Skip to content

Commit 305fa9b

Browse files
ci: Fix bench-thresholds-reset (#462)
* ci: Fix `bench-thresholds-reset` * ci: Download Zisk proving key * Temporary test * Fixup * Fix Zisk ulimit * Prep for review
1 parent b7692b3 commit 305fa9b

2 files changed

Lines changed: 52 additions & 9 deletions

File tree

.github/workflows/bench-thresholds-reset.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -70,8 +70,13 @@ jobs:
7070
case " $valid " in *" $w "*) ;; *) echo "skip unknown workload: $w"; continue ;; esac
7171
tag="baseline-reset-$w"
7272
echo "Anchoring $tag -> $sha"
73-
gh api -X PATCH "repos/$REPO/git/refs/tags/$tag" -f sha="$sha" -F force=true \
74-
|| gh api -X POST "repos/$REPO/git/refs" -f ref="refs/tags/$tag" -f sha="$sha"
73+
# Update the tag if it exists, else create it. (Checking first avoids
74+
# the spurious 422 a PATCH-then-POST logs on first creation.)
75+
if gh api --silent "repos/$REPO/git/refs/tags/$tag" 2>/dev/null; then
76+
gh api --silent -X PATCH "repos/$REPO/git/refs/tags/$tag" -f sha="$sha" -F force=true
77+
else
78+
gh api --silent -X POST "repos/$REPO/git/refs" -f ref="refs/tags/$tag" -f sha="$sha"
79+
fi
7580
done_list="$done_list $w"
7681
done
7782
[ -z "$done_list" ] && { echo "Nothing to reset."; exit 0; }

.github/workflows/riscv-bench.yml

Lines changed: 45 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -106,19 +106,57 @@ jobs:
106106
- uses: actions/download-artifact@v4
107107
with:
108108
name: minimal-ixe
109-
- name: Install Zisk toolchain (ziskup, latest)
109+
- name: Install Zisk toolchain (ziskup, pinned v0.18.0)
110+
# `--version 0.18.0` pins the toolchain to match our deps. Our host links
111+
# the argumentcomputer/zisk `blake3-precompile` fork, which is based on
112+
# v0.18.0 (its cargo-zisk has `check-setup`, used below to regenerate the
113+
# key's const-trees). Without the pin, ziskup installs `releases/latest`,
114+
# which resolves to upstream `v1.0.0-alpha` — a different circuit whose
115+
# cargo-zisk dropped the `check-setup` subcommand, breaking the key step.
110116
# `--cpu` picks the CPU build (no GPU on the runner) and `--nokey` skips
111-
# the proving/verify keys — together they avoid ziskup's interactive
112-
# /dev/tty prompts, and execute needs no keys. `--prefix $HOME/.zisk`
113-
# pins the install where cargo-zisk's ZiskPaths fallback looks (the
114-
# runner sets XDG_CONFIG_HOME, which would otherwise relocate it).
117+
# ziskup's key install — both avoid its interactive /dev/tty prompts. We
118+
# keep `--nokey` because the upstream `zisk-setup` bucket only carries the
119+
# upstream circuit's key; our fork has a different circuit (extra Blake3f
120+
# AIR), so we restore the fork-matching key from our own S3 in the next
121+
# step. `--prefix $HOME/.zisk` pins the install where cargo-zisk's
122+
# ZiskPaths fallback looks (the runner sets XDG_CONFIG_HOME, which would
123+
# otherwise relocate it).
115124
run: |
116125
curl -L https://raw.githubusercontent.com/0xPolygonHermez/zisk/main/ziskup/install.sh \
117-
| bash -s -- --cpu --nokey -y --prefix "$HOME/.zisk"
126+
| bash -s -- --cpu --nokey -y --version 0.18.0 --prefix "$HOME/.zisk"
118127
echo "$HOME/.zisk/bin" >> "$GITHUB_PATH"
128+
# Execute still needs a proving key present: zisk-host calls
129+
# `client.setup()` (which the SDK runs before the execute branch), and that
130+
# loads the circuit's const-tree files. We host the fork-matching key in a
131+
# public S3 bucket WITHOUT the const-trees — exactly like Zisk's released
132+
# `zisk-provingkey-*.tar.gz` on `storage.googleapis.com/zisk-setup` — and
133+
# regenerate them here with `cargo-zisk check-setup -a`, which is how
134+
# `ziskup` itself populates them. That keeps the artifact ~3 GB (gzip)
135+
# instead of ~48 GB. The object name carries the fork rev so a circuit
136+
# change can't silently reuse a stale key. Public bucket → plain curl, no
137+
# AWS creds.
138+
- name: Restore Zisk proving key (fork circuit) from S3
139+
run: |
140+
mkdir -p "$HOME/.zisk"
141+
curl -fSL --retry 3 \
142+
https://argument-zisk-setup.s3.amazonaws.com/zisk-provingkey-blake3-8f9e24d5-cpu.tar.gz \
143+
-o /tmp/zisk-provingkey.tar.gz
144+
tar -C "$HOME/.zisk" -xzf /tmp/zisk-provingkey.tar.gz
145+
rm -f /tmp/zisk-provingkey.tar.gz
146+
# Regenerate the const-tree files omitted from the artifact (CPU build,
147+
# so no --gpu). This is the "may take a while" step ziskup prints.
148+
cargo-zisk check-setup --proving-key "$HOME/.zisk/provingKey" -a
119149
- name: Zisk — execute minimal.ixe (assert failures == 0)
120150
run: |
121151
cd zisk
122-
ulimit -l unlimited 2>/dev/null || true
152+
# ZisK's ASM microservices mmap the ROM with MAP_LOCKED, which needs
153+
# unlimited locked memory — the Zisk book's "Critical Memory
154+
# Configuration" prescribes DefaultLimitMEMLOCK=infinity. The runner
155+
# caps the memlock hard limit (so a bare `ulimit -l unlimited` can't
156+
# raise it) and we can't reboot it, so raise the limit in-session as
157+
# root via prlimit; the cargo child (and the ASM services it spawns)
158+
# inherit it. Without this the services die with
159+
# `mmap(rom) errno=11` / "shmem creation ... failed".
160+
sudo prlimit --pid $$ --memlock=unlimited:unlimited
123161
cargo run --bin zisk-host -- --execute --ixe ../minimal.ixe --constant myReflEq --skip-deps | tee only.txt
124162
grep -qE "failures: 0\b" only.txt

0 commit comments

Comments
 (0)