Pessimistic Proof Integration and Features #2496
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Basic deployment workflow. | |
# Note that more advanced use cases are tested in the nightly workflow. | |
name: Deploy | |
on: | |
pull_request: | |
push: | |
branches: [main] | |
concurrency: | |
group: deploy-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
ENCLAVE_NAME: cdk | |
jobs: | |
run-without-args: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Run Starlark | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --show-enclave-inspect=false . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: List databases | |
run: | | |
postgres_port=$(kurtosis port print ${{ env.ENCLAVE_NAME }} postgres-001 postgres | cut -d':' -f3) | |
PGPASSWORD=master_password psql --host 127.0.0.1 --port "$postgres_port" --username master_user --dbname master --list | |
- name: Monitor verified batches (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc) | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_run_without_args_${{ github.run_id }} | |
path: ./dump | |
list-ymls: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Generate test combinations | |
working-directory: .github/tests | |
run: ./combine-ymls.sh | |
- id: set-matrix | |
# List all yml files in the .github/tests directory, as well as test combinations, except for the additional-services.yml file. | |
run: | | |
files=$(ls -R \ | |
./.github/tests/combinations/*.yml \ | |
./.github/tests/gas-token/auto.yml \ | |
./.github/tests/static-ports/custom-static-ports.yml \ | |
./.github/tests/static-ports/default-static-ports.yml \ | |
| grep -v 'additional-services.yml') | |
matrix=$(echo "$files" | jq -R -s -c 'split("\n")[:-1]') | |
echo "matrix=$matrix" >> $GITHUB_OUTPUT | |
run-with-args: | |
needs: list-ymls | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
file_name: ${{ fromJson(needs.list-ymls.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Generate test combinations | |
working-directory: .github/tests | |
run: ./combine-ymls.sh | |
- name: Run Starlark | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=${{ matrix.file_name }} --show-enclave-inspect=false . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Verify static ports | |
run: | | |
if [[ ${{ matrix.file_name }} == "./.github/tests/static-ports/default-static-ports.yml" ]]; then | |
echo "Making sure public ports start by a 5 as defined by the static ports in the input_parser.star file." | |
ports=$(kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | sed -n '/^========================================== User Services ==========================================$/,$ p' | tail -n +3) | |
if ! wrong_ports=$(echo "$ports" | grep -vE '127.0.0.1:5|none'); then | |
echo "✅ Default static ports are set correctly." | |
exit 0 | |
else | |
echo "wrong_ports: $wrong_ports" | |
echo "❌ Default static ports are not set correctly." | |
exit 1 | |
fi | |
else | |
echo "Skipping." | |
fi | |
- name: Monitor verified batches (Central RPC) | |
run: | | |
sequencer_type=$(yq --raw-output '.args.sequencer_type' ${{ matrix.file_name }}) | |
rpc_name="" | |
if [[ "$sequencer_type" == "erigon" ]]; then | |
rpc_name="cdk-erigon-rpc-001" | |
elif [[ "$sequencer_type" == "zkevm" ]]; then | |
rpc_name="zkevm-node-rpc-001" | |
elif [[ "$sequencer_type" == "null" ]]; then | |
rpc_name="cdk-erigon-rpc-001" | |
else | |
echo "Unknown sequencer type: $sequencer_type" | |
exit 1 | |
fi | |
echo "RPC name: $rpc_name" | |
./.github/scripts/monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} $rpc_name rpc) | |
- name: Monitor verified batches (zkEVM Permissionless RPC) | |
run: | | |
result=$(yq --raw-output '.args.additional_services // [] | contains(["pless_zkevm_node"])' ${{ matrix.file_name }}) | |
if [[ "$result" == "true" ]]; then | |
./.github/scripts/monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-node-rpc-pless-001 rpc) | |
else | |
echo "Skipping batch verification as there is no zkevm permissionless RPC in the environment" | |
fi | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Generate archive name | |
if: ${{ !cancelled() }} | |
run: | | |
file_name=$(basename "${{ matrix.file_name }}" ".yml") | |
archive_name="dump_run_with_args_${file_name}_${{ github.run_id }}" | |
echo "ARCHIVE_NAME=${archive_name}" >> "$GITHUB_ENV" | |
echo "Generated archive name: ${archive_name}" | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ARCHIVE_NAME }} | |
path: ./dump | |
pre-deployed-gas-token: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Deploy L1 chain | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/external-l1/deploy-local-l1.yml . | |
- name: Deploy gas token on L1 | |
run: | | |
zkevm_contracts_version="v8.0.0-rc.4-fork.12" | |
echo "Cloning zkevm-contracts $zkevm_contracts_version..." | |
git clone https://github.com/0xPolygonHermez/zkevm-contracts | |
pushd zkevm-contracts | |
git checkout $zkevm_contracts_version | |
npm install @openzeppelin/contracts@4.8.2 | |
printf "[profile.default]\nsrc = 'contracts'\nout = 'out'\nlibs = ['node_modules']\n" > foundry.toml | |
echo "Deploying gas token to L1..." | |
l1_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} el-1-geth-lighthouse rpc) | |
forge create \ | |
--broadcast \ | |
--json \ | |
--rpc-url $l1_rpc_url \ | |
--mnemonic "giant issue aisle success illegal bike spike question tent bar rely arctic volcano long crawl hungry vocal artwork sniff fantasy very lucky have athlete" \ | |
contracts/mocks/ERC20PermitMock.sol:ERC20PermitMock \ | |
--constructor-args "CDK Gas Token" "CDK" "0xE34aaF64b29273B7D567FCFc40544c014EEe9970" "1000000000000000000000000" \ | |
> gasToken-erc20.json | |
gas_token_address=$(jq --raw-output '.deployedTo' gasToken-erc20.json) | |
if [[ -z "$gas_token_address" || "$gas_token_address" == "null" ]]; then | |
echo "Unable to deploy gas token" | |
exit 1 | |
fi | |
echo "Gas token contract deployed at $gas_token_address on L1" | |
popd | |
yq -Y --in-place ".args.gas_token_address = \"$gas_token_address\"" ./.github/tests/gas-token/pre-deployed.yml | |
- name: Deploy the rest of the stack | |
run: | | |
yq -Y --in-place ".deployment_stages.deploy_l1 = false" ./.github/tests/gas-token/pre-deployed.yml | |
kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/gas-token/pre-deployed.yml . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)" | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_pre_deployed_gas_token${{ github.run_id }} | |
path: ./dump | |
additional-services: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Run Starlark | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/additional-services.yml --show-enclave-inspect=false . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc) | |
- name: Verify Arpeggio RPC | |
run: | | |
result=$(yq '.args.additional_services | contains(["arpeggio"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} arpeggio-001 rpc) | |
else | |
echo "Arpeggio is not deployed." | |
fi | |
- name: Verify Blutgang RPC | |
run: | | |
result=$(yq '.args.additional_services | contains(["blutgang"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} blutgang-001 http) | |
else | |
echo "Blutgang is not deployed." | |
fi | |
- name: Verify erpc RPC | |
run: | | |
result=$(yq '.args.additional_services | contains(["erpc"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} erpc-001 rpc)/main/evm/10101" | |
else | |
echo "ERPC is not deployed." | |
fi | |
- name: Verify permissionless zkevm-node rpc | |
run: | | |
result=$(yq '.args.additional_services | contains(["pless_zkevm_node"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-node-rpc-pless-001 rpc) | |
else | |
echo "Permissionless zkevm-node is not deployed." | |
fi | |
- name: Verify that Prometheus collects Panoptichain metrics | |
run: | | |
result=$(yq '.args.additional_services | contains(["prometheus_grafana"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
echo "Wait for one minute while Prometheus gathers metrics..." | |
sleep 60 | |
echo "Retrieve Panoptichain metrics from Prometheus..." | |
panoptichain_metric="panoptichain_system_uptime" | |
prometheus_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} prometheus-001 http) | |
prometheus_query=$(curl "$prometheus_url/api/v1/query?query=$panoptichain_metric") | |
echo $prometheus_query | jq | |
if [ "$(jq -r '.data.result[0].metric.__name__' <<<$prometheus_query)" == "$panoptichain_metric" ]; then | |
echo "✅ Prometheus collects panoptichain metrics!" | |
else | |
echo "❌ Prometheus does not collect panoptichain metrics..." | |
exit 1 | |
fi | |
else | |
echo "Prometheus is not deployed." | |
fi | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_additional_services_${{ github.run_id }} | |
path: ./dump | |
attach-second-cdk: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Deploy L1 chain and a first CDK L2 chain (cdk-erigon sequencer + cdk stack) | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} . | |
- name: Attach a second CDK L2 chain (cdk-erigon sequencer + cdk stack) | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/attach-second-cdk.yml . | |
- name: Update the agglayer config | |
run: | | |
# Download the agglayer config file. | |
kurtosis files download ${{ env.ENCLAVE_NAME }} agglayer-config-artifact | |
cd agglayer-config-artifact | |
# Update the config by adding the rpc and proof signer of the second chain. | |
tomlq -Y --toml-output --in-place '."full-node-rpcs" += {"2": "http://cdk-erigon-rpc-002:8123"}' agglayer-config.toml | |
# Replace the agglayer config. | |
agglayer_container_id="$(docker ps --filter name=agglayer --format json | jq -r -s '. | map(select(.Names | startswith("agglayer--"))) | .[].ID')" | |
docker cp agglayer-config.toml "$agglayer_container_id:/etc/zkevm/agglayer-config.toml" | |
# Restart the agglayer service. | |
kurtosis service stop ${{ env.ENCLAVE_NAME }} agglayer | |
kurtosis service start ${{ env.ENCLAVE_NAME }} agglayer | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches of the first L2 chain (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)" | |
- name: Monitor verified batches of the second L2 chain (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-002 rpc)" | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_attach_ckds_${{ github.run_id }} | |
path: ./dump | |
deploy-to-external_l1: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Deploy L1 chain | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/external-l1/deploy-local-l1.yml . | |
- name: Deploy to local L1 chain | |
run: | | |
kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/external-l1/deploy-cdk-to-local-l1.yml . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)" | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_deploy_to_external_l1_${{ github.run_id }} | |
path: ./dump |