-
Notifications
You must be signed in to change notification settings - Fork 295
151 lines (128 loc) · 5.52 KB
/
devnet-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Deploy devnet
on:
workflow_dispatch:
inputs:
namespace:
description: The namespace to deploy to, e.g. smoke
required: true
aztec_docker_image:
description: The Aztec Docker image to use
required: true
deployment_mnemonic_secret_name:
description: The name of the secret which holds the boot node's contract deployment mnemonic
required: true
default: testnet-deployment-mnemonic
deployment_salt:
description: The salt to use for this deployment. Defaults to random
required: false
type: string
default: ""
respect_tf_lock:
description: Whether to respect the Terraform lock
required: false
default: "true"
sepolia_deployment:
description: "Whether to deploy on Sepolia network (default: false)"
required: false
default: "false"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CONTRACT_S3_BUCKET: s3://static.aztec.network
CLUSTER_NAME: aztec-gke
REGION: us-west1-a
NAMESPACE: ${{ inputs.namespace }}
AZTEC_DOCKER_IMAGE: ${{ inputs.aztec_docker_image }}
jobs:
deploy-network:
uses: ./.github/workflows/network-deploy.yml
with:
namespace: ${{ github.event.inputs.namespace }}
values_file: release-devnet.yaml
aztec_docker_image: ${{ github.event.inputs.aztec_docker_image }}
deployment_mnemonic_secret_name: ${{ github.event.inputs.deployment_mnemonic_secret_name }}
deployment_salt: ${{ github.event.inputs.deployment_salt }}
respect_tf_lock: ${{ github.event.inputs.respect_tf_lock }}
sepolia_deployment: ${{ github.event.inputs.sepolia_deployment }}
secrets:
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
bootstrap-network:
runs-on: ubuntu-latest
needs: deploy-network
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Setup kubectl access
run: |
gcloud components install kubectl gke-gcloud-auth-plugin --quiet
gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }}
- name: Setup helm
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod +x get_helm.sh
sudo ./get_helm.sh
rm get_helm.sh
- name: Bootstrap network
run: |
set -eu -o pipefail
pxe_port_forward_pid=""
ethereum_port_forward_pid=""
cleanup() {
echo "Cleaning up port-forward processes..."
if [ -n "$pxe_port_forward_pid" ]; then
kill $pxe_port_forward_pid 2>/dev/null || true
fi
if [ -n "$ethereum_port_forward_pid" ]; then
kill $ethereum_port_forward_pid 2>/dev/null || true
fi
}
trap cleanup EXIT
echo "Waiting for PXE pods to be ready..."
if ! kubectl wait -n $NAMESPACE --for=condition=ready pod -l app=pxe --timeout=10m; then
echo "Error: PXE pods did not become ready within timeout"
exit 1
fi
helm get values $NAMESPACE -n $NAMESPACE -o json --all > helm_values.json
PXE_PORT="$(jq -r .pxe.service.nodePort helm_values.json)"
ETHEREUM_PORT="$(jq -r .ethereum.service.port helm_values.json)"
L1_CHAIN_ID="$(jq -r .ethereum.chainId helm_values.json)"
MNEMONIC="$(jq -r .aztec.l1DeploymentMnemonic helm_values.json)"
echo "::add-mask::$MNEMONIC"
rm helm_values.json
kubectl port-forward -n $NAMESPACE svc/$NAMESPACE-aztec-network-pxe $PXE_PORT &
pxe_port_forward_pid=$!
# port-forward directly to the pod because the Eth node does not have a service definition
ETH_POD_NAME=$(kubectl get pods -n $NAMESPACE -l app=ethereum -o jsonpath='{.items[0].metadata.name}')
kubectl port-forward -n $NAMESPACE pod/$ETH_POD_NAME $ETHEREUM_PORT &
ethereum_port_forward_pid=$!
# wait for port-forwards to establish
sleep 5
if ${{ inputs.sepolia_deployment }}; then
docker run --rm --network host $AZTEC_DOCKER_IMAGE bootstrap-network \
--rpc-url http://127.0.0.1:$PXE_PORT \
--l1-rpc-url ${{ secrets.SEPOLIA_EXTERNAL_HOST }} \
--l1-chain-id "$L1_CHAIN_ID" \
--l1-private-key ${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }} \
--json | tee ./basic_contracts.json
else
docker run --rm --network host $AZTEC_DOCKER_IMAGE bootstrap-network \
--rpc-url http://127.0.0.1:$PXE_PORT \
--l1-rpc-url http://127.0.0.1:$ETHEREUM_PORT \
--l1-chain-id "$L1_CHAIN_ID" \
--mnemonic "$MNEMONIC" \
--json | tee ./basic_contracts.json
fi
aws s3 cp ./basic_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/devnet/basic_contracts.json