" > scripts/utils/src/lib.rs && \ - echo "" > validity/src/lib.rs && \ - echo "" > bindings/src/lib.rs - -# Download and compile dependencies (this layer will be cached if Cargo.toml/Cargo.lock don't change) -# Use BuildKit cache mounts for faster Cargo operations -# The || true allows this to fail gracefully since we have dummy source files -RUN --mount=type=cache,target=/usr/local/cargo/registry \ - --mount=type=cache,target=/usr/local/cargo/git \ - cargo build --release --bin challenger --features eigenda || true - -# Now copy the actual source code -COPY fault-proof/src ./fault-proof/src -COPY fault-proof/bin ./fault-proof/bin -COPY utils/ ./utils/ -COPY programs/ ./programs/ -COPY scripts/ ./scripts/ -COPY validity/src ./validity/src -COPY bindings/src ./bindings/src - -# Build the actual binary (only rebuilds if source changed) -# Use BuildKit cache mounts for faster builds -RUN --mount=type=cache,target=/usr/local/cargo/registry \ - --mount=type=cache,target=/usr/local/cargo/git \ - cargo build --release --bin challenger --features eigenda +# build +RUN cargo build --release --bin challenger --features eigenda # Runtime stage (minimal image - only runtime dependencies) FROM debian:trixie-slim diff --git a/fault-proof/Dockerfile.proposer.celo b/fault-proof/Dockerfile.proposer.celo index 9ed407c9e..621c0e448 100644 --- a/fault-proof/Dockerfile.proposer.celo +++ b/fault-proof/Dockerfile.proposer.celo @@ -19,102 +19,33 @@ RUN curl -L https://sp1.succinct.xyz | bash && \ ~/.sp1/bin/sp1up && \ ~/.sp1/bin/cargo-prove prove --version +RUN cargo install cargo-chef + +# Construct the project skeleton dynamically with +# cargo-chef (in order to cache dependency builds later) +FROM base AS planner + +COPY . . + +RUN cargo chef prepare --recipe-path recipe.json + +RUN cat recipe.json + +# build dependencies and binary FROM base AS builder -WORKDIR /app +# import the skeleton recipe +COPY --from=planner /app/recipe.json recipe.json + +# only build dependencies with cargo-chef +RUN cargo chef cook --release --recipe-path recipe.json + +# now copy the actual source code +COPY . . -# Copy workspace root Cargo files -COPY Cargo.toml Cargo.lock ./ - -# Copy all Cargo.toml files from workspace members -# This allows Cargo to resolve dependencies without source -COPY fault-proof/Cargo.toml ./fault-proof/ -COPY utils/client/Cargo.toml ./utils/client/ -COPY utils/host/Cargo.toml ./utils/host/ -COPY utils/build/Cargo.toml ./utils/build/ -COPY utils/celestia/client/Cargo.toml ./utils/celestia/client/ -COPY utils/celestia/host/Cargo.toml ./utils/celestia/host/ -COPY utils/eigenda/client/Cargo.toml ./utils/eigenda/client/ -COPY utils/eigenda/host/Cargo.toml ./utils/eigenda/host/ -COPY utils/proof/Cargo.toml ./utils/proof/ -COPY utils/signer/Cargo.toml ./utils/signer/ -COPY utils/ethereum/client/Cargo.toml ./utils/ethereum/client/ -COPY utils/ethereum/host/Cargo.toml ./utils/ethereum/host/ -COPY utils/elfs/Cargo.toml ./utils/elfs/ -COPY programs/range/ethereum/Cargo.toml ./programs/range/ethereum/ -COPY programs/range/celestia/Cargo.toml ./programs/range/celestia/ -COPY programs/range/eigenda/Cargo.toml ./programs/range/eigenda/ -COPY programs/range/utils/Cargo.toml ./programs/range/utils/ -COPY programs/aggregation/Cargo.toml ./programs/aggregation/ -COPY scripts/prove/Cargo.toml ./scripts/prove/ -COPY scripts/utils/Cargo.toml ./scripts/utils/ -COPY validity/Cargo.toml ./validity/ -COPY bindings/Cargo.toml ./bindings/ - -# Copy elf binaries needed by utils/elfs at compile time (needed before building) -COPY elf/ ./elf/ - -# Create dummy source files to satisfy Cargo's dependency resolution -# This allows us to download and compile dependencies without the actual source -RUN mkdir -p fault-proof/src fault-proof/bin && \ - mkdir -p utils/client/src utils/host/src utils/build/src && \ - mkdir -p utils/celestia/client/src utils/celestia/host/src && \ - mkdir -p utils/eigenda/client/src utils/eigenda/host/src && \ - mkdir -p utils/proof/src utils/signer/src && \ - mkdir -p utils/ethereum/client/src utils/ethereum/host/src && \ - mkdir -p utils/elfs/src && \ - mkdir -p programs/range/ethereum/src programs/range/celestia/src && \ - mkdir -p programs/range/eigenda/src programs/range/utils/src && \ - mkdir -p programs/aggregation/src && \ - mkdir -p scripts/prove/src scripts/utils/src && \ - mkdir -p validity/src bindings/src && \ - echo "fn main() {}" > fault-proof/bin/proposer.rs && \ - echo "fn main() {}" > fault-proof/bin/challenger.rs && \ - echo "" > fault-proof/src/lib.rs && \ - echo "" > utils/client/src/lib.rs && \ - echo "" > utils/host/src/lib.rs && \ - echo "" > utils/build/src/lib.rs && \ - echo "" > utils/celestia/client/src/lib.rs && \ - echo "" > utils/celestia/host/src/lib.rs && \ - echo "" > utils/eigenda/client/src/lib.rs && \ - echo "" > utils/eigenda/host/src/lib.rs && \ - echo "" > utils/proof/src/lib.rs && \ - echo "" > utils/signer/src/lib.rs && \ - echo "" > utils/ethereum/client/src/lib.rs && \ - echo "" > utils/ethereum/host/src/lib.rs && \ - echo "" > utils/elfs/src/lib.rs && \ - echo "" > programs/range/ethereum/src/lib.rs && \ - echo "" > programs/range/celestia/src/lib.rs && \ - echo "" > programs/range/eigenda/src/lib.rs && \ - echo "" > programs/range/utils/src/lib.rs && \ - echo "" > programs/aggregation/src/lib.rs && \ - echo "" > scripts/prove/src/lib.rs && \ - echo "" > scripts/utils/src/lib.rs && \ - echo "" > validity/src/lib.rs && \ - echo "" > bindings/src/lib.rs - -# Download and compile dependencies (this layer will be cached if Cargo.toml/Cargo.lock don't change) -# Use BuildKit cache mounts for faster Cargo operations -# The || true allows this to fail gracefully since we have dummy source files -RUN --mount=type=cache,target=/usr/local/cargo/registry \ - --mount=type=cache,target=/usr/local/cargo/git \ - cargo build --release --bin proposer --features eigenda || true - -# Now copy the actual source code -COPY fault-proof/src ./fault-proof/src -COPY fault-proof/bin ./fault-proof/bin -COPY utils/ ./utils/ -COPY programs/ ./programs/ -COPY scripts/ ./scripts/ -COPY validity/src ./validity/src -COPY bindings/src ./bindings/src - -# Build the actual binary (only rebuilds if source changed) -# Use BuildKit cache mounts for faster builds -RUN --mount=type=cache,target=/usr/local/cargo/registry \ - --mount=type=cache,target=/usr/local/cargo/git \ - cargo build --release --bin proposer --features eigenda +# incrementally build the +RUN cargo build --release --bin proposer --features eigenda # Runtime stage (minimal image - only runtime dependencies) FROM debian:trixie-slim From 2de1258c54cb0785c053b43b0fffd598a441d940 Mon Sep 17 00:00:00 2001 From: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Date: Wed, 7 Jan 2026 14:41:58 +0100 Subject: [PATCH 4/5] chore: force a local rebuild, while keeping deps the same --- fault-proof/src/challenger.rs | 1 + fault-proof/src/proposer.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/fault-proof/src/challenger.rs b/fault-proof/src/challenger.rs index 8e2e54dea..4af050748 100644 --- a/fault-proof/src/challenger.rs +++ b/fault-proof/src/challenger.rs @@ -66,6 +66,7 @@ where /// cached state, and then handles challenging, resolution, and bond-claiming tasks. pub async fn run(&mut self) -> Result<()> { tracing::info!("OP Succinct Lite Challenger running..."); + tracing::debug!("... and running..."); if self.config.disable_monitor_only { if self.config.malicious_challenge_percentage > 0.0 { tracing::warn!( diff --git a/fault-proof/src/proposer.rs b/fault-proof/src/proposer.rs index b02e21013..7a3cc9fc9 100644 --- a/fault-proof/src/proposer.rs +++ b/fault-proof/src/proposer.rs @@ -215,6 +215,7 @@ where /// Runs the proposer indefinitely. pub async fn run(self: Arc) -> Result<()> { tracing::info!("OP Succinct Proposer running..."); + tracing::debug!("... and running..."); let mut interval = time::interval(Duration::from_secs(self.config.fetch_interval)); // Spawn a dedicated task for continuous metrics collection From 60bb792daf2b186aed75e5af8cb7842737a3979a Mon Sep 17 00:00:00 2001 From: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Date: Wed, 7 Jan 2026 16:22:19 +0100 Subject: [PATCH 5/5] chore: try out --features flag for chef commands --- fault-proof/Dockerfile.challenger.celo | 4 ++-- fault-proof/Dockerfile.proposer.celo | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fault-proof/Dockerfile.challenger.celo b/fault-proof/Dockerfile.challenger.celo index d5603e023..fec5fb3e9 100644 --- a/fault-proof/Dockerfile.challenger.celo +++ b/fault-proof/Dockerfile.challenger.celo @@ -28,7 +28,7 @@ FROM base AS planner COPY . . -RUN cargo chef prepare --recipe-path recipe.json +RUN cargo chef prepare --bin challenger --recipe-path recipe.json RUN cat recipe.json @@ -39,7 +39,7 @@ FROM base AS builder COPY --from=planner /app/recipe.json recipe.json # only build dependencies with cargo-chef -RUN cargo chef cook --release --recipe-path recipe.json +RUN cargo chef cook --release --features eigenda --bin challenger --recipe-path recipe.json # now copy the actual source code COPY . . diff --git a/fault-proof/Dockerfile.proposer.celo b/fault-proof/Dockerfile.proposer.celo index 621c0e448..ca068693d 100644 --- a/fault-proof/Dockerfile.proposer.celo +++ b/fault-proof/Dockerfile.proposer.celo @@ -28,7 +28,7 @@ FROM base AS planner COPY . . -RUN cargo chef prepare --recipe-path recipe.json +RUN cargo chef prepare --bin proposer --recipe-path recipe.json RUN cat recipe.json @@ -39,7 +39,7 @@ FROM base AS builder COPY --from=planner /app/recipe.json recipe.json # only build dependencies with cargo-chef -RUN cargo chef cook --release --recipe-path recipe.json +RUN cargo chef cook --release --features eigenda --bin proposer --recipe-path recipe.json # now copy the actual source code COPY . .