ci: prebuilt librocksdb in docker image

[lklimek]

Issue being fixed or feature implemented

When building Docker image, we can compile librocksdb as part of the dep stage, and reuse it later, utilizing docker layer caches to avoid additional compilation.

What was done?

• implemented separate stage, rocksdb, which builds rocksdb library
• refactor how we pass variables between stages - now we put them to /root/env (except private vars like tokens/keys)
• set ROCKSDB_* env variables using /root/env script that is transferred between stages
• refactored sccache configs
• installed another library, SNAPPY, and configured it

How Has This Been Tested?

Pushed and monitored GHA progress

Breaking Changes

None

Checklist:

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
• I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

• I have assigned this pull request to a milestone

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced a new input parameter aws_region for enhanced AWS integration in Docker workflows.
  • Updated the Docker image build process to target a specific Ubuntu version and architecture.

• Bug Fixes

  • Improved error handling in the identity credit transfer process for clarity and efficiency.

• Documentation

  • Enhanced clarity on default values for Rust workflow inputs and added environment variables for Snappy library integration.

• Chores

  • Updated dependencies and versions for various actions and tools to improve performance and compatibility.

[coderabbitai]

Walkthrough

The pull request introduces several modifications across multiple files, primarily enhancing the Docker image build and push process in GitHub Actions. Key changes include the addition of an aws_region input parameter, updates to job specifications for building Docker images, and adjustments to Rust package testing workflows. The Dockerfile has been reorganized to improve the build process for the RocksDB static library and caching mechanisms. Additionally, the handling of environment variables and dependencies has been refined to ensure better control and efficiency in the workflows.

Changes

File	Change Summary
.github/actions/docker/action.yaml	Added aws_region input parameter; updated build args to include AWS_REGION=${{ inputs.region }}.
.github/workflows/tests-build-image.yml	Changed runs-on to ubuntu-24.04; updated platform from linux/arm64 to linux/amd64.
.github/workflows/tests.yml	Simplified workflow_dispatch trigger; added job dependencies for build-rust-deps, rs-packages, and dashmate-e2e-tests.
Dockerfile	Introduced new build stages for dependencies; updated sccache version and refined AWS credentials handling.
packages/rs-dpp/src/state_transition/state_transition/identity/identity_credit_transfer_transition/v0/v0_methods.rs	Streamlined try_from_identity function for error handling.
.github/actions/rust/action.yaml	Updated sccache-action and sccache versions; added libsnappy-dev to clang installation.
.github/workflows/tests-rs-package.yml	Modified default values for test-runner and lint-runner; added Snappy library environment variables.

Possibly related PRs

• ci: use prebuilt librocksdb in github actions #2316: The changes in this PR involve optimizing the build process for the librocksdb library, which is directly related to the modifications made in the main PR that enhance the Docker image build and push process, particularly with respect to caching and dependency management.

Suggested labels

enhancement, cleanup

Suggested reviewers

• QuantumExplorer
• shumkov

🐇 In the fields where we build and play,
New tools and paths guide our way.
With Docker and Rust, we leap and bound,
In code and dreams, new treasures found!
So hop along, let’s code with glee,
For every change brings joy, you see! 🌟

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🧹 Outside diff range and nitpick comments (4)

.github/workflows/tests-build-image.yml (2)

20-21: Document the rationale for architecture change.

The switch from ARM64 to AMD64 (both runner and Docker platform) is a significant architectural change. Please update the PR description to include:

1. Reasoning behind moving away from self-hosted runners
2. Justification for the architecture change
3. Impact assessment on build performance and deployment

Also applies to: 45-45

---

45-45: Consider supporting multi-arch builds.

Since this workflow is building a base image that includes RocksDB, consider supporting multiple architectures to maintain compatibility across different environments. This can be achieved using Docker's buildx multi-arch build support.

Example modification:

- platform: linux/amd64
+ platform: linux/amd64,linux/arm64

Note: This would require appropriate build configuration for RocksDB across architectures.

.github/workflows/tests.yml (1)

50-52: Consider adding documentation for the librocksdb precompilation step.

While the implementation is correct, adding comments or documentation about the librocksdb precompilation process would help future maintainers understand:

• Why this step is necessary
• What artifacts are being cached
• Any prerequisites or dependencies

Dockerfile (1)

155-155: Parameterize the RocksDB version using a build argument

Defining the RocksDB version as a build argument ROCKSDB_VERSION allows for easier updates and maintenance.

Apply this diff:

+ARG ROCKSDB_VERSION=v8.10.2
 RUN git clone https://github.com/facebook/rocksdb.git -b $ROCKSDB_VERSION --depth 1 . && \

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 5c80069 and 390c0ca.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• .github/actions/docker/action.yaml (1 hunks)
• .github/workflows/tests-build-image.yml (2 hunks)
• .github/workflows/tests.yml (1 hunks)
• Dockerfile (5 hunks)
• packages/rs-dpp/Cargo.toml (2 hunks)
• packages/rs-dpp/src/state_transition/state_transitions/identity/identity_credit_transfer_transition/v0/v0_methods.rs (1 hunks)
• packages/rs-drive-abci/Cargo.toml (1 hunks)

🔇 Additional comments (9)

.github/workflows/tests-build-image.yml (1)

20-21: Verify compatibility with deployment environment.

The switch from self-hosted ARM64 to GitHub-hosted AMD64 runners represents a significant change in the build architecture. Please ensure that:

1. The target deployment environment supports AMD64 images
2. There are no ARM64-specific dependencies or optimizations that might be affected

✅ Verification successful

The search results show that the Dockerfile already has multi-architecture support built in through TARGETARCH build arguments and conditional logic for both ARM64 and x86_64 architectures. Let me verify the GitHub Actions workflow configuration to see if there are any platform-specific build configurations.

---

Architecture change is well-supported, but needs documentation

The switch from ARM64 to AMD64 appears to be safe as:

• The Dockerfile already supports multi-architecture builds through TARGETARCH variables
• Architecture-specific dependencies (protoc, sccache) are handled conditionally
• The workflow pushes to ECR, which supports multi-arch images

However, please:

1. Document the rationale for switching to AMD64-only builds in the PR description
2. Consider enabling multi-arch builds in the future by using matrix strategy if ARM64 support is needed

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for ARM64-specific configurations or dependencies
# that might be affected by the architecture change

# Test: Search for ARM64/AARCH64 specific configurations
rg -i "arm64|aarch64" --type yaml --type dockerfile

# Test: Check Dockerfile for architecture-specific instructions
fd Dockerfile --type f --exec grep -i "arch"

Length of output: 1253

---

Script:

#!/bin/bash
# Check the workflow file for platform configurations
cat .github/workflows/tests-build-image.yml

Length of output: 1803

packages/rs-dpp/src/state_transition/state_transitions/identity/identity_credit_transfer_transition/v0/v0_methods.rs (2)

55-66: LGTM! Code refactoring improves readability.

The error handling has been streamlined using method chaining with ok_or_else, which is a more idiomatic Rust approach. The logic remains unchanged while reducing code complexity.

Let's verify that this change doesn't affect other parts of the codebase:

#!/bin/bash
# Search for similar error handling patterns that might need similar improvements
rg -A 3 "DesiredKeyWithTypePurposeSecurityLevelMissing.*no transfer public key"

---

55-66: Verify PR objectives alignment.

This code change appears to be a standalone improvement unrelated to the PR's main objective of prebuilding librocksdb. While the change is beneficial, it might be better suited for a separate PR focused on code quality improvements.

Let's check if there are related changes in other files:

packages/rs-drive-abci/Cargo.toml (2)

34-34: Verify the impact of disabled default features for rust_decimal.

The default-features = false configuration for rust_decimal might exclude important functionality. Please ensure that all required features are explicitly enabled.

✅ Verification successful

Based on the search results, I can generate the final response as I have enough information about how rust_decimal is used in the codebase. The usage patterns show basic decimal operations (arithmetic, comparisons) and no advanced features that would require default features:

Disabling default features for rust_decimal is safe in this codebase

The codebase only uses basic decimal operations that don't require default features:

• Basic arithmetic (multiplication, division, addition)
• Conversions (from/to primitive types)
• Comparison operations
• Floor operations
• Decimal constants via macros

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if any code relies on default features of rust_decimal

# Search for rust_decimal usage patterns that might depend on default features
rg -A 5 'rust_decimal::|Decimal::|use.*rust_decimal'

Length of output: 13885

---

34-35: Major version update requires careful verification.

The update from rust_decimal 1.2.5 to 1.36.0 and rust_decimal_macros from 1.25.0 to 1.36.0 represents a significant version jump that may include breaking changes.

Consider:

1. Reviewing the rust_decimal changelog for breaking changes
2. Adding regression tests for decimal operations
3. Documenting the reason for this major version update, especially since it seems unrelated to the PR's main objective of prebuilding librocksdb

✅ Verification successful

Let me analyze the usage of rust_decimal in the codebase to make a final determination.

From the search results, I can see that rust_decimal is primarily used in the following ways:

1. Fee calculations and distributions in rs-dpp/src/fee/epoch/distribution.rs
2. Epoch time calculations in rs-drive-abci/src/platform_types/epoch_info/v0/mod.rs
3. Fee pool distribution calculations in rs-drive-abci/src/execution/platform_events/fee_pool_outwards_distribution/

The usage patterns are straightforward and mainly involve:

• Basic arithmetic operations (+, -, *, /)
• Conversions using Decimal::from and try_into()
• Decimal constants using dec! macro
• Simple rounding with floor() and round()

These are core features that have remained stable across rust_decimal versions. The update from 1.2.5 to 1.36.0 primarily added new features and optimizations rather than breaking changes to these core functionalities.

Version update appears safe for current usage.

• The codebase uses basic decimal arithmetic and conversion operations that are part of rust_decimal's stable API
• All decimal operations are properly bounded (e.g., percentage calculations, time conversions)
• Extensive test coverage exists for decimal calculations in fee distribution

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for potential breaking changes in decimal handling

# Search for decimal-related operations that might be affected
rg -A 5 'Decimal::from|Decimal::new|dec!|\.round\(|\.scale\('

# Look for any decimal-related test files
fd -e rs test.*decimal

Length of output: 22915

.github/actions/docker/action.yaml (1)

113-113: LGTM: AWS region propagation is necessary for Docker builds

The addition of AWS_REGION to build arguments is a logical enhancement, ensuring consistent AWS region configuration across the build process. This is particularly important since the action already uses AWS services for caching and will now support RocksDB prebuilding.

Let's verify how this AWS region is used in the Dockerfile:

✅ Verification successful

AWS region propagation is properly configured

The AWS region is correctly propagated and used in the Docker build process. From the analysis:

1. The AWS_REGION build arg is passed to the Docker build command and is sourced from the required region input parameter
2. The region is used in multiple critical components:
   • SCCACHE_REGION for Rust compilation caching
   • S3 bucket region configuration for layer caching
   • RocksDB prebuild caching

The change is necessary and properly implemented to ensure consistent AWS region configuration across all AWS-dependent services in the build process.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check how AWS_REGION build arg is used in Dockerfile
# Test: Search for AWS_REGION usage in Dockerfile. Expect: ARG declaration and usage in RocksDB build stage

# Look for AWS_REGION in Dockerfile
echo "Searching for AWS_REGION usage in Dockerfile..."
rg "AWS_REGION" -A 3 -B 3

# Look for any S3/AWS related operations that might need region configuration
echo "Searching for potential AWS/S3 operations..."
rg -i "s3\.|aws\." -A 3 -B 3

Length of output: 260

---

Script:

#!/bin/bash
# Let's try a broader search to find Dockerfile and check its contents
echo "Finding Dockerfile locations..."
fd Dockerfile

# Once found, let's also check for any environment variables or build args
# that might be related to AWS configuration
echo "Checking Dockerfile contents for AWS-related configuration..."
fd Dockerfile --exec cat {} \;

# Additionally, let's check the action file itself to understand the AWS region usage
echo "Checking action.yaml for AWS region context..."
cat .github/actions/docker/action.yaml

Length of output: 24468

.github/workflows/tests.yml (1)

42-45: LGTM! The conditional job execution is well implemented.

The changes to the build-rust-deps job are well structured:

• Depends on the changes job to avoid unnecessary builds
• Only runs when Rust packages are modified (needs.changes.outputs.rs-packages != '[]')

Let's verify the AWS configuration is properly set up:

✅ Verification successful

AWS credentials configuration is properly implemented

The AWS configuration in the workflow is consistent with other workflow files and follows security best practices:

• Uses GitHub secrets for sensitive credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION)
• Matches the pattern used in other workflow files
• Leverages the official aws-actions/configure-aws-credentials@v4 action across the repository

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify AWS configuration in workflow files
# Expected: AWS_REGION should be consistently used across workflow files

# Check for AWS configuration in other workflow files
rg -l 'AWS_REGION|AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY' .github/workflows/

Length of output: 522

---

Script:

#!/bin/bash
# Let's examine the AWS configuration patterns across these files
# to ensure consistency in AWS credentials and region usage

# Check the specific AWS configuration patterns in workflow files
rg -A 2 -B 2 'AWS_REGION:|AWS_ACCESS_KEY_ID:|AWS_SECRET_ACCESS_KEY:' .github/workflows/

# Also check if there are any AWS credential actions being used
rg -A 2 -B 2 'aws-actions/configure-aws-credentials@' .github/workflows/

Length of output: 6739

packages/rs-dpp/Cargo.toml (2)

32-32: LGTM: Trailing comma addition.

The addition of a trailing comma after the "eddsa" feature is a good practice in Rust for better maintainability and cleaner diffs when adding new features.

---

61-62: Verify the scope and impact of rust_decimal updates.

The updates to rust_decimal and rust_decimal_macros (1.29.1 → 1.36.0) seem unrelated to the PR's objective of prebuilding librocksdb. Additionally, disabling default features for rust_decimal could impact functionality.

Let's verify the dependency changes across the workspace:

✅ Verification successful

Based on the shell script results, I can now generate the final response:

rust_decimal updates are coordinated across packages and safe to proceed

The dependency updates are actually coordinated across the workspace:

• Both rs-drive-abci and rs-dpp packages use the same version (1.36.0)
• Both packages consistently disable default features
• Usage patterns (Decimal, ToPrimitive, dec macro) are standard and stable across versions

The changes appear to be part of a coordinated dependency update rather than an unrelated modification. The disabled default features are consistently applied across packages, indicating an intentional optimization strategy.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check rust_decimal usage and features across the workspace
echo "Checking rust_decimal usage:"
rg --type toml 'rust_decimal.*=.*' -A 2

echo -e "\nChecking for potential breaking changes:"
rg --type rust 'rust_decimal' -l | while read -r file; do
  echo "=== $file ==="
  rg 'use.*rust_decimal|rust_decimal::' "$file"
done

Length of output: 3308

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (6)

Dockerfile (6)

20-20: Update AWS region documentation

The documentation for AWS region configuration is incomplete. It should mention that SCCACHE_REGION can be optionally set to override AWS_REGION.

Apply this diff:

-#   - SCCACHE_BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, SCCACHE_S3_KEY_PREFIX - store caches in S3
+#   - SCCACHE_BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, SCCACHE_S3_KEY_PREFIX - store caches in S3
+#   - SCCACHE_REGION - optional, defaults to AWS_REGION if not set

---

106-108: Consider adding a comment in the env file

Adding a header comment in the env file would help identify its purpose and warn against manual modifications.

Apply this diff:

-RUN touch /root/env
+RUN echo "# This file is automatically generated during the Docker build process." > /root/env && \
+    echo "# Manual modifications to this file will be lost." >> /root/env

---

210-211: Remove TODO comment

The TODO comment about joining code appears to be obsolete as the commands are already properly joined with &&.

Apply this diff:

-# TODO join with code below && \

---

217-224: Consider optimizing RocksDB build

The RocksDB build process could be optimized by:

1. Using build flags to reduce binary size
2. Cleaning up unnecessary files after build

Apply this diff:

 RUN source /root/env && \
-    make -j$(nproc) static_lib && \
+    PORTABLE=1 make -j$(nproc) static_lib && \
     mkdir -p /opt/rocksdb/usr/local/lib && \
     cp librocksdb.a /opt/rocksdb/usr/local/lib/ && \
     cp -r include /opt/rocksdb/usr/local/ && \
     cd / && \
     rm -rf /tmp/rocksdb && \
+    strip /opt/rocksdb/usr/local/lib/librocksdb.a && \
     if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi

---

271-274: Consolidate duplicate ARG declarations

The same ARGs for sccache credentials are declared multiple times across different build stages. While this is necessary for security, consider adding a comment explaining why this duplication is required.

Add this comment before each duplicate ARG declaration:

+# These ARGs must be declared in each stage where they are needed
+# as ARG values are not persisted across stages for security reasons
 ARG ACTIONS_RUNTIME_TOKEN
 ARG AWS_SECRET_ACCESS_KEY

Also applies to: 297-300, 350-353

---

338-339: Consider adding binary verification

After copying the built binary, consider adding basic verification steps to ensure it's properly built.

Apply this diff:

     cp /platform/target/${OUT_DIRECTORY}/drive-abci /artifacts/ && \    
+    # Verify the binary
+    /artifacts/drive-abci --version && \
     if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 390c0ca and a8119ad.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• .github/actions/docker/action.yaml (1 hunks)
• .github/workflows/tests-build-image.yml (2 hunks)
• .github/workflows/tests.yml (1 hunks)
• Dockerfile (7 hunks)
• packages/rs-dpp/Cargo.toml (2 hunks)
• packages/rs-dpp/src/state_transition/state_transitions/identity/identity_credit_transfer_transition/v0/v0_methods.rs (1 hunks)
• packages/rs-drive-abci/Cargo.toml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• .github/actions/docker/action.yaml
• .github/workflows/tests.yml
• packages/rs-dpp/Cargo.toml
• packages/rs-dpp/src/state_transition/state_transitions/identity/identity_credit_transfer_transition/v0/v0_methods.rs
• packages/rs-drive-abci/Cargo.toml

🔇 Additional comments (4)

.github/workflows/tests-build-image.yml (1)

20-21: Verify the impact of changing from self-hosted runner to managed runner

The switch from a self-hosted ARM64 runner to GitHub-hosted ubuntu-24.04 runner could affect build performance and caching strategies. Please ensure:

1. Build times are acceptable on the new runner
2. All required dependencies are available on ubuntu-24.04
3. Build cache strategies are adjusted accordingly

Dockerfile (3)

8-11: LGTM: Clear documentation of build stages

The documentation clearly explains the build stages and their dependencies, making it easier to understand the build process.

---

158-193: LGTM: Well-structured sccache configuration

The conditional logic for configuring different sccache backends is well-structured and handles secrets appropriately by not writing them to the env file.

---

264-264: 🛠️ Refactor suggestion

Lock cargo-chef version

The cargo-chef version should be locked to ensure reproducible builds.

Apply this diff:

-    cargo install --profile "$CARGO_BUILD_PROFILE" [email protected] [email protected] --locked  
+    cargo install --profile "$CARGO_BUILD_PROFILE" [email protected] [email protected] --locked --version 0.1.67

Likely invalid or redundant comment.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (6)

.github/actions/rust/action.yaml (1)

Line range hint 38-38: Track TODOs for workflow optimization

Multiple TODOs indicate a plan to optimize the workflow by moving dependency installation (Rust toolchain, protoc, clang) to a daily-built AMI. This would significantly improve CI performance by reducing installation time during workflow runs.

Would you like me to create GitHub issues to track these optimization tasks? I can help create separate issues for:

1. Moving Rust toolchain installation to AMI
2. Moving protoc installation to AMI
3. Moving clang installation to AMI
4. Setting up daily AMI builds

Also applies to: 73-73, 117-117

Dockerfile (5)

20-21: Consider documenting S3 key prefix parameter

The SCCACHE_S3_KEY_PREFIX build argument is used but not documented in the build arguments section.

Apply this diff:

 #   - SCCACHE_BUCKET, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, SCCACHE_S3_KEY_PREFIX - store caches in S3
+#     - SCCACHE_S3_KEY_PREFIX - prefix for S3 keys, useful for organizing caches by project or branch
 #   - SCCACHE_MEMCACHED - set to memcache server URI (eg. tcp://172.17.0.1:11211) to enable sccache memcached backend

---

208-212: Remove TODO comment or complete the task

The TODO comment suggests joining code but doesn't specify what needs to be joined or why.

Either:

1. Remove the TODO comment if it's no longer relevant
2. Complete the task if it's still needed
3. Add more context to explain what needs to be joined

---

218-225: Consider optimizing RocksDB build process

The RocksDB build process could be optimized:

1. The cleanup step could be moved into the same RUN instruction to reduce layer size
2. Consider using make install instead of manual file copying

Apply this diff:

-RUN source /root/env && \
-    make -j$(nproc) static_lib && \
-    mkdir -p /opt/rocksdb/usr/local/lib && \
-    cp librocksdb.a /opt/rocksdb/usr/local/lib/ && \
-    cp -r include /opt/rocksdb/usr/local/ && \
-    cd / && \
-    rm -rf /tmp/rocksdb && \
-    if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi
+RUN source /root/env && \
+    make -j$(nproc) static_lib && \
+    make install-static INSTALL_PATH=/opt/rocksdb/usr/local && \
+    if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi && \
+    rm -rf /tmp/rocksdb

---

247-250: Consider consolidating duplicate ARG declarations

The same ARG declarations for sccache credentials are repeated across multiple build stages. While this is necessary for security, consider using a helper script to reduce duplication.

Create a new file docker/configure-sccache-credentials.sh:

#!/bin/bash
# Configure sccache credentials
echo "Configuring sccache credentials for stage: $1"
for secret in ACTIONS_RUNTIME_TOKEN AWS_SECRET_ACCESS_KEY; do
    if [ -n "${!secret}" ]; then
        echo "Setting $secret"
    fi
done

Then in the Dockerfile:

-# Configure credentials requied by sccache
-ARG ACTIONS_RUNTIME_TOKEN
-ARG AWS_SECRET_ACCESS_KEY
+COPY docker/configure-sccache-credentials.sh /usr/local/bin/
+ARG ACTIONS_RUNTIME_TOKEN
+ARG AWS_SECRET_ACCESS_KEY
+RUN /usr/local/bin/configure-sccache-credentials.sh "current-stage"

Also applies to: 272-275, 298-301, 351-354

---

378-384: Consider caching yarn packages more effectively

The current approach of copying unplugged packages back and forth could be optimized using Docker's cache mount feature.

Apply this diff:

-    cp -R /tmp/unplugged /platform/.yarn/ && \
-    yarn install --inline-builds && \
-    cp -R /platform/.yarn/unplugged /tmp/ && \
+    --mount=type=cache,target=/platform/.yarn/unplugged,sharing=locked \
+    yarn install --inline-builds && \
     export SKIP_GRPC_PROTO_BUILD=1 && \
     yarn build && \

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between a8119ad and ccd8426.

📒 Files selected for processing (2)

• .github/actions/rust/action.yaml (1 hunks)
• Dockerfile (7 hunks)

🔇 Additional comments (6)

.github/actions/rust/action.yaml (2)

Line range hint 8-10: LGTM: Explicit default target improves clarity

Setting an explicit default target of x86_64-unknown-linux-gnu is a good practice as it:

• Makes the expected build target clear
• Reduces potential errors from undefined targets
• Aligns with common CI environments

---

88-90: Verify sccache version consistency across the codebase

The sccache version has been updated to v0.8.2, and the comment indicates it must match the Dockerfile. Let's verify this consistency.

Dockerfile (4)

8-11: LGTM: Clear documentation of build stages

The documentation clearly explains the purpose and relationship between build stages, including the new rocksdb stage.

---

154-194: Well-structured sccache configuration with proper secret handling

The configuration script:

1. Properly handles different caching backends (GHA, S3, memcached)
2. Correctly avoids exposing secrets in the environment file
3. Includes proper error handling with shell options

---

228-233: LGTM: Proper environment variable configuration for RocksDB

The environment variables are correctly set to make RocksDB discoverable by the build system.

---

339-340: LGTM: Proper artifact handling and build statistics

The build artifacts are correctly copied to the /artifacts directory and sccache statistics are displayed for monitoring cache effectiveness.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (8)

Dockerfile (8)

106-108: Consider using a more descriptive filename for the environment file

The generic name /root/env might be confusing. Consider using a more descriptive name like /root/build-env or /root/sccache-env.

---

137-138: Add explanation comment for disabling incremental builds

While disabling incremental builds is correct for sccache compatibility, it would be helpful to add a comment explaining why this is necessary.

-RUN echo 'CARGO_INCREMENTAL=false' >> /root/env
+RUN echo '# Disable incremental builds as they are not compatible with sccache' >> /root/env && \
+    echo 'CARGO_INCREMENTAL=false' >> /root/env

---

159-194: Consider extracting sccache configuration to a separate script

The current inline shell script is quite long and complex. Consider moving it to a separate shell script for better maintainability.

+COPY scripts/configure-sccache.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/configure-sccache.sh && \
+    /usr/local/bin/configure-sccache.sh
-RUN <<EOS
-    set -ex -o pipefail
-    # ... existing configuration ...
-EOS

---

211-211: Remove TODO comment or provide more context

The TODO comment lacks context about what needs to be joined. Either remove it or provide more specific information about what needs to be done.

---

216-225: Consider splitting RocksDB build steps

The current RUN command combines multiple operations. Consider splitting it into logical steps for better cacheability and readability.

-RUN git clone https://github.com/facebook/rocksdb.git -b v8.10.2 --depth 1 . && \
-    source /root/env && \
-    PORTABLE=1 make -j$(nproc) static_lib && \
-    mkdir -p /opt/rocksdb/usr/local/lib && \
-    strip librocksdb.a && \
-    cp librocksdb.a /opt/rocksdb/usr/local/lib/ && \
-    cp -r include /opt/rocksdb/usr/local/ && \
-    cd / && \
-    rm -rf /tmp/rocksdb && \
-    if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi
+# Clone RocksDB
+RUN git clone https://github.com/facebook/rocksdb.git -b v8.10.2 --depth 1 .
+
+# Build static library
+RUN source /root/env && \
+    PORTABLE=1 make -j$(nproc) static_lib
+
+# Install library and headers
+RUN mkdir -p /opt/rocksdb/usr/local/lib && \
+    strip librocksdb.a && \
+    cp librocksdb.a /opt/rocksdb/usr/local/lib/ && \
+    cp -r include /opt/rocksdb/usr/local/
+
+# Cleanup and show cache stats
+RUN cd / && \
+    rm -rf /tmp/rocksdb && \
+    if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi

---

228-233: Use consistent environment variable export style

The RocksDB environment variables are added with export while others in the file don't use it. Consider using a consistent style throughout the file.

-echo "export ROCKSDB_STATIC=/opt/rocksdb/usr/local/lib/librocksdb.a" >> /root/env
-echo "export ROCKSDB_LIB_DIR=/opt/rocksdb/usr/local/lib" >> /root/env
-echo "export ROCKSDB_INCLUDE_DIR=/opt/rocksdb/usr/local/include" >> /root/env
+echo "ROCKSDB_STATIC=/opt/rocksdb/usr/local/lib/librocksdb.a" >> /root/env
+echo "ROCKSDB_LIB_DIR=/opt/rocksdb/usr/local/lib" >> /root/env
+echo "ROCKSDB_INCLUDE_DIR=/opt/rocksdb/usr/local/include" >> /root/env

---

265-265: Pin cargo-chef version in a variable

The cargo-chef version is hardcoded. Consider moving it to a build argument for easier updates.

+ARG CARGO_CHEF_VERSION=0.1.67
-    cargo install --profile "$CARGO_BUILD_PROFILE" [email protected] [email protected] --locked  
+    cargo install --profile "$CARGO_BUILD_PROFILE" [email protected] cargo-chef@${CARGO_CHEF_VERSION} --locked  

---

272-274: Consolidate duplicate ARG declarations

The same ARGs for sccache credentials are repeated in multiple build stages. Consider using a base stage for common ARGs.

Create a base stage for common ARGs:

+FROM scratch AS arg-base
+ARG ACTIONS_RUNTIME_TOKEN
+ARG AWS_SECRET_ACCESS_KEY
+
 FROM deps AS build-planner
-ARG ACTIONS_RUNTIME_TOKEN
-ARG AWS_SECRET_ACCESS_KEY
+FROM arg-base AS build-planner

Also applies to: 298-300, 351-353

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between ccd8426 and 886a93d.

📒 Files selected for processing (1)

• Dockerfile (7 hunks)

🔇 Additional comments (2)

Dockerfile (2)

339-340: Add verification for successful binary copy

The build process should verify that the binary was successfully copied to the artifacts directory.

-    cp /platform/target/${OUT_DIRECTORY}/drive-abci /artifacts/ && \    
-    if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi
+    cp /platform/target/${OUT_DIRECTORY}/drive-abci /artifacts/ && \
+    if [ ! -x /artifacts/drive-abci ]; then
+        echo "Failed to copy drive-abci binary"
+        exit 1
+    fi && \
+    if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi

---

378-384: Add error handling for yarn commands

The yarn commands should include error handling and verification of successful completion.

     source /root/env && \
-    cp -R /tmp/unplugged /platform/.yarn/ && \
-    yarn install --inline-builds && \
-    cp -R /platform/.yarn/unplugged /tmp/ && \
-    export SKIP_GRPC_PROTO_BUILD=1 && \
-    yarn build && \
+    cp -R /tmp/unplugged /platform/.yarn/ || exit 1 && \
+    yarn install --inline-builds || exit 1 && \
+    cp -R /platform/.yarn/unplugged /tmp/ || exit 1 && \
+    export SKIP_GRPC_PROTO_BUILD=1 && \
+    yarn build || exit 1 && \
     if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (3)

Dockerfile (3)

106-108: Consider using heredoc for environment file initialization

Instead of creating an empty file, consider using a heredoc to initialize with common variables or a header comment.

-RUN touch /root/env
+RUN <<-'EOT' > /root/env
+# Environment variables for build configuration
+# Note: Sensitive variables like tokens and keys are passed separately
+EOT

---

212-212: Address TODO comment about joining commands

The TODO comment suggests joining commands, which should be addressed to maintain clean Dockerfile practices.

Would you like me to help implement the suggested command joining?

---

217-226: Enhance RocksDB build configuration

The RocksDB build could benefit from more explicit configuration and optimization flags.

 RUN git clone https://github.com/facebook/rocksdb.git -b v8.10.2 --depth 1 . && \
     source /root/env && \
-    PORTABLE=1 make -j$(nproc) static_lib && \
+    PORTABLE=1 \
+    EXTRA_CXXFLAGS="-DNDEBUG -O3" \
+    USE_RTTI=1 \
+    make -j$(nproc) static_lib && \
     mkdir -p /opt/rocksdb/usr/local/lib && \
     strip librocksdb.a && \

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 886a93d and 6c98a9e.

📒 Files selected for processing (1)

• Dockerfile (7 hunks)

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (2)

Dockerfile (2)

213-222: Optimize RocksDB build configuration

The RocksDB build configuration could be optimized for better performance.

Consider adding these optimizations:

-    PORTABLE=1 make -j$(nproc) static_lib && \
+    PORTABLE=1 USE_RTTI=1 EXTRA_CXXFLAGS="-fPIC -DNDEBUG" make -j$(nproc) static_lib && \

This change:

1. Enables RTTI for better C++ exception handling
2. Adds position-independent code flag
3. Defines NDEBUG for release builds

---

341-342: Add build artifact verification

After copying the build artifact, verify its integrity and dependencies.

Add these verification steps:

     cp /platform/target/${OUT_DIRECTORY}/drive-abci /artifacts/ && \    
+    sha256sum /artifacts/drive-abci > /artifacts/drive-abci.sha256 && \
+    ldd /artifacts/drive-abci | grep "not found" || true && \
     if [[ -x /usr/bin/sccache ]]; then sccache --show-stats; fi

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 6c98a9e and 38f94fe.

📒 Files selected for processing (1)

• Dockerfile (8 hunks)

🔇 Additional comments (4)

Dockerfile (4)

8-9: LGTM: New compilation dependencies stage

The introduction of deps-compilation as an intermediate stage is a good practice. It helps overcome Docker's limitation with interpolation in COPY --from statements and provides a clear separation of build dependencies.

Also applies to: 197-200

---

107-109: Good practice: Centralized environment variable management

The implementation of a centralized /root/env file for managing environment variables is a good practice. It provides:

1. Single source of truth for environment variables
2. Consistent environment across build stages
3. Better maintainability

Also applies to: 227-230, 233-237

---

160-195: 🛠️ Refactor suggestion

Enhance error handling in sccache configuration

The sccache configuration script should validate required environment variables before using them.

Apply this diff to add validation:

 RUN <<EOS
     set -ex -o pipefail
+    validate_env() {
+        local var_name="$1"
+        if [ -z "${!var_name}" ]; then
+            echo "Error: $var_name is required"
+            exit 1
+        fi
+    }
 
     if [ -n "${SCCACHE_GHA_ENABLED}" ]; then 
+        validate_env "ACTIONS_CACHE_URL"
         # Github Actions cache
         echo "SCCACHE_GHA_ENABLED=${SCCACHE_GHA_ENABLED}" >> /root/env
         echo "ACTIONS_CACHE_URL=${ACTIONS_CACHE_URL}" >> /root/env
         # ACTIONS_RUNTIME_TOKEN is a secret so we don't put it in the env file
     elif [ -n "${SCCACHE_BUCKET}" ]; then
         # AWS S3
+        validate_env "AWS_ACCESS_KEY_ID"
+        validate_env "AWS_REGION"
         if [ -z "${SCCACHE_REGION}" ] ; then

Likely invalid or redundant comment.

---

138-139: Verify the impact of disabling incremental builds

While disabling incremental builds is necessary for sccache compatibility, it might impact build times in development environments.

✅ Verification successful

Disabling incremental builds confirmed

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if there are any build-time optimizations in cargo config
rg -l "incremental\s*=\s*true" .cargo/

Length of output: 40

---

Script:

#!/bin/bash
# Search for 'CARGO_INCREMENTAL' in all configuration files and environment setup scripts
rg -i 'CARGO_INCREMENTAL\s*=\s*(true|false)' .

Length of output: 109

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

Dockerfile (1)

214-222: Consider adding build flags for RocksDB optimization

The RocksDB build could benefit from additional optimization flags.

Consider adding these optimization flags:

-    PORTABLE=1 make -j$(nproc) static_lib && \
+    PORTABLE=1 EXTRA_CXXFLAGS="-DNDEBUG" make -j$(nproc) static_lib && \

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 38f94fe and bf2161c.

📒 Files selected for processing (1)

• Dockerfile (10 hunks)

🔇 Additional comments (6)

Dockerfile (6)

8-9: LGTM: Documentation improvements

The documentation has been enhanced to clearly explain the build stages and their purposes, including the new deps-compilation stage and AWS configuration options.

Also applies to: 20-20

---

107-109: LGTM: Centralized environment configuration

Good practice to centralize environment variables in a single source file that can be sourced across build stages.

---

227-230: LGTM: RocksDB environment configuration

Proper configuration of RocksDB environment variables for static linking.

---

233-237: LGTM: Snappy compression configuration

Good practice to explicitly configure Snappy compression library paths for RocksDB.

---

197-200: LGTM: Security improvements

Good security practice to handle sensitive credentials using ONBUILD instructions, preventing them from being persisted in intermediate layers.

---

298-304: Verify build cache effectiveness

The build process shows good use of layer caching, but we should verify its effectiveness.

Also applies to: 316-330

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

Dockerfile (1)

Line range hint 116-204: Enhance error handling in sccache configuration

The sccache configuration script should validate required environment variables before using them to prevent silent failures.

Apply this diff to add validation:

 RUN <<EOS
     set -ex -o pipefail
+    validate_vars() {
+        local backend=\$1
+        shift
+        for var in "\$@"; do
+            if [ -z "\${!var}" ]; then
+                echo "Error: \$var is required for \$backend backend" >&2
+                exit 1
+            fi
+        done
+    }
 
     if [ -n "${SCCACHE_GHA_ENABLED}" ]; then 
+        validate_vars "GitHub Actions" "ACTIONS_CACHE_URL"
         # Github Actions cache
         echo "export SCCACHE_GHA_ENABLED=${SCCACHE_GHA_ENABLED}" >> /etc/profile
         echo "export ACTIONS_CACHE_URL=${ACTIONS_CACHE_URL}" >> /etc/profile
     elif [ -n "${SCCACHE_BUCKET}" ]; then
+        validate_vars "AWS S3" "AWS_ACCESS_KEY_ID" "AWS_REGION"
         # AWS S3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 6740cb5 and f491026.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .github/actions/rust/action.yaml (2 hunks)
• .github/workflows/tests-rs-package.yml (4 hunks)
• Dockerfile (10 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/actions/rust/action.yaml
• .github/workflows/tests-rs-package.yml

🔇 Additional comments (3)

Dockerfile (3)

8-9: LGTM: Clear documentation of build stages

The added documentation clearly explains the purpose of the new deps-compilation stage and its relationship with other stages.

---

205-208: LGTM: Clean intermediate stage implementation

The deps-compilation stage is correctly implemented as an empty intermediate stage to overcome Docker's limitation with interpolation in COPY --from commands.

---

257-258: LGTM: Improved build process with sccache statistics

The addition of sccache statistics output after builds is helpful for monitoring cache effectiveness.

Also applies to: 322-323

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

Dockerfile (3)

218-226: Add verification step for RocksDB build

The RocksDB build process should verify the compiled library.

Add verification after the build:

 RUN git clone https://github.com/facebook/rocksdb.git -b v8.10.2 --depth 1 . && \
     source /root/env && \
     PORTABLE=1 make -j$(nproc) static_lib && \
+    # Verify the static library was built correctly
+    nm librocksdb.a | grep -q "T _ZN7rocksdb2DB4OpenE" && \
     mkdir -p /opt/rocksdb/usr/local/lib && \
     cp librocksdb.a /opt/rocksdb/usr/local/lib/ && \
     cp -r include /opt/rocksdb/usr/local/ && \

---

259-260: Consider using a variable for wasm-bindgen-cli version

The wasm-bindgen-cli version is hardcoded. Consider using an ARG to make it configurable.

Add at the top of the Dockerfile:

+ARG WASM_BINDGEN_VERSION=0.2.86
+ARG CARGO_CHEF_VERSION=0.1.67

 # Later in the file:
-    cargo install --profile "$CARGO_BUILD_PROFILE" [email protected] [email protected] --locked  && \
+    cargo install --profile "$CARGO_BUILD_PROFILE" \
+        wasm-bindgen-cli@${WASM_BINDGEN_VERSION} \
+        cargo-chef@${CARGO_CHEF_VERSION} \
+        --locked  && \

---

213-227: Consider adding build-time optimizations for RocksDB

The RocksDB build could benefit from additional optimizations.

Add optimization flags:

 RUN git clone https://github.com/facebook/rocksdb.git -b v8.10.2 --depth 1 . && \
     source /root/env && \
-    PORTABLE=1 make -j$(nproc) static_lib && \
+    PORTABLE=1 EXTRA_CXXFLAGS="-O3 -march=x86-64" make -j$(nproc) static_lib && \

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between f491026 and 650103f.

📒 Files selected for processing (1)

• Dockerfile (10 hunks)

🔇 Additional comments (5)

Dockerfile (5)

69-74: LGTM: Proper configuration of Snappy dependencies

The environment variables for Snappy are correctly set and exported, which is essential for RocksDB compilation.

---

143-144: Good practice: Disabling incremental builds for sccache compatibility

Disabling incremental builds is necessary as sccache doesn't support them. This prevents potential cache inconsistencies.

---

229-234: LGTM: Proper configuration of RocksDB environment variables

The RocksDB environment variables are correctly set and exported, which is essential for downstream builds.

---

200-204: Good security practice: Handling secrets using ONBUILD

Using ONBUILD for secrets prevents them from being stored in intermediate layers.

---

205-208: LGTM: Clean separation of compilation dependencies

The deps-compilation stage provides a clean way to handle compilation dependencies.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (7)

.github/workflows/tests-packges-functional.yml (1)

Line range hint 13-13: Consider parameterizing the ECR host region

Since the PR objectives mention refactoring variable passing, consider using the new aws_region input parameter here instead of directly accessing the secret.

-      ECR_HOST: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+      ECR_HOST: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com

.github/workflows/tests-build-js.yml (4)

Line range hint 15-22: Consider parameterizing the S3 bucket name

The S3 bucket name is hardcoded. Consider moving it to a repository secret or environment variable for better maintainability.

-          bucket: multi-runner-cache-x1xibo9c
+          bucket: ${{ secrets.CACHE_BUCKET_NAME }}

---

Line range hint 16-16: Evaluate dependency on custom actions-cache fork

Using a custom fork (strophy/actions-cache) could pose maintenance risks. Consider:

1. Contributing the changes back to the upstream repository
2. Using GitHub's native artifacts feature as suggested in the TODO comment

---

Line range hint 54-58: Align SCCACHE bucket configuration with cache configuration

The SCCACHE bucket name is also hardcoded. This should be aligned with the earlier cache configuration for consistency.

-          SCCACHE_BUCKET: multi-runner-cache-x1xibo9c
+          SCCACHE_BUCKET: ${{ secrets.CACHE_BUCKET_NAME }}

---

Line range hint 61-73: Consider using .gitignore templates

Instead of manually managing .gitignore entries, consider:

1. Using a base .gitignore template
2. Maintaining these patterns in a separate config file
3. Using .gitignore patterns specific to your build process

-      - name: Ignore only already cached artifacts
-        run: |
-          find . -name '.gitignore' -exec rm -f {} +
-          echo ".yarn" >> .gitignore
-          echo "target" >> .gitignore
-          echo "node_modules" >> .gitignore
-          echo ".nyc_output" >> .gitignore
-          echo ".idea" >> .gitignore
-          echo ".ultra.cache.json" >> .gitignore
-          echo "db/*" >> .gitignore
+      - name: Configure build artifacts ignore patterns
+        run: |
+          cp .github/workflows/templates/build-artifacts.gitignore .gitignore

.github/workflows/tests-dashmate.yml (2)

Line range hint 99-112: Well-implemented caching strategy for test optimization

The caching implementation effectively optimizes test execution by:

• Using fingerprint-based cache keys for proper invalidation
• Conditionally restoring volumes based on cache availability
• Leveraging OpenDAL for improved cache storage handling

Consider documenting the caching strategy in the repository's documentation to help other contributors understand the performance optimizations.

---

Line range hint 114-129: Consider conditional debug mode activation

While having DEBUG=1 is helpful during development, it might impact test execution performance. Consider making it conditional based on workflow inputs or environment.

       run: yarn workspace dashmate run mocha ${{ inputs.test-pattern }}
        env:
-         DEBUG: 1
+         DEBUG: ${{ inputs.debug || '0' }}
          DASHMATE_E2E_TESTS_SKIP_IMAGE_BUILD: true
          DASHMATE_E2E_TESTS_LOCAL_HOMEDIR: /home/ubuntu/.dashmate

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 650103f and 58ac034.

📒 Files selected for processing (5)

• .github/workflows/tests-build-js.yml (1 hunks)
• .github/workflows/tests-dashmate.yml (1 hunks)
• .github/workflows/tests-packges-functional.yml (1 hunks)
• .github/workflows/tests-rs-package.yml (5 hunks)
• .github/workflows/tests-test-suite.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/tests-rs-package.yml

🔇 Additional comments (7)

.github/workflows/tests-packges-functional.yml (3)

Line range hint 35-36: Verify local network compatibility

The local network setup uses images from ECR. Ensure these images are multi-architecture or have x86_64 variants available.

#!/bin/bash
# Description: Check Docker image architecture support

# Look for platform specifications in local network setup
fd 'docker-compose|Dockerfile' .github/actions/local-network --exec grep -l 'platform|TARGETARCH|BUILDARCH' {} \;

# Check for architecture-specific tags or references
rg -l 'arm64|amd64|x86_64' .github/actions/local-network

---

7-8: Verify architecture compatibility with the new runner

The change from a self-hosted ARM64 runner to GitHub-hosted x86_64 (ubuntu-24.04) is significant. This architectural shift could impact:

1. Docker image compatibility
2. Binary dependencies
3. Build performance

Let's verify the architecture dependencies:

✅ Verification successful

Architecture compatibility verified with the new runner

The changes do not introduce architecture-specific dependencies or configurations.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for architecture-specific configurations and dependencies

# Search for architecture-specific Docker configurations
rg -l 'arm64|aarch64' 

# Check Dockerfile for platform-specific build args or stages
fd Dockerfile --exec grep -l 'platform|TARGETARCH|BUILDARCH' {} \;

# Look for binary dependencies that might be architecture-sensitive
rg -l 'lib.*\.so|\.dll|\.dylib'

Length of output: 1174

---

Line range hint 11-12: Verify browser availability on ubuntu-24.04

The workflow depends on Brave browser (CHROME_BIN: /usr/bin/brave-browser). Ensure this dependency is available on the new ubuntu-24.04 runner.

.github/workflows/tests-test-suite.yml (2)

61-62: LGTM!

The environment variables indentation change improves readability while maintaining functionality.

---

25-26: Verify compatibility with x86_64 architecture

The change from a self-hosted ARM64 runner to GitHub-hosted x86_64 runner (ubuntu-24.04) is a significant architectural shift. While this aligns with the PR's goal of prebuilding librocksdb, we should ensure compatibility.

Consider:

• Documenting the rationale for moving away from ARM64
• Adding architecture-specific test jobs if both architectures need to be supported
• Verifying that all native dependencies (especially RocksDB) work correctly on x86_64

✅ Verification successful

Architecture change from ARM64 to x86_64 is safe

The codebase has proper multi-architecture support with architecture-specific binary downloads and build paths. The Dockerfile and build system handle architecture differences appropriately.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for architecture-specific code or dependencies
# Look for:
# 1. Architecture-specific build flags
# 2. Native library dependencies
# 3. Docker image architecture specifications

# Check Dockerfile for architecture-specific settings
rg -i "arch|arm64|aarch64" 

# Check for architecture-specific build flags in build scripts
fd -e sh -e bash -e dockerfile --exec grep -i "arch|arm64|aarch64" {}

Length of output: 236165

.github/workflows/tests-build-js.yml (1)

7-8: Verify architecture compatibility after runner migration

The switch from a self-hosted ARM64 runner to GitHub-hosted x86_64 (ubuntu-24.04) could impact architecture-dependent builds.

✅ Verification successful

Architecture compatibility verified after runner migration

No architecture-specific dependencies or build configurations were found that would impact the switch to GitHub-hosted x86_64 runners.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for architecture-specific code or dependencies

# Search for architecture-specific dependencies in package.json files
echo "Checking for architecture-specific dependencies:"
fd package.json --exec jq -r '.dependencies + .devDependencies | keys[]' {} \; | sort -u | rg -i 'arm|x86|64|32|arch'

# Search for architecture-specific build scripts
echo "Checking for architecture-specific build configurations:"
rg -i 'arch|platform|arm|x86|64|32' -g 'package.json' -g '*.yml' -g '*.yaml' -g 'Makefile'

Length of output: 25390

.github/workflows/tests-dashmate.yml (1)

Line range hint 72-97: LGTM! Docker image handling follows best practices

The implementation:

• Uses explicit versioning with SHA tags
• Properly handles registry authentication
• Maintains clear image tagging strategy

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

Dockerfile (2)

20-20: Consider enhancing AWS region documentation

While the AWS-related build args are documented, consider adding a note about the relationship between AWS_REGION and SCCACHE_REGION, and their default behavior.

---

155-204: LGTM with suggestions for AWS configuration

The sccache configuration improvements are good, particularly:

• Secure handling of AWS credentials
• Proper SSL configuration
• Clear separation of configuration sources

Consider adding a check for AWS_REGION when SCCACHE_REGION is not set to prevent potential issues.

 if [ -z "${SCCACHE_REGION}" ] ; then
+    if [ -z "${AWS_REGION}" ] ; then
+        echo "Error: Either SCCACHE_REGION or AWS_REGION must be set" >&2
+        exit 1
+    fi
     # Default to AWS_REGION if not set
     export SCCACHE_REGION=${AWS_REGION}
 fi

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 58ac034 and 9ec5437.

📒 Files selected for processing (2)

• .github/workflows/tests-rs-package.yml (4 hunks)
• Dockerfile (10 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/tests-rs-package.yml

🧰 Additional context used

📓 Learnings (1)

Dockerfile (1)

Learnt from: lklimek
PR: dashpay/platform#2318
File: Dockerfile:160-198
Timestamp: 2024-11-13T10:31:31.084Z
Learning: In the `Dockerfile` for the rs-drive-abci project, when configuring sccache, we do not need to add validation checks for configuration variables, as sccache performs validation at runtime.

🔇 Additional comments (5)

Dockerfile (5)

8-9: LGTM: Clear and accurate documentation update

The added documentation clearly explains the purpose of the deps-compilation stage and its relationship with deps-base and deps-sccache.

---

69-74: LGTM: Proper Snappy static library configuration

The environment variables for Snappy are correctly configured for static linking, which is required for RocksDB compilation.

---

205-208: LGTM: Efficient compilation dependencies handling

The empty intermediate stage is a clever way to handle the conditional base image selection while maintaining a clean build hierarchy.

---

261-261: LGTM: Consistent environment handling

The build process updates consistently source the environment configuration and add helpful sccache statistics output for debugging.

Also applies to: 280-280, 305-305, 323-323, 354-354, 371-371

---

213-243: LGTM: Well-implemented RocksDB build process

The RocksDB build process is well-implemented with:

• Architecture-specific optimizations (haswell for amd64)
• Proper static library handling
• Correct environment variable configuration

Let's verify the RocksDB version compatibility:

✅ Verification successful

RocksDB version is consistently specified as 8.10.2

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify RocksDB version compatibility
# Check if the version matches across all files
rg -l "rocksdb.*8.10.2"

Length of output: 36