From 0eeb7af7ebd564dbc0094782048e4d033dc739b4 Mon Sep 17 00:00:00 2001 From: Emmo00 Date: Mon, 22 Dec 2025 17:41:56 +0100 Subject: [PATCH 1/6] chore: enhance Docker build workflow with cache and disk space optimizations --- .github/workflows/build-images.yml | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index de78d20..a8c81aa 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -24,6 +24,19 @@ jobs: - name: Checkout repository uses: actions/checkout@v5 + # Free up ~15-30 GB by removing unused pre-installed tools/packages + - name: Free disk space + uses: jlumbroso/free-disk-space@main # Reliable community action (or endersonmenezes/free-disk-space@v3) + with: + tool-cache: true + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: true + swap-storage: true + + # Multi-platform setup - name: Set up QEMU uses: docker/setup-qemu-action@v3 with: @@ -32,6 +45,7 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + # Login only on push - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v3 @@ -40,7 +54,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # Build and push Prover image (energy-tracker) + # Prover image (energy-tracker) - name: Extract metadata for Prover image id: meta-prover uses: docker/metadata-action@v5 @@ -55,16 +69,18 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-prover.outputs.tags }} labels: ${{ steps.meta-prover.outputs.labels }} + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache,mode=max - name: Generate attestation for Prover image if: github.event_name != 'pull_request' uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} - subject-digest: ${{ steps.build-and-push-prover.outputs.digest }} + subject-digest: ${{ steps.docker_build_prover.outputs.digest }} push-to-registry: true - # Build and push Streamr client image + # Streamr client image - name: Extract metadata for Streamr client image id: meta-streamr uses: docker/metadata-action@v5 @@ -79,11 +95,13 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta-streamr.outputs.tags }} labels: ${{ steps.meta-streamr.outputs.labels }} + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache,mode=max - name: Generate attestation for Streamr client image if: github.event_name != 'pull_request' uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} - subject-digest: ${{ steps.build-and-push-streamr.outputs.digest }} - push-to-registry: true + subject-digest: ${{ steps.docker_build_streamr.outputs.digest }} + push-to-registry: true \ No newline at end of file From 8f20f82a400b73ff79de6b29801efdd23f7ebb59 Mon Sep 17 00:00:00 2001 From: Emmo00 Date: Mon, 22 Dec 2025 18:00:43 +0100 Subject: [PATCH 2/6] chore: normalize Docker image names and streamline environment variable setup --- .github/workflows/build-images.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index a8c81aa..cadd17a 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -8,8 +8,6 @@ on: env: REGISTRY: ghcr.io - PROVER_IMAGE_NAME: ${{ github.repository }} - STREAMR_IMAGE_NAME: ${{ github.repository }}/streamr-client jobs: build-and-push-images: @@ -24,9 +22,14 @@ jobs: - name: Checkout repository uses: actions/checkout@v5 + - name: Normalize image names + run: | + echo "PROVER_IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV + echo "STREAMR_IMAGE_NAME=${GITHUB_REPOSITORY,,}/streamr-client" >> $GITHUB_ENV + # Free up ~15-30 GB by removing unused pre-installed tools/packages - name: Free disk space - uses: jlumbroso/free-disk-space@main # Reliable community action (or endersonmenezes/free-disk-space@v3) + uses: jlumbroso/free-disk-space@main with: tool-cache: true android: true @@ -62,6 +65,7 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} - name: Build and push Prover image + id: docker_build_prover uses: docker/build-push-action@v6 with: context: . @@ -88,6 +92,7 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} - name: Build and push Streamr client image + id: docker_build_streamr uses: docker/build-push-action@v6 with: context: ./streamr-client From 0e38aad2c6b7552626ed10e00a294211c4abb879 Mon Sep 17 00:00:00 2001 From: Godwin Date: Mon, 22 Dec 2025 22:29:31 +0100 Subject: [PATCH 3/6] refactore reduce logic --- .github/workflows/build-images.yml | 113 ++++++++++++----------------- lib/src/lib.rs | 17 ++--- 2 files changed, 53 insertions(+), 77 deletions(-) diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index cadd17a..57771e0 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -2,111 +2,88 @@ name: Build and publish Docker images for Energy Tracker on: push: - branches: [ "staging", "main" ] - pull_request: - branches: [ "staging", "main" ] + branches: [ "staging" ] env: REGISTRY: ghcr.io + PROVER_IMAGE_NAME: ${{ github.repository }} + STREAMR_IMAGE_NAME: ${{ github.repository }}/streamr-client + jobs: - build-and-push-images: + build-and-push-prover-image: runs-on: ubuntu-latest permissions: contents: read packages: write attestations: write id-token: write - steps: - name: Checkout repository uses: actions/checkout@v5 - - - name: Normalize image names - run: | - echo "PROVER_IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - echo "STREAMR_IMAGE_NAME=${GITHUB_REPOSITORY,,}/streamr-client" >> $GITHUB_ENV - - # Free up ~15-30 GB by removing unused pre-installed tools/packages - - name: Free disk space - uses: jlumbroso/free-disk-space@main - with: - tool-cache: true - android: true - dotnet: true - haskell: true - large-packages: true - docker-images: true - swap-storage: true - - # Multi-platform setup - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: arm64 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # Login only on push - - name: Log in to GitHub Container Registry + - name: Log in to the Container registry if: github.event_name != 'pull_request' - uses: docker/login-action@v3 + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - # Prover image (energy-tracker) - - name: Extract metadata for Prover image - id: meta-prover - uses: docker/metadata-action@v5 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: images: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} - - - name: Build and push Prover image - id: docker_build_prover - uses: docker/build-push-action@v6 + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 with: context: . - platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta-prover.outputs.tags }} - labels: ${{ steps.meta-prover.outputs.labels }} - cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache,mode=max - - - name: Generate attestation for Prover image + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + - name: Generate artifact attestation if: github.event_name != 'pull_request' uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} - subject-digest: ${{ steps.docker_build_prover.outputs.digest }} + subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true - # Streamr client image - - name: Extract metadata for Streamr client image - id: meta-streamr - uses: docker/metadata-action@v5 + build-and-push-streamr-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v5 + - name: Log in to the Container registry + if: github.event_name != 'pull_request' + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: images: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} - - - name: Build and push Streamr client image - id: docker_build_streamr - uses: docker/build-push-action@v6 + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 with: context: ./streamr-client - platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta-streamr.outputs.tags }} - labels: ${{ steps.meta-streamr.outputs.labels }} - cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache,mode=max - - - name: Generate attestation for Streamr client image + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation if: github.event_name != 'pull_request' uses: actions/attest-build-provenance@v3 with: subject-name: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} - subject-digest: ${{ steps.docker_build_streamr.outputs.digest }} + subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true \ No newline at end of file diff --git a/lib/src/lib.rs b/lib/src/lib.rs index 964d332..3fc5354 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -200,22 +200,21 @@ pub fn track_energy( let mut energy_sum = 0u64; for payload in m3ter_payloads { println!("nonce {}, payload nonce {}", nonce, payload.nonce); - if !m3ter.validate_payload(payload, verifying_key) { - println!("Invalid payload: {:?}", payload); - break; - }; + if nonce >= payload.nonce { + continue; + } if nonce + 1 != payload.nonce { println!( "Invalid nonce: {} not consercutive to {} for m3ter_id {}", &nonce, &payload.nonce, &m3ter.m3ter_id ); - nonce = if nonce < payload.nonce { - nonce - } else { - payload.nonce - }; break; } + if !m3ter.validate_payload(payload, verifying_key) { + println!("Invalid payload: {:?}", payload); + break; + }; + nonce = payload.nonce; energy_sum += payload.energy; println!( From 67214993b9d3b3d28fde269d6874954a38ba6b61 Mon Sep 17 00:00:00 2001 From: Godwin Date: Mon, 22 Dec 2025 22:30:34 +0100 Subject: [PATCH 4/6] add main to job watch --- .github/workflows/build-images.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 57771e0..04852b9 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -2,7 +2,7 @@ name: Build and publish Docker images for Energy Tracker on: push: - branches: [ "staging" ] + branches: [ "main", "staging" ] env: REGISTRY: ghcr.io From 7b97f7aaad8b5ea3ad10da35fe6f097c36574da6 Mon Sep 17 00:00:00 2001 From: Emmo00 Date: Mon, 22 Dec 2025 23:16:00 +0100 Subject: [PATCH 5/6] chore: refactor Docker build workflow to support multi-architecture images and streamline image name normalization --- .github/workflows/build-images.yml | 194 ++++++++++++++++++++--------- 1 file changed, 137 insertions(+), 57 deletions(-) diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml index 04852b9..06a17ae 100644 --- a/.github/workflows/build-images.yml +++ b/.github/workflows/build-images.yml @@ -2,88 +2,168 @@ name: Build and publish Docker images for Energy Tracker on: push: - branches: [ "main", "staging" ] + branches: [ "staging", "main" ] + pull_request: + branches: [ "staging", "main" ] env: REGISTRY: ghcr.io - PROVER_IMAGE_NAME: ${{ github.repository }} - STREAMR_IMAGE_NAME: ${{ github.repository }}/streamr-client +permissions: + contents: read + packages: write + attestations: write + id-token: write jobs: - build-and-push-prover-image: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write + build-platform: + strategy: + matrix: + include: + - platform: linux/amd64 + runner: ubuntu-latest + arch: amd64 + - platform: linux/arm64 + runner: ubuntu-24.04-arm + arch: arm64 + + runs-on: ${{ matrix.runner }} + steps: - name: Checkout repository uses: actions/checkout@v5 - - name: Log in to the Container registry + + - name: Normalize image names + run: | + echo "PROVER_IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV + echo "STREAMR_IMAGE_NAME=${GITHUB_REPOSITORY,,}/streamr-client" >> $GITHUB_ENV + + - name: Free disk space + uses: jlumbroso/free-disk-space@main + with: + tool-cache: true + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: true + swap-storage: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to GitHub Container Registry if: github.event_name != 'pull_request' - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} - - name: Build and push Docker image - id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + + # Prover image - push by digest with repository name + - name: Build Prover image (single platform) + id: build-prover + uses: docker/build-push-action@v6 with: context: . + platforms: ${{ matrix.platform }} + push: ${{ github.event_name != 'pull_request' }} + outputs: type=image,name=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }},push-by-digest=true + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache-${{ matrix.arch }} + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}:buildcache-${{ matrix.arch }},mode=max + + # Streamr client image - push by digest with repository name + - name: Build Streamr client image (single platform) + id: build-streamr + uses: docker/build-push-action@v6 + with: + context: ./streamr-client + platforms: ${{ matrix.platform }} push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - name: Generate artifact attestation + outputs: type=image,name=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }},push-by-digest=true + cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache-${{ matrix.arch }} + cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}:buildcache-${{ matrix.arch }},mode=max + + - name: Save digests to files + if: github.event_name != 'pull_request' + run: | + echo ${{ steps.build-prover.outputs.digest }} > digests-${{ matrix.arch }}-prover-digest.txt + echo ${{ steps.build-streamr.outputs.digest }} > digests-${{ matrix.arch }}-streamr-digest.txt + + - name: Upload digests artifact if: github.event_name != 'pull_request' - uses: actions/attest-build-provenance@v3 + uses: actions/upload-artifact@v4 with: - subject-name: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true + name: digests-${{ matrix.arch }} + path: | + digests-${{ matrix.arch }}-prover-digest.txt + digests-${{ matrix.arch }}-streamr-digest.txt - build-and-push-streamr-image: + create-manifests: + needs: build-platform + if: github.event_name != 'pull_request' runs-on: ubuntu-latest - permissions: - contents: read - packages: write - attestations: write - id-token: write + steps: - - name: Checkout repository - uses: actions/checkout@v5 - - name: Log in to the Container registry - if: github.event_name != 'pull_request' - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + - name: Normalize image names + run: | + echo "PROVER_IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV + echo "STREAMR_IMAGE_NAME=${GITHUB_REPOSITORY,,}/streamr-client" >> $GITHUB_ENV + + - name: Download all digests + uses: actions/download-artifact@v4 + with: + pattern: digests-* + merge-multiple: true + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} - - name: Build and push Docker image - id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Extract metadata for Prover image + id: meta-prover + uses: docker/metadata-action@v5 with: - context: ./streamr-client - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - - name: Generate artifact attestation - if: github.event_name != 'pull_request' - uses: actions/attest-build-provenance@v3 + images: ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }} + + - name: Create multi-arch manifest for Prover + run: | + AMD64_DIGEST=$(cat digests-amd64-prover-digest.txt) + ARM64_DIGEST=$(cat digests-arm64-prover-digest.txt) + echo AMD64_DIGEST=$AMD64_DIGEST + echo ARM64_DIGEST=$ARM64_DIGEST + TAGS=(${{ steps.meta-prover.outputs.tags }}) + TAG_ARGS="" + for tag in "${TAGS[@]}"; do + TAG_ARGS="$TAG_ARGS --tag $tag" + done + docker buildx imagetools create $TAG_ARGS \ + ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}@$AMD64_DIGEST \ + ${{ env.REGISTRY }}/${{ env.PROVER_IMAGE_NAME }}@$ARM64_DIGEST + + - name: Extract metadata for Streamr client image + id: meta-streamr + uses: docker/metadata-action@v5 with: - subject-name: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true \ No newline at end of file + images: ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }} + + - name: Create multi-arch manifest for Streamr client + run: | + AMD64_DIGEST=$(cat digests-amd64-streamr-digest.txt) + ARM64_DIGEST=$(cat digests-arm64-streamr-digest.txt) + echo AMD64_DIGEST=$AMD64_DIGEST + echo ARM64_DIGEST=$ARM64_DIGEST + TAGS=(${{ steps.meta-streamr.outputs.tags }}) + TAG_ARGS="" + for tag in "${TAGS[@]}"; do + TAG_ARGS="$TAG_ARGS --tag $tag" + done + docker buildx imagetools create $TAG_ARGS \ + ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}@$AMD64_DIGEST \ + ${{ env.REGISTRY }}/${{ env.STREAMR_IMAGE_NAME }}@$ARM64_DIGEST From 1648b6b586e146ce1888a546f7536ddb83e73cf3 Mon Sep 17 00:00:00 2001 From: Emmo00 Date: Mon, 22 Dec 2025 23:23:41 +0100 Subject: [PATCH 6/6] ... --- .vscode/settings.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.vscode/settings.json b/.vscode/settings.json index 617034b..a35f9f7 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -34,4 +34,10 @@ "editor.formatOnSave": true, "editor.hover.enabled": "on" }, + "cSpell.words": [ + "buildcache", + "Buildx", + "imagetools", + "jlumbroso" + ], } \ No newline at end of file