From 6c9e64c8b559d7d5d068cc6c614ef2755b56cf23 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Mon, 15 Jun 2026 17:32:46 +0200 Subject: [PATCH 1/4] ci: update to Node.js 24 compatible GHA reusable workflows --- .github/workflows/ci.yaml | 2 +- .github/workflows/docker-build-on-tag.yaml | 2 +- Cargo.lock | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 38362f5..e0430ab 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -52,7 +52,7 @@ jobs: strategy: matrix: package: [post-compute, pre-compute] - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.3.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.4.0 with: image-name: docker-regis.iex.ec/tee-worker-${{ matrix.package }}-rust image-tag: ${{ needs.prepare.outputs.image_tag }} diff --git a/.github/workflows/docker-build-on-tag.yaml b/.github/workflows/docker-build-on-tag.yaml index 5c003b4..ff4c387 100644 --- a/.github/workflows/docker-build-on-tag.yaml +++ b/.github/workflows/docker-build-on-tag.yaml @@ -57,7 +57,7 @@ jobs: build-oci-image: name: Build OCI image needs: prepare - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.3.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.4.0 with: image-name: docker-regis.iex.ec/${{ needs.prepare.outputs.image_name }} image-tag: ${{ needs.prepare.outputs.image_tag }} diff --git a/Cargo.lock b/Cargo.lock index d5fe241..930e1eb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4146,7 +4146,7 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "tee-worker-post-compute" -version = "0.3.0" +version = "0.3.1" dependencies = [ "aes", "alloy-signer", @@ -4179,7 +4179,7 @@ dependencies = [ [[package]] name = "tee-worker-pre-compute" -version = "0.4.0" +version = "0.4.1" dependencies = [ "aes", "alloy-signer", From f9847a543f920c91e5c9fbdac9f916d2e3976886 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Tue, 16 Jun 2026 12:54:13 +0200 Subject: [PATCH 2/4] fix: fetch reusable workflows with full commit SHA hash --- .github/workflows/ci.yaml | 6 ++++-- .github/workflows/conventional-commits.yaml | 3 ++- .github/workflows/docker-build-on-tag.yaml | 3 ++- .github/workflows/release.yaml | 3 ++- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e0430ab..51f9c24 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,7 +8,8 @@ on: jobs: build-and-test: - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@rust-build-v2.1.0 + # rust-build-v2.1.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/rust-build.yml@5036190d3796e0de636fd5dddd58bebcac0e261a with: rust-version: '1.88.0' working-directory: "." @@ -52,7 +53,8 @@ jobs: strategy: matrix: package: [post-compute, pre-compute] - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.4.0 + # docker-build-v3.4.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@2124e2240bb2cf0254e8308c3d13c75bb524de06 with: image-name: docker-regis.iex.ec/tee-worker-${{ matrix.package }}-rust image-tag: ${{ needs.prepare.outputs.image_tag }} diff --git a/.github/workflows/conventional-commits.yaml b/.github/workflows/conventional-commits.yaml index 107a9e1..aba2195 100644 --- a/.github/workflows/conventional-commits.yaml +++ b/.github/workflows/conventional-commits.yaml @@ -13,4 +13,5 @@ jobs: if: github.repository_owner == 'iExecBlockchainComputing' permissions: pull-requests: read - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/conventional-commits.yml@conventional-commits-v1.2.0 + # conventional-commits-1.2.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/conventional-commits.yml@975de113847596617899976f67f5b5faceef0a84 diff --git a/.github/workflows/docker-build-on-tag.yaml b/.github/workflows/docker-build-on-tag.yaml index ff4c387..0f813b3 100644 --- a/.github/workflows/docker-build-on-tag.yaml +++ b/.github/workflows/docker-build-on-tag.yaml @@ -57,7 +57,8 @@ jobs: build-oci-image: name: Build OCI image needs: prepare - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v3.4.0 + # docker-build-v3.4.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@2124e2240bb2cf0254e8308c3d13c75bb524de06 with: image-name: docker-regis.iex.ec/${{ needs.prepare.outputs.image_name }} image-tag: ${{ needs.prepare.outputs.image_tag }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2b3ce8a..f0626e6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,5 +14,6 @@ jobs: release-please: # Prevent execution on forks if: github.repository_owner == 'iExecBlockchainComputing' - uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@release-please-v2.2.0 + # release-please-v2.2.0 + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/release-please.yml@4e2e817b7c2dcab27a671b630e23d07f5fc94daf secrets: inherit From 62678dbe063e549a46f2fb2875d58b8c2dda68b2 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Tue, 16 Jun 2026 12:55:29 +0200 Subject: [PATCH 3/4] chore: update openssl dependencies to 3.5.7-r0 in Dockerfile --- post-compute/Dockerfile | 2 +- pre-compute/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/post-compute/Dockerfile b/post-compute/Dockerfile index 3a38f3b..4c2b795 100644 --- a/post-compute/Dockerfile +++ b/post-compute/Dockerfile @@ -1,7 +1,7 @@ FROM rust:1.88-alpine3.22 AS builder # Install build dependencies with pinned versions -RUN apk add --no-cache musl-dev=1.2.5-r12 openssl-dev=3.5.6-r0 openssl-libs-static=3.5.6-r0 +RUN apk add --no-cache musl-dev=1.2.5-r12 openssl-dev=3.5.7-r0 openssl-libs-static=3.5.7-r0 WORKDIR /app diff --git a/pre-compute/Dockerfile b/pre-compute/Dockerfile index 66d81d1..a3a3025 100644 --- a/pre-compute/Dockerfile +++ b/pre-compute/Dockerfile @@ -1,7 +1,7 @@ FROM rust:1.88-alpine3.22 AS builder # Install build dependencies with pinned versions -RUN apk add --no-cache musl-dev=1.2.5-r12 openssl-dev=3.5.6-r0 openssl-libs-static=3.5.6-r0 +RUN apk add --no-cache musl-dev=1.2.5-r12 openssl-dev=3.5.7-r0 openssl-libs-static=3.5.7-r0 WORKDIR /app From cfa7ea190b28e55b7f015be42e4ed5d638d03f91 Mon Sep 17 00:00:00 2001 From: Jeremy Bernard Date: Tue, 16 Jun 2026 13:42:00 +0200 Subject: [PATCH 4/4] fix: update packages in runtime image --- post-compute/Dockerfile | 2 ++ pre-compute/Dockerfile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/post-compute/Dockerfile b/post-compute/Dockerfile index 4c2b795..50ac575 100644 --- a/post-compute/Dockerfile +++ b/post-compute/Dockerfile @@ -16,6 +16,8 @@ FROM alpine:3.22 # Set working directory WORKDIR /app +RUN apk --no-cache upgrade + # Copy the binary from builder stage COPY --from=builder /app/target/release/tee-worker-post-compute . diff --git a/pre-compute/Dockerfile b/pre-compute/Dockerfile index a3a3025..62f3164 100644 --- a/pre-compute/Dockerfile +++ b/pre-compute/Dockerfile @@ -16,6 +16,8 @@ FROM alpine:3.22 # Set working directory WORKDIR /app +RUN apk --no-cache upgrade + # Copy the binary from builder stage COPY --from=builder /app/target/release/tee-worker-pre-compute .