victoryeo is building zeto smart contracts #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: zeto | |
| run-name: ${{ github.actor }} is building zeto smart contracts | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "v*" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| actions: write | |
| checks: write | |
| contents: write | |
| deployments: write | |
| id-token: write | |
| issues: write | |
| discussions: write | |
| packages: write | |
| pages: write | |
| pull-requests: write | |
| repository-projects: write | |
| security-events: write | |
| statuses: write | |
| defaults: | |
| run: | |
| working-directory: ./ | |
| jobs: | |
| circom-build-circuit: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: install circom | |
| run: | | |
| pwd | |
| curl --proto '=https' --tlsv1.2 https://sh.rustup.rs -sSf | sh -s -- -y | |
| git clone https://github.com/iden3/circom.git | |
| cd circom | |
| cargo build --release | |
| cargo install --path circom | |
| - name: run circom | |
| run: circom --help | |
| - name: install snarkjs | |
| run: npm install -g snarkjs@latest | |
| - name: install zeto | |
| run: | | |
| git clone https://github.com/victoryeo/zeto.git | |
| ls -al | |
| cd zeto | |
| cd zkp/circuits | |
| npm install | |
| cd .. | |
| circom circuits/anon_enc_nullifier.circom --output ./js/lib --sym --wasm | |
| circom circuits/anon_enc.circom --output ./js/lib --sym --wasm | |
| circom circuits/anon_nullifier.circom --output ./js/lib --sym --wasm | |
| circom circuits/anon.circom --output ./js/lib --sym --wasm | |
| circom circuits/check-nullifiers.circom --output ./js/lib --sym --wasm | |
| circom circuits/nf_anon_nullifier.circom --output ./js/lib --sym --wasm | |
| circom circuits/nf_anon.circom --output ./js/lib --sym --wasm | |
| - name: create folder | |
| run: mkdir -p ./zeto/proving-keys | |
| - name: current folder | |
| run: pwd | |
| - name: list files | |
| run: ls -la | |
| - name: download ptau | |
| run: | | |
| cd zeto | |
| cd proving-keys | |
| wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_12.ptau | |
| wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_13.ptau | |
| wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_16.ptau | |
| wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_11.ptau | |
| wget -nv https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_15.ptau | |
| - name: generate R1CS circuit format | |
| run: | | |
| cd zeto | |
| cd zkp/ | |
| pwd | |
| ls -la | |
| ls circuits -la | |
| circom circuits/anon_enc_nullifier.circom --output ../proving-keys --r1cs | |
| circom circuits/anon_enc.circom --output ../proving-keys --r1cs | |
| circom circuits/anon_nullifier.circom --output ../proving-keys --r1cs | |
| circom circuits/anon.circom --output ../proving-keys --r1cs | |
| circom circuits/check-nullifiers.circom --output ../proving-keys --r1cs | |
| circom circuits/nf_anon_nullifier.circom --output ../proving-keys --r1cs | |
| circom circuits/nf_anon.circom --output ../proving-keys --r1cs | |
| ls ../proving-keys -la | |
| - name: generate proving keys | |
| run: | | |
| cd zeto | |
| cd zkp/ | |
| snarkjs groth16 setup ../proving-keys/anon.r1cs ../proving-keys/powersOfTau28_hez_final_12.ptau ../proving-keys/anon.zkey | |
| snarkjs groth16 setup ../proving-keys/anon_enc.r1cs ../proving-keys/powersOfTau28_hez_final_13.ptau ../proving-keys/anon_enc.zkey | |
| snarkjs groth16 setup ../proving-keys/anon_nullifier.r1cs ../proving-keys/powersOfTau28_hez_final_16.ptau ../proving-keys/anon_nullifier.zkey | |
| snarkjs groth16 setup ../proving-keys/anon_enc_nullifier.r1cs ../proving-keys/powersOfTau28_hez_final_16.ptau ../proving-keys/anon_enc_nullifier.zkey | |
| snarkjs groth16 setup ../proving-keys/nf_anon.r1cs ../proving-keys/powersOfTau28_hez_final_11.ptau ../proving-keys/nf_anon.zkey | |
| snarkjs groth16 setup ../proving-keys/nf_anon_nullifier.r1cs ../proving-keys/powersOfTau28_hez_final_15.ptau ../proving-keys/nf_anon_nullifier.zkey | |
| - name: per-circuit set up ceremony on proving keys | |
| run: | | |
| cd zeto | |
| cd zkp/ | |
| snarkjs zkey contribute ../proving-keys/anon.zkey ../proving-keys/anon_new.zkey --name="contribution" -v -e="random entropy" | |
| snarkjs zkey contribute ../proving-keys/anon_enc.zkey ../proving-keys/anon_enc_new.zkey --name="contribution" -v -e="random entropy" | |
| snarkjs zkey contribute ../proving-keys/anon_nullifier.zkey ../proving-keys/anon_nullifier_new.zkey --name="contribution" -v -e="random entropy" | |
| snarkjs zkey contribute ../proving-keys/anon_enc_nullifier.zkey ../proving-keys/anon_enc_nullifier_new.zkey --name="contribution" -v -e="random entropy" | |
| snarkjs zkey contribute ../proving-keys/nf_anon.zkey ../proving-keys/nf_anon_new.zkey --name="contribution" -v -e="random entropy" | |
| snarkjs zkey contribute ../proving-keys/nf_anon_nullifier.zkey ../proving-keys/nf_anon_nullifier_new.zkey --name="contribution" -v -e="random entropy" | |
| - name: generate verfication keys | |
| run: | | |
| cd zeto | |
| cd zkp/ | |
| snarkjs zkey export verificationkey ../proving-keys/anon_new.zkey ../proving-keys/anon-vkey.json | |
| snarkjs zkey export verificationkey ../proving-keys/anon_enc_new.zkey ../proving-keys/anon_enc-vkey.json | |
| snarkjs zkey export verificationkey ../proving-keys/anon_nullifier_new.zkey ../proving-keys/anon_nullifier-vkey.json | |
| snarkjs zkey export verificationkey ../proving-keys/anon_enc_nullifier_new.zkey ../proving-keys/anon_enc_nullifier-vkey.json | |
| snarkjs zkey export verificationkey ../proving-keys/nf_anon_new.zkey ../proving-keys/nf_anon-vkey.json | |
| snarkjs zkey export verificationkey ../proving-keys/nf_anon_nullifier_new.zkey ../proving-keys/nf_anon_nullifier-vkey.json | |
| - name: generate solidity verifier library | |
| run: | | |
| mkdir -p ./zeto/contracts-lib | |
| cd zeto | |
| cd zkp/ | |
| snarkjs zkey export solidityverifier ../proving-keys/anon_new.zkey ../contracts-lib/verifier_anon.sol | |
| snarkjs zkey export solidityverifier ../proving-keys/anon_enc_new.zkey ../contracts-lib/verifier_anon_enc.sol | |
| snarkjs zkey export solidityverifier ../proving-keys/anon_nullifier_new.zkey ../contracts-lib/verifier_anon_nullifier.sol | |
| snarkjs zkey export solidityverifier ../proving-keys/anon_enc_nullifier_new.zkey ../contracts-lib/verifier_anon_enc_nullifier.sol | |
| snarkjs zkey export solidityverifier ../proving-keys/nf_anon_new.zkey ../contracts-lib/verifier_nf_anon.sol | |
| snarkjs zkey export solidityverifier ../proving-keys/nf_anon_nullifier_new.zkey ../contracts-lib/verifier_nf_anon_nullifier.sol | |
| ls ../proving-keys -la | |
| ls ../contracts-lib -la | |
| - name: edit solidity files | |
| run: | | |
| cd zeto | |
| cd contracts-lib | |
| sed 's/Groth16Verifier/Groth16Verifier_Anon/' verifier_anon.sol > ../solidity/contracts/lib/verifier_anon.sol | |
| sed 's/Groth16Verifier/Groth16Verifier_AnonEnc/' verifier_anon_enc.sol > ../solidity/contracts/lib/verifier_anon_enc.sol | |
| sed 's/Groth16Verifier/Groth16Verifier_AnonNullifier/' verifier_anon_nullifier.sol > ../solidity/contracts/lib/verifier_anon_nullifier.sol | |
| sed 's/Groth16Verifier/Groth16Verifier_AnonEncNullifier/' verifier_anon_enc_nullifier.sol > ../solidity/contracts/lib/verifier_anon_enc_nullifier.sol | |
| sed 's/Groth16Verifier/Groth16Verifier_NFAnon/' verifier_nf_anon.sol > ../solidity/contracts/lib/verifier_nf_anon.sol | |
| sed 's/Groth16Verifier/Groth16Verifier_NFAnonNullifier/' verifier_nf_anon_nullifier.sol > ../solidity/contracts/lib/verifier_nf_anon_nullifier.sol | |
| - name: list files | |
| run: | | |
| pwd | |
| ls -la | |
| ls -la zeto | |
| ls -la zeto/solidity | |
| - name: Install YQ | |
| uses: alexellis/arkade-get@master | |
| with: | |
| print-summary: false | |
| yq: latest | |
| - name: Build the subgraph | |
| run: | | |
| if [ ! -d "subgraph" ] || [ -z "$(ls -A subgraph)" ]; then | |
| echo "Subgraph directory is missing or empty" | |
| exit 0 | |
| fi | |
| npx graph-compiler --config subgraph/subgraph.config.json --include node_modules/@openzeppelin/subgraphs/src/datasources subgraph/datasources --export-schema --export-subgraph | |
| yq -i e '.specVersion = "1.2.0"' generated/scs.subgraph.yaml | |
| yq -i e '.features = ["nonFatalErrors", "fullTextSearch", "ipfsOnEthereumContracts"]' generated/scs.subgraph.yaml | |
| yq -i e '.dataSources[].mapping.apiVersion = "0.0.7"' generated/scs.subgraph.yaml | |
| yq -i e '.dataSources[].network = "localhost"' generated/scs.subgraph.yaml | |
| yq -i e '.templates[].mapping.apiVersion = "0.0.7"' generated/scs.subgraph.yaml | |
| yq -i e '.templates[].network = "localhost"' generated/scs.subgraph.yaml | |
| npx graph codegen generated/scs.subgraph.yaml | |
| npx graph build generated/scs.subgraph.yaml | |
| - name: Report code coverage | |
| if: github.event_name == 'pull_request' | |
| uses: zgosalvez/github-actions-report-lcov@v4.1.12 | |
| with: | |
| coverage-files: lcov.info | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| update-comment: true | |
| - name: Inject slug/short variables | |
| uses: rlespinasse/github-slug-action@v4 | |
| - name: Package version | |
| id: package-version | |
| run: | | |
| OLD_VERSION=$(jq -r '.version' package.json) | |
| echo "Old version: $OLD_VERSION" | |
| if [[ $GITHUB_REF_SLUG =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| VERSION=$(echo $GITHUB_REF_SLUG | sed 's/^v//') | |
| echo "TAG=latest" >> $GITHUB_ENV | |
| elif [[ $GITHUB_REF_NAME == "main" ]]; then | |
| VERSION="${OLD_VERSION}-main$(echo $GITHUB_SHA_SHORT | sed 's/^v//')" | |
| echo "TAG=main" >> $GITHUB_ENV | |
| else | |
| VERSION="${OLD_VERSION}-pr$(echo $GITHUB_SHA_SHORT | sed 's/^v//')" | |
| echo "TAG=pr" >> $GITHUB_ENV | |
| fi | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "Updating version to $VERSION" | |
| jq --arg version "$VERSION" '.version = $version' package.json > package.json.tmp && mv package.json.tmp package.json | |
| echo "Updated version to $VERSION" | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Docker meta | |
| id: docker_meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| # flavor: | | |
| # latest=true | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| id: build-and-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: true | |
| sbom: true | |
| push: true | |
| load: false | |
| tags: ${{ steps.docker_meta.outputs.tags }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} | |
| file: Dockerfile.zeto | |
| no-cache: true | |
| - name: Sign the images with GitHub OIDC Token | |
| env: | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| TAGS: ${{ steps.docker_meta.outputs.tags }} | |
| run: | | |
| images="" | |
| for tag in ${TAGS}; do | |
| images+="${tag}@${DIGEST} " | |
| done | |
| cosign sign --yes ${images} |