diff --git a/.circleci/config.yml b/.circleci/config.yml index d2e97cfe5..94bcdcd97 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -82,10 +82,84 @@ jobs: name: Integration tests command: | npm test circuits.test.ts + - persist_to_workspace: + root: ~/repo + paths: + - target + + info_circuits: + <<: *defaults + steps: + - restore_cache: + keys: + - nargo-cache-<< pipeline.parameters.noir_version >> + - attach_workspace: + at: ~/repo + - run: + name: Run ci-info-circuits.sh + command: | + PATH=/home/circleci/.nargo/bin:$PATH ~/repo/scripts/ci-info-circuits.sh + # - when: + # condition: + # equal: [ main, << pipeline.git.branch >> ] + # steps: + - save_cache: + paths: + - ~/repo/nargo-info/main_opcodes.json + key: nargo-cache-<< pipeline.parameters.noir_version >>-main-opcodes + - persist_to_workspace: + root: ~/repo + paths: + - nargo-info + + compare_circuit_opcodes: + <<: *defaults + steps: + - restore_cache: + keys: + - nargo-cache-<< pipeline.parameters.noir_version >> + - attach_workspace: + at: ~/repo + - run: + name: Install jq and gh + command: | + sudo apt-get update + sudo apt-get install -y jq + curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg + sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null + sudo apt-get update + sudo apt-get install gh -y + - run: + name: Run ci-info-circuits.sh on PR branch + command: | + PATH=/home/circleci/.nargo/bin:$PATH ~/repo/scripts/ci-info-circuits.sh + - run: + name: Save PR branch main_opcodes.json + command: cp ~/repo/nargo-info/main_opcodes.json /tmp/main_opcodes_pr.json + - restore_cache: + keys: + - nargo-cache-<< pipeline.parameters.noir_version >>-main-opcodes + - run: + name: Compare opcode counts and comment on PR if different + command: | + set +e + diff_output=$(diff -u ~/repo/nargo-info/main_opcodes.json /tmp/main_opcodes_pr.json) + set -e + if [ -n "$diff_output" ]; then + echo "Opcode counts differ, posting comment to PR..." + PR_NUMBER=$(echo $CIRCLE_PULL_REQUEST | awk -F'/' '{print $NF}') + echo $GITHUB_TOKEN | gh auth login --with-token + echo "### Circuit opcode counts changed" > /tmp/pr_comment.txt + echo "" >> /tmp/pr_comment.txt + echo "$diff_output" >> /tmp/pr_comment.txt + gh pr comment $PR_NUMBER --body-file /tmp/pr_comment.txt + else + echo "No opcode count changes detected." + fi workflows: version: 2 - test: jobs: - checkout @@ -94,4 +168,13 @@ workflows: - checkout - test_circuits: requires: - - lint + - checkout + - info_circuits: + requires: + - test_circuits + - compare_circuit_opcodes: + requires: + - info_circuits + filters: + branches: + ignore: main diff --git a/.gitignore b/.gitignore index dea3789fe..88638bb84 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ crs target +nargo-info proofs Prover.toml Verifier.toml diff --git a/scripts/ci-compile-circuits.sh b/scripts/ci-compile-circuits.sh index 3f0532234..d3a1c097c 100755 --- a/scripts/ci-compile-circuits.sh +++ b/scripts/ci-compile-circuits.sh @@ -4,51 +4,23 @@ set -euo pipefail +ROOT=$(git rev-parse --show-toplevel) + # Generate unconstrained circuits, so that we can test the circuit logic # for given inputs without doing fully constrained proving ./node_modules/.bin/tsx src/ts/scripts/circuit-builder.ts generate unconstrained -# Circuits to compile for integration tests -CIRCUITS=( - "sig_check_dsc_tbs_700_rsa_pkcs_4096_sha512" - "sig_check_dsc_tbs_1500_rsa_pkcs_4096_sha512" - "sig_check_dsc_tbs_700_ecdsa_nist_p384_sha384" - "sig_check_dsc_tbs_700_ecdsa_nist_p384_sha1" - "sig_check_dsc_tbs_700_rsa_pkcs_4096_sha1" - "sig_check_id_data_tbs_700_ecdsa_nist_p256_sha1" - "sig_check_id_data_tbs_700_rsa_pkcs_2048_sha1" - "sig_check_id_data_tbs_700_rsa_pkcs_2048_sha256" - "sig_check_id_data_tbs_1500_rsa_pkcs_2048_sha256" - "sig_check_id_data_tbs_700_ecdsa_nist_p256_sha256" - "sig_check_dsc_tbs_700_ecdsa_nist_p521_sha512" - "sig_check_id_data_tbs_700_ecdsa_nist_p384_sha384" - "sig_check_id_data_tbs_700_ecdsa_brainpool_512r1_sha512" - "data_check_integrity_sha1" - "data_check_integrity_sha256" - "data_check_integrity_sha384" - "data_check_integrity_sha512" - "disclose_flags" - "disclose_bytes" - "disclose_bytes_evm" - "inclusion_check_nationality" - "inclusion_check_nationality_evm" - "exclusion_check_nationality" - "exclusion_check_nationality_evm" - "inclusion_check_issuing_country" - "inclusion_check_issuing_country_evm" - "exclusion_check_issuing_country" - "exclusion_check_issuing_country_evm" - "compare_age" - "compare_age_evm" - "compare_expiry" - "compare_expiry_evm" - "compare_birthdate" - "compare_birthdate_evm" - "bind" - "bind_evm" -) +# Circuits list provided by ci-circuits.sh +mapfile -t CIRCUITS < "$ROOT/scripts/helpers/ci-circuits.txt" + +echo "Circuits: ${CIRCUITS[@]}" + +# Format generated files +echo "Formatting generated files" +nargo fmt for circuit in "${CIRCUITS[@]}"; do + echo "Compiling $circuit" nargo compile --force --package "$circuit" done diff --git a/scripts/ci-info-circuits.sh b/scripts/ci-info-circuits.sh new file mode 100755 index 000000000..ffe4fef0a --- /dev/null +++ b/scripts/ci-info-circuits.sh @@ -0,0 +1,46 @@ +#!/bin/bash +set -euo pipefail + +ROOT=$(git rev-parse --show-toplevel) + + +# Check that /target folder exists +if [ ! -d "$ROOT/target" ]; then + echo "Error: /target folder does not exist - run compile" + exit 1 +fi + +# Circuits list provided by ci-circuits.sh +mapfile -t CIRCUITS < "$ROOT/scripts/helpers/ci-circuits.txt" + + +mkdir -p "$ROOT/nargo-info" + +export ROOT +export -f + +for circuit in "${CIRCUITS[@]}"; do + echo "Info $circuit" + nargo info --package "$circuit" --json > "$ROOT/nargo-info/$circuit.json" +done + +# Generate a json file with main opcode counts for each circuit +OUTFILE="$ROOT/nargo-info/main_opcodes.json" +echo "{" > "$OUTFILE" +first=1 +for circuit in "${CIRCUITS[@]}"; do + json_file="$ROOT/nargo-info/$circuit.json" + if [ -f "$json_file" ]; then + opcodes=$(jq '.programs[0].functions[] | select(.name=="main") | .opcodes' "$json_file") + if [ -n "$opcodes" ]; then + if [ $first -eq 0 ]; then + echo "," >> "$OUTFILE" + fi + echo -n " \"$circuit\": $opcodes" >> "$OUTFILE" + first=0 + fi + fi +done +echo "" >> "$OUTFILE" +echo "}" >> "$OUTFILE" +echo "Wrote opcode counts to $OUTFILE" \ No newline at end of file diff --git a/scripts/helpers/ci-circuits.txt b/scripts/helpers/ci-circuits.txt new file mode 100644 index 000000000..5c3334b98 --- /dev/null +++ b/scripts/helpers/ci-circuits.txt @@ -0,0 +1,36 @@ +sig_check_dsc_tbs_700_rsa_pkcs_4096_sha512 +sig_check_dsc_tbs_1500_rsa_pkcs_4096_sha512 +sig_check_dsc_tbs_700_ecdsa_nist_p384_sha384 +sig_check_dsc_tbs_700_ecdsa_nist_p384_sha1 +sig_check_dsc_tbs_700_rsa_pkcs_4096_sha1 +sig_check_id_data_tbs_700_ecdsa_nist_p256_sha1 +sig_check_id_data_tbs_700_rsa_pkcs_2048_sha1 +sig_check_id_data_tbs_700_rsa_pkcs_2048_sha256 +sig_check_id_data_tbs_1500_rsa_pkcs_2048_sha256 +sig_check_id_data_tbs_700_ecdsa_nist_p256_sha256 +sig_check_dsc_tbs_700_ecdsa_nist_p521_sha512 +sig_check_id_data_tbs_700_ecdsa_nist_p384_sha384 +sig_check_id_data_tbs_700_ecdsa_brainpool_512r1_sha512 +data_check_integrity_sha1 +data_check_integrity_sha256 +data_check_integrity_sha384 +data_check_integrity_sha512 +disclose_flags +disclose_bytes +disclose_bytes_evm +inclusion_check_nationality +inclusion_check_nationality_evm +exclusion_check_nationality +exclusion_check_nationality_evm +inclusion_check_issuing_country +inclusion_check_issuing_country_evm +exclusion_check_issuing_country +exclusion_check_issuing_country_evm +compare_age +compare_age_evm +compare_expiry +compare_expiry_evm +compare_birthdate +compare_birthdate_evm +bind +bind_evm