feat(ci): Add kona + cannon job

[clabby]

Overview

Adds a CI job to run kona-client on cannon64.

Also upgrades the dep of nybbles; There was a bug that I introduced recently for big-endian targets, fix included in alloy-rs/nybbles#35.

[claude]

Claude finished @clabby's task —— View job

---

PR Review Complete ✅

I've reviewed the PR that adds a kona + cannon CI job and upgrades the nybbles dependency.

Review Checklist:

• Read and analyze all modified files
• Review CI workflow changes in .github/workflows/proof.yaml
• Check dependency updates in Cargo.toml and Cargo.lock
• Analyze .gitignore and justfile changes
• Evaluate code quality, security, and best practices
• Provide comprehensive feedback

---

Code Quality & Best Practices ✅

Overall Assessment: The changes are well-structured and follow good practices. The CI modifications properly extend the existing matrix strategy to include cannon alongside native and asterisc.

Strengths:

• Consistent pattern matching with existing asterisc implementation
• Proper conditional step execution using GitHub Actions conditionals
• Clean separation of concerns between different build targets
• Go version updated to 1.23.8 (consistent across both asterisc and cannon)

CI Workflow Changes 📋

.github/workflows/proof.yaml (Lines 100, 117-150):

• ✅ Added cannon to the matrix strategy alongside existing targets
• ✅ Proper conditional steps using contains(matrix.target, 'cannon')
• ✅ Separate Go toolchain setup for cannon vs asterisc caching
• ✅ Correct repository cloning (ethereum-optimism/optimism)
• ✅ Build process follows established pattern

Minor Observation: The Go version was upgraded from 1.21.6 to 1.23.8 for asterisc - this should be fine but worth noting as a potentially breaking change if there are compatibility issues.

Dependency Updates 🔧

Cargo.toml + Cargo.lock:

• ✅ Added patch for nybbles dependency pointing to cl/pack-fix branch
• ✅ Targets a specific commit (35e5f12ee1d54b5a0f545ef61cd5d85205969f7f)
• ✅ Addresses big-endian target bug as mentioned in PR description

Security Note: Using a Git patch is appropriate for bug fixes, but ensure this branch gets merged upstream and the patch can be removed in future versions.

File Management Changes 🗂️

.gitignore (Lines 38-40):

• ✅ Fixed paths: removed ./ prefix from FPVM artifacts
• ✅ Makes gitignore patterns more standard and reliable

bin/client/justfile (Line 226):

• ✅ Updated cannon type from multithreaded64-4 to multithreaded64-5
• ✅ This appears to be version upgrade for cannon compatibility

Potential Issues & Considerations ⚠️

1. Go Version Bump: The Go version upgrade from 1.21.6 → 1.23.8 could potentially cause issues if asterisc has compatibility requirements. Consider testing this change thoroughly.

2. Git Patch Dependency: The nybbles patch should be temporary. Consider creating a plan to get the fix merged upstream and remove the patch.

3. CI Resource Usage: Adding another matrix target will increase CI time and resource usage. The 20-minute timeout should be sufficient, but monitor for any timing issues.

Performance Considerations ⚡

• The parallel execution of different targets is well-designed
• Each target has its own caching strategy which is good for build performance
• No significant performance regressions expected

Security Assessment 🔒

• ✅ No security concerns identified
• ✅ Git repository URLs are official Ethereum Optimism repos
• ✅ Version pinning is appropriate (v1.3.0 for asterisc)
• ✅ Using commit hash for nybbles patch provides immutability

Test Coverage 🧪

The changes extend existing test coverage to include the cannon target, which improves overall test coverage for the fault proof system. The offline test execution pattern is maintained consistently.

Recommendations 📝

1. Monitor CI Performance: Keep an eye on the CI execution time with the additional cannon target
2. Upstream the nybbles fix: Work towards getting the big-endian fix merged upstream to remove the Git patch dependency
3. Document the Go version upgrade: Consider documenting why the Go version was upgraded in case of future compatibility questions

Conclusion 🎯

This is a solid PR that properly extends the CI infrastructure to support cannon alongside existing targets. The implementation follows established patterns and maintains good separation of concerns. The dependency fix addresses a legitimate bug for big-endian targets.

Approved ✅ - The changes are ready to merge.

---

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.2%. Comparing base (89a867a) to head (9d25c03).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull Request Overview

This PR adds support for running the kona-client on the cannon64 fault proof system by adding a new CI job configuration. The changes extend the existing proof workflow to support a third target alongside the existing native and asterisc targets.

Key changes include:

• Added cannon as a new target in the CI matrix
• Implemented separate build steps for asterisc and cannon targets with proper conditional logic
• Updated Go version from 1.21.6 to 1.23.8 for both targets

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.}

[claude]

Claude finished @clabby's task —— View job

---

PR Review Complete ✅

I've reviewed the PR that adds a kona + cannon CI job and upgrades the nybbles dependency.

Review Checklist:

• Read and analyze all modified files
• Review CI workflow changes in .github/workflows/proof.yaml
• Check dependency updates in Cargo.toml and Cargo.lock
• Analyze .gitignore and justfile changes
• Evaluate code quality, security, and best practices
• Provide comprehensive feedback

---

Code Quality & Best Practices ✅

Overall Assessment: The changes are well-structured and follow good practices. The CI modifications properly extend the existing matrix strategy to include cannon alongside native and asterisc.

Strengths:

• Consistent pattern matching with existing asterisc implementation at .github/workflows/proof.yaml:119-149
• Proper conditional step execution using GitHub Actions conditionals
• Clean separation of concerns between different build targets
• Go version updated to 1.23.8 (consistent across both asterisc and cannon)

CI Workflow Changes 📋

.github/workflows/proof.yaml (Lines 100, 117-150):

• ✅ Added cannon to the matrix strategy alongside existing targets
• ✅ Proper conditional steps using contains(matrix.target, 'cannon')
• ✅ Separate Go toolchain setup for cannon vs asterisc caching
• ✅ Correct repository cloning (ethereum-optimism/optimism)
• ✅ Build process follows established pattern

Minor Observation: The Go version was upgraded from 1.21.6 to 1.23.8 for asterisc - this should be fine but worth noting as a potentially breaking change if there are compatibility issues.

Dependency Updates 🔧

Cargo.lock:

• ✅ Shows nybbles version 0.4.3 from registry (no git patch found)
• ✅ The PR description mentions a big-endian bug fix but appears the dependency was updated normally rather than patched

Note: Contrary to the PR description mentioning a patch, the Cargo.lock shows nybbles 0.4.3 from the registry, suggesting the fix was released normally.

File Management Changes 🗂️

.gitignore (Lines 38-40):

• ✅ Fixed paths: removed ./ prefix from FPVM artifacts
• ✅ Makes gitignore patterns more standard and reliable

bin/client/justfile (Line 226):

• ✅ Updated cannon type from multithreaded64-4 to multithreaded64-5
• ✅ This appears to be version upgrade for cannon compatibility

Potential Issues & Considerations ⚠️

1. Go Version Bump: The Go version upgrade from 1.21.6 → 1.23.8 could potentially cause issues if asterisc has compatibility requirements. Consider testing this change thoroughly.

2. nybbles Dependency: The PR description mentions a git patch but Cargo.lock shows registry version 0.4.3. This suggests the fix was properly released, which is good.

3. CI Resource Usage: Adding another matrix target will increase CI time and resource usage. The 20-minute timeout should be sufficient, but monitor for any timing issues.

Performance Considerations ⚡

• The parallel execution of different targets is well-designed
• Each target has its own caching strategy which is good for build performance
• No significant performance regressions expected

Security Assessment 🔒

• ✅ No security concerns identified
• ✅ Git repository URLs are official Ethereum Optimism repos
• ✅ Version pinning is appropriate (v1.3.0 for asterisc)
• ✅ Using standard registry dependencies

Test Coverage 🧪

The changes extend existing test coverage to include the cannon target, which improves overall test coverage for the fault proof system. The offline test execution pattern is maintained consistently.

Recommendations 📝

1. Monitor CI Performance: Keep an eye on the CI execution time with the additional cannon target
2. Document the Go version upgrade: Consider documenting why the Go version was upgraded in case of future compatibility questions
3. Verify nybbles fix: Confirm that nybbles 0.4.3 includes the big-endian fix mentioned in the PR description

Conclusion 🎯

This is a solid PR that properly extends the CI infrastructure to support cannon alongside existing targets. The implementation follows established patterns and maintains good separation of concerns. The dependency update appears to have been handled properly through normal registry channels.

Approved ✅ - The changes are ready to merge.

---