Add initial integration tests

.github/workflows/build.yml

@@ -7,9 +7,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions:
-  id-token: write
-  contents: read
+env:
+  GHCR_REGISTRY: ghcr.io
+  CI_TAG: ci-${{ github.sha }}
 
 jobs:
   basic-checks:
@@ -41,6 +41,10 @@ jobs:
 
   build:
     runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
     steps:
       - name: Checkout source code
         uses: actions/checkout@v4
@@ -50,6 +54,13 @@ jobs:
       - name: Setup variables
         run: echo ROLLUPS_NODE_VERSION=`make version` >> $GITHUB_ENV
 
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Set up Depot CLI
         uses: depot/setup-action@v1
 
@@ -59,9 +70,8 @@ jobs:
           file: Dockerfile
           context: .
           platforms: linux/amd64
-          tags:  ${{ github.repository_owner }}/rollups-node:devel-amd64
-          push: false
-          load: true
+          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:devel-amd64-${{ env.CI_TAG }}
+          push: true
           project: ${{ vars.DEPOT_PROJECT }}
           token: ${{ secrets.DEPOT_TOKEN }}
 
@@ -71,9 +81,20 @@ jobs:
           file: Dockerfile
           context: .
           platforms: linux/arm64
-          tags:  ${{ github.repository_owner }}/rollups-node:devel-arm64
-          push: false
-          load: true
+          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:devel-arm64-${{ env.CI_TAG }}
+          push: true
+          project: ${{ vars.DEPOT_PROJECT }}
+          token: ${{ secrets.DEPOT_TOKEN }}
+
+      - name: Build tester image
+        uses: depot/build-push-action@v1
+        with:
+          file: Dockerfile
+          context: .
+          target: tester
+          platforms: linux/amd64
+          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }}
+          push: true
           project: ${{ vars.DEPOT_PROJECT }}
           token: ${{ secrets.DEPOT_TOKEN }}
 
@@ -83,9 +104,8 @@ jobs:
           file: test/devnet/Dockerfile
           context: .
           platforms: linux/amd64
-          tags: ${{ github.repository_owner }}/rollups-node-devnet:devel
-          push: false
-          load: true
+          tags: ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node-devnet:${{ env.CI_TAG }}
+          push: true
           project: ${{ vars.DEPOT_PROJECT }}
           token: ${{ secrets.DEPOT_TOKEN }}
 
@@ -96,7 +116,7 @@ jobs:
           context: .
           target: debian-packager
           platforms: linux/amd64
-          tags:  ${{ github.repository_owner }}/rollups-node:debian-packager-amd64
+          tags: ${{ github.repository_owner }}/rollups-node:debian-packager-amd64
           push: false
           load: true
           project: ${{ vars.DEPOT_PROJECT }}
@@ -112,7 +132,7 @@ jobs:
           context: .
           target: debian-packager
           platforms: linux/arm64
-          tags:  ${{ github.repository_owner }}/rollups-node:debian-packager-arm64
+          tags: ${{ github.repository_owner }}/rollups-node:debian-packager-arm64
           push: false
           load: true
           project: ${{ vars.DEPOT_PROJECT }}
@@ -121,68 +141,136 @@ jobs:
       - name: Export deb package artifact (arm64)
         run: make copy-debian-package BUILD_PLATFORM=linux/arm64 DEB_ARCH=arm64 DEB_PACKAGER_IMG=${{ github.repository_owner }}/rollups-node:debian-packager-arm64
 
-      - name: Upload artifacts
+      - name: Upload deb artifacts
         uses: actions/upload-artifact@v4
         with:
           name: artifacts
           path: |
             cartesi-rollups-node-v${{ env.ROLLUPS_NODE_VERSION }}_amd64.deb
             cartesi-rollups-node-v${{ env.ROLLUPS_NODE_VERSION }}_arm64.deb
 
-  unit-test:
+  lint:
+    # disabled for now
+    if: false
     runs-on: ubuntu-24.04
-    needs:
-      - build
+    needs: [build]
+    permissions:
+      contents: read
+      packages: read
     steps:
       - name: Checkout source code
         uses: actions/checkout@v4
 
-      - name: Login to GitHub Container Registry
+      - name: Login to GHCR
         uses: docker/login-action@v3
         with:
-          registry: ghcr.io
+          registry: ${{ env.GHCR_REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
+      - name: Pull and tag tester image
+        run: |
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }}
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }} \
+            cartesi/rollups-node:tester
 
-      - name: Build rollups-node:tester image
-        uses: depot/build-push-action@v1
+      - name: Run linting
+        run: make lint-with-docker
+
+  unit-test:
+    runs-on: ubuntu-24.04
+    needs: [build]
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
         with:
-          file: Dockerfile
-          context: .
-          target: go-builder
-          platforms: linux/amd64
-          tags: ${{ github.repository_owner }}/rollups-node:tester
-          push: false
-          load: true
-          project: ${{ vars.DEPOT_PROJECT }}
-          token: ${{ secrets.DEPOT_TOKEN }}
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build devnet image
-        uses: depot/build-push-action@v1
+      - name: Pull and tag CI images
+        run: |
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }}
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:devel-amd64-${{ env.CI_TAG }}
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node-devnet:${{ env.CI_TAG }}
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }} \
+            cartesi/rollups-node:tester
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:devel-amd64-${{ env.CI_TAG }} \
+            cartesi/rollups-node:devel
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node-devnet:${{ env.CI_TAG }} \
+            cartesi/rollups-node-devnet:devel
+
+      - name: Cache test machine images
+        uses: actions/cache@v4
         with:
-          file: test/devnet/Dockerfile
-          context: .
-          platforms: linux/amd64
-          tags: ${{ github.repository_owner }}/rollups-node-devnet:devel
-          push: false
-          load: true
-          project: ${{ vars.DEPOT_PROJECT }}
-          token: ${{ secrets.DEPOT_TOKEN }}
+          path: test/downloads
+          key: test-deps-${{ hashFiles('test/dependencies.sha256') }}
 
       - name: Download test dependencies
-        run: |
-          make download-test-dependencies
+        run: make download-test-dependencies
 
       - name: Run unit tests
+        run: make unit-test-with-compose
+
+  integration-test:
+    runs-on: ubuntu-24.04
+    needs: [build]
+    timeout-minutes: 60
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Pull and tag CI images
         run: |
-          make test-with-compose
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }}
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:devel-amd64-${{ env.CI_TAG }}
+          docker pull ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node-devnet:${{ env.CI_TAG }}
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:tester-${{ env.CI_TAG }} \
+            cartesi/rollups-node:tester
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node:devel-amd64-${{ env.CI_TAG }} \
+            cartesi/rollups-node:devel
+          docker tag ${{ env.GHCR_REGISTRY }}/${{ github.repository_owner }}/rollups-node-devnet:${{ env.CI_TAG }} \
+            cartesi/rollups-node-devnet:devel
+
+      - name: Cache test machine images
+        uses: actions/cache@v4
+        with:
+          path: test/downloads
+          key: test-deps-${{ hashFiles('test/dependencies.sha256') }}
+
+      - name: Download test dependencies
+        run: make download-test-dependencies
+
+      - name: Run integration tests
+        run: make integration-test-with-compose
+
+      - name: Upload integration test logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: integration-test-logs
+          path: integration-logs.txt
+          retention-days: 3
 
   publish_artifacts:
     name: Publish artifacts
-    needs: [basic-checks, build, unit-test]
+    needs: [basic-checks, build, unit-test, integration-test]
     runs-on: ubuntu-24.04
     if: ${{ startsWith(github.ref, 'refs/tags/v') }}
     permissions:

.github/workflows/clean-up-images.yml

@@ -9,17 +9,19 @@ on:
 
 jobs:
   cleanup:
-    name: Cleanup ghcr.io/cartesi/${{ matrix.image }}:pr-${{ github.event.number }} image
+    name: Cleanup ghcr.io/cartesi/${{ matrix.image }} CI images
     runs-on: ubuntu-latest
     permissions:
       packages: write
     strategy:
       matrix:
         image:
           - rollups-node
-          - rollups-node-ci
+          - rollups-node-devnet
     steps:
-      - uses: vlaurin/action-ghcr-prune@v0.6.0
+      # Remove PR-scoped tags immediately.
+      - name: Prune PR tags
+        uses: vlaurin/action-ghcr-prune@v0.6.0
         with:
           organization: cartesi
           container: ${{ matrix.image }}
@@ -28,3 +30,17 @@ jobs:
           keep-last: 0
           prune-tags-regexes: |
             ^pr-${{ github.event.number }}$
+
+      # Prune stale CI images older than 7 days to avoid deleting
+      # images needed by concurrently running workflows.
+      - name: Prune stale CI tags
+        uses: vlaurin/action-ghcr-prune@v0.6.0
+        with:
+          organization: cartesi
+          container: ${{ matrix.image }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          prune-untagged: false
+          keep-last: 0
+          older-than: 7 days
+          prune-tags-regexes: |
+            ^ci-

Dockerfile

@@ -100,6 +100,27 @@ WORKDIR ${GO_BUILD_PATH}/rollups-node
 
 RUN make build-go
 
+# =============================================================================
+# STAGE: tester
+#
+# This stage extends go-builder with tools and directories needed for testing
+# and linting. It is NOT part of the production image build chain.
+# =============================================================================
+
+FROM go-builder AS tester
+
+# Install golangci-lint for linting inside Docker.
+ARG GOLANGCI_LINT_VERSION=1.64.5
+RUN go install github.com/golangci/golangci-lint/cmd/golangci-lint@v${GOLANGCI_LINT_VERSION}
+ENV PATH="${GOPATH}/bin:${PATH}"
+ENV GOLANGCI_LINT_CACHE=${GOCACHE}/golangci-lint
+
+# Create /dapps directory owned by cartesi for Docker named volume pre-population.
+# When a named volume is first mounted here, Docker copies this ownership.
+USER root
+RUN mkdir -p /dapps && chown cartesi:cartesi /dapps
+USER cartesi
+
 # =============================================================================
 # STAGE: debian-packager
 #
@@ -158,7 +179,7 @@ USER cartesi
 WORKDIR ${NODE_RUNTIME_DIR}
 
 HEALTHCHECK --interval=1s --timeout=1s --retries=5 \
-    CMD curl -G -f -H 'Content-Type: application/json' http://127.0.0.1:10000/healthz
+    CMD curl -G -f -H 'Content-Type: application/json' http://127.0.0.1:10000/readyz
 
 # Set the Go supervisor as the command.
 CMD [ "cartesi-rollups-node" ]