Aztec Network Deployment #38

Workflow file for this run

.github/workflows/network-deploy.yml at b8fe0e4

	name: Aztec Network Deployment

	on:
	workflow_call:
	inputs:
	namespace:
	description: The namespace to deploy to, e.g. smoke
	required: true
	type: string
	values_file:
	description: The values file to use, e.g. 1-validators.yaml
	required: true
	type: string
	aztec_docker_image:
	description: The Aztec Docker image to use, e.g. aztecprotocol/aztec:da809c58290f9590836f45ec59376cbf04d3c4ce-x86_64
	required: true
	type: string
	deployment_mnemonic_secret_name:
	description: The name of the secret which holds the boot node's contract deployment mnemonic
	required: false
	type: string
	default: testnet-deployment-mnemonic
	deployment_salt:
	description: The salt to use for this deployment. Defaults to random
	required: false
	type: string
	default: ""
	respect_tf_lock:
	description: Whether to respect the Terraform lock
	required: false
	type: string
	default: "true"
	run_terraform_destroy:
	description: Whether to run terraform destroy before deploying
	required: false
	type: string
	default: "false"
	ref:
	description: The branch name to deploy from
	required: false
	type: string
	default: "master"
	sepolia_deployment:
	description: "Whether to deploy on Sepolia network (default: false)"
	required: false
	type: string
	default: "false"
	secrets:
	GCP_SA_KEY:
	required: true
	workflow_dispatch:
	inputs:
	namespace:
	description: The namespace to deploy to, e.g. smoke
	required: true
	values_file:
	description: The values file to use, e.g. 1-validators.yaml
	required: true
	aztec_docker_image:
	description: The Aztec Docker image to use, e.g. aztecprotocol/aztec:da809c58290f9590836f45ec59376cbf04d3c4ce-x86_64
	required: true
	deployment_mnemonic_secret_name:
	description: The name of the secret which holds the boot node's contract deployment mnemonic
	required: false
	default: testnet-deployment-mnemonic
	deployment_salt:
	description: The salt to use for this deployment. Defaults to random
	required: false
	default: ""
	respect_tf_lock:
	description: Whether to respect the Terraform lock
	required: false
	default: "true"
	run_terraform_destroy:
	description: Whether to run terraform destroy before deploying
	required: false
	type: string
	default: "false"
	ref:
	description: The branch name to deploy from
	required: false
	type: string
	default: "master"
	sepolia_deployment:
	description: "Whether to deploy on Sepolia network (default: false)"
	required: false
	type: string
	default: "false"

	jobs:
	network_deployment:
	# This job will run on Ubuntu
	runs-on: ubuntu-latest
	concurrency:
	group: deploy-${{ github.ref }} # Only one job per branch
	cancel-in-progress: false # Allow previous deployment to complete to avoid corruption

	# Set up a variable based on the branch name
	env:
	AZTEC_DOCKER_IMAGE: ${{ inputs.aztec_docker_image }}
	NAMESPACE: ${{ inputs.namespace }}
	VALUES_FILE: ${{ inputs.values_file }}
	DEPLOYMENT_MNEMONIC_SECRET_NAME: ${{ inputs.deployment_mnemonic_secret_name }}
	DEPLOYMENT_SALT: ${{ inputs.deployment_salt }}
	CHART_PATH: ./spartan/aztec-network
	CLUSTER_NAME: aztec-gke
	REGION: us-west1-a
	TF_STATE_BUCKET: aztec-terraform
	GKE_CLUSTER_CONTEXT: gke_testnet-440309_us-west1-a_aztec-gke

	steps:
	- name: Checkout code
	uses: actions/checkout@v3
	with:
	ref: ${{ inputs.ref }}

	- name: Authenticate to Google Cloud
	uses: google-github-actions/auth@v2
	with:
	credentials_json: ${{ secrets.GCP_SA_KEY }}

	- name: Set up Cloud SDK
	uses: google-github-actions/setup-gcloud@v2

	- name: Install GKE Auth Plugin
	run: \|
	gcloud components install gke-gcloud-auth-plugin --quiet

	- name: Configure kubectl with GKE cluster
	run: \|
	gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }}

	- name: Ensure Terraform state bucket exists
	run: \|
	if ! gsutil ls gs://${{ env.TF_STATE_BUCKET }} >/dev/null 2>&1; then
	echo "Creating GCS bucket for Terraform state..."
	gsutil mb -l us-east4 gs://${{ env.TF_STATE_BUCKET }}
	gsutil versioning set on gs://${{ env.TF_STATE_BUCKET }}
	else
	echo "Terraform state bucket already exists"
	fi

	- name: Grab the boot node deployment mnemonic
	id: get-mnemonic
	run: \|
	echo "::add-mask::$(gcloud secrets versions access latest --secret=${{ env.DEPLOYMENT_MNEMONIC_SECRET_NAME }})"
	echo "mnemonic=$(gcloud secrets versions access latest --secret=${{ env.DEPLOYMENT_MNEMONIC_SECRET_NAME }})" >> "$GITHUB_OUTPUT"

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: "1.5.0" # Specify your desired version

	- name: Terraform Init
	working-directory: ./spartan/terraform/deploy-release
	run: \|
	terraform init \
	-backend-config="bucket=${{ env.TF_STATE_BUCKET }}" \
	-backend-config="prefix=network-deploy/${{ env.REGION }}/${{ env.CLUSTER_NAME }}/${{ env.NAMESPACE }}/terraform.tfstate" \

	- name: Terraform Destroy
	working-directory: ./spartan/terraform/deploy-release
	if: ${{ inputs.run_terraform_destroy == 'true' }}
	# Destroy fails if the resources are already destroyed, so we continue on error
	continue-on-error: true
	run: \|
	if ${{ inputs.sepolia_deployment == 'true' }}; then
	terraform destroy -auto-approve \
	-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
	-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
	-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
	-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
	-var="L1_DEPLOYMENT_PRIVATE_KEY=${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }}" \
	-var="VALIDATOR_KEYS=${{ secrets.VALIDATOR_KEYS }}" \
	-var="BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY }}" \
	-var="PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.PROVER_PUBLISHER_PRIVATE_KEY }}" \
	-var="ETHEREUM_EXTERNAL_HOST=${{ secrets.SEPOLIA_EXTERNAL_HOST }}" \
	-lock=${{ inputs.respect_tf_lock }}
	else
	terraform destroy -auto-approve \
	-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
	-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
	-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
	-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
	-var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}"
	-lock=${{ inputs.respect_tf_lock }}
	fi

	- name: Terraform Plan
	working-directory: ./spartan/terraform/deploy-release
	run: \|
	if ${{ inputs.sepolia_deployment == 'true' }}; then
	terraform plan \
	-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
	-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
	-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
	-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
	-var="L1_DEPLOYMENT_PRIVATE_KEY=${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }}" \
	-var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
	-var="VALIDATOR_KEYS=${{ secrets.VALIDATOR_KEYS }}" \
	-var="BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY }}" \
	-var="PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.PROVER_PUBLISHER_PRIVATE_KEY }}" \
	-var="ETHEREUM_EXTERNAL_HOST=${{ secrets.SEPOLIA_EXTERNAL_HOST }}" \
	-out=tfplan \
	-lock=${{ inputs.respect_tf_lock }}
	else
	terraform plan \
	-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
	-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
	-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
	-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
	-var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}" \
	-var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
	-out=tfplan \
	-lock=${{ inputs.respect_tf_lock }}
	fi

	- name: Terraform Apply
	working-directory: ./spartan/terraform/deploy-release
	run: terraform apply -lock=${{ inputs.respect_tf_lock }} -auto-approve tfplan

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Aztec Network Deployment #38

Workflow file

Aztec Network Deployment #38

Jobs

Run details

Workflow file for this run