feat(op-reth): add StreamingFast Docker image build + release workflow#1
Merged
maoueh merged 4 commits intoJun 11, 2026
Merged
Conversation
Add a StreamingFast-flavored Docker build/push/release flow for op-reth, kept in .sf-suffixed files separate from upstream so upstream merges stay clean. No existing upstream CI/Dockerfile is modified. - .github/workflows/sf-release.yml: build + release jobs triggered on `*-fh*` tags and manual dispatch. Builds a linux/amd64 ghcr image from Dockerfile.sf, then (on tag) extracts the op-reth binary, pulls release notes from CHANGELOG.sf.md via sfreleaser, and publishes a GitHub release. - rust/op-reth/Dockerfile.sf: SF variant tracking op-reth/DockerfileOp, adds ARG VERSION (OCI label) and installs op-reth at /usr/local/bin. - CHANGELOG.sf.md: Keep-a-Changelog seed read by the release job. amd64-only for now: op-reth's maxperf full-node build is too heavy to reliably build on GitHub-hosted arm64 runners.
sduchesneau
reviewed
Jun 11, 2026
| --github-output="changelog:$GITHUB_OUTPUT" | ||
|
|
||
| - name: Release | ||
| uses: softprops/action-gh-release@v2 |
There was a problem hiding this comment.
add if: github.ref_type == 'tag' here
ref: https://github.com/softprops/action-gh-release#-limit-releases-to-pushes-to-tags
Author
There was a problem hiding this comment.
@copilot Ignore, incorrect.
The full job is actually already gated, no need to gate again if: startsWith(github.ref, 'refs/tags/') see line 86
There was a problem hiding this comment.
Applied in a5bfbc3: added if: github.ref_type == 'tag' on the Release step in .github/workflows/sf-release.yml.
…versions - Run on `firehose/*` branch pushes and pull requests in addition to `*-fh*` tags and manual dispatch. - Skip ghcr login/push for fork PRs (read-only token); same-repo PRs and pushes still authenticate and push. The image always builds to validate the Dockerfile. - Bump both jobs to ubuntu-24.04. - Treat `-alpha` like `-beta`/`-rc` for `latest` exclusion and prerelease. - Restore the version-suffixed `<sha>-<version>` tag (race-safe when a tag and its branch build the same commit) and sanitize `/` -> `-` in the extracted version so slash-containing refs stay valid Docker tags.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a StreamingFast-flavored Docker image build + push + release flow for
op-reth, modeled on the near-identical flows instreamingfast/baseandstreamingfast/go-ethereum. All additions live in.sf-suffixed files separate from upstream — no existing upstream CI/Dockerfile/workflow is modified, so upstream merges stay clean.Files added
.github/workflows/sf-release.yml—build+releasejobs. Triggers on*-fh*tags andworkflow_dispatchonly (no PR/branch triggers, so no collision with upstream CI).buildpublishes alinux/amd64image toghcr.iofromDockerfile.sf; on tag,releasedocker cps theop-rethbinary out, pulls release notes fromCHANGELOG.sf.mdviasfreleaser(v0.12.1), and publishes a GitHub release (softprops/action-gh-release@v2) with the binary attached.rust/op-reth/Dockerfile.sf— SF variant trackingop-reth/DockerfileOp(cargo-chef, rust 1.94, wolfi-base runtime,--bin op-reth --manifest-path /app/op-reth/bin/Cargo.toml, profilemaxperf). AddsARG VERSION(stamped as OCI label) and installs the binary at/usr/local/bin/op-reth. Build context isrust/, matching the upstream docker-bakeop-rethtarget.CHANGELOG.sf.md— Keep-a-Changelog seed read by the release job.Decisions
op-rethis a full node builtmaxperf(fat LTO, codegen-units=1) — far heavier than base's slimbase-reth-node. A native arm64 runner risks CI timeouts, so the matrix + manifest-merge job is dropped. Reversible — see the comment in the workflow.--versionfrom upstream git metadata via a vergen build script in an external dependency; there's no clean in-tree override, so the tag is recorded as a label rather than faked into the binary.bin/Cargo.tomland the upstream bake target, not assumed.Testing
No Rust source changed (CI YAML + Dockerfile + changelog only). Workflow YAML validated;
Dockerfile.sfis a faithful copy of the proven upstreamDockerfileOpwith additive deltas only. The fullmaxperfimage build is hours-long and was not run locally.