Merge remote-tracking branch 'origin/main' into apu-base-token-integr…

…ation

.dockerignore

@@ -39,7 +39,7 @@ contracts/.git
 !etc/multivm_bootloaders
 !cargo
 !bellman-cuda
-!prover/crates/bin/vk_setup_data_generator_server_fri/data/
+!prover/data/
 !.github/release-please/manifest.json
 
 !etc/env/file_based

.github/release-please/manifest.json

@@ -1,5 +1,5 @@
 {
-  "core": "24.23.0",
+  "core": "24.25.0",
   "prover": "16.5.0",
   "zk_toolbox": "0.1.2"
 }

.github/scripts/rate_limit_check.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+
+
+api_endpoint="https://api.github.com/users/zksync-era-bot"
+wait_time=60
+max_retries=60
+retry_count=0
+
+while [[ $retry_count -lt $max_retries ]]; do
+  response=$(run_retried curl -s -w "%{http_code}" -o temp.json "$api_endpoint")
+  http_code=$(echo "$response" | tail -n1)
+
+  if [[ "$http_code" == "200" ]]; then
+    echo "Request successful. Not rate-limited."
+    cat temp.json
+    rm temp.json
+    exit 0
+  elif [[ "$http_code" == "403" ]]; then
+    rate_limit_exceeded=$(jq -r '.message' temp.json | grep -i "API rate limit exceeded")
+    if [[ -n "$rate_limit_exceeded" ]]; then
+      retry_count=$((retry_count+1))
+      echo "API rate limit exceeded. Retry $retry_count of $max_retries. Retrying in $wait_time seconds..."
+      sleep $wait_time
+    else
+      echo "Request failed with HTTP status $http_code."
+      cat temp.json
+      rm temp.json
+      exit 1
+    fi
+  else
+    echo "Request failed with HTTP status $http_code."
+    cat temp.json
+    rm temp.json
+    exit 1
+  fi
+done
+
+echo "Reached the maximum number of retries ($max_retries). Exiting."
+rm temp.json
+exit 1

.github/workflows/build-base.yml

@@ -0,0 +1,159 @@
+name: Build zksync-build-base Docker image
+on:
+  workflow_dispatch:
+    inputs:
+      repo_ref:
+        description: "git reference of the zksync-era to build"
+        required: true
+        default: main
+jobs:
+  build-images:
+    name: Build and Push Docker Images
+    runs-on: ${{ fromJSON('["matterlabs-ci-runner-high-performance", "matterlabs-ci-runner-arm"]')[contains(matrix.arch, 'arm')] }}
+    outputs:
+      image_tag_sha: ${{ steps.get-sha.outputs.image_tag_sha }}
+    # Needed to push to Gihub Package Registry
+    permissions:
+      packages: write
+      contents: read
+    env:
+      DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+      REPO_REF: ${{ github.event.inputs.repo_ref }}
+    strategy:
+      matrix:
+        name: [ build-base ]
+        repository: [ zksync-build-base ]
+        arch: [ amd64, arm64 ]
+
+    steps:
+      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc # v4.1.7
+        with:
+          submodules: "recursive"
+
+      - name: Login to google container registry
+        run: |
+          gcloud auth configure-docker us-docker.pkg.dev -q
+
+      - name: Login to DockerHub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get tag
+        id: get-sha
+        run: |
+          echo IMAGE_TAG_SHA=$(git rev-parse --short HEAD) >> $GITHUB_ENV
+          echo image_tag_sha=$(git rev-parse --short HEAD) >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Build and push
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+        with:
+          push: true
+          context: .
+          file: docker/build-base/Dockerfile
+          labels: |
+            org.opencontainers.image.source=https://github.com/matter-labs/zksync-era
+            org.opencontainers.image.licenses="MIT OR Apache-2.0"
+          tags: |
+            matterlabs/zksync-build-base:${{ steps.get-sha.outputs.image_tag_sha }}-${{ matrix.arch }}
+            us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:${{ steps.get-sha.outputs.image_tag_sha }}-${{ matrix.arch }}
+            ghcr.io/${{ github.repository_owner }}/zksync-build-base:${{ steps.get-sha.outputs.image_tag_sha }}-${{ matrix.arch }}
+
+  multiarch_manifest:
+    # Needed to push to Gihub Package Registry
+    permissions:
+      packages: write
+      contents: read
+    needs: [ build-images ]
+    env:
+      IMAGE_TAG_SUFFIX: ${{ needs.build-images.outputs.image_tag_sha }}
+    runs-on: [ matterlabs-ci-runner-high-performance ]
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+
+      - name: Login to google container registry
+        run: |
+          gcloud auth configure-docker us-docker.pkg.dev -q
+
+      - name: Login to DockerHub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create and push multi-arch manifests for Dockerhub
+        shell: bash
+        run: |
+          images=("zksync-build-base")
+          archs=("amd64" "arm64")
+
+          for img in "${images[@]}"; do
+            multiarch_tag="matterlabs/zksync-build-base:latest"
+            individual_images=()
+
+            for arch in "${archs[@]}"; do
+              TAG="$IMAGE_TAG_SUFFIX"
+              docker pull matterlabs/zksync-build-base:${TAG}-${arch} --platform linux/${arch}
+              individual_images+=("matterlabs/zksync-build-base:${TAG}-${arch}")
+            done
+
+            docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
+          done
+
+      - name: Create and push multi-arch manifests for GitHub Container Registry
+        shell: bash
+        run: |
+          images=("zksync-build-base")
+          archs=("amd64" "arm64")
+
+          for img in "${images[@]}"; do
+            multiarch_tag="ghcr.io/${{ github.repository_owner }}/zksync-build-base:latest"
+            individual_images=()
+
+            for arch in "${archs[@]}"; do
+              TAG="$IMAGE_TAG_SUFFIX"
+              docker pull ghcr.io/${{ github.repository_owner }}/zksync-build-base:${TAG}-${arch} --platform linux/${arch}
+              individual_images+=("ghcr.io/${{ github.repository_owner }}/zksync-build-base:${TAG}-${arch}")
+            done
+
+            docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
+          done
+
+      - name: Create and push multi-arch manifests for Google Artifact Registry
+        shell: bash
+        run: |
+          images=("zksync-build-base")
+          archs=("amd64" "arm64")
+
+          for img in "${images[@]}"; do
+            multiarch_tag="us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:latest"
+            individual_images=()
+
+            for arch in "${archs[@]}"; do
+              TAG="$IMAGE_TAG_SUFFIX"
+              docker pull us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:${TAG}-${arch} --platform linux/${arch}
+              individual_images+=("us-docker.pkg.dev/matterlabs-infra/matterlabs-docker/zksync-build-base:${TAG}-${arch}")
+            done
+
+            docker buildx imagetools create --tag "${multiarch_tag}" "${individual_images[@]}"
+          done

.github/workflows/build-contract-verifier-template.yml

@@ -113,18 +113,15 @@ jobs:
           ci_run git config --global --add safe.directory /usr/src/zksync/sdk/binaryen
           ci_run git config --global --add safe.directory /usr/src/zksync/contracts/system-contracts
           ci_run git config --global --add safe.directory /usr/src/zksync/contracts
-          ci_run zk || true
-          ci_run yarn zk build
+          ci_run ./bin/zkt || true
+          ci_run ./bin/zk || true
           ci_run run_retried curl -LO https://storage.googleapis.com/matterlabs-setup-keys-us/setup-keys/setup_2\^26.key
 
       - name: build contracts
         if: env.BUILD_CONTRACTS == 'true'
         run: |
-          ci_run zk run yarn
           ci_run cp etc/tokens/{test,localhost}.json
-          ci_run zk compiler all
-          ci_run zk contract build
-          ci_run zk f yarn run l2-contracts build
+          ci_run zk_supervisor contracts
 
       - name: Login to Docker registries
         if: ${{ inputs.action == 'push' }}

.github/workflows/build-core-template.yml

@@ -71,11 +71,15 @@ jobs:
             if [ $(jq length <<<"$tags") -eq 0 ]; then
               echo "No tag found on all pages."
               echo "BUILD_CONTRACTS=true" >> "$GITHUB_ENV"
+              # TODO Remove it when we migrate to foundry inside contracts repository
+              mkdir -p contracts/l1-contracts/artifacts/ 
               exit 0
             fi
             filtered_tag=$(jq -r --arg commit_sha "$commit_sha" 'map(select(.commit.sha == $commit_sha)) | .[].name' <<<"$tags")
             if [[ ! -z "$filtered_tag" ]]; then
               echo "BUILD_CONTRACTS=false" >> "$GITHUB_ENV"
+              # TODO Remove it when we migrate to foundry inside contracts repository
+              mkdir -p contracts/l1-contracts/out
               break
             fi
             ((page++))
@@ -122,18 +126,15 @@ jobs:
           ci_run git config --global --add safe.directory /usr/src/zksync/sdk/binaryen
           ci_run git config --global --add safe.directory /usr/src/zksync/contracts/system-contracts
           ci_run git config --global --add safe.directory /usr/src/zksync/contracts
-          ci_run zk || true
-          ci_run yarn zk build
+          ci_run ./bin/zk || true
+          ci_run ./bin/zkt || true
           ci_run run_retried curl -LO https://storage.googleapis.com/matterlabs-setup-keys-us/setup-keys/setup_2\^26.key
 
       - name: build contracts
         if: env.BUILD_CONTRACTS == 'true'
         run: |
-          ci_run zk run yarn
           ci_run cp etc/tokens/{test,localhost}.json
-          ci_run zk compiler all
-          ci_run zk contract build
-          ci_run zk f yarn run l2-contracts build
+          ci_run zk_supervisor contracts
 
       - name: Login to Docker registries
         if: ${{ inputs.action == 'push' }}

.github/workflows/build-docker-from-tag.yml

@@ -23,7 +23,7 @@ concurrency: docker-build
 jobs:
   setup:
     name: Setup
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     outputs:
       image_tag_suffix: ${{ steps.set.outputs.image_tag_suffix }}
       prover_fri_gpu_key_id: ${{ steps.extract-prover-fri-setup-key-ids.outputs.gpu_short_commit_sha }}
@@ -48,7 +48,7 @@ jobs:
 
   build-push-core-images:
     name: Build and push image
-    needs: [setup]
+    needs: [ setup ]
     uses: ./.github/workflows/build-core-template.yml
     if: contains(github.ref_name, 'core')
     secrets:
@@ -60,7 +60,7 @@ jobs:
 
   build-push-tee-prover-images:
     name: Build and push images
-    needs: [setup]
+    needs: [ setup ]
     uses: ./.github/workflows/build-tee-prover-template.yml
     if: contains(github.ref_name, 'core')
     secrets:
@@ -72,7 +72,7 @@ jobs:
 
   build-push-contract-verifier:
     name: Build and push image
-    needs: [setup]
+    needs: [ setup ]
     uses: ./.github/workflows/build-contract-verifier-template.yml
     if: contains(github.ref_name, 'contract_verifier')
     secrets:
@@ -83,34 +83,34 @@ jobs:
 
   build-push-prover-images:
     name: Build and push image
-    needs: [setup]
+    needs: [ setup ]
     uses: ./.github/workflows/build-prover-template.yml
     if: contains(github.ref_name, 'prover')
     with:
       image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}
       ERA_BELLMAN_CUDA_RELEASE: ${{ vars.ERA_BELLMAN_CUDA_RELEASE }}
-      CUDA_ARCH: "60;70;75;89"
+      CUDA_ARCH: "60;70;75;80;89"
     secrets:
       DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
 
   build-push-witness-generator-image-avx512:
     name: Build and push image
-    needs: [setup]
+    needs: [ setup ]
     uses: ./.github/workflows/build-witness-generator-template.yml
     if: contains(github.ref_name, 'prover')
     with:
       image_tag_suffix: ${{ needs.setup.outputs.image_tag_suffix }}-avx512
       ERA_BELLMAN_CUDA_RELEASE: ${{ vars.ERA_BELLMAN_CUDA_RELEASE }}
-      CUDA_ARCH: "60;70;75;89"
+      CUDA_ARCH: "60;70;75;80;89"
       WITNESS_GENERATOR_RUST_FLAGS: "-Ctarget_feature=+avx512bw,+avx512cd,+avx512dq,+avx512f,+avx512vl"
     secrets:
       DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
       DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
 
   build-gar-prover-fri-gpu:
     name: Build GAR prover FRI GPU
-    needs: [setup, build-push-prover-images]
+    needs: [ setup, build-push-prover-images ]
     uses: ./.github/workflows/build-prover-fri-gpu-gar.yml
     if: contains(github.ref_name, 'prover')
     with:

.github/workflows/build-local-node-docker.yml

@@ -16,7 +16,7 @@ on:
 jobs:
   build-images:
     name: Local Node - Build and Push Docker Image
-    runs-on: [matterlabs-ci-runner-high-performance]
+    runs-on: [ matterlabs-ci-runner-high-performance ]
     steps:
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
         with:
@@ -61,9 +61,9 @@ jobs:
           ci_run git config --global --add safe.directory /usr/src/zksync/contracts
 
           ci_run zk
+          ci_run zkt
           ci_run cp etc/tokens/{test,localhost}.json
-          ci_run zk compiler all
-          ci_run zk contract build
+          ci_run zk_supervisor contracts 
 
       - name: update-image
         run: |

.github/workflows/build-prover-fri-gpu-gar.yml

@@ -34,13 +34,13 @@ jobs:
           gcloud auth print-access-token --lifetime=7200 --impersonate-service-account=gha-ci-runners@matterlabs-infra.iam.gserviceaccount.com | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
         with:
           context: docker/prover-gpu-fri-gar
           build-args: |