feat: bootstrap devnet on CI (#7534)

Fixes #7277 Fixes #7477 This PR adds a bootstrapping job to the automatic devnet deployments which: - Creates an account which is used to: - Deploy canonical contracts `AuthRegistry`, `KeyRegistry` & `GasToken` (soon to be fee juice) - Deploy 2 contracts, `TokenContract` (named `DEV`) and an `FPCContract` for DEV. - Updates 2 S3 buckets with the addresses of the deployed contracts (L1 & L2) Other changes: - L1 contracts now re-deploy by default. #7530 - Mainnet fork also deploys by default as I ran into some issues #7531
AztecProtocol · Jul 22, 2024 · 77ce1c3 · 77ce1c3
1 parent 6035595
commit 77ce1c3
Show file tree

Hide file tree

Showing 21 changed files with 658 additions and 243 deletions.
diff --git a/.github/scripts/extract_l1_addresses.sh b/.github/scripts/extract_l1_addresses.sh
diff --git a/.github/scripts/extract_output.sh b/.github/scripts/extract_output.sh
@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+
+TO_EXTRACT=$1
+FILE_PATH=$2
+
+if [[ $TO_EXTRACT == "l1-contracts" ]]; then
+  # Extract l1 contract addresses
+
+  JSON_OUTPUT='{'
+
+  # Read the file line by line
+  while IFS= read -r line; do
+    # Extract the hexadecimal address using awk
+    address=$(echo "$line" | awk '{print $NF}')
+
+    # Assign the address to the respective variable based on the line content
+    if [[ $line == *"Rollup Address"* ]]; then
+      export TF_VAR_ROLLUP_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "rollup_contract_address": "'$address'",'
+    elif [[ $line == *"Registry Address"* ]]; then
+      export TF_VAR_REGISTRY_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "registry_contract_address": "'$address'",'
+    elif [[ $line == *"Inbox Address"* ]]; then
+      export TF_VAR_INBOX_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "inbox_contract_address": "'$address'",'
+    elif [[ $line == *"Outbox Address"* ]]; then
+      export TF_VAR_OUTBOX_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "outbox_contract_address": "'$address'",'
+    elif [[ $line == *"Oracle Address"* ]]; then
+      export TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "availability_oracle_contract_address": "'$address'",'
+    elif [[ $line == *"Gas Token Address"* ]]; then
+      export TF_VAR_GAS_TOKEN_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "gas_token_contract_address": "'$address'",'
+    elif [[ $line == *"Gas Portal Address"* ]]; then
+      export TF_VAR_GAS_PORTAL_CONTRACT_ADDRESS=$address
+      JSON_OUTPUT+=' "gas_portal_contract_address": "'$address'",'
+    else
+      echo "Unknown contract address: $line"
+    fi
+  done <"$FILE_PATH"
+
+  # Remove the last comma and close the JSON object
+  JSON_OUTPUT=${JSON_OUTPUT%,}
+  JSON_OUTPUT+=' }'
+
+  # echo all addresses into github env
+  echo "TF_VAR_ROLLUP_CONTRACT_ADDRESS=$TF_VAR_ROLLUP_CONTRACT_ADDRESS" >>$GITHUB_ENV
+  echo "TF_VAR_REGISTRY_CONTRACT_ADDRESS=$TF_VAR_REGISTRY_CONTRACT_ADDRESS" >>$GITHUB_ENV
+  echo "TF_VAR_INBOX_CONTRACT_ADDRESS=$TF_VAR_INBOX_CONTRACT_ADDRESS" >>$GITHUB_ENV
+  echo "TF_VAR_OUTBOX_CONTRACT_ADDRESS=$TF_VAR_OUTBOX_CONTRACT_ADDRESS" >>$GITHUB_ENV
+  echo "TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS=$TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS" >>$GITHUB_ENV
+  echo "TF_VAR_GAS_TOKEN_CONTRACT_ADDRESS=$TF_VAR_GAS_TOKEN_CONTRACT_ADDRESS" >>$GITHUB_ENV
+  echo "TF_VAR_GAS_PORTAL_CONTRACT_ADDRESS=$TF_VAR_GAS_PORTAL_CONTRACT_ADDRESS" >>$GITHUB_ENV
+
+  # Output to JSON file
+  echo $JSON_OUTPUT >./l1-contracts.json
+
+elif [[ $TO_EXTRACT == "account" ]]; then
+  # Extract aztec account private key
+  OUTPUT=$(cat $FILE_PATH)
+
+  AZTEC_PRIVATE_KEY=$(echo "$OUTPUT" | grep "Private key:" | awk '{print $NF}')
+  AZTEC_ADDRESS=$(echo "$OUTPUT" | grep "Address:" | awk '{print $NF}')
+
+  # Print the private key and address into github env
+  echo "AZTEC_PRIVATE_KEY=$AZTEC_PRIVATE_KEY" >>$GITHUB_ENV
+  echo "AZTEC_ADDRESS=$AZTEC_ADDRESS" >>$GITHUB_ENV
+
+  # Export
+  export AZTEC_PRIVATE_KEY=$AZTEC_PRIVATE_KEY
+  export AZTEC_ADDRESS=$AZTEC_ADDRESS
+
+elif [[ $TO_EXTRACT == "l2-bootstrap" ]]; then
+  # Extract l2 bootstrap contract addresses
+
+  # Read the log output from a file
+  OUTPUT=$(cat $FILE_PATH)
+
+  KEY_REGISTRY_ADDRESS=$(echo "$OUTPUT" | grep "Deployed Key Registry on L2 at" | awk '{print $NF}')
+
+  AUTH_REGISTRY_ADDRESS=$(echo "$OUTPUT" | grep "Deployed Auth Registry on L2 at" | awk '{print $NF}')
+
+  FEE_JUICE_ADDRESS=$(echo "$OUTPUT" | grep "Deployed Gas Token on L2 at" | awk '{print $NF}')
+
+  # Print the extracted into github env
+  echo "KEY_REGISTRY_ADDRESS=$KEY_REGISTRY_ADDRESS" >>$GITHUB_ENV
+  echo "AUTH_REGISTRY_ADDRESS=$AUTH_REGISTRY_ADDRESS" >>$GITHUB_ENV
+  echo "FEE_JUICE_ADDRESS=$FEE_JUICE_ADDRESS" >>$GITHUB_ENV
+
+  # Export
+  export KEY_REGISTRY_ADDRESS=$KEY_REGISTRY_ADDRESS
+  export AUTH_REGISTRY_ADDRESS=$AUTH_REGISTRY_ADDRESS
+  export FEE_JUICE_ADDRESS=$FEE_JUICE_ADDRESS
+
+elif [[ $TO_EXTRACT == "l2-contract" ]]; then
+  # Extract l2 contract addresses
+
+  TOKEN_CONTRACT_NAME=$3
+
+  OUTPUT=$(cat $FILE_PATH)
+
+  CONTRACT_ADDRESS=$(echo "$OUTPUT" | grep "Contract deployed at" | awk '{print $NF}')
+
+  echo "$TOKEN_CONTRACT_NAME=$CONTRACT_ADDRESS" >>$GITHUB_ENV
+
+  # Export
+  export $TOKEN_CONTRACT_NAME=$CONTRACT_ADDRESS
+fi
diff --git a/.github/scripts/wait_for_fork.sh b/.github/scripts/wait_for_fork.sh
diff --git a/.github/scripts/wait_for_infra.sh b/.github/scripts/wait_for_infra.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+INFRA=$1
+DEPLOY_TAG=$2
+API_KEY=$3
+
+# When destroying and applying terraforms, they may not be
+# ready for a while, as it must register with DNS etc.
+# This script waits on a healthy status from the infra - a valid response to a request
+# We retry every 20 seconds, and wait for a total of 5 minutes (15 times)
+
+if [ "$INFRA" == "mainnet-fork" ]; then
+  export ETHEREUM_HOST="https://$DEPLOY_TAG-mainnet-fork.aztec.network:8545/$API_KEY"
+  curl -H "Content-Type: application/json" -X POST --data '{"method":"eth_chainId","params":[],"id":49,"jsonrpc":"2.0"}' \
+    --connect-timeout 30 \
+    --retry 15 \
+    --retry-delay 20 \
+    $ETHEREUM_HOST
+elif [ "$INFRA" == "pxe" ]; then
+  export PXE_URL="https://api.aztec.network/$DEPLOY_TAG/aztec-pxe/$API_KEY/status"
+  curl \
+    --connect-timeout 30 \
+    --retry 15 \
+    --retry-delay 20 \
+    $PXE_URL
+else
+  echo "Invalid infra type"
+  exit 1
+fi
diff --git a/.github/workflows/devnet-deploys.yml b/.github/workflows/devnet-deploys.yml
@@ -11,7 +11,6 @@ env:
   DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
   GIT_COMMIT: ${{ github.sha }}
   DEPLOY_TAG: devnet
-  FILE_PATH: ./l1-contracts/addresses.txt
   L1_CHAIN_ID: 677692
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -34,13 +33,9 @@ jobs:
       username: master
       runner_type: builder-x86
     secrets: inherit
-
   build:
     needs: setup
     runs-on: ${{ github.actor }}-x86
-    outputs:
-      l1_contracts_changed: ${{ steps.check_l1_changes.outputs.result }}
-      mainnet_fork_changed: ${{ steps.check_fork_changes.outputs.result }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -52,21 +47,10 @@ jobs:
           dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}"
       - name: "Build & Push aztec images"
         timeout-minutes: 40
-        # Run the build steps for each image with version and arch, push to dockerhub
         run: |
           earthly-ci \
           --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ env.DEPLOY_TAG }}
 
-      - name: Check if L1 contracts need deployment
-        id: check_l1_changes
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const { execSync } = require('child_process');
-            const changedFiles = execSync('git diff --name-only ${{ github.event.before }} ${{ github.sha }}').toString().split('\n');
-            const fileChanged = changedFiles.some(file => file.startsWith('l1-contracts'));
-            return fileChanged
-
       - name: Check if mainnet fork needs deployment
         id: check_fork_changes
         uses: actions/github-script@v7
@@ -104,59 +88,127 @@ jobs:
           aws-region: eu-west-2
 
       - name: Deploy mainnet fork
-        if: needs.build.outputs.mainnet_fork_changed == 'true'
         working-directory: ./iac/mainnet-fork/terraform
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/mainnet-fork"
-          terraform apply -input=false -auto-approve -replace="aws_ecs_service.aztec_mainnet_fork" -replace="aws_efs_file_system.aztec_mainnet_fork_data_store"
+          terraform apply -input=false -auto-approve -replace="aws_efs_file_system.aztec_mainnet_fork_data_store"
 
       - name: Wait for mainnet fork deployment
-        if: needs.build.outputs.mainnet_fork_changed == 'true'
         run: |
-          ./.github/scripts/wait_for_fork.sh ${{ env.DEPLOY_TAG }} ${{ secrets.FORK_API_KEY }}
+          ./.github/scripts/wait_for_infra.sh mainnet-fork ${{ env.DEPLOY_TAG }} ${{ secrets.FORK_API_KEY }}
 
       - name: Deploy L1 Contracts
-        if: needs.build.outputs.l1_contracts_changed == 'true' || needs.build.outputs.mainnet_fork_changed == 'true'
         run: |
           docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
           docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-l1-contracts \
             --private-key ${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }} \
             --rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/${{ secrets.FORK_API_KEY }} \
             --l1-chain-id ${{ env.L1_CHAIN_ID }} \
-            | tee ${{ env.FILE_PATH }}
-          ./.github/scripts/extract_l1_addresses.sh ${{ env.FILE_PATH }}
+            | tee  ./l1-contracts/addresses.txt
+          ./.github/scripts/extract_output.sh l1-contracts ./l1-contracts/addresses.txt
 
       - name: Apply l1-contracts Terraform
-        if: needs.build.outputs.l1_contracts_changed == 'true' || needs.build.outputs.mainnet_fork_changed == 'true'
         working-directory: ./l1-contracts/terraform
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/l1-contracts"
           terraform apply -input=false -auto-approve
 
-      - name: Deploy P2P Bootstrap Nodes
-        working-directory: ./yarn-project/p2p-bootstrap/terraform
+      - name: Upload L1 contract addresses to S3
         run: |
-          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/p2p-bootstrap"
-          terraform apply -input=false -auto-approve
+          aws s3 cp ./l1-contracts.json s3://aztec-${{ env.DEPLOY_TAG }}-deployments/l1_contract_addresses.json
 
       - name: Init Aztec Node Terraform
         working-directory: ./yarn-project/aztec/terraform/node
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node"
 
-      - name: Taint node filesystem if L1 contracts are redeployed
-        if: needs.build.outputs.l1_contracts_changed == 'true'
-        working-directory: ./yarn-project/aztec/terraform/node
-        run: |
-          terraform taint aws_efs_file_system.node_data_store
-
       - name: Deploy Aztec Nodes
         working-directory: ./yarn-project/aztec/terraform/node
         run: |
-          terraform apply -input=false -auto-approve
+          terraform apply -input=false -auto-approve -replace="aws_efs_file_system.node_data_store"
 
       - name: Deploy Provers
         working-directory: ./yarn-project/aztec/terraform/prover
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/prover"
           terraform apply -input=false -auto-approve
+
+      - name: Deploy PXE
+        working-directory: ./yarn-project/aztec/terraform/pxe
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy P2P Bootstrap Nodes
+        working-directory: ./yarn-project/p2p-bootstrap/terraform
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/p2p-bootstrap"
+          terraform apply -input=false -auto-approve
+
+  bootstrap:
+    runs-on: ubuntu-latest
+    needs: terraform_deploy
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: "${{ env.GIT_COMMIT }}"
+
+      - uses: ./.github/ci-setup-action
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Wait for PXE to be available
+        run: |
+          ./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ secrets.FORK_API_KEY }}
+
+      - name: Bootstrap devnet
+        run: |
+          docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} bootstrap \
+            --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ secrets.FORK_API_KEY }} \
+            --l1-chain-id ${{ env.L1_CHAIN_ID }} \
+            | tee  ./bootstrap_addresses.txt
+          source ./.github/scripts/extract_output.sh l2-bootstrap ./bootstrap_addresses.txt
+
+      - name: Deploy contracts
+        run: |
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} create-account \
+            --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ secrets.FORK_API_KEY }} \
+            | tee ./account.txt
+          source ./.github/scripts/extract_output.sh account ./account.txt
+          echo "PK: $AZTEC_PRIVATE_KEY"
+          echo "CA: $AZTEC_ADDRESS"
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy TokenContract \
+            --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ secrets.FORK_API_KEY }} \
+            --args $AZTEC_ADDRESS DevCoin DEV 18 \
+            --private-key $AZTEC_PRIVATE_KEY \
+            --public-deployment \
+            --class-registration \
+            | tee ./token_contract.txt
+          source ./.github/scripts/extract_output.sh l2-contract ./token_contract.txt TOKEN_CONTRACT_ADDRESS
+
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy FPCContract \
+            --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ secrets.FORK_API_KEY }} \
+            --args $TOKEN_CONTRACT_ADDRESS $FEE_JUICE_ADDRESS \
+            --private-key $AZTEC_PRIVATE_KEY \
+            --public-deployment \
+            --class-registration \
+            | tee ./fpc_contract.txt
+          source ./.github/scripts/extract_output.sh l2-contract ./fpc_contract.txt FPC_CONTRACT_ADDRESS
+
+      - name: Upload addreses to S3
+        run: |
+          echo '{
+            "fee_juice_address": "'$FEE_JUICE_ADDRESS'",
+            "key_registry_address": "'$KEY_REGISTRY_ADDRESS'",
+            "auth_registry_address": "'$AUTH_REGISTRY_ADDRESS'",
+            "token_contract_address": "'$TOKEN_CONTRACT_ADDRESS'",
+            "fpc_contract_address": "'$FPC_CONTRACT_ADDRESS'
+          }' > ./l2_addresses.json
+
+          aws s3 cp ./l2_addresses.json s3://aztec-${{ env.DEPLOY_TAG }}-deployments/l2_contract_addresses.json