From 7f8e6ea41d64ac88de7bdaa764ee210a2f239777 Mon Sep 17 00:00:00 2001 From: Maksim Kramarenko Date: Mon, 11 May 2026 18:11:46 -0400 Subject: [PATCH 1/3] Make CI runnable on the QuickNode fork MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three independent problems prevented these workflows from running on quiknode-labs/shredstream-proxy: 1. **Custom self-hosted runner**: all three workflows used `ubuntu-22.04-16c-64g-public`, which is Jito's private runner pool. The fork has no access — jobs would queue indefinitely. 2. **Missing Rust toolchain**: the `setup-rust` composite action only installed protoc and assumed rustc was already present on the runner (true on Jito's custom runner). Stock GitHub-hosted runners ship rustup but no specific toolchain; the build would fail to find 1.84. 3. **Hardcoded Docker Hub push**: build.yml and release.yml pushed to `jitolabs/jito-shredstream-proxy:*` using `secrets.DOCKERHUB_USER` / `secrets.DOCKERHUB_PWD`. Those secrets don't exist on the fork and shouldn't — they're Jito's. The QN deploy pipeline pulls binaries from an OCI bucket via the `role_chain_build` Drone pipeline, so the Docker Hub path is irrelevant for QN production deploys. Changes: - `setup-rust/action.yaml`: add `dtolnay/rust-toolchain@1.84` step to explicitly install the toolchain pinned in `rust-toolchain.toml`. Stays compatible with self-hosted runners that already have rust. - `test.yml` / `build.yml`: switch to stock `ubuntu-22.04` runner. Drop Docker login/build/push from build.yml — clippy + a fresh `cargo build --release` cover the PR-validation purpose without publishing artifacts anywhere. - `release.yml`: switch to stock runner. Replace the Docker-based binary extraction (build image → push to Docker Hub → docker run cat) with a direct `cargo build --release`. The resulting binary is staged as `jito-shredstream-proxy-x86_64-unknown-linux-gnu` and uploaded to the GitHub Release by `softprops/action-gh-release@v2` on tag push — same artifact name as before, no behavior change for consumers reading the Release page. Dropped multi-arch (arm64) builds since the QN fleet is x86_64-only (znver3/4/5 targets per `role_chain_build`). If arm64 is ever needed, re-add via `cross` or QEMU. Note: Actions must be enabled on the fork (Settings → Actions → General → "Allow all actions and reusable workflows") for any of these to run. That's a one-time manual click — no PR can do it. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/actions/setup-rust/action.yaml | 13 ++++++++- .github/workflows/build.yml | 29 +++----------------- .github/workflows/release.yml | 38 ++++++-------------------- .github/workflows/test.yml | 2 +- 4 files changed, 25 insertions(+), 57 deletions(-) diff --git a/.github/actions/setup-rust/action.yaml b/.github/actions/setup-rust/action.yaml index f82c8fb8..579088a0 100644 --- a/.github/actions/setup-rust/action.yaml +++ b/.github/actions/setup-rust/action.yaml @@ -1,5 +1,5 @@ name: Setup Rust -description: Installs rust in a bare metal fashion +description: Install Rust toolchain (from rust-toolchain.toml), protoc, and cache cargo state. inputs: caller-workflow-name: description: 'Name of workflow used for creating a cache key in ASCII format.' @@ -18,6 +18,17 @@ runs: run: "echo Cache key: ${{ steps.cache-key-generator.outputs.cache-key }}" shell: bash + # Stock GitHub-hosted runners ship rustup but no specific toolchain. Install the + # toolchain pinned in rust-toolchain.toml (channel = "1.84" at the time of writing). + # We pass the channel explicitly rather than reading the toml because dtolnay's + # action overrides toml-pinning when `toolchain:` is set, and we want predictable + # CI behavior whether a user runs the workflow on stock runners or self-hosted ones + # that already have rust installed. + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@1.84 + with: + components: rustfmt, clippy + - name: Install Protobuf run: | export PROTOC_VERSION=23.4 && \ diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d1b02cbf..6affcfb9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -5,7 +5,7 @@ on: jobs: build: - runs-on: ubuntu-22.04-16c-64g-public + runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -13,34 +13,13 @@ jobs: submodules: recursive lfs: true - - name: Sanity Check - run: | - cat /proc/cpuinfo - - name: Setup Rust uses: ./.github/actions/setup-rust with: - caller-workflow-name: test + caller-workflow-name: build - name: Clippy check run: cargo clippy --all-features --all-targets --tests -- -D warnings - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # see https://docs.docker.com/build/ci/github-actions/cache/#cache-backend-api - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PWD }} - - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: . - push: true - tags: jitolabs/jito-shredstream-proxy:${{github.sha}} - cache-from: type=gha - cache-to: type=gha,mode=max - platforms: linux/arm64,linux/x86_64 + - name: Release build + run: cargo build --release --locked --bin jito-shredstream-proxy diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 879bc8b6..0f6a3458 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,14 +2,12 @@ name: release on: push: - # branches: - # - master tags: - 'v*' jobs: release: - runs-on: ubuntu-22.04-16c-64g-public + runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -17,43 +15,23 @@ jobs: submodules: recursive lfs: true - - name: Sanity Check - run: | - cat /proc/cpuinfo - - name: Setup Rust uses: ./.github/actions/setup-rust with: - caller-workflow-name: test + caller-workflow-name: release - name: Clippy check run: cargo clippy --all-features --all-targets --tests -- -D warnings - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # see https://docs.docker.com/build/ci/github-actions/cache/#cache-backend-api - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USER }} - password: ${{ secrets.DOCKERHUB_PWD }} - - - name: Build and push - uses: docker/build-push-action@v4 - with: - context: . - push: true - tags: jitolabs/jito-shredstream-proxy:${{github.ref_name}} - cache-from: type=gha - cache-to: type=gha,mode=max - platforms: linux/arm64,linux/x86_64 + - name: Release build + run: cargo build --release --locked --bin jito-shredstream-proxy - - name: Copy artifact from container + - name: Stage artifact run: | - docker run --rm --platform linux/x86_64 --entrypoint cat jitolabs/jito-shredstream-proxy:${{github.ref_name}} /app/jito-shredstream-proxy > ./jito-shredstream-proxy-x86_64-unknown-linux-gnu - ls -lh . + cp target/release/jito-shredstream-proxy \ + ./jito-shredstream-proxy-x86_64-unknown-linux-gnu file ./jito-shredstream-proxy-x86_64-unknown-linux-gnu + ls -lh ./jito-shredstream-proxy-x86_64-unknown-linux-gnu - name: Release uses: softprops/action-gh-release@v2 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7722365a..82f6a775 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,7 +5,7 @@ on: jobs: test: - runs-on: ubuntu-22.04-16c-64g-public + runs-on: ubuntu-22.04 steps: - name: Checkout uses: actions/checkout@v4 From 66de22d5b365f826eb216e638d0751a908fdd337 Mon Sep 17 00:00:00 2001 From: Maksim Kramarenko Date: Mon, 11 May 2026 18:24:23 -0400 Subject: [PATCH 2/3] Read Rust toolchain from rust-toolchain.toml (address Cursor review) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Switches the Rust install step from dtolnay/rust-toolchain@1.84 to actions-rust-lang/setup-rust-toolchain@v1, which reads rust-toolchain.toml when no explicit toolchain input is given. Why this matters: the previous version hardcoded `@1.84` and only declared `components: rustfmt, clippy` — duplicating the source of truth held by `rust-toolchain.toml` (`channel = "1.84"`, components `[rustfmt, rustc-dev, clippy, cargo]`). Bumping the toml without also bumping the action would silently leave CI on the old toolchain, producing local/CI drift that's painful to diagnose. With this change, `rust-toolchain.toml` is the only place to edit. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/actions/setup-rust/action.yaml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/actions/setup-rust/action.yaml b/.github/actions/setup-rust/action.yaml index 579088a0..c33a5ceb 100644 --- a/.github/actions/setup-rust/action.yaml +++ b/.github/actions/setup-rust/action.yaml @@ -18,16 +18,13 @@ runs: run: "echo Cache key: ${{ steps.cache-key-generator.outputs.cache-key }}" shell: bash - # Stock GitHub-hosted runners ship rustup but no specific toolchain. Install the - # toolchain pinned in rust-toolchain.toml (channel = "1.84" at the time of writing). - # We pass the channel explicitly rather than reading the toml because dtolnay's - # action overrides toml-pinning when `toolchain:` is set, and we want predictable - # CI behavior whether a user runs the workflow on stock runners or self-hosted ones - # that already have rust installed. + # Install the Rust toolchain pinned in rust-toolchain.toml. + # actions-rust-lang/setup-rust-toolchain reads rust-toolchain.toml when no + # explicit `toolchain:` input is given, picking up both the `channel` and the + # full `components` list — so this stays a single source of truth. Bumping + # rust-toolchain.toml is enough to bump CI; no second place to edit. - name: Install Rust toolchain - uses: dtolnay/rust-toolchain@1.84 - with: - components: rustfmt, clippy + uses: actions-rust-lang/setup-rust-toolchain@v1 - name: Install Protobuf run: | From 9e259587478f315b05ba06b790455235784a30d7 Mon Sep 17 00:00:00 2001 From: Maksim Kramarenko Date: Tue, 12 May 2026 12:56:27 -0400 Subject: [PATCH 3/3] Drop duplicate cache layer (address Cursor review) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit actions-rust-lang/setup-rust-toolchain@v1 already enables Swatinem/rust-cache by default, which caches ~/.cargo and target/ using Rust-aware logic (workspace member detection, smart target invalidation on dependency changes, garbage collection). The composite action also had two explicit actions/cache@v4 steps caching the same paths — two systems independently saving and restoring overlapping directories, causing cache conflicts, stale restores, and wasted GHA cache storage. Fix: remove the manual actions/cache@v4 steps. Swatinem/rust-cache is strictly better than the previous naive ~/.cargo + target/ caching for this workload — the same paths get cached, but with smarter keys. Followups that became unnecessary: - The `caller-workflow-name` input only existed to feed the cache-key generator. Now unused; removed from the action interface and from the three callers (test.yml, build.yml, release.yml). - The "Generate cache key" and "Check cache key" steps are gone. Net: 9 lines added, 37 removed. Simpler action, no behavior change besides faster and more correct caching. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/actions/setup-rust/action.yaml | 40 ++++++-------------------- .github/workflows/build.yml | 2 -- .github/workflows/release.yml | 2 -- .github/workflows/test.yml | 2 -- 4 files changed, 9 insertions(+), 37 deletions(-) diff --git a/.github/actions/setup-rust/action.yaml b/.github/actions/setup-rust/action.yaml index c33a5ceb..5f606684 100644 --- a/.github/actions/setup-rust/action.yaml +++ b/.github/actions/setup-rust/action.yaml @@ -1,28 +1,20 @@ name: Setup Rust -description: Install Rust toolchain (from rust-toolchain.toml), protoc, and cache cargo state. -inputs: - caller-workflow-name: - description: 'Name of workflow used for creating a cache key in ASCII format.' - required: true - default: '' +description: Install Rust toolchain (from rust-toolchain.toml) and protoc. Caching of ~/.cargo and target/ is handled internally by actions-rust-lang/setup-rust-toolchain via Swatinem/rust-cache — don't add separate actions/cache steps. runs: using: composite steps: - - name: Generate cache key - id: cache-key-generator - run: echo "cache-key=$(echo ${{inputs.caller-workflow-name}} | tr ' ' '_')" >> $GITHUB_OUTPUT - shell: bash - - - name: Check cache key - run: "echo Cache key: ${{ steps.cache-key-generator.outputs.cache-key }}" - shell: bash - # Install the Rust toolchain pinned in rust-toolchain.toml. # actions-rust-lang/setup-rust-toolchain reads rust-toolchain.toml when no - # explicit `toolchain:` input is given, picking up both the `channel` and the - # full `components` list — so this stays a single source of truth. Bumping + # explicit `toolchain:` input is given, picking up both the `channel` and + # the full `components` list — single source of truth. Bumping # rust-toolchain.toml is enough to bump CI; no second place to edit. + # + # Caching is handled internally by this action via Swatinem/rust-cache, + # which is Rust-aware: workspace member detection, smart target/ cache + # invalidation on dependency changes, garbage collection. Don't layer + # additional actions/cache steps on top of it — the systems will fight + # over the same paths and produce stale restores. - name: Install Rust toolchain uses: actions-rust-lang/setup-rust-toolchain@v1 @@ -36,20 +28,6 @@ runs: && rm -f $PROTOC_ZIP shell: bash - - name: cache dependencies - uses: actions/cache@v4 - with: - path: | - ~/.cargo - key: ${{ runner.os }}-cargo-${{ steps.cache-key-generator.outputs.cache-key }}-${{ hashFiles('**/Cargo.lock') }} - - - name: cache rust files - uses: actions/cache@v4 - with: - path: | - target/ - key: ${{ runner.os }}-cargo-${{ steps.cache-key-generator.outputs.cache-key }}-${{ hashFiles('**/*.rs') }} - - name: Check rust version run: | rustc --version || true; diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6affcfb9..29fff893 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,8 +15,6 @@ jobs: - name: Setup Rust uses: ./.github/actions/setup-rust - with: - caller-workflow-name: build - name: Clippy check run: cargo clippy --all-features --all-targets --tests -- -D warnings diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0f6a3458..90d70517 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,8 +17,6 @@ jobs: - name: Setup Rust uses: ./.github/actions/setup-rust - with: - caller-workflow-name: release - name: Clippy check run: cargo clippy --all-features --all-targets --tests -- -D warnings diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 82f6a775..e43f82cd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,8 +15,6 @@ jobs: - name: Setup Rust uses: ./.github/actions/setup-rust - with: - caller-workflow-name: test - name: Run tests run: cargo test --all-features --locked