feat: coordinator and prover support v0.5.0

[colinlyguo]

Purpose or design rationale of this PR

PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

• feat: A new feature

Deployment tag versioning

Has tag in common/version.go been updated or have you added bump-version label to this PR?

• Yes

Breaking change label

Does this PR have the breaking-change label?

• No, this PR is not a breaking change

Summary by CodeRabbit

• New Features
  • Added GPU support for key components, including new scripts and Dockerfile changes to enable CUDA acceleration.
• Bug Fixes
  • Improved SSH setup in workflows to support multiple private keys and repositories.
• Chores
  • Updated dependency versions and redirected several dependencies to GPU-optimized forks.
  • Bumped version to v4.5.11.
  • Enhanced repository cloning and checkout scripts for more robust automation.

[coderabbitai]

"""

Walkthrough

This update transitions the build and workflow processes to support GPU-accelerated dependencies and multi-key SSH access. Dockerfiles now use CUDA-enabled images, and new scripts manage cloning and checking out specific GPU-related repositories. Dependency configurations are patched to use GPU forks, and workflow scripts are refactored for handling multiple SSH keys.

Changes

File(s)	Change Summary
.github/workflows/common.yml .github/workflows/docker.yml	Removed single-key SSH setup action; replaced with manual SSH setup loading multiple keys and running clone scripts. Updated checkout step to use new checkout_all.sh script.
build/dockerfiles/coordinator-api.Dockerfile	Switched base images to CUDA-enabled variants, adjusted Go and Rust versions, explicitly copied GPU-related scripts, and changed runtime image to CUDA-enabled Ubuntu.
build/dockerfiles/coordinator-api/checkout_all.sh	Added new script to checkout fixed commits for three GPU-related repositories sequentially.
build/dockerfiles/coordinator-api/clone_openvm_gpu.sh	Modified to remove fixed commit checkout; now fetches all branches and tags without pinning to a commit.
build/dockerfiles/coordinator-api/clone_openvm_stark_gpu.sh build/dockerfiles/coordinator-api/clone_plonky3_gpu.sh	Added new scripts to clone and fetch all branches and tags for openvm-stark-gpu and plonky3-gpu repositories if missing.
build/dockerfiles/coordinator-api/config.toml	Added "evm-prove" feature; added multiple [patch] sections to redirect dependencies to local GPU-accelerated forks of OpenVM and Plonky3 crates.
common/libzkp/impl/Cargo.toml zkvm-prover/Cargo.toml	Updated dependency versions for Euclid and Plonky3 crates; patched dependencies to GPU-enabled forks with added GPU-specific crates and features.
common/version/version.go	Updated version string from "v4.5.10" to "v4.5.11".

Sequence Diagram(s)

sequenceDiagram
    participant Workflow
    participant SSHAgent
    participant RepoScripts
    participant GitHub

    Workflow->>SSHAgent: Create .ssh directory, set permissions
    SSHAgent->>SSHAgent: Start ssh-agent and add multiple keys
    SSHAgent->>GitHub: Add GitHub RSA host key to known_hosts
    Workflow->>RepoScripts: Run clone scripts for each GPU repo
    RepoScripts->>GitHub: Clone or fetch repositories via SSH
    Workflow->>RepoScripts: Run checkout_all.sh to checkout fixed commits

Loading

Poem

🐇
Three keys in my paw,
CUDA dreams I now draw.
With scripts to fetch and checkout right,
GPU crates patched for flight.
Version hops, dependencies gleam,
Hopping forward with a CUDA-powered team!

"""

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (1.64.8)

level=warning msg="[runner] Can't run linter goanalysis_metalinter: buildir: failed to load package zstd: could not load export data: no export data for "github.com/scroll-tech/da-codec/encoding/zstd""
level=error msg="Running error: can't run linter goanalysis_metalinter\nbuildir: failed to load package zstd: could not load export data: no export data for "github.com/scroll-tech/da-codec/encoding/zstd""

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 14e4abb and bf246f3.

📒 Files selected for processing (1)

• common/version/version.go (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• common/version/version.go

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 40.66%. Comparing base (0d8b00c) to head (2c94b60).

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #1660      +/-   ##
===========================================
- Coverage    40.68%   40.66%   -0.02%     
===========================================
  Files          225      225              
  Lines        18419    18419              
===========================================
- Hits          7493     7491       -2     
- Misses       10195    10198       +3     
+ Partials       731      730       -1     

Flag	Coverage Δ
common	28.51% <ø> (ø)
coordinator	33.93% <ø> (-0.06%)	⬇️
database	42.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 3

🔭 Outside diff range comments (1)

build/dockerfiles/coordinator-api/checkout_all.sh (1)

8-18: 🛠️ Refactor suggestion

Ensure safe directory navigation and quoting
Wrap $DIR expansions in quotes and validate each path before cd to give clearer errors. For example:

- cd $DIR/plonky3-gpu && git checkout ${PLONKY3_GPU_COMMIT}
+ if [[ -d "$DIR/plonky3-gpu" ]]; then
+   cd "$DIR/plonky3-gpu"
+   git fetch --all --prune
+   git checkout "$PLONKY3_GPU_COMMIT"
+ else
+   echo "ERROR: Directory $DIR/plonky3-gpu not found"
+   exit 1
+ fi

This pattern can be repeated for the other two repositories.

♻️ Duplicate comments (1)

.github/workflows/docker.yml (1)

323-331: Remove redundant ssh-agent invocations
After consolidating agent setup, simply ssh-add the additional keys without re-running eval.

🧹 Nitpick comments (11)

build/dockerfiles/coordinator-api/clone_openvm_gpu.sh (1)

6-10: Quote path variables and fetch tags explicitly
For robustness and to ensure checkout_all.sh can use tags, wrap $DIR in quotes and include --tags when fetching:

-if [ ! -d $DIR/openvm-gpu ]; then
-    git clone [email protected]:scroll-tech/openvm-gpu.git $DIR/openvm-gpu
-fi
-cd $DIR/openvm-gpu && git fetch --all --force
+if [ ! -d "$DIR/openvm-gpu" ]; then
+    git clone [email protected]:scroll-tech/openvm-gpu.git "$DIR/openvm-gpu"
+fi
+cd "$DIR/openvm-gpu" && git fetch --all --force --tags

build/dockerfiles/coordinator-api/clone_plonky3_gpu.sh (1)

1-11: Apply the same robustness enhancements as other clone scripts

• Quote $DIR expansions.
• Fetch tags to support downstream checkouts.

-if [ ! -d $DIR/plonky3-gpu ]; then
-    git clone [email protected]:scroll-tech/plonky3-gpu.git $DIR/plonky3-gpu
-fi
-cd $DIR/plonky3-gpu && git fetch --all --force
+if [ ! -d "$DIR/plonky3-gpu" ]; then
+    git clone [email protected]:scroll-tech/plonky3-gpu.git "$DIR/plonky3-gpu"
+fi
+cd "$DIR/plonky3-gpu" && git fetch --all --force --tags

build/dockerfiles/coordinator-api/clone_openvm_stark_gpu.sh (1)

1-11: Mirror fetch/tag and quoting best practices
Consistently wrap $DIR variables and fetch tags so that the subsequent checkout_all.sh can reference the correct tag commits:

-if [ ! -d $DIR/openvm-stark-gpu ]; then
-    git clone [email protected]:scroll-tech/openvm-stark-gpu.git $DIR/openvm-stark-gpu
-fi
-cd $DIR/openvm-stark-gpu && git fetch --all --force
+if [ ! -d "$DIR/openvm-stark-gpu" ]; then
+    git clone [email protected]:scroll-tech/openvm-stark-gpu.git "$DIR/openvm-stark-gpu"
+fi
+cd "$DIR/openvm-stark-gpu" && git fetch --all --force --tags

.github/workflows/common.yml (1)

45-62: Securely handle SSH private keys
Writing all keys to a single disk file leaves sensitive material lingering on the runner. After adding the keys to ssh-agent, remove or shred the file immediately:

- ssh-add ~/.ssh/all_keys 2>/dev/null
+ ssh-add ~/.ssh/all_keys 2>/dev/null
+ shred --remove ~/.ssh/all_keys

Alternatively, add each key directly from stdin without persisting to disk:

for key in \
  "${{ secrets.OPENVM_GPU_SSH_PRIVATE_KEY }}" \
  "${{ secrets.OPENVM_STARK_GPU_SSH_PRIVATE_KEY }}" \
  "${{ secrets.PLONKY3_GPU_SSH_PRIVATE_KEY }}"; do
  ssh-add <(printf "%s\n" "$key")
done

build/dockerfiles/coordinator-api/checkout_all.sh (1)

4-7: Pin GPU repository commits
Defining explicit commit hashes ensures reproducible builds. Consider adding a comment or link to upstream release notes or PRs for context.

build/dockerfiles/coordinator-api.Dockerfile (4)

2-2: Update builder base image with CUDA support
Switching to scrolltech/cuda-go-rust-builder:cuda-11.7.1-go-1.21-rust-nightly-2023-12-03 aligns with GPU requirements. For stronger immutability, consider pinning the image by digest.

---

12-15: Include GPU-enabled repositories in build context
Copying plonky3-gpu and openvm-stark-gpu ensures the patched source is available. To reduce image layers, you might combine these COPY commands:

COPY ./build/dockerfiles/coordinator-api/{plonky3-gpu,openvm-stark-gpu,openvm-gpu} / 

Ensure these dirs are populated by your clone scripts before this stage.

---

25-25: Consistent CUDA builder for Go modules
Mirroring the CUDA-enabled builder for the Go dependency download stage is correct. As with the chef stage, pin to a digest if possible.

---

45-45: Use CUDA runtime base image for deployment
Switching the final stage to nvidia/cuda:11.7.1-runtime-ubuntu22.04 is appropriate. To minimize image size, clean up apt caches:

RUN apt update \
  && apt install -y --no-install-recommends vim netcat-openbsd net-tools curl jq \
  && rm -rf /var/lib/apt/lists/*

build/dockerfiles/coordinator-api/config.toml (1)

27-34: Consolidate OpenVM Stark patches
You have two [patch] sections targeting the same crates. Merge them into one:

[patch."ssh://git@github.com/scroll-tech/openvm-stark-gpu.git"]
openvm-stark-backend = { path = "/openvm-stark-gpu/crates/stark-backend", features = ["gpu"] }
openvm-stark-sdk     = { path = "/openvm-stark-gpu/crates/stark-sdk", features = ["gpu"] }

This reduces redundancy and potential confusion.

common/libzkp/impl/Cargo.toml (1)

40-67: Patch Plonky3 crates to GPU-enabled fork
Using tag v0.2.0 is clear; for stronger reproducibility, consider pinning to a specific commit hash. Also, confirm if any additional features or default-features = false settings are required for your use case.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 0d8b00c and 77aa7b6.

⛔ Files ignored due to path filters (2)

• common/libzkp/impl/Cargo.lock is excluded by !**/*.lock
• zkvm-prover/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (11)

• .github/workflows/common.yml (1 hunks)
• .github/workflows/docker.yml (1 hunks)
• build/dockerfiles/coordinator-api.Dockerfile (4 hunks)
• build/dockerfiles/coordinator-api/checkout_all.sh (1 hunks)
• build/dockerfiles/coordinator-api/clone_openvm_gpu.sh (1 hunks)
• build/dockerfiles/coordinator-api/clone_openvm_stark_gpu.sh (1 hunks)
• build/dockerfiles/coordinator-api/clone_plonky3_gpu.sh (1 hunks)
• build/dockerfiles/coordinator-api/config.toml (1 hunks)
• common/libzkp/impl/Cargo.toml (2 hunks)
• common/version/version.go (1 hunks)
• zkvm-prover/Cargo.toml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: tests

🔇 Additional comments (9)

common/version/version.go (1)

8-8: Version bump aligns with feature rollout.

The tag has been correctly updated from v4.5.9 to v4.5.10 to reflect the new coordinator and prover support changes. No additional changes are needed in this file.

zkvm-prover/Cargo.toml (2)

21-21: Ensure version bump consistency across modules
The scroll-zkvm-prover-euclid dependency has been updated to v0.5.0—please verify that any centralized versioning files (e.g., common/version.go) or other Cargo manifests also reflect this bump to prevent mix-and-match versions.

---

54-61: Confirm new Plonky3 GPU patches are used
A large set of p3- crates (including the new p3-koala-bear) is now patched to the GPU-enabled fork at tag v0.2.0. Ensure each of these crates is actively consumed in the codebase; remove any that remain unused to avoid clutter and unnecessary fetches.

build/dockerfiles/coordinator-api/checkout_all.sh (1)

1-2: Enable strict error handling and debugging
Good use of set -uex to catch unset variables and exit on errors, while printing commands for visibility.

.github/workflows/docker.yml (2)

347-348: Verify loaded SSH keys count
With the refactored approach, this will now reflect the total keys.

---

351-351: Checkout pinned commits in one step
Switching to checkout_all.sh centralizes commit checkout. Ensure the script has set -e (or equivalent) so failures bubble up to fail the workflow.

build/dockerfiles/coordinator-api/config.toml (1)

22-22: Enable evm-prove feature for openvm-sdk
Adding "evm-prove" aligns with GPU-based proof generation requirements.

common/libzkp/impl/Cargo.toml (2)

17-19: Bump euclid_prover and euclid_verifier to v0.5.0
Updating to v0.5.0 matches the coordinator/prover support requirement.

---

36-39: Patch OpenVM Stark crates to GPU fork
Redirecting to scroll-tech/openvm-stark-gpu with the gpu feature aligns with GPU acceleration goals.