feat: build and push sp1 program to bucket on deploy #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Push, and Deploy to Cloud Run | |
| on: | |
| push: | |
| branches: | |
| - staging | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-push-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout the repository | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| # Get the short SHA for tagging | |
| - name: Get Short SHA | |
| id: sha | |
| run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| # Authenticate with Google Cloud using Workload Identity Federation | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| workload_identity_provider: 'projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github-pool/providers/github-provider' | |
| service_account: 'github-actions-sp1-zkemail@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com' | |
| # Install SP1 toolchain and build ELF | |
| - name: Install SP1 toolchain | |
| run: | | |
| curl -L https://sp1.succinct.xyz | bash | |
| source ~/.bashrc | |
| ~/.sp1/bin/sp1up | |
| - name: Build ELF file | |
| run: | | |
| cd program | |
| ~/.sp1/bin/cargo prove build | |
| - name: Upload ELF to Google Cloud Storage | |
| run: | | |
| gsutil cp target/elf-compilation/riscv32im-succinct-zkvm-elf/release/email_with_regex_verify gs://zk-vm/sp1/email_with_regex_verify | |
| # Configure Docker to use Google Artifact Registry | |
| - name: Configure Docker | |
| run: | | |
| gcloud auth configure-docker us-east1-docker.pkg.dev | |
| # Build and Push Docker Image | |
| - name: Build and Push Docker Image | |
| run: | | |
| IMAGE="us-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/sp1-zkemail/sp1-zkemail:${{ env.sha }}" | |
| echo "Building image: $IMAGE" | |
| docker build -t $IMAGE . | |
| docker push $IMAGE | |
| # Deploy to Cloud Run | |
| - name: Deploy to Cloud Run | |
| run: | | |
| IMAGE="us-east1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/sp1-zkemail/sp1-zkemail:${{ env.sha }}" | |
| echo "Deploying image: $IMAGE to Cloud Run" | |
| gcloud run deploy sp1-zkemail-service \ | |
| --image $IMAGE \ | |
| --region us-east1 \ | |
| --platform managed \ | |
| --allow-unauthenticated \ | |
| --memory 4Gi \ | |
| --update-secrets "NETWORK_PRIVATE_KEY=NETWORK_PRIVATE_KEY:latest,NETWORK_RPC_URL=NETWORK_RPC_URL:latest,ZKEMAIL_API_KEY=ZKEMAIL_API_KEY:latest" |