NaturalSelectionLabs
diff --git a/‎.github/workflows/arbitrator-ci.yml‎ renamed to ‎.github/workflows/arbitrator-ci.yml.bak‎ b/‎.github/workflows/arbitrator-ci.yml‎ renamed to ‎.github/workflows/arbitrator-ci.yml.bak‎
diff --git a/‎.github/workflows/ci.yml‎ renamed to ‎.github/workflows/ci.yml.bak‎ b/‎.github/workflows/ci.yml‎ renamed to ‎.github/workflows/ci.yml.bak‎
diff --git a/‎.github/workflows/docker.yml‎
Lines changed: 41 additions & 71 deletions b/‎.github/workflows/docker.yml‎
Lines changed: 41 additions & 71 deletions
diff --git a/‎.github/workflows/shellcheck-ci.yml‎ renamed to ‎.github/workflows/shellcheck-ci.yml.bak‎ b/‎.github/workflows/shellcheck-ci.yml‎ renamed to ‎.github/workflows/shellcheck-ci.yml.bak‎
@@ -10,95 +10,65 @@ on:
       - master
       - develop
 
+permissions:
+  contents: read
+  id-token: write
+  pull-requests: write
+  packages: write
+
+
 jobs:
   docker:
     name: Docker build
-    runs-on: ubuntu-8
-    services:
-      # local registery
-      registry:
-        image: registry:2
-        ports:
-          - 5000:5000
-
+    runs-on:
+      group: Prod
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           submodules: recursive
 
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
           driver-opts: network=host
 
-      - name: Cache Docker layers
-        uses: actions/cache@v3
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }}
-          restore-keys: ${{ runner.os }}-buildx-
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+            type=sha,format=long
+            type=sha,prefix={{branch}}-,enable=${{ !startsWith(github.ref, 'refs/tags') }},event=branch
+            type=sha,format=long,prefix={{branch}}-,enable=${{ !startsWith(github.ref, 'refs/tags') }},event=branch
 
       - name: Build nitro-node docker
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           target: nitro-node
           push: true
           context: .
-          tags: localhost:5000/nitro-node:latest
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-
-      - name: Build nitro-node-dev docker
-        uses: docker/build-push-action@v5
-        with:
-          target: nitro-node-dev
-          push: true
-          context: .
-          tags: localhost:5000/nitro-node-dev:latest
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-
-      - name: Start background nitro-testnode
-        shell: bash
-        run: |
-          cd nitro-testnode
-          ./test-node.bash --init --dev &
-
-      - name: Wait for rpc to come up
-        shell: bash
-        run: |
-          ${{ github.workspace }}/.github/workflows/waitForNitro.sh
-
-      - name: Print WAVM module root
-        id: module-root
-        run: |
-          # Unfortunately, `docker cp` seems to always result in a "permission denied"
-          # We work around this by piping a tarball through stdout
-          docker run --rm --entrypoint tar localhost:5000/nitro-node-dev:latest -cf - target/machines/latest | tar xf -
-          module_root="$(cat "target/machines/latest/module-root.txt")"
-          echo "module-root=$module_root" >> "$GITHUB_OUTPUT"
-          echo -e "\x1b[1;34mWAVM module root:\x1b[0m $module_root"
-
-      - name: Upload WAVM machine as artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: wavm-machine-${{ steps.module-root.outputs.module-root }}
-          path: target/machines/latest/*
-          if-no-files-found: error
-
-      - name: Move cache
-        # Temp fix
-        # https://github.com/docker/build-push-action/issues/252
-        # https://github.com/moby/buildkit/issues/1896
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
-
-      - name: Clear cache on failure
-        if: failure()
-        run: |
-          keys=(${{ runner.os }}-buildx- ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }})
-          for key in "${keys[@]}"; do
-            curl -X DELETE -H "Accept: application/vnd.github.v3+json" -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/actions/caches/$key"
-          done
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: |
+            type=registry,ref=ghcr.io/naturalselectionlabs/nitro:buildx-cache
+          cache-to: |
+            type=registry,ref=ghcr.io/naturalselectionlabs/nitro:buildx-cache,mode=max