chore: prover release workflow

.github/workflows/prover-docker-light-release.yml

@@ -0,0 +1,58 @@
+name: Build and Release Prover Light Docker Image
+
+on:
+  push:
+    tags:
+      - "light-prover*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag for the Docker image'
+        required: true
+        default: 'latest'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/light-prover-light
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value=${{ github.event.inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: prover/server
+          file: prover/server/Dockerfile.light
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/prover-docker-release.yml

@@ -0,0 +1,68 @@
+name: Build and Release Prover Docker Image
+
+on:
+  push:
+    tags:
+      - "light-prover*"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag for the Docker image'
+        required: true
+        default: 'latest'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}/light-prover
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Download proving keys
+        run: |
+          cd prover/server
+          ./scripts/download_keys_docker.sh
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value=${{ github.event.inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: prover/server
+          file: prover/server/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Clean up proving keys
+        if: always()
+        run: |
+          rm -rf prover/server/proving-keys

.github/workflows/prover-test.yml

@@ -26,6 +26,16 @@ jobs:
     if: github.event.pull_request.draft == false
     runs-on: buildjet-8vcpu-ubuntu-2204
     timeout-minutes: 120
+    services:
+      redis:
+        image: redis:7-alpine
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
@@ -68,6 +78,44 @@ jobs:
           cd prover/server
           go test ./prover -timeout 60m
 
+      - name: Redis Queue tests
+        env:
+          TEST_REDIS_URL: redis://localhost:6379/15
+        run: |
+          cd prover/server
+          go test -v -run TestRedis -timeout 10m
+
+      - name: Queue cleanup tests
+        env:
+          TEST_REDIS_URL: redis://localhost:6379/15
+        run: |
+          cd prover/server
+          go test -v -run TestCleanup -timeout 5m
+
+      - name: Worker selection tests
+        run: |
+          cd prover/server
+          go test -v -run TestWorkerSelection -timeout 5m
+
+      - name: Batch operations queue routing tests
+        run: |
+          cd prover/server
+          go test -v -run TestBatchOperations -timeout 5m
+
+      - name: Queue processing flow tests
+        env:
+          TEST_REDIS_URL: redis://localhost:6379/15
+        run: |
+          cd prover/server
+          go test -v -run TestJobProcessingFlow -timeout 5m
+
+      - name: Failed job status tests
+        env:
+          TEST_REDIS_URL: redis://localhost:6379/15
+        run: |
+          cd prover/server
+          go test -v -run TestFailedJobStatus -timeout 5m
+
       - name: Lightweight integration tests
         if: ${{ github.event.pull_request.base.ref == 'main' }}
         run: |

prover/server/DOCKER.md

@@ -0,0 +1,129 @@
+# Docker Setup for Light Prover
+
+This document describes the Docker setup for the Light Protocol prover server, including build processes and deployment workflows.
+
+## Available Docker Images
+
+### 1. Full Prover Image (`Dockerfile`)
+
+The main Docker image that includes all necessary proving keys for production use.
+
+**Features:**
+- Contains pre-downloaded proving keys (mainnet, inclusion, non-inclusion, combined)
+- Ready to use for proof generation
+- Larger image size due to embedded keys
+- Built via `prover-docker-release.yml` workflow
+
+**Usage:**
+```bash
+docker run ghcr.io/lightprotocol/light-protocol/light-prover:latest start --run-mode rpc --keys-dir /proving-keys/
+```
+
+### 2. Light Prover Image (`Dockerfile.light`)
+
+A lightweight image without proving keys, suitable for development or custom key management.
+
+**Features:**
+- No embedded proving keys
+- Smaller image size
+- Requires external key management
+- Built via `prover-docker-light-release.yml` workflow
+
+**Usage:**
+```bash
+# Mount your own keys directory
+docker run -v /path/to/your/keys:/proving-keys ghcr.io/lightprotocol/light-protocol/light-prover-light:latest start --keys-dir /proving-keys/
+
+# Or run without keys for development
+docker run ghcr.io/lightprotocol/light-protocol/light-prover-light:latest start
+```
+
+## Key Management Scripts
+
+### `scripts/download_keys_docker.sh`
+
+Specialized script that downloads only the proving keys needed for the Docker build:
+
+- `mainnet_inclusion_26_*` keys
+- `inclusion_32_*` keys
+- `non-inclusion_26_*` and `non-inclusion_40_*` keys
+- `combined_26_*` and `combined_32_40_*` keys
+
+This is more efficient than the full `download_keys.sh light` script as it excludes:
+- `append-with-proofs_32_*` keys
+- `update_32_*` keys
+- `address-append_40_*` keys
+
+### `scripts/download_keys.sh`
+
+Original script with two modes:
+- `light`: Downloads keys including batch operations (less efficient for Docker)
+- `full`: Downloads all available keys
+
+## GitHub Workflows
+
+### `prover-docker-release.yml`
+
+Builds and publishes the full prover image with embedded keys.
+
+**Triggers:**
+- Push to tags matching `light-prover*`
+- Manual workflow dispatch
+
+**Process:**
+1. Downloads proving keys using `download_keys_docker.sh`
+2. Builds Docker image with `Dockerfile`
+3. Pushes to GitHub Container Registry
+4. Cleans up downloaded keys
+
+### `prover-docker-light-release.yml`
+
+Builds and publishes the lightweight prover image without keys.
+
+**Triggers:**
+- Push to tags matching `light-prover*`
+- Manual workflow dispatch
+
+**Process:**
+1. Builds Docker image with `Dockerfile.light`
+2. Pushes to GitHub Container Registry
+
+## Local Development
+
+### Building Images Locally
+
+For the full image:
+```bash
+cd prover/server
+./scripts/download_keys_docker.sh
+docker build -t light-prover .
+```
+
+For the light image:
+```bash
+cd prover/server
+docker build -f Dockerfile.light -t light-prover-light .
+```
+
+### Testing Images
+
+Test the full image:
+```bash
+docker run --rm light-prover start --run-mode rpc --keys-dir /proving-keys/
+```
+
+Test the light image:
+```bash
+docker run --rm light-prover-light start
+```
+
+## Image Registry
+
+Both images are published to GitHub Container Registry:
+
+- Full image: `ghcr.io/lightprotocol/light-protocol/light-prover`
+- Light image: `ghcr.io/lightprotocol/light-protocol/light-prover-light`
+
+Tags follow the pattern:
+- `latest`: Latest release from main branch
+- `<tag-name>`: Specific version tags (e.g., `light-prover-v1.0.0`)

prover/server/Dockerfile.light

@@ -0,0 +1,26 @@
+FROM golang:1.20.3-alpine AS builder
+
+WORKDIR /app
+
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+COPY . .
+
+ENV CGO_ENABLED=0
+RUN go build -v -o /usr/local/bin/light-prover .
+
+RUN mkdir -p /tmp/empty_proving_keys
+
+FROM gcr.io/distroless/base-debian11:nonroot
+
+COPY --from=builder /usr/local/bin/light-prover /usr/local/bin/light-prover
+
+WORKDIR /proving-keys
+
+COPY --chown=nonroot:nonroot --from=builder /tmp/empty_proving_keys /proving-keys/
+
+WORKDIR /
+
+ENTRYPOINT [ "light-prover" ]
+CMD [ "start" ]

prover/server/docker-compose.yml

@@ -0,0 +1,22 @@
+services:
+  redis:
+    image: redis:7.4.4-alpine3.21
+    container_name: redis
+    ports:
+      - "6379:6379"
+    restart: unless-stopped
+
+  prover:
+    image: sergeytimoshin/prover-light:1.0.0
+    container_name: prover
+    ports:
+      - "3001:3001"
+    volumes:
+      - ./proving-keys:/proving-keys/:ro
+    command: >
+      start
+      --run-mode forester-test
+      --redis-url=redis://redis:6379
+    depends_on:
+      - redis
+    restart: unless-stopped