feat: re-enabling authwit constraint #8412
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [master] | |
pull_request: {} | |
workflow_dispatch: | |
inputs: | |
username: | |
description: "Defaults to GitHub Actor" | |
required: false | |
runner_action: | |
description: "The action to take with the self-hosted runner (start, stop, restart)." | |
required: false | |
concurrency: | |
# force parallelism in master | |
group: ci-${{ github.ref_name == 'master' && github.run_id || github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
setup: | |
uses: ./.github/workflows/setup-runner.yml | |
with: | |
runner_label: ${{ inputs.username || github.actor }}-x86 | |
ebs_cache_size_gb: 256 | |
runner_concurrency: 50 | |
subaction: ${{ inputs.runner_action || 'start' }} | |
# Use instance types with low interruption rate in us-east-2 https://aws.amazon.com/ec2/spot/instance-advisor/ | |
ec2_instance_type: r6in.32xlarge r6a.32xlarge i4i.32xlarge r7iz.32xlarge | |
ec2_ami_id: ami-04d8422a9ba4de80f | |
ec2_spot_instance_strategy: None | |
ec2_instance_ttl: 40 # refreshed by jobs | |
secrets: inherit | |
build: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
outputs: | |
e2e_list: ${{ steps.e2e_list.outputs.list }} | |
bench_list: ${{ steps.bench_list.outputs.list }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: { ref: "${{ github.event.pull_request.head.sha }}" } | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: build-${{ inputs.username || github.actor }}-x86 | |
# prepare images locally, tagged by commit hash | |
- name: "Build E2E Image" | |
timeout-minutes: 40 | |
run: earthly-ci ./yarn-project+export-e2e-test-images | |
# We base our e2e list used in e2e-x86 off the targets in ./yarn-project/end-to-end | |
# (Note ARM uses just 2 tests as a smoketest) | |
- name: Create list of non-bench end-to-end jobs | |
id: e2e_list | |
run: echo "list=$(earthly ls ./yarn-project/end-to-end | grep -v '+base' | grep -v '+bench' | sed 's/+//' | jq -R . | jq -cs .)" >> $GITHUB_OUTPUT | |
- name: Create list of bench end-to-end jobs | |
id: bench_list | |
run: echo "list=$(earthly ls ./yarn-project/end-to-end | grep '+bench' | sed 's/+//' | jq -R . | jq -cs .)" >> $GITHUB_OUTPUT | |
# all the non-bench end-to-end integration tests for aztec | |
e2e: | |
needs: build | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
strategy: | |
fail-fast: false | |
matrix: | |
test: ${{ fromJson( needs.build.outputs.e2e_list )}} | |
steps: | |
- uses: actions/checkout@v4 | |
with: { ref: "${{ github.event.pull_request.head.sha }}" } | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
# must be globally unique for build x runner | |
concurrency_key: e2e-${{ inputs.username || github.actor }}-x86-${{ matrix.test }} | |
- name: Test | |
working-directory: ./yarn-project/end-to-end/ | |
timeout-minutes: 25 | |
run: earthly-ci -P \ | |
--secret AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ | |
--secret AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ | |
--no-output \ | |
+${{ matrix.test }} --skip_build=true | |
# all the benchmarking end-to-end integration tests for aztec (not required to merge) | |
bench-e2e: | |
needs: build | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
strategy: | |
fail-fast: false | |
matrix: | |
test: ${{ fromJson( needs.build.outputs.bench_list )}} | |
steps: | |
- uses: actions/checkout@v4 | |
with: { ref: "${{ github.event.pull_request.head.sha }}" } | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
# must be globally unique for build x runner | |
concurrency_key: e2e-${{ inputs.username || github.actor }}-x86-${{ matrix.test }} | |
- name: Test | |
working-directory: ./yarn-project/end-to-end/ | |
timeout-minutes: 25 | |
run: earthly-ci -P \ | |
--secret AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ | |
--secret AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ | |
--no-output \ | |
+${{ matrix.test }} --skip_build=true | |
# bench-summary: | |
# needs: e2e | |
# runs-on: ${{ inputs.username || github.actor }}-x86 | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# fetch-depth: 100 # Downloading base benchmark from master requires access to history | |
# ref: "${{ github.event.pull_request.head.sha }}" | |
# - uses: ./.github/ci-setup-action | |
# with: | |
# dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
# concurrency_key: build-${{ inputs.username || github.actor }}-x86 | |
# - name: "Build and upload bench aggregate file" | |
# working-directory: ./yarn-project/scripts | |
# run: earthly-ci -P --secret AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} --secret AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} +bench-aggregate | |
# - name: "Download base benchmark" | |
# if: ${{ github.event_name == 'pull_request' }} | |
# run: scripts/logs/download_base_benchmark_from_s3.sh | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# BENCH_FOLDER: ./yarn-project/scripts/bench | |
# PULL_REQUEST: "${{ github.event.pull_request.number }}" | |
# - name: "Generate summary comment if pull request" | |
# if: ${{ github.event_name == 'pull_request' }} | |
# working-directory: ./yarn-project/scripts | |
# run: earthly-ci -P --secret AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} --secret AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} --secret AZTEC_BOT_COMMENTER_GITHUB_TOKEN=${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} +bench-comment | |
noir-format: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: noir-format-${{ inputs.username || github.actor }}-x86 | |
- name: "Format Noir" | |
working-directory: ./noir/ | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./+format | |
- name: "Format noir-projects" | |
working-directory: ./noir-projects/ | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./+format | |
# barretenberg (prover) native and AVM (public VM) tests | |
# only ran on x86 for resource reasons (memory intensive) | |
bb-native-tests: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
# Only allow one memory-hunger prover test to use this runner | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
# must be globally unique for build x runner | |
concurrency_key: bb-native-tests-${{ inputs.username || github.actor }}-x86 | |
- name: "Native Prover Tests" | |
working-directory: ./barretenberg/cpp/ | |
timeout-minutes: 25 | |
# limit our parallelism to half our cores | |
run: earthly-ci --no-output +test --hardware_concurrency=64 | |
bb-js-test: | |
needs: setup | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: bb-js-test-${{ github.actor }}-x86 | |
- name: "bb.js Tests" | |
working-directory: ./barretenberg/ts/ | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./+test | |
noir-test: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: noir-${{ inputs.username || github.actor }}-x86 | |
- name: "Test Noir JS packages" | |
run: earthly-ci --no-output ./noir+test | |
noir-packages-test: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: noir-${{ inputs.username || github.actor }}-x86 | |
- name: "Test Noir JS packages" | |
run: earthly-ci --no-output ./noir+packages-test | |
noir-projects: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: noir-projects-${{ inputs.username || github.actor }}-x86 | |
- name: "Noir Projects" | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./noir-projects/+test | |
yarn-project-formatting: | |
needs: noir-projects | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
# Only allow one memory-hunger prover test to use this runner | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: yarn-project-formatting-${{ github.actor }}-x86 | |
- name: "Yarn Project Tests" | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./yarn-project/+format-check | |
yarn-project-test: | |
needs: noir-projects | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
# Only allow one memory-hunger prover test to use this runner | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: yarn-project-test-${{ github.actor }}-x86 | |
- name: "Yarn Project Tests" | |
timeout-minutes: 30 | |
run: earthly-ci --no-output ./yarn-project/+test | |
prover-client-test: | |
needs: noir-projects | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: prover-client-test-${{ github.actor }}-x86 | |
- name: "Prover Client Tests" | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./yarn-project/+prover-client-test | |
client-proof-tests: | |
needs: build | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: client-proof-tests-${{ github.actor }}-x86 | |
- name: "Client Proof Tests" | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./yarn-project/+run-e2e --test=client_prover_integration/client_prover_integration.test.ts | |
build-acir-tests: | |
needs: build | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: build-acir-tests-${{ github.actor }}-x86 | |
- name: "Build Acir Tests" | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./noir/+build-acir-tests | |
barretenberg-acir-tests-bb: | |
needs: build-acir-tests | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: barretenberg-acir-tests-bb-${{ github.actor }}-x86 | |
- name: "BB Native Acir Tests" | |
working-directory: ./noir/ | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./+barretenberg-acir-tests-bb | |
barretenberg-acir-tests-sol: | |
needs: build-acir-tests | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: barretenberg-acir-tests-sol-${{ github.actor }}-x86 | |
- name: "BB Solidity Acir Tests" | |
working-directory: ./noir/ | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./+barretenberg-acir-tests-sol | |
barretenberg-acir-tests-bb-js: | |
needs: build-acir-tests | |
runs-on: ${{ github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: barretenberg-acir-tests-bb-js-${{ github.actor }}-x86 | |
- name: "BB JS Acir Tests" | |
working-directory: ./noir/ | |
timeout-minutes: 25 | |
run: earthly-ci --no-output ./+barretenberg-acir-tests-bb.js | |
docs-preview: | |
needs: build | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
if: github.event.number | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: docs-preview-${{ inputs.username || github.actor }}-x86 | |
- name: "Docs Preview" | |
timeout-minutes: 30 | |
run: earthly --no-output ./docs/+deploy-preview --PR=${{ github.event.number }} --AZTEC_BOT_COMMENTER_GITHUB_TOKEN=${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} --NETLIFY_AUTH_TOKEN=${{ secrets.NETLIFY_AUTH_TOKEN }} --NETLIFY_SITE_ID=${{ secrets.NETLIFY_SITE_ID }} | |
# push benchmarking binaries to dockerhub registry | |
bb-bench-binaries: | |
needs: build | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: bb-bench-binaries-${{ inputs.username || github.actor }}-x86 | |
- name: Build and Push Binaries | |
timeout-minutes: 15 | |
working-directory: ./barretenberg/cpp/ | |
run: earthly-ci --push +bench-binaries | |
setup-bench: | |
uses: ./.github/workflows/setup-runner.yml | |
needs: bb-bench-binaries | |
with: | |
runner_label: ${{ inputs.username || github.actor }}-bench-x86 | |
ebs_cache_size_gb: 64 | |
runner_concurrency: 1 | |
subaction: ${{ inputs.runner_action || 'start' }} | |
ec2_instance_type: m6a.4xlarge | |
ec2_ami_id: ami-04d8422a9ba4de80f | |
ec2_instance_ttl: 15 # refreshed by jobs | |
secrets: inherit | |
bb-bench: | |
runs-on: ${{ inputs.username || github.actor }}-bench-x86 | |
needs: setup-bench | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: bb-bench-${{ inputs.username || github.actor }}-bench-x86 | |
# Use bench_mode=cache to read the pushed build above | |
- name: Client IVC Bench | |
working-directory: ./barretenberg/cpp/ | |
timeout-minutes: 15 | |
run: earthly-ci --no-output +bench-client-ivc --bench_mode=cache | |
- name: Ultrahonk Bench | |
working-directory: ./barretenberg/cpp/ | |
timeout-minutes: 15 | |
run: earthly-ci --no-output +bench-ultra-honk --bench_mode=cache | |
protocol-circuits-gates-report: | |
needs: setup | |
runs-on: ${{ inputs.username || github.actor }}-x86 | |
steps: | |
- { | |
uses: actions/checkout@v4, | |
with: { ref: "${{ github.event.pull_request.head.sha }}" }, | |
} | |
# Only allow one memory-hunger prover test to use this runner | |
- uses: ./.github/ci-setup-action | |
with: | |
dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}" | |
concurrency_key: protocol-circuits-gates-report-${{ inputs.username || github.actor }}-x86 | |
- name: "Noir Protocol Circuits Report" | |
working-directory: ./noir-projects/ | |
timeout-minutes: 25 | |
run: | | |
earthly-ci --artifact +gates-report/gates_report.json | |
mv gates_report.json ../protocol_circuits_report.json | |
- name: Compare gates reports | |
id: gates_diff | |
uses: vezenovm/noir-gates-diff@acf12797860f237117e15c0d6e08d64253af52b6 | |
with: | |
report: protocol_circuits_report.json | |
summaryQuantile: 0 # Display any diff in gate count | |
- name: Add gates diff to sticky comment | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: marocchino/sticky-pull-request-comment@v2 | |
with: | |
# delete the comment in case changes no longer impact circuit sizes | |
delete: ${{ !steps.gates_diff.outputs.markdown }} | |
message: ${{ steps.gates_diff.outputs.markdown }} | |
merge-check: | |
runs-on: ubuntu-latest | |
needs: | |
[ | |
e2e, | |
bb-native-tests, | |
bb-bench, | |
yarn-project-formatting, | |
yarn-project-test, | |
prover-client-test, | |
bb-js-test, | |
barretenberg-acir-tests-bb-js, | |
barretenberg-acir-tests-bb, | |
barretenberg-acir-tests-sol, | |
noir-test, | |
noir-packages-test, | |
client-proof-tests, | |
] | |
if: always() | |
steps: | |
- run: | | |
failed=${{ contains(needs.*.result, 'failure') }} | |
if $failed | |
then | |
echo "At least one job failed, merging not allowed." | |
exit 1 | |
fi | |
echo "All jobs succeeded, merge allowed." | |
notify: | |
needs: | |
- merge-check | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/master' && failure() }} | |
steps: | |
- name: Send notification to aztec3-ci channel if workflow failed on master | |
uses: slackapi/slack-github-action@v1.25.0 | |
with: | |
payload: | | |
{ | |
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFY_WORKFLOW_TRIGGER_URL }} |