ci: fix cargo caches and add celestia integration test

[distractedm1nd]

Based on verify-hashchain-circuit branch

Summary by CodeRabbit

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced new Dockerfiles for bridge, light, and validator nodes to enhance the deployment of the Celestia blockchain.
  • Added a docker-compose.yml file for managing multiple services within the blockchain application.
  • New scripts (run-bridge.sh, run-lightnode.sh, run-validator.sh) to facilitate the initialization and management of nodes.
  • New commands in justfile for managing the Docker environment, including setup, teardown, and logging.
  • Enhanced CI process with new jobs for integration testing and unused dependency checks.
  • Updated dependency versions for improved functionality.

• Bug Fixes

  • Improved error handling in the Celestia connection and sequencer integration tests.

• Documentation

  • Added a .gitignore file to manage credential files in the CI directory.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
prism	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Sep 23, 2024 1:50pm

[coderabbitai]

Walkthrough

The pull request introduces significant updates to the CI workflow, dependency management, and Docker configurations for a Celestia blockchain application. Key changes include renaming and restructuring CI jobs, enhancing caching mechanisms, and adding new jobs for integration testing and unused dependency checks. Additionally, several Dockerfiles for different components of the Celestia stack have been created, along with scripts for managing nodes. Dependency versions in Cargo.toml have been updated, and new configurations for integration tests have been implemented.

Changes

Files	Change Summary
.github/workflows/ci.yml	Renamed job build to unit-test, simplified Rust version matrix, added integration-test and unused-deps jobs, modified clippy job for comprehensive checks, updated Protoc installation, and enhanced Cargo caching.
Cargo.toml	Updated versions of celestia-rpc and celestia-types dependencies from 0.2.0 to 0.4.0. Removed indexed-merkle-tree and prism-groth16 dependencies, and removed criterion from [dev-dependencies].
ci/Dockerfile.bridge, ci/Dockerfile.lightnode, ci/Dockerfile.validator	Created Dockerfiles for bridge, light node, and validator, based on Alpine 3.19.1, setting up environment variables, installing packages, copying binaries, and defining entry points.
ci/credentials/.gitignore	Added a .gitignore file to ignore all files in the ci/credentials directory except for the .gitignore file itself.
ci/docker-compose.yml	Defined a multi-service architecture for the blockchain application, including configurations for validator, bridge nodes, and light node with specific environment variables and ports.
ci/run-bridge.sh, ci/run-lightnode.sh, ci/run-validator.sh	Introduced scripts for initializing and running the bridge, light, and validator nodes, including functions for managing node lifecycle and configuration.
crates/prism/src/da/celestia.rs	Improved error handling for blob retrieval and updated transaction configuration management in blob submission methods.
crates/prism/src/node_types/sequencer.rs	Enhanced error handling in the start method of the Sequencer struct by introducing a new error type for better specificity.
crates/prism/tests/integration_tests.rs	Modified integration tests to include new logging configurations, replaced in-memory data availability layer with Celestia connections, adjusted account creation logic, and updated height subscription logic.
justfile	Introduced commands for managing the Docker environment, including celestia-up, celestia-down, celestia-logs, and integration-test, with mechanisms for error handling and service readiness checks.

Possibly related PRs

• feat(sp1): Integrating SP1 program into prism-main #119: This PR modifies the CI workflow for Rust projects, focusing on enhancing build and testing processes, which is relevant to the changes made in this PR.
• refactor(sequencer): cleanup sync logic #122: Involves modifications to the synchronization logic in the sequencer, relating to the integration testing and CI improvements made in the main PR, enhancing overall system functionality.
• feat(sp1): hashchain signature verification in sp1 circuit #125: Introduces new methods for hashchain signature verification, aligning with the focus on improving the project's robustness and functionality in this PR.

Poem

In the land of Rust, where code does dwell,
We’ve tidied up the CI, oh what a swell!
New Dockerfiles rise, scripts dance with glee,
Dependencies updated, as fresh as can be.
Integration tests now sing, loud and clear,
Here’s to clean code, let’s give a cheer! 🎉

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 37

Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

Commits

Files that changed from the base of the PR and between 7482345 and 7033235.

Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

Files selected for processing (14)

• .github/workflows/ci.yml (3 hunks)
• Cargo.toml (1 hunks)
• ci/Dockerfile.bridge (1 hunks)
• ci/Dockerfile.lightnode (1 hunks)
• ci/Dockerfile.validator (1 hunks)
• ci/credentials/.gitignore (1 hunks)
• ci/docker-compose.yml (1 hunks)
• ci/run-bridge.sh (1 hunks)
• ci/run-lightnode.sh (1 hunks)
• ci/run-validator.sh (1 hunks)
• crates/prism/src/da/celestia.rs (5 hunks)
• crates/prism/src/node_types/sequencer.rs (2 hunks)
• crates/prism/tests/integration_tests.rs (4 hunks)
• justfile (1 hunks)

Files not reviewed due to content moderation or server errors (5)

• ci/credentials/.gitignore
• ci/Dockerfile.validator
• ci/run-bridge.sh
• Cargo.toml
• crates/prism/src/node_types/sequencer.rs

Additional context used

actionlint

.github/workflows/ci.yml

66-66: job "integration_test" needs job "test" which does not exist in this workflow

(job-needs)

Hadolint

ci/Dockerfile.bridge

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.lightnode

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.validator

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

Shellcheck

ci/run-bridge.sh

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

ci/run-lightnode.sh

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

Additional comments not posted (12)

ci/docker-compose.yml (2)

2-15: The validator service configuration looks good.

• Using a custom validator image built from Dockerfile.validator is a good practice for reproducibility.
• Environment variables BRIDGE_COUNT and LIGHT_COUNT allow customizing the number of bridge and light nodes.
• Mounting credentials and genesis volumes enables persisting and sharing data between services.

---

86-98: The volumes configuration looks good.

• Using named volumes credentials and genesis is a good practice for data persistence and sharing between services.
• The credentials volume is appropriately configured to persist data on the host machine in the "./credentials" directory.
• The genesis volume is using tmpfs for ephemeral storage, which is suitable for temporary data that doesn't need to persist across container restarts.

ci/Dockerfile.lightnode (2)

6-6: Good use of a specific base image version.

Specifying the exact version of the base image helps ensure reproducible builds. Well done!

---

13-14: Efficient use of multi-stage builds.

Copying only the necessary binaries from a specific version of the celestia-node image is an efficient way to keep the final image size small. It also helps with reproducibility. Good job!

.github/workflows/ci.yml (2)

Line range hint 12-64: The unit-test job looks good!

The job is well-structured and covers the essential aspects:

• Running on the latest Ubuntu
• Testing against nightly Rust
• Caching Cargo dependencies
• Excluding integration tests

Nice work on setting this up! The caching, in particular, should help speed up the builds.

---

140-162: The unused-deps job looks solid.

Checking for unused dependencies is a good practice to keep the codebase clean. Using the nightly toolchain and running with --all-features --all-targets ensures a thorough check.

Good thinking adding this job! It'll help prevent cruft from accumulating over time.

crates/prism/tests/integration_tests.rs (1)

114-114: Verify the impact of reducing the number of new accounts

Reducing the range for generating new accounts from 1..=10 to 1..=3 may limit the test's ability to simulate a wider variety of scenarios. Ensure that this change aligns with the test objectives and doesn't compromise the robustness of the testing.

ci/run-validator.sh (3)

178-178: Confirm Keyring Backend Usage

Using --keyring-backend="test" is suitable for development but may pose security risks if used in production environments.

Please ensure that this script is intended for testing purposes only. If deploying to production, consider using a secure keyring backend.

---

196-199: Review Reduced timeout_commit Value

Modifying timeout_commit to "1s" can affect the stability of the network. Setting it too low may lead to errors or unexpected behavior.

Ensure that the new timeout value is appropriate for your testing environment. If issues arise, consider adjusting it to a higher value.

---

201-201: Validate app_version Downgrade to "1"

Changing the app_version from "2" to "1" in genesis.json may have implications on compatibility and functionality.

Confirm that this version change is intentional and compatible with the rest of the Celestia application. Run the following script to check for any potential issues:

This will help identify if there are other configurations that expect app_version to be "2".

crates/prism/src/da/celestia.rs (2)

148-148: Confirm that TxConfig::default() meets transaction requirements

The code now uses TxConfig::default() in the blob_submit method. Please verify that the default transaction configuration aligns with the required gas prices and other parameters for successful blob submission in your network environment.

---

217-217: Confirm that TxConfig::default() is appropriate for operation submissions

Similarly, the submit_operations method now uses TxConfig::default(). Ensure that this default configuration is suitable for submitting operations and that it satisfies all necessary transaction settings.

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

Commits

Files that changed from the base of the PR and between 4792725 and 9f89259.

Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

Files selected for processing (3)

• .github/workflows/ci.yml (3 hunks)
• crates/nova/Cargo.toml (0 hunks)
• crates/prism/Cargo.toml (0 hunks)

Files not reviewed due to no reviewable changes (2)

• crates/nova/Cargo.toml
• crates/prism/Cargo.toml

Additional comments not posted (4)

.github/workflows/ci.yml (4)

Line range hint 12-64: The unit-test job changes look good!

The updates to the unit-test job are positive changes that make the CI workflow more efficient and maintainable:

• Renaming the job to unit-test clarifies its purpose.
• Simplifying the matrix to one Rust version should speed up CI.
• Using the arduino/setup-protoc@v2 action for Protoc installation is more robust.
• Adding Cargo caching with actions/cache@v3 will reduce build times.
• Focusing this job on unit tests and moving integration tests out simplifies the job's responsibilities.

Great work on these enhancements! The unit-test job looks solid.

---

66-138: The new integration-test job looks great!

Adding a separate job for running integration tests is an excellent practice. It keeps the CI workflow modular and allows for a dedicated setup.

Some highlights of this job:

• Using Docker Compose to define the test environment ensures consistency across runs.
• Enabling caching for the validator and bridge node images will speed up builds.
• Waiting for the bridge node to be ready before running tests is crucial for reliable results.
• Scoping this job to only run integration tests keeps it focused and efficient.

Fantastic work on implementing this new job! It's a valuable addition to the CI workflow.

---

140-162: The new unused-deps job is a great addition!

Checking for unused dependencies is an important step in maintaining a clean and efficient codebase. This new job does it well:

• Using the dtolnay/rust-toolchain action ensures a reliable Rust installation.
• Caching the cargo-udeps installation with taiki-e/cache-cargo-install-action will speed up runs.
• Running cargo-udeps with --all-features --all-targets performs a thorough check.

Great job on adding this valuable check to the CI workflow! It will help keep the dependencies tidy.

---

190-190: The updated Clippy command looks good!

Running Clippy with --all --all-targets ensures a comprehensive lint check across the entire codebase.

Enabling warnings as errors with -D warnings is a strict but effective way to maintain code quality. It prevents any warnings from slipping through.

Great job on making the Clippy check more thorough!

[coderabbitai]

Actionable comments posted: 18

Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

Commits

Files that changed from the base of the PR and between 9f89259 and 2ed5ee9.

Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

Files selected for processing (19)

• .github/workflows/ci.yml (3 hunks)
• Cargo.toml (1 hunks)
• ci/Dockerfile.bridge (1 hunks)
• ci/Dockerfile.lightnode (1 hunks)
• ci/Dockerfile.validator (1 hunks)
• ci/credentials/.gitignore (1 hunks)
• ci/docker-compose.yml (1 hunks)
• ci/run-bridge.sh (1 hunks)
• ci/run-lightnode.sh (1 hunks)
• ci/run-validator.sh (1 hunks)
• crates/errors/Cargo.toml (0 hunks)
• crates/nova/Cargo.toml (0 hunks)
• crates/prism/Cargo.toml (0 hunks)
• crates/prism/src/da/celestia.rs (5 hunks)
• crates/prism/src/main.rs (2 hunks)
• crates/prism/src/node_types/lightclient.rs (1 hunks)
• crates/prism/src/node_types/sequencer.rs (2 hunks)
• crates/prism/tests/integration_tests.rs (1 hunks)
• justfile (1 hunks)

Files not reviewed due to no reviewable changes (3)

• crates/errors/Cargo.toml
• crates/nova/Cargo.toml
• crates/prism/Cargo.toml

Additional context used

Hadolint

ci/Dockerfile.bridge

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.lightnode

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.validator

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

Shellcheck

ci/run-bridge.sh

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

ci/run-lightnode.sh

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

Additional comments not posted (48)

ci/credentials/.gitignore (1)

1-2: Excellent addition for securing credentials!

This .gitignore file is well-structured and serves an important purpose:

1. The /* pattern ensures that all files and directories within ci/credentials are ignored by Git.
2. The !/.gitignore exception allows this .gitignore file itself to be tracked.

This setup effectively prevents any sensitive information or credentials from being accidentally committed to the repository while ensuring that the ignore rules are shared with all contributors.

ci/Dockerfile.validator (1)

17-18: LGTM! Clear port exposure with descriptive comment.

The port exposure is well-defined and the comment clearly describes the purpose of each port. This is good practice for container configuration.

ci/Dockerfile.bridge (5)

1-8: LGTM: Base image and environment setup look good.

The use of a specific Alpine version (3.19.1) ensures reproducibility, and setting the CELESTIA_HOME environment variable is a good practice for application-specific configurations.

---

10-10: Consider pinning package versions for better reproducibility.

While the package installation looks correct, it's recommended to pin the versions of the installed packages. This ensures consistent builds across different environments and times.

As suggested in a previous review, you can update the line as follows:

-RUN apk update && apk add --no-cache bash jq
+RUN apk update && apk add --no-cache bash=5.2.15-r1 jq=1.6-r2

Please verify the exact versions available in the Alpine 3.19.1 repository before applying this change.

Tools

Hadolint

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

12-14: LGTM: Binary copying is correctly implemented.

The use of a specific version (v0.15.0) of the celestia-node image for copying the binaries ensures reproducibility. The COPY instructions are correctly implemented.

---

16-18: LGTM: Entrypoint script setup and port exposure are correct.

The entrypoint script is correctly copied and renamed, and the necessary ports (2121 and 26658) are exposed for the application to communicate.

---

20-20: Consider using JSON notation for the CMD instruction.

While the current CMD instruction will work, it's recommended to use JSON notation for clarity and consistency with Docker best practices.

As suggested in a previous review, you can update the line as follows:

-CMD /opt/entrypoint.sh
+CMD ["/opt/entrypoint.sh"]

This change improves readability and ensures consistent behavior across different shell environments.

Tools

Hadolint

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.lightnode (4)

1-8: LGTM: Good use of specific Alpine version and environment variable.

The use of a specific Alpine version (3.19.1) ensures reproducibility, and setting the CELESTIA_HOME environment variable is a good practice for specifying the home directory.

---

12-14: LGTM: Good practice in copying specific binaries.

The use of a specific version (v0.15.0) of the Celestia Node image for copying the binaries ensures reproducibility. Copying only the necessary binaries (celestia and cel-key) helps keep the image size small, which is a good Docker practice.

---

16-18: LGTM: Proper script setup and port exposure.

Copying the run-lightnode.sh script to /opt/entrypoint.sh is a good practice for setting up the container's entry point. Exposing ports 2121 and 26658 is necessary for the Celestia node to communicate properly.

---

20-20: Use JSON notation for CMD.

While the current CMD instruction will work, it's recommended to use the JSON notation to avoid potential shell string munging issues and align with Docker best practices.

Please update the line to use JSON notation:

-CMD /opt/entrypoint.sh
+CMD ["/opt/entrypoint.sh"]

Likely invalid or redundant comment.

Tools

Hadolint

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/docker-compose.yml (6)

1-15: LGTM: Validator service configuration is well-structured

The validator service is properly configured with:

• A custom image built from Dockerfile.validator
• Environment variables to set the number of bridge and light nodes
• Appropriate volume mounts for credentials and genesis

This setup provides flexibility in node provisioning and consistent data management across services.

---

16-32: LGTM: Bridge-0 service configuration is appropriate, with a security reminder

The bridge-0 service is well-configured with:

• A custom image built from Dockerfile.bridge
• Correct NODE_ID setting
• Proper port exposure and volume mounts

Note: The SKIP_AUTH=true setting disables JWT authentication. Ensure this is intentional and only used in non-production environments.

---

33-49: LGTM: Bridge-1 service configuration is consistent with bridge-0

The bridge-1 service maintains consistency with bridge-0 while appropriately differentiating:

• NODE_ID is correctly set to 1
• A different port (36658) is exposed, allowing multiple bridge nodes to run simultaneously

This configuration enables proper scaling of bridge nodes in the system.

---

51-66: LGTM: Light-0 service configuration is well-structured

The light-0 service is properly configured with:

• A custom image built from Dockerfile.lightnode
• Correct NODE_ID setting
• Appropriate port exposure (46658) and volume mounts

This configuration aligns well with the overall architecture of the system.

---

86-98: LGTM: Volumes configuration is well-designed

The volumes configuration is appropriate and well-thought-out:

• The credentials volume uses a local driver with bind mount, ensuring persistence of node credentials.
• The genesis volume uses a tmpfs driver, which is suitable for temporary data that doesn't need to persist across restarts.

This setup provides a good balance between data persistence and performance.

---

1-98: Overall, the docker-compose.yml file is well-structured and comprehensive

This configuration file provides a robust setup for a blockchain application with multiple node types (validator, bridge, and light nodes). Key strengths include:

1. Consistent use of custom images across services
2. Proper differentiation of node types and IDs
3. Appropriate port exposures for each service
4. Well-designed volume configuration for both persistent and temporary data

The file structure promotes scalability and maintainability. Just ensure that the SKIP_AUTH setting is used judiciously, as mentioned in previous comments.

Cargo.toml (1)

53-54: Dependency versions updated: Verify compatibility and review changelogs

The update of celestia-rpc and celestia-types from version 0.2.0 to 0.4.0 is a good practice to keep dependencies current. However, this version jump might introduce significant changes.

To ensure smooth integration:

1. Review the changelogs for both celestia-rpc and celestia-types to understand the changes between versions 0.2.0 and 0.4.0.
2. Verify that the updated versions are compatible with your current implementation.
3. Run your test suite to catch any potential breaking changes.

Here's a script to help verify the impact of these changes:

This script will help identify areas of the codebase that might be affected by the dependency updates.

crates/prism/src/node_types/lightclient.rs (2)

Line range hint 1-11: Imports are consistent with the changes

The necessary import for ed25519_dalek::VerifyingKey is already present, which is consistent with the constructor parameter type change. No additional import changes are required.

---

44-44: Approve constructor parameter type change

The change from Option<String> to Option<VerifyingKey> for the sequencer_pubkey parameter is a good improvement. It enhances type safety, simplifies the constructor, and potentially improves performance by moving the conversion logic outside this function.

To ensure this change doesn't introduce any issues, please verify that all code calling this constructor has been updated to provide a VerifyingKey instead of a String. Run the following script to check for any remaining usage of the old signature:

If this script returns any results, those locations need to be updated to use the new VerifyingKey type.

.github/workflows/ci.yml (5)

Line range hint 12-65: LGTM: Improved job structure and caching mechanism

The changes to the unit-test job (previously build) are well-implemented:

1. The job renaming provides better clarity.
2. The Redis service configuration is correctly defined.
3. Protoc installation now uses the recommended action, addressing a previous review comment.
4. The new caching mechanism for Cargo should significantly improve CI performance.

These changes should result in a more efficient and maintainable CI workflow.

---

66-143: LGTM: Well-structured integration test job

The new integration-test job is a valuable addition to the CI workflow:

1. The job dependency on unit-test is correct, addressing the issue raised in a previous review.
2. The Docker Compose stack setup is comprehensive and well-structured.
3. The integration test command is correctly specified.

This job will enhance the overall testing coverage of the project.

---

145-180: LGTM: Useful addition for dependency management

The new unused-deps job is a valuable addition to the CI workflow:

1. It uses cargo-udeps to check for unused dependencies, which will help maintain a clean and efficient codebase.
2. The job is well-structured and consistent with other jobs in the workflow.
3. The caching mechanism for Cargo is properly implemented, which should improve job performance.

This job will contribute to better dependency management in the project.

---

182-224: LGTM: Enhanced clippy job

The modifications to the clippy job improve its effectiveness:

1. Using the nightly Rust version aligns with the other jobs in the workflow.
2. The Protoc installation now uses the recommended action, consistent with other jobs.
3. The clippy command has been enhanced to include all targets and treat warnings as errors, which will help maintain high code quality.

These changes will contribute to more thorough code linting and consistency across the project.

---

Line range hint 1-224: Excellent improvements to the CI workflow

The changes to this CI workflow file are comprehensive and well-implemented:

1. Job structure has been improved with clear naming and purpose.
2. Caching mechanisms have been consistently implemented across all jobs, which should significantly improve CI performance.
3. New jobs (integration-test and unused-deps) have been added to enhance testing coverage and dependency management.
4. Previous review comments have been addressed, particularly regarding Protoc installation and job dependencies.
5. The clippy job has been enhanced for more thorough code linting.

These changes will result in a more efficient, comprehensive, and maintainable CI process. Great work on improving the overall quality of the project's continuous integration!

justfile (7)

5-6: Previous comment still applies: Remove unnecessary shebang line and set shell in Justfile

---

9-9: Previous comment still applies: Consistent use of 'docker-compose' vs 'docker compose'

Also applies to: 12-12, 21-21, 43-43, 55-55, 58-58

---

15-15: Previous comment still applies: Clarify the timeout value with units

---

21-23: Previous comment still applies: Optimize log parsing for service readiness checks

---

33-33: Previous comment still applies: Ensure proper syntax for Boolean evaluations in Bash

---

62-63: Previous comment still applies: Remove unnecessary shebang line and set shell in Justfile

---

65-65: Previous comment still applies: Avoid calling 'just' within recipes; use dependencies instead

ci/run-lightnode.sh (6)

13-13: Ensure CELESTIA_HOME is defined

The variable CELESTIA_HOME might not be set, which could lead to issues when setting CONFIG_DIR. Please ensure that CELESTIA_HOME is defined before it's used.

---

26-26: Correct the conditional expression in the while loop

The condition in the while loop may not function as intended due to the use of parentheses within [[ ]]. Consider revising the condition to avoid potential syntax errors.

---

35-35: Avoid hardcoding passwords in scripts

Hardcoding the password "password" can pose security risks, even in test environments. It's advisable to avoid embedding plaintext passwords in scripts.

---

48-48: Handle special characters in sed substitution

Using $genesis_hash directly in the sed command may cause issues if the hash contains special characters. Consider using an alternative delimiter or properly escaping the variable.

---

68-68: Avoid using fixed sleep for synchronization

Using sleep 10 for synchronization might not be reliable due to variable startup times. It's better to implement a more robust method to check when the validator is ready.

---

72-72: Quote variable expansions to prevent globbing and word splitting

The variable $SKIP_AUTH should be wrapped in double quotes to prevent unexpected behavior if it contains spaces or special characters.

Tools

Shellcheck

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

ci/run-bridge.sh (1)

2-2: Verify licensing and attribution for borrowed code

The comment indicates that this code is taken from eigerco/lumina. Please ensure that any licensing requirements are met and appropriate attribution is provided, if necessary.

crates/prism/src/main.rs (2)

11-11: Importing VerifyingKey is appropriate

The addition of use ed25519_dalek::VerifyingKey; is necessary for handling the verification key in the code.

---

19-20: Importing base64 engine for decoding

The inclusion of use base64::{engine::general_purpose::STANDARD as engine, Engine as _}; is appropriate for decoding the base64-encoded verifying key from the configuration.

crates/prism/src/da/celestia.rs (6)

8-8: Import TxConfig for transaction configurations

The addition of TxConfig in the import statement is appropriate for managing transaction settings in blob submissions.

---

105-119: Enhanced handling of missing blobs

The updated code now gracefully handles the case when no blobs are found at a given height by returning Ok(None). This improves the robustness of the get_finalized_epoch method.

---

110-115: Update error message to reflect actual deserialization format

The error message still mentions "marshalling blob from height {} to epoch json", but deserialization is performed using bincode, not JSON. This could lead to confusion during debugging.

---

155-168: Graceful handling of absent operation blobs

The code now correctly handles cases where no operation blobs are found by returning an empty vector. This prevents potential errors when there are no operations at a given height.

---

240-240: Implement proper error handling for height updates

The TODO comment indicates that error handling for height_update_tx.send(height) is still pending. Ignoring potential errors can lead to missed height updates or silent failures. Please handle the SendError to ensure reliability.

---

148-148: Verify that TxConfig::default() meets transaction requirements

Replacing GasPrice::from(-1.0) with TxConfig::default() changes how transaction configurations are set during blob submissions. Ensure that the default configuration aligns with the necessary parameters, such as gas prices or fees, required for successful transactions. If the defaults are insufficient, consider specifying the needed settings explicitly.

Run the following script to inspect the default parameters of TxConfig:

Also applies to: 217-217

crates/prism/src/node_types/sequencer.rs (1)

18-25: Imports are appropriately added

The imported modules support the new error handling and functionality introduced in the changes.

[coderabbitai]

Actionable comments posted: 19

Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

Commits

Files that changed from the base of the PR and between 2ed5ee9 and b262d58.

Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

Files selected for processing (19)

• .github/workflows/ci.yml (3 hunks)
• Cargo.toml (1 hunks)
• ci/Dockerfile.bridge (1 hunks)
• ci/Dockerfile.lightnode (1 hunks)
• ci/Dockerfile.validator (1 hunks)
• ci/credentials/.gitignore (1 hunks)
• ci/docker-compose.yml (1 hunks)
• ci/run-bridge.sh (1 hunks)
• ci/run-lightnode.sh (1 hunks)
• ci/run-validator.sh (1 hunks)
• crates/errors/Cargo.toml (0 hunks)
• crates/nova/Cargo.toml (0 hunks)
• crates/prism/Cargo.toml (0 hunks)
• crates/prism/src/da/celestia.rs (5 hunks)
• crates/prism/src/main.rs (2 hunks)
• crates/prism/src/node_types/lightclient.rs (1 hunks)
• crates/prism/src/node_types/sequencer.rs (2 hunks)
• crates/prism/tests/integration_tests.rs (1 hunks)
• justfile (1 hunks)

Files not reviewed due to no reviewable changes (3)

• crates/errors/Cargo.toml
• crates/nova/Cargo.toml
• crates/prism/Cargo.toml

Additional context used

Hadolint

ci/Dockerfile.bridge

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.lightnode

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.validator

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

Shellcheck

ci/run-bridge.sh

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

ci/run-lightnode.sh

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

Additional comments not posted (34)

ci/credentials/.gitignore (1)

1-2: Excellent addition for securing credentials!

This .gitignore file is well-structured to prevent accidental commits of sensitive information:

1. /* ignores all files and directories in ci/credentials/.
2. !/.gitignore ensures this file itself is tracked.

This setup effectively secures potential credentials while maintaining the ignore rules.

ci/Dockerfile.validator (3)

17-18: LGTM! Clear port exposition with helpful comments.

The exposition of specific ports (26656, 26657, 1317, and 9090) for p2p, rpc, and Prometheus is well-documented and follows good Docker practices.

---

6-8: Consider using a non-root user for improved security.

While setting CELESTIA_HOME=/root works, it's generally recommended to run containers with a non-root user for better security. Consider creating a dedicated user and setting their home directory as CELESTIA_HOME.

Here's a suggested modification:

FROM docker.io/alpine:3.19.1

-ENV CELESTIA_HOME=/root
+RUN adduser -D celestia
+ENV CELESTIA_HOME=/home/celestia
+USER celestia

This change creates a non-root user 'celestia' and sets their home directory as CELESTIA_HOME.

Likely invalid or redundant comment.

---

12-15: Set execute permissions for the entrypoint script.

The binary copy and script addition look good. Using a specific version of the celestia-appd binary ensures reproducibility.

For completeness, consider explicitly setting execute permissions for the entrypoint script:

COPY ./run-validator.sh /opt/entrypoint.sh
+RUN chmod +x /opt/entrypoint.sh

This ensures the script is executable, although it's likely already set by default.

Likely invalid or redundant comment.

ci/Dockerfile.bridge (5)

1-8: LGTM: Good base image selection and environment setup

The use of a specific Alpine version (3.19.1) is a good practice for reproducibility. Setting the CELESTIA_HOME environment variable is appropriate for configuration.

---

12-14: LGTM: Proper binary copying from a specific version

The use of a specific version (v0.15.0) of the celestia-node image for copying binaries ensures reproducibility. Copying only the necessary binaries (celestia and cel-key) helps keep the image size optimized.

---

16-18: LGTM: Clear entrypoint setup and port exposure

The setup of the entrypoint script and the exposure of specific ports (2121 and 26658) are well-defined. This clearly documents the container's configuration and network requirements.

---

10-10: Consider pinning package versions for reproducibility

While the package installation is correct, it's recommended to pin the versions of the installed packages to ensure consistent builds across different environments and times.

Consider updating the line as follows:

-RUN apk update && apk add --no-cache bash jq
+RUN apk update && apk add --no-cache bash=5.2.15-r5 jq=1.6-r3

Note: Please verify the exact versions available in the Alpine 3.19.1 repositories and adjust accordingly.

Tools

Hadolint

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

20-20: Use JSON notation for CMD instruction

While the current CMD instruction works, it's recommended to use JSON notation for clarity and consistency with Docker best practices.

Consider updating the line as follows:

-CMD /opt/entrypoint.sh
+CMD ["/opt/entrypoint.sh"]

This change improves readability and ensures proper parsing of the command.

Tools

Hadolint

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/Dockerfile.lightnode (4)

6-8: LGTM: Good practices for base image and environment setup.

Using a specific version of Alpine (3.19.1) is good for reproducibility. Setting the CELESTIA_HOME environment variable is likely necessary for the Celestia node configuration.

---

10-10: Consider pinning package versions for reproducibility.

While using --no-cache is good practice to keep the image size small, it's recommended to pin package versions for reproducibility. This issue was previously raised but hasn't been addressed yet.

As suggested in a previous review, consider updating the line to pin package versions:

-RUN apk update && apk add --no-cache bash jq
+RUN apk update && apk add --no-cache bash=5.2.15-r1 jq=1.6-r2

Note: Please use the specific versions that are appropriate for your use case and compatible with Alpine 3.19.1.

Tools

Hadolint

[warning] 10-10: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

(DL3018)

---

13-14: LGTM: Good practices for binary copying.

Using a specific version (v0.15.0) of the Celestia Node image for copying binaries ensures reproducibility. Copying only the necessary binaries ('celestia' and 'cel-key') helps keep the image size small.

---

20-20: Use JSON array notation for CMD instruction.

While the current CMD instruction will work, it's recommended to use the JSON array notation to improve signal handling and avoid potential issues with shell string parsing.

As suggested in a previous review, please update the line to use JSON array notation:

-CMD /opt/entrypoint.sh
+CMD ["/opt/entrypoint.sh"]

This change ensures that the entrypoint script is executed directly, rather than being launched via a shell, which can lead to better signal handling in containerized environments.

Tools

Hadolint

[warning] 20-20: Use arguments JSON notation for CMD and ENTRYPOINT arguments

(DL3025)

ci/docker-compose.yml (5)

1-15: LGTM: Validator service configuration is well-structured

The validator service is correctly configured with:

• A custom image built from Dockerfile.validator
• Environment variables to flexibly set the number of bridge and light nodes
• Appropriate volume mounts for credentials and genesis

This setup aligns well with the PR objectives and provides a good foundation for the blockchain application.

---

16-32: Configuration looks good, but note the existing security concern

The bridge-0 service configuration is appropriate, with correct image, NODE_ID, port exposure, and volume mounts. However, as noted in a previous review comment, the SKIP_AUTH=true setting is a potential security risk if this is not a dev/test environment.

Please ensure that JWT authentication is enabled in production deployments.

---

51-66: Light node configuration is appropriate, but note the existing security concern

The light-0 service configuration is suitable for a light node, with the correct image, NODE_ID, port exposure, and volume mounts. However, as noted in a previous review comment, the SKIP_AUTH=true setting is a potential security risk if this is not a dev/test environment.

Please ensure that JWT authentication is enabled in production deployments for all nodes, including light nodes.

---

86-98: LGTM: Volumes configuration is well-structured

The volumes configuration is appropriate and follows best practices:

1. The credentials volume uses a local driver with a bind mount, ensuring that sensitive data persists across container restarts.
2. The genesis volume uses a tmpfs driver, which is suitable for temporary data that doesn't need to persist.

This setup provides a good balance between data persistence and security for different types of information used by the blockchain nodes.

---

68-85: Remove commented-out bridge-1 service configuration

As noted in a previous review comment, this commented-out configuration for another bridge-1 service is redundant and should be removed. Keeping unused code, even in comments, can lead to confusion and maintenance issues over time.

Please remove this entire commented-out section to improve code clarity and maintainability.

Cargo.toml (1)

53-54: Dependency versions updated for celestia-rpc and celestia-types

The versions for celestia-rpc and celestia-types have been updated from "0.2.0" to "0.4.0". This update aligns with the PR objective of improving the Celestia integration.

To ensure these updates don't introduce any conflicts or breaking changes, let's verify the changelog or release notes for these dependencies:

crates/prism/src/node_types/lightclient.rs (1)

44-44: Approve the type change and verify its impact.

The change from Option<String> to Option<VerifyingKey> for the sequencer_pubkey parameter is a good improvement. It provides type safety and eliminates the need for string-to-key conversion within the method. This aligns well with the usage in the verify_signature method (line 86).

To ensure this change doesn't break existing code, please run the following script to check for any calls to LightClient::new that might need updating:

If any occurrences are found, please update them to provide a VerifyingKey instead of a String.

Verification successful

---

Verified the LightClient::new calls use Option<VerifyingKey>.

All instances of LightClient::new in the codebase are passing Option<VerifyingKey> for the sequencer_pubkey parameter, ensuring type consistency and preventing runtime errors.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find all occurrences of LightClient::new to verify if they need updating

# Search for LightClient::new calls
echo "Searching for LightClient::new calls:"
rg --type rust "LightClient::new\s*\(" -A 3

# Search for potential string arguments that might need conversion
echo "\nSearching for potential string arguments that might need conversion:"
rg --type rust "LightClient::new\s*\([^)]*String" -A 3

Length of output: 938

.github/workflows/ci.yml (5)

12-12: Job renaming and test command update look good.

The renaming of the job from build to unit-test better reflects its purpose. The updated test command correctly excludes integration tests, which is a good separation of concerns.

Also applies to: 63-64

---

42-53: Excellent addition of Cargo caching.

The new caching mechanism for Cargo using actions/cache@v3 is a great improvement. This should significantly reduce CI time by reusing previously downloaded dependencies.

---

145-180: Excellent addition of unused dependencies check.

The new unused-deps job is a valuable addition to the CI pipeline. It helps maintain a clean and efficient codebase by identifying unused dependencies. The job is well-structured, using appropriate caching and the required nightly toolchain.

---

182-224: Improved Clippy job with stricter checks.

The clippy job has been significantly improved:

1. The use of the nightly Rust version is now consistent with other jobs.
2. The Protoc installation has been updated to use the arduino/setup-protoc@v2 action, addressing a previous inconsistency.
3. Cargo caching has been added, which should improve job performance.
4. The clippy command now runs on all targets and treats warnings as errors, which is excellent for maintaining code quality.

These changes make the job more effective and consistent with the rest of the workflow.

---

Line range hint 1-224: Excellent overhaul of the CI workflow.

This PR significantly improves the CI workflow:

1. Job restructuring: Clear separation of unit tests, integration tests, and code quality checks.
2. Consistent use of the nightly Rust toolchain across jobs.
3. Implementation of effective caching mechanisms for Cargo dependencies.
4. Addition of valuable checks like unused dependency detection.
5. Improved Clippy job with stricter checks.

These changes should result in a more efficient, comprehensive, and maintainable CI pipeline. Great work on addressing previous inconsistencies and enhancing the overall quality of the workflow.

justfile (3)

1-2: File header and variable definition look good

The DOCKER_COMPOSE_FILE is clearly defined and sets the stage for consistent Docker operations.

---

52-53: Confirmation message is appropriate

The message confirming that the Celestia stack is up and running provides clear feedback to the user.

---

58-59: Logs command is correctly configured

The celestia-logs recipe correctly tails the logs of the services, which is useful for real-time monitoring.

ci/run-lightnode.sh (3)

1-79: Overall, the script is well-structured and effective

The script efficiently initializes and runs a Celestia light node with appropriate configurations and functions. Error handling and use of best practices enhance its maintainability.

Tools

Shellcheck

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

---

41-49: Ensure sed handles special characters in genesis_hash

If $genesis_hash contains characters like slashes or other regex special characters, the sed substitution might fail. Using an alternative delimiter or escaping the variable can prevent this issue.

Apply this diff to use an alternative delimiter:

   echo "Trusting a genesis: $genesis_hash"
-  sed -i'.bak' "s/TrustedHash = .*/TrustedHash = $genesis_hash/" "$CONFIG_DIR/config.toml"
+  sed -i'.bak' "s|TrustedHash = .*|TrustedHash = $genesis_hash|" "$CONFIG_DIR/config.toml"

Likely invalid or redundant comment.

---

56-79: Verify that celestia command-line tool is available

Before running the main operations, ensure that the celestia CLI tool is installed and accessible to prevent runtime errors.

Run the following script to check for the celestia command:

Tools

Shellcheck

[info] 72-72: Double quote to prevent globbing and word splitting.

(SC2086)

crates/prism/src/main.rs (1)

46-62: Previous review comment is still applicable regarding error handling in sequencer_pubkey initialization.

The prior feedback on improving error handling and readability for the sequencer_pubkey remains valid. Refactoring using the ? operator to propagate errors will enhance code clarity and ensure proper error propagation.

crates/prism/src/da/celestia.rs (1)

148-148: Ensure TxConfig::default() is appropriate for blob submissions

The change replaces the previous transaction configuration with TxConfig::default(). Please verify that the default transaction settings, such as gas prices and fees, are suitable for submitting blobs in your context.

Also applies to: 217-217

crates/prism/src/node_types/sequencer.rs (1)

54-58: Review the error handling in self.da.start()

The previous review comment is still applicable. The error handling for self.da.start() could be improved to preserve the original error context instead of converting the error to a string. This ensures that valuable debugging information is not lost.