From 449ef74759237718aa0c2537aef1f7f566095272 Mon Sep 17 00:00:00 2001 From: Alex Gherghisan Date: Fri, 6 Dec 2024 10:29:28 +0000 Subject: [PATCH] feat: deploy devnet to k8s --- .github/workflows/devnet-deploy.yml | 119 ++++ .github/workflows/devnet-deploys.yml | 789 --------------------------- 2 files changed, 119 insertions(+), 789 deletions(-) create mode 100644 .github/workflows/devnet-deploy.yml delete mode 100644 .github/workflows/devnet-deploys.yml diff --git a/.github/workflows/devnet-deploy.yml b/.github/workflows/devnet-deploy.yml new file mode 100644 index 00000000000..ad6fd904746 --- /dev/null +++ b/.github/workflows/devnet-deploy.yml @@ -0,0 +1,119 @@ +name: Deploy devnet + +on: + workflow_dispatch: + inputs: + namespace: + description: The namespace to deploy to, e.g. smoke + required: true + aztec_docker_image: + description: The Aztec Docker image to use + required: true + deployment_mnemonic_secret_name: + description: The name of the secret which holds the boot node's contract deployment mnemonic + required: true + default: testnet-deployment-mnemonic + respect_tf_lock: + description: Whether to respect the Terraform lock + required: false + default: "true" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + CONTRACT_S3_BUCKET: s3://static.aztec.network + CLUSTER_NAME: aztec-gke + REGION: us-west1-a + NAMESPACE: ${{ inputs.namespace }} + AZTEC_DOCKER_IMAGE: ${{ inputs.aztec_docker_image }} + +jobs: + call-network-deploy: + uses: ./.github/workflows/network-deploy.yml@HEAD + with: + namespace: ${{ github.event.inputs.namespace }} + values_file: release-devnet + aztec_docker_image: ${{ github.event.inputs.aztec_docker_image }} + deployment_mnemonic_secret_name: ${{ github.event.inputs.deployment_mnemonic_secret_name }} + respect_tf_lock: ${{ github.event.inputs.respect_tf_lock }} + + bootstrap: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: "${{ env.GIT_COMMIT }}" + + - uses: ./.github/ci-setup-action + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-2 + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v2 + + - name: Setup kubectl access + run: | + gcloud components install kubectl gke-gcloud-auth-plugin --quiet + gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }} + + - name: Bootstrap network + run: | + set -eu -o pipefail + + pxe_port_forward_pid="" + ethereum_port_forward_pid="" + + cleanup() { + echo "Cleaning up port-forward processes..." + if [ -n "$pxe_port_forward_pid" ]; then + kill $pxe_port_forward_pid 2>/dev/null || true + fi + if [ -n "$ethereum_port_forward_pid" ]; then + kill $ethereum_port_forward_pid 2>/dev/null || true + fi + } + + trap cleanup EXIT + + echo "Waiting for PXE pods to be ready..." + if ! kubectl wait --for=condition=ready pod -l app=$NAMESPACE-aztec-network-pxe --timeout=10m; then + echo "Error: PXE pods did not become ready within timeout" + exit 1 + fi + + kubectl port-forward -n $NAMESPACE svc/$NAMESPACE-aztec-network-pxe 8081 & + pxe_port_forward_pid=$! + kubectl port-forward -n $NAMSPACE svc/$NAMESPACE-aztec-network-ethereum 8545 & + ethereum_port_forward_pid=$! + + # wait for port-forwards to establish + sleep 5 + + helm get values $NAMSPACE -n $NAMSPACE -o json --all > helm_values.json + L1_CHAIN_ID="$(jq -r .ethereum.chainId helm_values.json)" + MNEMONIC="$(jq -r .aztec.l1DeploymentMnemonic helm_values.json)" + echo "::add-mask::$MNEMONIC" + + docker run --rm $AZTEC_DOCKER_IMAGE bootstrap-network \ + --rpc-url http://127.0.0.1:8081 \ + --l1-rpc-url http://127.0.0.1:8545 \ + --l1-chain-id $CHAIN_ID \ + --mnemonic $MNEMONIC \ + --json | tee ./basic_contracts.json + + aws s3 cp ./basic_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/devnet/basic_contracts.json + diff --git a/.github/workflows/devnet-deploys.yml b/.github/workflows/devnet-deploys.yml deleted file mode 100644 index c2b385f971d..00000000000 --- a/.github/workflows/devnet-deploys.yml +++ /dev/null @@ -1,789 +0,0 @@ -name: Deploy to network -on: - # push: - # branches: [devnet, provernet, alphanet] - workflow_dispatch: - inputs: - no_rebuild_images: - description: "Don't rebuild images" - required: false - type: boolean - no_deploy: - description: "Skip deployment (only release images)" - required: false - type: boolean - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -# We only reference secret variables here where we put them into the environment so as to not create confusion - -# Anvil Accounts. Anvil provides 10 pre-funded accounts for the mnemonic we have specified in FORK_MNEMONIC. We are using: -# 1. The first account (index 0) is used in SEQ_1_PUBLISHER_PRIVATE_KEY -# 2. The 3rd account (index 2) is used in PROVER_1_PUBLISHER_PRIVATE_KEY -# 3. The 9th account (index 8) is used in this workflow for deploying contracts etc -# 4. The 10th account (index 9) is used by the deployed faucet -# TODO: Convert all this so we take the provided mnemonic and derive the keys from the above indices -env: - DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - GIT_COMMIT: ${{ github.sha }} - DEPLOY_TAG: none - L1_CHAIN_ID: 677692 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - API_KEY: ${{ secrets.DEVNET_API_KEY }} - FORK_ADMIN_API_KEY: ${{ secrets.DEVNET_API_KEY }} - FORK_MNEMONIC: ${{ secrets.FORK_MNEMONIC }} - CONTRACT_PUBLISHER_PRIVATE_KEY: ${{ secrets.CONTRACT_PUBLISHER_PRIVATE_KEY }} - CONTRACT_S3_BUCKET: s3://static.aztec.network - - # TF Vars - TF_VAR_DOCKERHUB_ACCOUNT: aztecprotocol - TF_VAR_L1_CHAIN_ID: 677692 - TF_VAR_DEPLOY_TAG: none - TF_VAR_IMAGE_TAG: ${{ github.sha }} - TF_VAR_API_KEY: ${{ secrets.DEVNET_API_KEY }} - - # Node / Sequencer - TF_VAR_BOOTSTRAP_NODES: "" - TF_VAR_P2P_ENABLED: "false" - TF_VAR_SEQUENCER_PRIVATE_KEYS: '["${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }}"]' - TF_VAR_NODE_P2P_PRIVATE_KEYS: '[""]' - TF_VAR_SEQ_MAX_SECONDS_BETWEEN_BLOCKS: 0 # disable auto block building - TF_VAR_SEQ_MIN_SECONDS_BETWEEN_BLOCKS: 0 # disable auto block building - TF_VAR_SEQ_MIN_TX_PER_BLOCK: 1 - TF_VAR_SEQ_MAX_TX_PER_BLOCK: 64 - TF_VAR_NODE_P2P_TCP_PORT: 40000 - TF_VAR_NODE_P2P_UDP_PORT: 45000 - TF_VAR_NODE_LB_RULE_PRIORITY: 500 - - # Prover Node - TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: 6000 - TF_VAR_PROVER_PRIVATE_KEYS: '["${{ secrets.PROVER_1_PUBLISHER_PRIVATE_KEY }}"]' - - # Anvil - TF_VAR_FORK_MNEMONIC: ${{ secrets.FORK_MNEMONIC }} - TF_VAR_INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets.DEVNET_API_KEY }} - TF_VAR_MAINNET_FORK_CPU_UNITS: 2048 - TF_VAR_MAINNET_FORK_MEMORY_UNITS: 4096 - - # Faucet - TF_VAR_FAUCET_ACCOUNT_INDEX: 9 - TF_VAR_FAUCET_LB_RULE_PRIORITY: 600 - - # Prover - TF_VAR_AGENTS_PER_PROVER: 1 - TF_VAR_PROVING_ENABLED: false - - # Transaction Bot - TF_VAR_BOT_API_KEY: ${{ secrets.BOT_API_KEY }} - TF_VAR_BOT_PRIVATE_KEY: "" - TF_VAR_BOT_NO_START: true - TF_VAR_BOT_PRIVATE_TRANSFERS_PER_TX: 0 # no private transfers - TF_VAR_BOT_PUBLIC_TRANSFERS_PER_TX: 1 - TF_VAR_BOT_TX_MINED_WAIT_SECONDS: 4800 - TF_VAR_BOT_FOLLOW_CHAIN: "PROVEN" - TF_VAR_BOT_TX_INTERVAL_SECONDS: 180 - TF_VAR_BOT_COUNT: 1 - TF_VAR_BOT_FLUSH_SETUP_TRANSACTIONS: false - TF_VAR_BOT_MAX_PENDING_TXS: 1 - - # PXE - TF_VAR_PXE_LB_RULE_PRIORITY: 4000 - -jobs: - setup: - uses: ./.github/workflows/setup-runner.yml - with: - username: ${{ github.actor }} - runner_type: builder-x86 - secrets: inherit - - # Set network specific variables as outputs from this job to be referenced in later jobs - set-network: - needs: setup - runs-on: ${{ github.actor }}-x86 - outputs: - deploy_tag: ${{ steps.set_network_vars.outputs.deploy_tag }} - branch_name: ${{ steps.set_network_vars.outputs.branch_name }} - network_api_key: ${{ steps.set_network_vars.outputs.network_api_key }} - network_fork_admin_api_key: ${{ steps.set_network_vars.outputs.network_fork_admin_api_key }} - agents_per_prover: ${{ steps.set_network_vars.outputs.agents_per_prover }} - bot_interval: ${{ steps.set_network_vars.outputs.bot_interval }} - node_tcp_range_start: ${{ steps.set_network_vars.outputs.node_tcp_range_start }} - node_udp_range_start: ${{ steps.set_network_vars.outputs.node_udp_range_start }} - prover_node_tcp_range_start: ${{ steps.set_network_vars.outputs.prover_node_tcp_range_start }} - prover_node_udp_range_start: ${{ steps.set_network_vars.outputs.prover_node_udp_range_start }} - node_lb_priority_range_start: ${{ steps.set_network_vars.outputs.node_lb_priority_range_start }} - pxe_lb_priority_range_start: ${{ steps.set_network_vars.outputs.pxe_lb_priority_range_start }} - prover_node_lb_priority_range_start: ${{ steps.set_network_vars.outputs.prover_node_lb_priority_range_start }} - faucet_lb_priority: ${{ steps.set_network_vars.outputs.faucet_lb_priority }} - max_txs_per_block: ${{ steps.set_network_vars.outputs.max_txs_per_block }} - bot_follow_chain: ${{ steps.set_network_vars.outputs.bot_follow_chain }} - min_txs_per_block: ${{ steps.set_network_vars.outputs.min_txs_per_block }} - bot_flush_setup_txs: ${{ steps.set_network_vars.outputs.bot_flush_setup_txs }} - bot_max_pending_txs: ${{ steps.set_network_vars.outputs.bot_max_pending_txs }} - mainnet_fork_cpu_units: ${{ steps.set_network_vars.outputs.mainnet_fork_cpu_units }} - mainnet_fork_memory_units: ${{ steps.set_network_vars.outputs.mainnet_fork_memory_units }} - bot_skip_simulation: ${{ steps.set_network_vars.outputs.bot_skip_simulation }} - bot_l2_gas_limit: ${{ steps.set_network_vars.outputs.bot_l2_gas_limit }} - bot_da_gas_limit: ${{ steps.set_network_vars.outputs.bot_da_gas_limit }} - bot_count: ${{ steps.set_network_vars.outputs.bot_count }} - steps: - - name: Set network vars - shell: bash - run: | - env - export BRANCH_NAME=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} - if [ "$BRANCH_NAME" = "devnet" ] - then - echo "deploy_tag=devnet" >> $GITHUB_OUTPUT - echo "branch_name=devnet" >> $GITHUB_OUTPUT - echo "network_api_key=DEVNET_API_KEY" >> $GITHUB_OUTPUT - echo "network_fork_admin_api_key=DEVNET_API_KEY" >> $GITHUB_OUTPUT - echo "agents_per_prover=2" >> $GITHUB_OUTPUT - echo "bot_interval=180" >> $GITHUB_OUTPUT - echo "node_tcp_range_start=40100" >> $GITHUB_OUTPUT - echo "node_udp_range_start=45100" >> $GITHUB_OUTPUT - echo "prover_node_tcp_range_start=41100" >> $GITHUB_OUTPUT - echo "prover_node_udp_range_start=46100" >> $GITHUB_OUTPUT - echo "node_lb_priority_range_start=4100" >> $GITHUB_OUTPUT - echo "pxe_lb_priority_range_start=5100" >> $GITHUB_OUTPUT - echo "prover_node_lb_priority_range_start=6100" >> $GITHUB_OUTPUT - echo "faucet_lb_priority=601" >> $GITHUB_OUTPUT - echo "min_txs_per_block=1" >> $GITHUB_OUTPUT - echo "max_txs_per_block=64" >> $GITHUB_OUTPUT - echo "bot_follow_chain=PROVEN" >> $GITHUB_OUTPUT - echo "bot_flush_setup_txs=false" >> $GITHUB_OUTPUT - echo "bot_max_pending_txs=1" >> $GITHUB_OUTPUT - echo "mainnet_fork_cpu_units=2048" >> $GITHUB_OUTPUT - echo "mainnet_fork_memory_units=4096" >> $GITHUB_OUTPUT - echo "bot_skip_simulation=false" >> $GITHUB_OUTPUT - echo "bot_l2_gas_limit=" >> $GITHUB_OUTPUT - echo "bot_da_gas_limit=" >> $GITHUB_OUTPUT - echo "bot_count=1" >> $GITHUB_OUTPUT - elif [ "$BRANCH_NAME" = "provernet" ] - then - echo "deploy_tag=provernet" >> $GITHUB_OUTPUT - echo "branch_name=provernet" >> $GITHUB_OUTPUT - echo "network_api_key=PROVERNET_API_KEY" >> $GITHUB_OUTPUT - echo "network_fork_admin_api_key=PROVERNET_FORK_ADMIN_API_KEY" >> $GITHUB_OUTPUT - echo "agents_per_prover=8" >> $GITHUB_OUTPUT - echo "bot_interval=10" >> $GITHUB_OUTPUT - echo "node_tcp_range_start=40200" >> $GITHUB_OUTPUT - echo "node_udp_range_start=45200" >> $GITHUB_OUTPUT - echo "prover_node_tcp_range_start=41200" >> $GITHUB_OUTPUT - echo "prover_node_udp_range_start=46200" >> $GITHUB_OUTPUT - echo "node_lb_priority_range_start=4200" >> $GITHUB_OUTPUT - echo "pxe_lb_priority_range_start=5200" >> $GITHUB_OUTPUT - echo "prover_node_lb_priority_range_start=6200" >> $GITHUB_OUTPUT - echo "faucet_lb_priority=602" >> $GITHUB_OUTPUT - echo "min_txs_per_block=4" >> $GITHUB_OUTPUT - echo "max_txs_per_block=4" >> $GITHUB_OUTPUT - echo "bot_follow_chain=NONE" >> $GITHUB_OUTPUT - echo "bot_flush_setup_txs=true" >> $GITHUB_OUTPUT - echo "bot_max_pending_txs=32" >> $GITHUB_OUTPUT - echo "mainnet_fork_cpu_units=8192" >> $GITHUB_OUTPUT - echo "mainnet_fork_memory_units=32768" >> $GITHUB_OUTPUT - echo "bot_skip_simulation=true" >> $GITHUB_OUTPUT - echo "bot_l2_gas_limit=1000000000" >> $GITHUB_OUTPUT - echo "bot_da_gas_limit=1000000000" >> $GITHUB_OUTPUT - echo "bot_count=1" >> $GITHUB_OUTPUT - elif [ "$BRANCH_NAME" = "alphanet" ] - then - echo "deploy_tag=alphanet" >> $GITHUB_OUTPUT - echo "branch_name=alphanet" >> $GITHUB_OUTPUT - echo "network_api_key=ALPHANET_API_KEY" >> $GITHUB_OUTPUT - echo "network_fork_admin_api_key=ALPHANET_API_KEY" >> $GITHUB_OUTPUT - echo "agents_per_prover=1" >> $GITHUB_OUTPUT - echo "bot_interval=10" >> $GITHUB_OUTPUT - echo "node_tcp_range_start=40000" >> $GITHUB_OUTPUT - echo "node_udp_range_start=45000" >> $GITHUB_OUTPUT - echo "prover_node_tcp_range_start=41000" >> $GITHUB_OUTPUT - echo "prover_node_udp_range_start=46000" >> $GITHUB_OUTPUT - echo "node_lb_priority_range_start=4000" >> $GITHUB_OUTPUT - echo "pxe_lb_priority_range_start=5000" >> $GITHUB_OUTPUT - echo "prover_node_lb_priority_range_start=6000" >> $GITHUB_OUTPUT - echo "faucet_lb_priority=600" >> $GITHUB_OUTPUT - echo "min_txs_per_block=1" >> $GITHUB_OUTPUT - echo "max_txs_per_block=64" >> $GITHUB_OUTPUT - echo "bot_follow_chain=PROVEN" >> $GITHUB_OUTPUT - echo "bot_flush_setup_txs=false" >> $GITHUB_OUTPUT - echo "bot_max_pending_txs=1" >> $GITHUB_OUTPUT - echo "mainnet_fork_cpu_units=2048" >> $GITHUB_OUTPUT - echo "mainnet_fork_memory_units=4096" >> $GITHUB_OUTPUT - echo "bot_skip_simulation=false" >> $GITHUB_OUTPUT - echo "bot_l2_gas_limit=" >> $GITHUB_OUTPUT - echo "bot_da_gas_limit=" >> $GITHUB_OUTPUT - echo "bot_count=1" >> $GITHUB_OUTPUT - else - echo "Unrecognized Branch!!" - exit 1 - fi - id: set_network_vars - - build-mainnet-fork: - needs: set-network - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }} - runs-on: ${{ github.actor }}-x86 - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - fetch-depth: 0 - - uses: ./.github/ci-setup-action - with: - concurrency_key: build-mainnet-fork-${{ github.actor }} - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - - name: Build & push mainnet fork image - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - earthly-ci --no-output --push ./iac/mainnet-fork+export-mainnet-fork --DIST_TAG=${{ env.DEPLOY_TAG }} - earthly-ci --no-output --push ./iac/mainnet-fork+export-mainnet-fork --DIST_TAG=${{ github.sha }} - - build-aztec: - needs: set-network - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }} - runs-on: ${{ github.actor }}-x86 - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - fetch-depth: 0 - - uses: ./.github/ci-setup-action - with: - concurrency_key: build-aztec-${{ github.actor }} - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - name: "Build & Push aztec images" - timeout-minutes: 40 - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - env - earthly-ci --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ github.sha }} --ARCH=x86_64 - earthly-ci --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ env.DEPLOY_TAG }} --ARCH=x86_64 - - - name: "Re-tag Aztec image" - if: ${{ github.event.inputs.no_rebuild_images == 'true' }} - run: | - env - docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}-x86_64 - docker tag aztecprotocol/aztec:${{ env.DEPLOY_TAG }}-x86_64 aztecprotocol/aztec:${{ github.sha }}-x86_64 - docker push aztecprotocol/aztec:${{ github.sha }}-x86_64 - - build-aztec-nargo: - needs: [set-network, build-aztec] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }} - runs-on: ${{ github.actor }}-x86 - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - fetch-depth: 0 - - uses: ./.github/ci-setup-action - with: - concurrency_key: build-aztec-nargo-${{ github.actor }} - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - - name: Build & push aztec nargo image - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - earthly-ci --no-output --push ./aztec-nargo+export-aztec-nargo --DIST_TAG=${{ github.sha }} --ARCH=x86_64 - earthly-ci --no-output --push ./aztec-nargo+export-aztec-nargo --DIST_TAG=${{ env.DEPLOY_TAG }} --ARCH=x86_64 - - publish-aztec-manifests: - needs: [set-network, build-aztec, build-aztec-nargo] - env: - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - - uses: ./.github/ci-setup-action - with: - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - - name: "Publish aztec manifests" - run: | - env - docker pull aztecprotocol/aztec:${{ github.sha }}-x86_64 - - docker manifest create aztecprotocol/aztec:${{ env.DEPLOY_TAG }} \ - aztecprotocol/aztec:${{ github.sha }}-x86_64 - docker manifest create aztecprotocol/aztec:${{ github.sha }} \ - aztecprotocol/aztec:${{ github.sha }}-x86_64 - - docker manifest push aztecprotocol/aztec:${{ env.DEPLOY_TAG }} - docker manifest push aztecprotocol/aztec:${{ github.sha }} - - - name: "Publish aztec-nargo manifests" - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - docker pull aztecprotocol/aztec-nargo:${{ github.sha }}-x86_64 - - docker manifest create aztecprotocol/aztec-nargo:${{ env.DEPLOY_TAG }} \ - aztecprotocol/aztec-nargo:${{ github.sha }}-x86_64 - docker manifest create aztecprotocol/aztec-nargo:${{ github.sha }} \ - aztecprotocol/aztec-nargo:${{ github.sha }}-x86_64 - - docker manifest push aztecprotocol/aztec-nargo:${{ env.DEPLOY_TAG }} - docker manifest push aztecprotocol/aztec-nargo:${{ github.sha }} - - build-faucet: - needs: [set-network, build-aztec] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }} - runs-on: ${{ github.actor }}-x86 - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - fetch-depth: 0 - - uses: ./.github/ci-setup-action - with: - concurrency_key: build-faucet-${{ github.actor }} - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - name: "Build & Push aztec images" - timeout-minutes: 40 - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - env - earthly-ci --no-output --push ./yarn-project+export-aztec-faucet --DIST_TAG=${{ env.DEPLOY_TAG }} - earthly-ci --no-output --push ./yarn-project+export-aztec-faucet --DIST_TAG=${{ github.sha }} - - - name: "Re-tag Aztec image" - if: ${{ github.event.inputs.no_rebuild_images == 'true' }} - run: | - env - docker pull aztecprotocol/aztec-faucet:${{ env.DEPLOY_TAG }} - docker tag aztecprotocol/aztec-faucet:${{ env.DEPLOY_TAG }} aztecprotocol/aztec-faucet:${{ github.sha }} - docker push aztecprotocol/aztec-faucet:${{ github.sha }} - - build-cli-wallet: - needs: [set-network, build-aztec] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }} - runs-on: ${{ github.actor }}-x86 - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - fetch-depth: 0 - - uses: ./.github/ci-setup-action - with: - concurrency_key: build-cli-wallet-${{ github.actor }} - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - name: "Build & Push aztec images" - timeout-minutes: 40 - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - env - earthly-ci --no-output --push ./yarn-project+export-cli-wallet --DIST_TAG=${{ env.DEPLOY_TAG }} --ARCH=x86_64 - earthly-ci --no-output --push ./yarn-project+export-cli-wallet --DIST_TAG=${{ github.sha }} --ARCH=x86_64 - - publish-cli-wallet-manifest: - needs: [set-network, build-cli-wallet] - env: - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - runs-on: ${{ github.actor }}-x86 - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - fetch-depth: 0 - - uses: ./.github/ci-setup-action - with: - dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}" - - - name: "Publish aztec CLI wallet manifests" - if: ${{ github.event.inputs.no_rebuild_images == 'false' }} - run: | - env - docker pull aztecprotocol/cli-wallet:${{ github.sha }}-x86_64 - - docker manifest create aztecprotocol/cli-wallet:${{ env.DEPLOY_TAG }} \ - aztecprotocol/cli-wallet:${{ github.sha }}-x86_64 - docker manifest create aztecprotocol/cli-wallet:${{ github.sha }} \ - aztecprotocol/cli-wallet:${{ github.sha }}-x86_64 - - docker manifest push aztecprotocol/cli-wallet:${{ env.DEPLOY_TAG }} - docker manifest push aztecprotocol/cli-wallet:${{ github.sha }} - - build-end: - runs-on: ubuntu-latest - needs: - [ - set-network, - build-faucet, - build-mainnet-fork, - publish-aztec-manifests, - publish-cli-wallet-manifest, - ] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - - uses: ./.github/ci-setup-action - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.5 - - terraform-deploy: - if: ${{ github.event.inputs.no_deploy == 'false' }} - runs-on: ubuntu-latest - needs: [build-end, set-network] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_AGENTS_PER_PROVER: ${{ needs.set-network.outputs.agents_per_prover }} - TF_VAR_BOT_TX_INTERVAL_SECONDS: ${{ needs.set-network.outputs.bot_interval }} - TF_VAR_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.node_lb_priority_range_start }} - TF_VAR_PXE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.pxe_lb_priority_range_start }} - TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.prover_node_lb_priority_range_start }} - TF_VAR_SEQ_MIN_TX_PER_BLOCK: 1 - TF_VAR_SEQ_MAX_TX_PER_BLOCK: ${{ needs.set-network.outputs.max_txs_per_block }} - TF_VAR_MAINNET_FORK_CPU_UNITS: ${{ needs.set-network.outputs.mainnet_fork_cpu_units }} - TF_VAR_MAINNET_FORK_MEMORY_UNITS: ${{ needs.set-network.outputs.mainnet_fork_memory_units }} - TF_VAR_BOT_SKIP_PUBLIC_SIMULATION: ${{ needs.set-network.outputs.bot_skip_simulation }} - TF_VAR_BOT_L2_GAS_LIMIT: ${{ needs.set-network.outputs.bot_l2_gas_limit }} - TF_VAR_BOT_DA_GAS_LIMIT: ${{ needs.set-network.outputs.bot_da_gas_limit }} - TF_VAR_BOT_COUNT: ${{ needs.set-network.outputs.bot_count }} - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - - uses: ./.github/ci-setup-action - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.5 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - - name: Deploy mainnet fork - working-directory: ./iac/mainnet-fork/terraform - run: | - env - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/mainnet-fork" - terraform apply -input=false -auto-approve - - - name: Wait for mainnet fork deployment - run: | - ./.github/scripts/wait_for_infra.sh mainnet-fork ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }} - - - name: Deploy L1 Contracts - run: | - set -e - set -o pipefail - - docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }} - docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-l1-contracts \ - --private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }} \ - --rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \ - --l1-chain-id ${{ env.L1_CHAIN_ID }} \ - --salt ${{ github.run_id }} \ - --json | tee ./l1_contracts.json - - # upload contract addresses to S3 - aws s3 cp ./l1_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/l1_contracts.json - - # export contract addresses so they can be used by subsequent terraform deployments - function extract() { - jq -r ".$1" ./l1_contracts.json - } - - echo "TF_VAR_ROLLUP_CONTRACT_ADDRESS=$(extract rollupAddress)" >>$GITHUB_ENV - echo "TF_VAR_REGISTRY_CONTRACT_ADDRESS=$(extract registryAddress)" >>$GITHUB_ENV - echo "TF_VAR_INBOX_CONTRACT_ADDRESS=$(extract inboxAddress)" >>$GITHUB_ENV - echo "TF_VAR_OUTBOX_CONTRACT_ADDRESS=$(extract outboxAddress)" >>$GITHUB_ENV - echo "TF_VAR_FEE_JUICE_CONTRACT_ADDRESS=$(extract feeJuiceAddress)" >>$GITHUB_ENV - echo "TF_VAR_STAKING_ASSET_CONTRACT_ADDRESS=$(extract stakingAssetAddress)" >>$GITHUB_ENV - echo "TF_VAR_FEE_JUICE_PORTAL_CONTRACT_ADDRESS=$(extract feeJuicePortalAddress)" >>$GITHUB_ENV - - - name: Apply l1-contracts Terraform - working-directory: ./l1-contracts/terraform - run: | - env - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/l1-contracts" - terraform apply -input=false -auto-approve - - - name: Disable transactions bot - working-directory: ./yarn-project/aztec/terraform/bot - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/bot" - terraform apply -input=false -auto-approve - - - name: Deploy Aztec Nodes - working-directory: ./yarn-project/aztec/terraform/node - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node" - terraform apply -input=false -auto-approve -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.node_udp_range_start }}" - - - name: Deploy Aztec Prover Nodes - working-directory: ./yarn-project/aztec/terraform/prover-node - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-prover-node" - terraform apply -input=false -auto-approve -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.prover_node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.prover_node_udp_range_start }}" - - - name: Deploy Provers - working-directory: ./yarn-project/aztec/terraform/prover - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/prover" - terraform apply -input=false -auto-approve - - - name: Deploy PXE - working-directory: ./yarn-project/aztec/terraform/pxe - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe" - terraform apply -input=false -auto-approve -replace="aws_efs_file_system.pxe_data_store" - - bootstrap: - if: ${{ github.event.inputs.no_deploy == 'false' }} - runs-on: ubuntu-latest - needs: [terraform-deploy, set-network] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - - - uses: ./.github/ci-setup-action - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - - name: Wait for PXE to be available - run: | - env - ./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }} - - - name: Setup protocol contracts - run: | - set -e - set -o pipefail - docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }} - docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} setup-protocol-contracts \ - --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \ - --l1-chain-id ${{ env.L1_CHAIN_ID }} \ - --json | tee ./protocol_contracts.json - - aws s3 cp ./protocol_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/protocol_contracts.json - - - name: Bootstrap network - run: | - set -e - set -o pipefail - docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} bootstrap-network \ - --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \ - --l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \ - --l1-chain-id ${{ env.L1_CHAIN_ID }} \ - --l1-private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }} \ - --json | tee ./basic_contracts.json - - aws s3 cp ./basic_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/basic_contracts.json - - deploy-faucet: - if: ${{ github.event.inputs.no_deploy == 'false' }} - runs-on: ubuntu-latest - needs: [terraform-deploy, bootstrap, set-network] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FAUCET_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.faucet_lb_priority }} - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - - uses: ./.github/ci-setup-action - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.5 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - - name: Retrieve contract addresses - run: | - set -e - aws s3 cp ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/l1_contracts.json ./l1_contracts.json - aws s3 cp ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/basic_contracts.json ./basic_contracts.json - - echo "TF_VAR_FEE_JUICE_CONTRACT_ADDRESS=$(jq -r '.feeJuiceAddress' ./l1_contracts.json)" >>$GITHUB_ENV - echo "TF_VAR_STAKING_ASSET_CONTRACT_ADDRESS=$(jq -r '.stakingAssetAddress' ./l1_contracts.json)" >>$GITHUB_ENV - echo "TF_VAR_DEV_COIN_CONTRACT_ADDRESS=$(jq -r '.devCoinL1' ./basic_contracts.json)" >>$GITHUB_ENV - - - name: Deploy Faucet - working-directory: ./yarn-project/aztec-faucet/terraform - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-faucet" - terraform apply -input=false -auto-approve - - enable-proving: - if: ${{ github.event.inputs.no_deploy == 'false' }} - runs-on: ubuntu-latest - needs: [deploy-faucet, set-network] - env: - BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }} - DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }} - API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }} - FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }} - TF_VAR_AGENTS_PER_PROVER: ${{ needs.set-network.outputs.agents_per_prover }} - TF_VAR_BOT_TX_INTERVAL_SECONDS: ${{ needs.set-network.outputs.bot_interval }} - TF_VAR_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.node_lb_priority_range_start }} - TF_VAR_PXE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.pxe_lb_priority_range_start }} - TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.prover_node_lb_priority_range_start }} - TF_VAR_BOT_FLUSH_SETUP_TRANSACTIONS: ${{ needs.set-network.outputs.bot_flush_setup_txs }} - TF_VAR_BOT_MAX_PENDING_TXS: ${{ needs.set-network.outputs.bot_max_pending_txs }} - TF_VAR_SEQ_MIN_TX_PER_BLOCK: ${{ needs.set-network.outputs.min_txs_per_block }} - TF_VAR_SEQ_MAX_TX_PER_BLOCK: ${{ needs.set-network.outputs.max_txs_per_block }} - TF_VAR_BOT_FOLLOW_CHAIN: ${{ needs.set-network.outputs.bot_follow_chain }} - TF_VAR_PROVING_ENABLED: true - TF_VAR_BOT_NO_START: false - TF_VAR_BOT_SKIP_PUBLIC_SIMULATION: ${{ needs.set-network.outputs.bot_skip_simulation }} - TF_VAR_BOT_L2_GAS_LIMIT: ${{ needs.set-network.outputs.bot_l2_gas_limit }} - TF_VAR_BOT_DA_GAS_LIMIT: ${{ needs.set-network.outputs.bot_da_gas_limit }} - TF_VAR_BOT_COUNT: ${{ needs.set-network.outputs.bot_count }} - steps: - - uses: actions/checkout@v4 - with: - ref: "${{ env.GIT_COMMIT }}" - - uses: ./.github/ci-setup-action - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: 1.7.5 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-west-2 - - # Unneded for now, since the prover-node runs with simulated proofs and submits them to L1, which does not verify them yet. - # - name: Set latest block as proven - # working-directory: ./yarn-project/aztec/terraform/pxe - # run: | - # set -eo pipefail - # docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} set-proven-through \ - # --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \ - # --l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \ - # --l1-chain-id ${{ env.L1_CHAIN_ID }} \ - # --l1-private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }} - - - name: Deploy PXE - working-directory: ./yarn-project/aztec/terraform/pxe - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe" - terraform apply -input=false -auto-approve - - - name: Deploy Aztec Nodes - working-directory: ./yarn-project/aztec/terraform/node - run: | - env - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node" - terraform apply -input=false -auto-approve -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.node_udp_range_start }}" - - - name: Deploy Aztec Prover Nodes - working-directory: ./yarn-project/aztec/terraform/prover-node - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-prover-node" - terraform apply -input=false -auto-approve -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.prover_node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.prover_node_udp_range_start }}" - - - name: Deploy Provers - working-directory: ./yarn-project/aztec/terraform/prover - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/prover" - terraform apply -input=false -auto-approve - - - name: Wait for PXE to be available - run: | - ./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }} - - - name: Deploy verifier - working-directory: ./yarn-project/aztec/terraform/pxe - run: | - set -eo pipefail - docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-l1-verifier \ - --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \ - --l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \ - --l1-chain-id ${{ env.L1_CHAIN_ID }} \ - --l1-private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }} - - - name: Enable transactions bot - working-directory: ./yarn-project/aztec/terraform/bot - run: | - terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/bot" - terraform apply -input=false -auto-approve