feat: visibility for type aliases (noir-lang/noir#6058)

feat: Sync from aztec-packages (noir-lang/noir#6151)
feat: allow silencing an unused variable defined via `let` (noir-lang/noir#6149)
feat: simplify sha256 implementation (noir-lang/noir#6142)

.gitattributes

@@ -1,5 +1,3 @@
-*.nr linguist-language=Rust
-
 .yarn/releases/** binary
 .yarn/plugins/** binary
 yarn.lock -diff

.github/workflows/ci-arm.yml

@@ -25,7 +25,7 @@ jobs:
   setup:
     uses: ./.github/workflows/setup-runner.yml
     with:
-      username: ${{ github.event.pull_request.user.login || github.actor }}
+      username: master
       runner_type: builder-arm
     secrets: inherit
 
@@ -49,24 +49,28 @@ jobs:
 
   build-images:
     needs: [setup, changes]
-    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-arm
+    # Note we don't put the 'if' here as that would also apply to dependent jobs, instead we just copy it into each step
+    runs-on: master-arm
     steps:
       # permission kludge before checkout, see https://github.com/actions/checkout/issues/211#issuecomment-611986243
       - run: sudo chown -R $USER:$USER /home/ubuntu/
+        if: needs.changes.outputs.build-images == 'true'
       - uses: actions/checkout@v4
         with: { ref: "${{ env.GIT_COMMIT }}" }
+        if: needs.changes.outputs.build-images == 'true'
       - uses: ./.github/ci-setup-action
+        if: needs.changes.outputs.build-images == 'true'
         with:
           concurrency_key: build-images-arm
       - name: "Push Build Images If Changed"
-        if: ${{ needs.changes.outputs.build-images }}
+        if: needs.changes.outputs.build-images == 'true'
         timeout-minutes: 40
         run: |
           earthly-ci --push ./build-images/+build
 
   build:
     needs: [build-images]
-    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-arm
+    runs-on: master-arm
     steps:
       # permission kludge before checkout, see https://github.com/actions/checkout/issues/211#issuecomment-611986243
       - run: sudo chown -R $USER:$USER /home/ubuntu/
@@ -84,7 +88,7 @@ jobs:
   # all the non-bench end-to-end integration tests for aztec
   e2e:
     needs: [build]
-    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-arm
+    runs-on: master-arm
     steps:
       # permission kludge before checkout, see https://github.com/actions/checkout/issues/211#issuecomment-611986243
       - run: sudo chown -R $USER:$USER /home/ubuntu/

.github/workflows/ci.yml

@@ -8,6 +8,7 @@ on:
       - reopened
       - synchronize
       - ready_for_review
+      - labeled
     branches-ignore: [devnet]
   workflow_dispatch:
     inputs: {}
@@ -54,6 +55,7 @@ jobs:
       barretenberg-cpp: ${{ steps.filter.outputs.barretenberg-cpp }}
       noir: ${{ steps.filter.outputs.noir }}
       noir-projects: ${{ steps.filter.outputs.noir-projects }}
+      txe: ${{ steps.filter.outputs.txe }}
       l1-contracts: ${{ steps.filter.outputs.l1-contracts }}
       non-docs: ${{ steps.filter.outputs.non-docs }}
       non-misc-ci: ${{ steps.filter.outputs.non-misc-ci }}
@@ -79,13 +81,16 @@ jobs:
               - 'l1-contracts/**'
             noir-projects:
               - 'noir-projects/**'
+            txe:
+              - 'yarn-project/txe/**'
             non-barretenberg-cpp:
               - '!(barretenberg/cpp/**)'
               # don't consider AVM stuff 'core bb'
               - barretenberg/cpp/pil/**
               - barretenberg/cpp/src/barretenberg/vm/**
               - barretenberg/cpp/src/barretenberg/**/generated/*
-              - barretenberg/cpp/src/barretenberg/client_ivc.{hpp,cpp}
+              - barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.{hpp,cpp}
+              - barretenberg/cpp/src/barretenberg/bb/main.cpp
             non-docs:
               - '!(docs/**)'
             non-misc-ci:
@@ -113,7 +118,7 @@ jobs:
 
   build:
     needs: [build-images, changes]
-    if: needs.changes.outputs.non-docs == 'true' && needs.changes.outputs.non-misc-ci == 'true' && needs.changes.outputs.non-barretenberg-cpp == 'true'
+    if: (needs.changes.outputs.non-docs == 'true' && needs.changes.outputs.non-misc-ci == 'true' && needs.changes.outputs.non-barretenberg-cpp == 'true') || github.ref_name == 'master'
     runs-on: ${{ github.event.pull_request.user.login || github.actor }}-x86
     outputs:
       e2e_list: ${{ steps.e2e_list.outputs.list }}
@@ -133,15 +138,29 @@ jobs:
       # (Note ARM uses just 2 tests as a smoketest)
       - name: Create list of non-bench end-to-end jobs
         id: e2e_list
-        run: echo "list=$(earthly ls ./yarn-project/end-to-end | grep -v '+base' | grep -v '+bench' | grep -v "+network" | grep -v 'devnet' | sed 's/+//' | jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
+        run: |
+          if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
+            LABELS=$(jq -r '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH")
+          else
+            LABELS=""
+          fi
+          echo Labels: $LABELS
+          echo "list=$(./scripts/ci/get_e2e_jobs.sh ${{github.ref_name}} "$LABELS")" >> $GITHUB_OUTPUT
       - name: Create list of bench end-to-end jobs
         id: bench_list
-        run: echo "list=$(earthly ls ./yarn-project/end-to-end | grep '+bench' |  sed 's/+//' | jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
+        run: |
+          if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
+            LABELS=$(jq -r '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH")
+          else
+            LABELS=""
+          fi
+          echo Labels: $LABELS
+          echo "list=$(./scripts/ci/get_bench_jobs.sh ${{github.ref_name}} "$LABELS")" >> $GITHUB_OUTPUT
 
   # all the non-bench end-to-end integration tests for aztec
   e2e:
     needs: [build, changes]
-    if: needs.changes.outputs.non-barretenberg-cpp == 'true'
+    if: needs.changes.outputs.non-barretenberg-cpp == 'true' || github.ref_name == 'master' || contains(github.event.pull_request.labels.*.name, 'e2e')
     runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
@@ -171,7 +190,7 @@ jobs:
   # all the benchmarking end-to-end integration tests for aztec (not required to merge)
   bench-e2e:
     needs: [build, changes]
-    if: needs.changes.outputs.non-barretenberg-cpp == 'true'
+    if: needs.changes.outputs.non-barretenberg-cpp == 'true' || github.ref_name == 'master' || contains(github.event.pull_request.labels.*.name, 'bench')
     runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
@@ -456,7 +475,7 @@ jobs:
   noir-projects:
     needs: [build-images, changes, build]
     runs-on: ${{ github.event.pull_request.user.login || github.actor }}-x86
-    if: needs.changes.outputs.barretenberg == 'true' || needs.changes.outputs.noir == 'true' || needs.changes.outputs.noir-projects == 'true'
+    if: needs.changes.outputs.barretenberg == 'true' || needs.changes.outputs.noir == 'true' || needs.changes.outputs.noir-projects == 'true' || needs.changes.outputs.txe == 'true'
     steps:
       - uses: actions/checkout@v4
         with: { ref: "${{ env.GIT_COMMIT }}" }
@@ -606,6 +625,7 @@ jobs:
   boxes:
     needs: build
     runs-on: ${{ github.event.pull_request.user.login || github.actor }}-x86
+    if: github.ref_name == 'master' || contains(github.event.pull_request.labels.*.name, 'boxes') || contains(github.event.pull_request.labels.*.name, 'e2e-all')
     steps:
       - uses: actions/checkout@v4
         with: { ref: "${{ github.event.pull_request.head.sha }}" }
@@ -676,6 +696,47 @@ jobs:
           delete: ${{ !steps.gates_diff.outputs.markdown }}
           message: ${{ steps.gates_diff.outputs.markdown }}
 
+  public-functions-size-report:
+    needs: [build-images, changes]
+    if: needs.changes.outputs.non-docs == 'true' && needs.changes.outputs.non-misc-ci == 'true'
+    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-x86
+    permissions:
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with: { ref: "${{ env.GIT_COMMIT }}" }
+      # Only allow one memory-hunger prover test to use this runner
+      - uses: ./.github/ci-setup-action
+        with:
+          concurrency_key: public-functions-size-report-x86
+      - name: "Aztec Public Functions Bytecode Size Report"
+        working-directory: ./noir-projects/
+        timeout-minutes: 40
+        run: |
+          earthly-ci \
+          --artifact +public-functions-report/public_functions_report.json
+          mv public_functions_report.json ../public_functions_report.json
+
+      - name: Compare public functions bytecode size reports
+        id: public_functions_sizes_diff
+        uses: noir-lang/noir-gates-diff@ef8aaf48fb833f3b6e3f91665bb23afb7e68c6e3
+        with:
+          report: public_functions_report.json
+          header: |
+            # Changes to public function bytecode sizes
+          brillig_report: true
+          brillig_report_bytes: true
+          summaryQuantile: 0 # Display any diff in bytecode size count
+
+      - name: Add bytecode size diff to sticky comment
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          header: public_functions_size
+          # delete the comment in case changes no longer impact circuit sizes
+          delete: ${{ !steps.public_functions_sizes_diff.outputs.markdown }}
+          message: ${{ steps.public_functions_sizes_diff.outputs.markdown }}
+
   merge-check:
     runs-on: ubuntu-20.04
     needs:

.github/workflows/devnet-deploys.yml

@@ -735,7 +735,7 @@ jobs:
       #   working-directory: ./yarn-project/aztec/terraform/pxe
       #   run: |
       #     set -eo pipefail
-      #     docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} set-proven-until \
+      #     docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} set-proven-through \
       #       --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \
       #       --l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \
       #       --l1-chain-id ${{ env.L1_CHAIN_ID }} \
@@ -770,7 +770,7 @@ jobs:
         run: |
           ./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }}
 
-      - name: Deploy verifier (allow failure)
+      - name: Deploy verifier
         working-directory: ./yarn-project/aztec/terraform/pxe
         run: |
           set -eo pipefail

.github/workflows/network-deploy.yml

@@ -0,0 +1,57 @@
+name: Aztec Network EKS Deployment
+
+# Manual trigerring of this workflow is intentionally disabled
+# Helm deployments do not support lock files
+# Without a lockfile, manual trigerring can lead to corrupted or partial deployments
+
+on:
+  push:
+    branches:
+      - staging
+      - production
+  pull_request:
+    branches:
+      - staging
+      - production
+
+jobs:
+  network_deployment:
+    # This job will run on Ubuntu
+    runs-on: ubuntu-latest
+    concurrency:
+      group: deploy-${{ github.ref }} # Only one job per branch
+      cancel-in-progress: false # Allow previous deployment to complete to avoid corruption
+
+    # Set up a variable based on the branch name
+    env:
+      NAMESPACE: ${{ github.ref == 'refs/heads/production' && 'production' || 'staging' }}
+      CHART_PATH: ./spartan/aztec-network
+
+    steps:
+      # Step 1: Check out the repository's code
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      # Step 2: Configure AWS credentials using GitHub Secrets
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+
+      # Step 3: Set up Kubernetes context for AWS EKS
+      - name: Configure kubectl with EKS cluster
+        run: |
+          aws eks update-kubeconfig --region us-east-2 --name spartan_cluster
+
+      # Step 4: Install Helm
+      - name: Install Helm
+        run: |
+          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+
+      # Step 5: Apply Helm Chart
+      - name: Deploy Helm chart
+        run: |
+          helm dependency update ${{ env.CHART_PATH }}
+          helm upgrade --install ${{ env.NAMESPACE }} ${{ env.CHART_PATH }} --namespace ${{ env.NAMESPACE }} --atomic

.github/workflows/redo-typo-pr.yml

@@ -0,0 +1,44 @@
+name: Redo Typo PR
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'The PR number to redo'
+        required: true
+        type: string
+
+  pull_request_target:
+    types: [labeled]
+    branches:
+      - master
+    paths-ignore:
+      - '**/README.md'
+
+jobs:
+  redo-typo-pr:
+    if: github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'redo-typo-pr')
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+      with:
+        token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+
+    - name: Authenticate with GitHub CLI
+      run: |
+        echo "${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}" | gh auth login --with-token
+
+    - name: Set git configure for commits
+      run: |
+        # Identify ourselves, needed to commit
+        git config --global user.name AztecBot
+        git config --global user.email tech@aztecprotocol.com
+
+    - name: Determine PR number
+      id: determine-pr-number
+      run: echo "PR_NUMBER=${{ github.event.inputs.pr_number || github.event.pull_request.number }}" >> $GITHUB_ENV
+
+    - name: Run repo-typo-pr script
+      run: ./scripts/redo-typo-pr ${{ env.PR_NUMBER }}

.github/workflows/rerun.yml

@@ -1,20 +1,52 @@
-# from https://github.com/orgs/community/discussions/67654
+# adapted from https://github.com/orgs/community/discussions/67654
+# altered to not rerun if we are not the newest commit in the run's branch
 on:
   workflow_dispatch:
     inputs:
       run_id:
         required: true
+
 jobs:
   rerun:
     runs-on: ubuntu-latest
     permissions:
-      actions: write
+      actions: write  # Needed for 'gh run rerun'
     steps:
-      - name: rerun ${{ inputs.run_id }}
+      - name: Wait for run to finish
         env:
           GH_REPO: ${{ github.repository }}
           GH_TOKEN: ${{ github.token }}
           GH_DEBUG: api
         run: |
           gh run watch ${{ inputs.run_id }} > /dev/null 2>&1
-          gh run rerun ${{ inputs.run_id }} --failed
+
+      - name: Rerun failed jobs if the commit is the latest on the branch
+        env:
+          GH_REPO: ${{ github.repository }}
+          GH_TOKEN: ${{ github.token }}
+          GH_DEBUG: api
+        run: |
+          RUN_ID="${{ inputs.run_id }}"
+          # Get the run details
+          RUN_INFO=$(gh run view $RUN_ID --json headSha,headBranch,event)
+          # Extract the commit SHA, branch name, and event type
+          COMMIT_SHA=$(echo "$RUN_INFO" | jq -r '.headSha')
+          BRANCH_NAME=$(echo "$RUN_INFO" | jq -r '.headBranch')
+          EVENT_TYPE=$(echo "$RUN_INFO" | jq -r '.event')
+
+          # Only proceed if the event is a pull_request
+          if [[ "$EVENT_TYPE" != "pull_request" ]]; then
+            echo "Event type is $EVENT_TYPE. Skipping rerun."
+            exit 0
+          fi
+
+          # Get the latest commit SHA on the branch
+          LATEST_COMMIT_SHA=$(gh api repos/${{ github.repository }}/commits/$BRANCH_NAME --jq .sha)
+
+          # Compare the SHAs
+          if [[ "$COMMIT_SHA" != "$LATEST_COMMIT_SHA" ]]; then
+            echo "Commit $COMMIT_SHA is not the latest commit on branch $BRANCH_NAME (latest is $LATEST_COMMIT_SHA). Skipping rerun."
+          else
+            echo "Commit $COMMIT_SHA is the latest on branch $BRANCH_NAME. Proceeding with rerun."
+            gh run rerun ${{ inputs.run_id }} --failed
+          fi