Deploy to network #403

Workflow file for this run

.github/workflows/devnet-deploys.yml at 0e22278

	name: Deploy to network
	on:
	# push:
	# branches: [devnet, provernet, adamnet]
	workflow_dispatch:
	inputs:
	no_rebuild_images:
	description: "Don't rebuild images"
	required: false
	type: boolean
	no_deploy:
	description: "Skip deployment (only release images)"
	required: false
	type: boolean

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	# We only reference secret variables here where we put them into the environment so as to not create confusion

	# Anvil Accounts. Anvil provides 10 pre-funded accounts for the mnemonic we have specified in FORK_MNEMONIC. We are using:
	# 1. The first account (index 0) is used in SEQ_1_PUBLISHER_PRIVATE_KEY
	# 2. The 3rd account (index 2) is used in PROVER_1_PUBLISHER_PRIVATE_KEY
	# 3. The 9th account (index 8) is used in this workflow for deploying contracts etc
	# 4. The 10th account (index 9) is used by the deployed faucet
	# TODO: Convert all this so we take the provided mnemonic and derive the keys from the above indices
	env:
	DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
	GIT_COMMIT: ${{ github.sha }}
	DEPLOY_TAG: none
	L1_CHAIN_ID: 677692
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	API_KEY: ${{ secrets.DEVNET_API_KEY }}
	FORK_ADMIN_API_KEY: ${{ secrets.DEVNET_API_KEY }}
	FORK_MNEMONIC: ${{ secrets.FORK_MNEMONIC }}
	CONTRACT_PUBLISHER_PRIVATE_KEY: ${{ secrets.CONTRACT_PUBLISHER_PRIVATE_KEY }}
	CONTRACT_S3_BUCKET: s3://static.aztec.network

	# TF Vars
	TF_VAR_DOCKERHUB_ACCOUNT: aztecprotocol
	TF_VAR_L1_CHAIN_ID: 677692
	TF_VAR_DEPLOY_TAG: none
	TF_VAR_IMAGE_TAG: ${{ github.sha }}
	TF_VAR_API_KEY: ${{ secrets.DEVNET_API_KEY }}

	# Node / Sequencer
	TF_VAR_BOOTSTRAP_NODES: ""
	TF_VAR_P2P_ENABLED: "false"
	TF_VAR_SEQUENCER_PRIVATE_KEYS: '["${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }}"]'
	TF_VAR_NODE_P2P_PRIVATE_KEYS: '[""]'
	TF_VAR_SEQ_MAX_SECONDS_BETWEEN_BLOCKS: 0 # disable auto block building
	TF_VAR_SEQ_MIN_SECONDS_BETWEEN_BLOCKS: 0 # disable auto block building
	TF_VAR_SEQ_MIN_TX_PER_BLOCK: 1
	TF_VAR_SEQ_MAX_TX_PER_BLOCK: 64
	TF_VAR_NODE_P2P_TCP_PORT: 40000
	TF_VAR_NODE_P2P_UDP_PORT: 45000
	TF_VAR_NODE_LB_RULE_PRIORITY: 500

	# Prover Node
	TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: 6000
	TF_VAR_PROVER_PRIVATE_KEYS: '["${{ secrets.PROVER_1_PUBLISHER_PRIVATE_KEY }}"]'

	# Anvil
	TF_VAR_FORK_MNEMONIC: ${{ secrets.FORK_MNEMONIC }}
	TF_VAR_INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets.DEVNET_API_KEY }}
	TF_VAR_MAINNET_FORK_CPU_UNITS: 2048
	TF_VAR_MAINNET_FORK_MEMORY_UNITS: 4096

	# Faucet
	TF_VAR_FAUCET_ACCOUNT_INDEX: 9
	TF_VAR_FAUCET_LB_RULE_PRIORITY: 600

	# Prover
	TF_VAR_AGENTS_PER_PROVER: 1
	TF_VAR_PROVING_ENABLED: false

	# Transaction Bot
	TF_VAR_BOT_API_KEY: ${{ secrets.BOT_API_KEY }}
	TF_VAR_BOT_PRIVATE_KEY: ""
	TF_VAR_BOT_NO_START: true
	TF_VAR_BOT_PRIVATE_TRANSFERS_PER_TX: 0 # no private transfers
	TF_VAR_BOT_PUBLIC_TRANSFERS_PER_TX: 1
	TF_VAR_BOT_TX_MINED_WAIT_SECONDS: 4800
	TF_VAR_BOT_FOLLOW_CHAIN: "PROVEN"
	TF_VAR_BOT_TX_INTERVAL_SECONDS: 180
	TF_VAR_BOT_COUNT: 1
	TF_VAR_BOT_FLUSH_SETUP_TRANSACTIONS: false
	TF_VAR_BOT_MAX_PENDING_TXS: 1

	# PXE
	TF_VAR_PXE_LB_RULE_PRIORITY: 4000

	jobs:
	setup:
	uses: ./.github/workflows/setup-runner.yml
	with:
	username: ${{ github.actor }}
	runner_type: builder-x86
	secrets: inherit

	# Set network specific variables as outputs from this job to be referenced in later jobs
	set-network:
	needs: setup
	runs-on: ${{ github.actor }}-x86
	outputs:
	deploy_tag: ${{ steps.set_network_vars.outputs.deploy_tag }}
	branch_name: ${{ steps.set_network_vars.outputs.branch_name }}
	network_api_key: ${{ steps.set_network_vars.outputs.network_api_key }}
	network_fork_admin_api_key: ${{ steps.set_network_vars.outputs.network_fork_admin_api_key }}
	agents_per_prover: ${{ steps.set_network_vars.outputs.agents_per_prover }}
	bot_interval: ${{ steps.set_network_vars.outputs.bot_interval }}
	node_tcp_range_start: ${{ steps.set_network_vars.outputs.node_tcp_range_start }}
	node_udp_range_start: ${{ steps.set_network_vars.outputs.node_udp_range_start }}
	prover_node_tcp_range_start: ${{ steps.set_network_vars.outputs.prover_node_tcp_range_start }}
	prover_node_udp_range_start: ${{ steps.set_network_vars.outputs.prover_node_udp_range_start }}
	node_lb_priority_range_start: ${{ steps.set_network_vars.outputs.node_lb_priority_range_start }}
	pxe_lb_priority_range_start: ${{ steps.set_network_vars.outputs.pxe_lb_priority_range_start }}
	prover_node_lb_priority_range_start: ${{ steps.set_network_vars.outputs.prover_node_lb_priority_range_start }}
	faucet_lb_priority: ${{ steps.set_network_vars.outputs.faucet_lb_priority }}
	max_txs_per_block: ${{ steps.set_network_vars.outputs.max_txs_per_block }}
	bot_follow_chain: ${{ steps.set_network_vars.outputs.bot_follow_chain }}
	min_txs_per_block: ${{ steps.set_network_vars.outputs.min_txs_per_block }}
	bot_flush_setup_txs: ${{ steps.set_network_vars.outputs.bot_flush_setup_txs }}
	bot_max_pending_txs: ${{ steps.set_network_vars.outputs.bot_max_pending_txs }}
	mainnet_fork_cpu_units: ${{ steps.set_network_vars.outputs.mainnet_fork_cpu_units }}
	mainnet_fork_memory_units: ${{ steps.set_network_vars.outputs.mainnet_fork_memory_units }}
	bot_skip_simulation: ${{ steps.set_network_vars.outputs.bot_skip_simulation }}
	bot_l2_gas_limit: ${{ steps.set_network_vars.outputs.bot_l2_gas_limit }}
	bot_da_gas_limit: ${{ steps.set_network_vars.outputs.bot_da_gas_limit }}
	bot_count: ${{ steps.set_network_vars.outputs.bot_count }}
	steps:
	- name: Set network vars
	shell: bash
	run: \|
	env
	export BRANCH_NAME=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
	if [ "$BRANCH_NAME" = "devnet" ]
	then
	echo "deploy_tag=devnet" >> $GITHUB_OUTPUT
	echo "branch_name=devnet" >> $GITHUB_OUTPUT
	echo "network_api_key=DEVNET_API_KEY" >> $GITHUB_OUTPUT
	echo "network_fork_admin_api_key=DEVNET_API_KEY" >> $GITHUB_OUTPUT
	echo "agents_per_prover=2" >> $GITHUB_OUTPUT
	echo "bot_interval=180" >> $GITHUB_OUTPUT
	echo "node_tcp_range_start=40100" >> $GITHUB_OUTPUT
	echo "node_udp_range_start=45100" >> $GITHUB_OUTPUT
	echo "prover_node_tcp_range_start=41100" >> $GITHUB_OUTPUT
	echo "prover_node_udp_range_start=46100" >> $GITHUB_OUTPUT
	echo "node_lb_priority_range_start=4100" >> $GITHUB_OUTPUT
	echo "pxe_lb_priority_range_start=5100" >> $GITHUB_OUTPUT
	echo "prover_node_lb_priority_range_start=6100" >> $GITHUB_OUTPUT
	echo "faucet_lb_priority=601" >> $GITHUB_OUTPUT
	echo "min_txs_per_block=1" >> $GITHUB_OUTPUT
	echo "max_txs_per_block=64" >> $GITHUB_OUTPUT
	echo "bot_follow_chain=PROVEN" >> $GITHUB_OUTPUT
	echo "bot_flush_setup_txs=false" >> $GITHUB_OUTPUT
	echo "bot_max_pending_txs=1" >> $GITHUB_OUTPUT
	echo "mainnet_fork_cpu_units=2048" >> $GITHUB_OUTPUT
	echo "mainnet_fork_memory_units=4096" >> $GITHUB_OUTPUT
	echo "bot_skip_simulation=false" >> $GITHUB_OUTPUT
	echo "bot_l2_gas_limit=" >> $GITHUB_OUTPUT
	echo "bot_da_gas_limit=" >> $GITHUB_OUTPUT
	echo "bot_count=1" >> $GITHUB_OUTPUT
	elif [ "$BRANCH_NAME" = "provernet" ]
	then
	echo "deploy_tag=provernet" >> $GITHUB_OUTPUT
	echo "branch_name=provernet" >> $GITHUB_OUTPUT
	echo "network_api_key=PROVERNET_API_KEY" >> $GITHUB_OUTPUT
	echo "network_fork_admin_api_key=PROVERNET_FORK_ADMIN_API_KEY" >> $GITHUB_OUTPUT
	echo "agents_per_prover=8" >> $GITHUB_OUTPUT
	echo "bot_interval=10" >> $GITHUB_OUTPUT
	echo "node_tcp_range_start=40200" >> $GITHUB_OUTPUT
	echo "node_udp_range_start=45200" >> $GITHUB_OUTPUT
	echo "prover_node_tcp_range_start=41200" >> $GITHUB_OUTPUT
	echo "prover_node_udp_range_start=46200" >> $GITHUB_OUTPUT
	echo "node_lb_priority_range_start=4200" >> $GITHUB_OUTPUT
	echo "pxe_lb_priority_range_start=5200" >> $GITHUB_OUTPUT
	echo "prover_node_lb_priority_range_start=6200" >> $GITHUB_OUTPUT
	echo "faucet_lb_priority=602" >> $GITHUB_OUTPUT
	echo "min_txs_per_block=4" >> $GITHUB_OUTPUT
	echo "max_txs_per_block=4" >> $GITHUB_OUTPUT
	echo "bot_follow_chain=NONE" >> $GITHUB_OUTPUT
	echo "bot_flush_setup_txs=true" >> $GITHUB_OUTPUT
	echo "bot_max_pending_txs=32" >> $GITHUB_OUTPUT
	echo "mainnet_fork_cpu_units=8192" >> $GITHUB_OUTPUT
	echo "mainnet_fork_memory_units=32768" >> $GITHUB_OUTPUT
	echo "bot_skip_simulation=true" >> $GITHUB_OUTPUT
	echo "bot_l2_gas_limit=1000000000" >> $GITHUB_OUTPUT
	echo "bot_da_gas_limit=1000000000" >> $GITHUB_OUTPUT
	echo "bot_count=1" >> $GITHUB_OUTPUT
	elif [ "$BRANCH_NAME" = "ad/adamnet" ]
	then
	echo "deploy_tag=adamnet" >> $GITHUB_OUTPUT
	echo "branch_name=ad/adamnet" >> $GITHUB_OUTPUT
	echo "network_api_key=adamnet_API_KEY" >> $GITHUB_OUTPUT
	echo "network_fork_admin_api_key=adamnet_API_KEY" >> $GITHUB_OUTPUT
	echo "agents_per_prover=1" >> $GITHUB_OUTPUT
	echo "bot_interval=10" >> $GITHUB_OUTPUT
	echo "node_tcp_range_start=40000" >> $GITHUB_OUTPUT
	echo "node_udp_range_start=45000" >> $GITHUB_OUTPUT
	echo "prover_node_tcp_range_start=41000" >> $GITHUB_OUTPUT
	echo "prover_node_udp_range_start=46000" >> $GITHUB_OUTPUT
	echo "node_lb_priority_range_start=4000" >> $GITHUB_OUTPUT
	echo "pxe_lb_priority_range_start=5000" >> $GITHUB_OUTPUT
	echo "prover_node_lb_priority_range_start=6000" >> $GITHUB_OUTPUT
	echo "faucet_lb_priority=600" >> $GITHUB_OUTPUT
	echo "min_txs_per_block=1" >> $GITHUB_OUTPUT
	echo "max_txs_per_block=64" >> $GITHUB_OUTPUT
	echo "bot_follow_chain=PROVEN" >> $GITHUB_OUTPUT
	echo "bot_flush_setup_txs=false" >> $GITHUB_OUTPUT
	echo "bot_max_pending_txs=1" >> $GITHUB_OUTPUT
	echo "mainnet_fork_cpu_units=2048" >> $GITHUB_OUTPUT
	echo "mainnet_fork_memory_units=4096" >> $GITHUB_OUTPUT
	echo "bot_skip_simulation=false" >> $GITHUB_OUTPUT
	echo "bot_l2_gas_limit=" >> $GITHUB_OUTPUT
	echo "bot_da_gas_limit=" >> $GITHUB_OUTPUT
	echo "bot_count=1" >> $GITHUB_OUTPUT
	else
	echo "Unrecognized Branch!!"
	exit 1
	fi
	id: set_network_vars

	build-mainnet-fork:
	needs: set-network
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }}
	runs-on: ${{ github.actor }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	fetch-depth: 0
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-mainnet-fork-${{ github.actor }}
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"

	- name: Build & push mainnet fork image
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	earthly-ci --no-output --push ./iac/mainnet-fork+export-mainnet-fork --DIST_TAG=${{ env.DEPLOY_TAG }}
	earthly-ci --no-output --push ./iac/mainnet-fork+export-mainnet-fork --DIST_TAG=${{ github.sha }}

	build-aztec:
	needs: set-network
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }}
	runs-on: ${{ github.actor }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	fetch-depth: 0
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-aztec-${{ github.actor }}
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"
	- name: "Build & Push aztec images"
	timeout-minutes: 40
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	env
	earthly-ci --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ github.sha }} --ARCH=x86_64
	earthly-ci --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ env.DEPLOY_TAG }} --ARCH=x86_64

	- name: "Re-tag Aztec image"
	if: ${{ github.event.inputs.no_rebuild_images == 'true' }}
	run: \|
	env
	docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}-x86_64
	docker tag aztecprotocol/aztec:${{ env.DEPLOY_TAG }}-x86_64 aztecprotocol/aztec:${{ github.sha }}-x86_64
	docker push aztecprotocol/aztec:${{ github.sha }}-x86_64

	build-aztec-nargo:
	needs: [set-network, build-aztec]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }}
	runs-on: ${{ github.actor }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	fetch-depth: 0
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-aztec-nargo-${{ github.actor }}
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"

	- name: Build & push aztec nargo image
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	earthly-ci --no-output --push ./aztec-nargo+export-aztec-nargo --DIST_TAG=${{ github.sha }} --ARCH=x86_64
	earthly-ci --no-output --push ./aztec-nargo+export-aztec-nargo --DIST_TAG=${{ env.DEPLOY_TAG }} --ARCH=x86_64

	publish-aztec-manifests:
	needs: [set-network, build-aztec, build-aztec-nargo]
	env:
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	- uses: ./.github/ci-setup-action
	with:
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"

	- name: "Publish aztec manifests"
	run: \|
	env
	docker pull aztecprotocol/aztec:${{ github.sha }}-x86_64

	docker manifest create aztecprotocol/aztec:${{ env.DEPLOY_TAG }} \
	aztecprotocol/aztec:${{ github.sha }}-x86_64
	docker manifest create aztecprotocol/aztec:${{ github.sha }} \
	aztecprotocol/aztec:${{ github.sha }}-x86_64

	docker manifest push aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
	docker manifest push aztecprotocol/aztec:${{ github.sha }}

	- name: "Publish aztec-nargo manifests"
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	docker pull aztecprotocol/aztec-nargo:${{ github.sha }}-x86_64

	docker manifest create aztecprotocol/aztec-nargo:${{ env.DEPLOY_TAG }} \
	aztecprotocol/aztec-nargo:${{ github.sha }}-x86_64
	docker manifest create aztecprotocol/aztec-nargo:${{ github.sha }} \
	aztecprotocol/aztec-nargo:${{ github.sha }}-x86_64

	docker manifest push aztecprotocol/aztec-nargo:${{ env.DEPLOY_TAG }}
	docker manifest push aztecprotocol/aztec-nargo:${{ github.sha }}

	build-faucet:
	needs: [set-network, build-aztec]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }}
	runs-on: ${{ github.actor }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	fetch-depth: 0
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-faucet-${{ github.actor }}
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"
	- name: "Build & Push aztec images"
	timeout-minutes: 40
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	env
	earthly-ci --no-output --push ./yarn-project+export-aztec-faucet --DIST_TAG=${{ env.DEPLOY_TAG }}
	earthly-ci --no-output --push ./yarn-project+export-aztec-faucet --DIST_TAG=${{ github.sha }}

	- name: "Re-tag Aztec image"
	if: ${{ github.event.inputs.no_rebuild_images == 'true' }}
	run: \|
	env
	docker pull aztecprotocol/aztec-faucet:${{ env.DEPLOY_TAG }}
	docker tag aztecprotocol/aztec-faucet:${{ env.DEPLOY_TAG }} aztecprotocol/aztec-faucet:${{ github.sha }}
	docker push aztecprotocol/aztec-faucet:${{ github.sha }}

	build-cli-wallet:
	needs: [set-network, build-aztec]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	API_KEY_NAME: ${{ needs.set-network.outputs.network_api_key }}
	runs-on: ${{ github.actor }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	fetch-depth: 0
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-cli-wallet-${{ github.actor }}
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"
	- name: "Build & Push aztec images"
	timeout-minutes: 40
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	env
	earthly-ci --no-output --push ./yarn-project+export-cli-wallet --DIST_TAG=${{ env.DEPLOY_TAG }} --ARCH=x86_64
	earthly-ci --no-output --push ./yarn-project+export-cli-wallet --DIST_TAG=${{ github.sha }} --ARCH=x86_64

	publish-cli-wallet-manifest:
	needs: [set-network, build-cli-wallet]
	env:
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	runs-on: ${{ github.actor }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	fetch-depth: 0
	- uses: ./.github/ci-setup-action
	with:
	dockerhub_password: "${{ env.DOCKERHUB_PASSWORD }}"

	- name: "Publish aztec CLI wallet manifests"
	if: ${{ github.event.inputs.no_rebuild_images == 'false' }}
	run: \|
	env
	docker pull aztecprotocol/cli-wallet:${{ github.sha }}-x86_64

	docker manifest create aztecprotocol/cli-wallet:${{ env.DEPLOY_TAG }} \
	aztecprotocol/cli-wallet:${{ github.sha }}-x86_64
	docker manifest create aztecprotocol/cli-wallet:${{ github.sha }} \
	aztecprotocol/cli-wallet:${{ github.sha }}-x86_64

	docker manifest push aztecprotocol/cli-wallet:${{ env.DEPLOY_TAG }}
	docker manifest push aztecprotocol/cli-wallet:${{ github.sha }}

	build-end:
	runs-on: ubuntu-latest
	needs:
	[
	set-network,
	build-faucet,
	build-mainnet-fork,
	publish-aztec-manifests,
	publish-cli-wallet-manifest,
	]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	- uses: ./.github/ci-setup-action
	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.7.5

	terraform-deploy:
	if: ${{ github.event.inputs.no_deploy == 'false' }}
	runs-on: ubuntu-latest
	needs: [build-end, set-network]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_AGENTS_PER_PROVER: ${{ needs.set-network.outputs.agents_per_prover }}
	TF_VAR_BOT_TX_INTERVAL_SECONDS: ${{ needs.set-network.outputs.bot_interval }}
	TF_VAR_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.node_lb_priority_range_start }}
	TF_VAR_PXE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.pxe_lb_priority_range_start }}
	TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.prover_node_lb_priority_range_start }}
	TF_VAR_SEQ_MIN_TX_PER_BLOCK: 1
	TF_VAR_SEQ_MAX_TX_PER_BLOCK: ${{ needs.set-network.outputs.max_txs_per_block }}
	TF_VAR_MAINNET_FORK_CPU_UNITS: ${{ needs.set-network.outputs.mainnet_fork_cpu_units }}
	TF_VAR_MAINNET_FORK_MEMORY_UNITS: ${{ needs.set-network.outputs.mainnet_fork_memory_units }}
	TF_VAR_BOT_SKIP_PUBLIC_SIMULATION: ${{ needs.set-network.outputs.bot_skip_simulation }}
	TF_VAR_BOT_L2_GAS_LIMIT: ${{ needs.set-network.outputs.bot_l2_gas_limit }}
	TF_VAR_BOT_DA_GAS_LIMIT: ${{ needs.set-network.outputs.bot_da_gas_limit }}
	TF_VAR_BOT_COUNT: ${{ needs.set-network.outputs.bot_count }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	- uses: ./.github/ci-setup-action
	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.7.5

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-west-2

	- name: Deploy mainnet fork
	working-directory: ./iac/mainnet-fork/terraform
	run: \|
	env
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/mainnet-fork"
	terraform apply -input=false -auto-approve -replace="aws_efs_file_system.aztec_mainnet_fork_data_store"

	- name: Wait for mainnet fork deployment
	run: \|
	./.github/scripts/wait_for_infra.sh mainnet-fork ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }}

	- name: Deploy L1 Contracts
	run: \|
	set -e
	set -o pipefail

	docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
	docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-l1-contracts \
	--private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }} \
	--rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \
	--l1-chain-id ${{ env.L1_CHAIN_ID }} \
	--salt ${{ github.run_id }} \
	--json \| tee ./l1_contracts.json

	# upload contract addresses to S3
	aws s3 cp ./l1_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/l1_contracts.json

	# export contract addresses so they can be used by subsequent terraform deployments
	function extract() {
	jq -r ".$1" ./l1_contracts.json
	}

	echo "TF_VAR_ROLLUP_CONTRACT_ADDRESS=$(extract rollupAddress)" >>$GITHUB_ENV
	echo "TF_VAR_REGISTRY_CONTRACT_ADDRESS=$(extract registryAddress)" >>$GITHUB_ENV
	echo "TF_VAR_INBOX_CONTRACT_ADDRESS=$(extract inboxAddress)" >>$GITHUB_ENV
	echo "TF_VAR_OUTBOX_CONTRACT_ADDRESS=$(extract outboxAddress)" >>$GITHUB_ENV
	echo "TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS=$(extract availabilityOracleAddress)" >>$GITHUB_ENV
	echo "TF_VAR_FEE_JUICE_CONTRACT_ADDRESS=$(extract feeJuiceAddress)" >>$GITHUB_ENV
	echo "TF_VAR_FEE_JUICE_PORTAL_CONTRACT_ADDRESS=$(extract feeJuicePortalAddress)" >>$GITHUB_ENV

	- name: Apply l1-contracts Terraform
	working-directory: ./l1-contracts/terraform
	run: \|
	env
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/l1-contracts"
	terraform apply -input=false -auto-approve

	- name: Disable transactions bot
	working-directory: ./yarn-project/aztec/terraform/bot
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/bot"
	terraform apply -input=false -auto-approve

	- name: Deploy Aztec Nodes
	working-directory: ./yarn-project/aztec/terraform/node
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node"
	terraform apply -input=false -auto-approve -replace="aws_efs_file_system.node_data_store" -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.node_udp_range_start }}"

	- name: Deploy Aztec Prover Nodes
	working-directory: ./yarn-project/aztec/terraform/prover-node
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-prover-node"
	terraform apply -input=false -auto-approve -replace="aws_efs_file_system.prover_node_data_store" -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.prover_node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.prover_node_udp_range_start }}"

	- name: Deploy Provers
	working-directory: ./yarn-project/aztec/terraform/prover
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/prover"
	terraform apply -input=false -auto-approve

	- name: Deploy PXE
	working-directory: ./yarn-project/aztec/terraform/pxe
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe"
	terraform apply -input=false -auto-approve -replace="aws_efs_file_system.pxe_data_store"

	bootstrap:
	if: ${{ github.event.inputs.no_deploy == 'false' }}
	runs-on: ubuntu-latest
	needs: [terraform-deploy, set-network]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"

	- uses: ./.github/ci-setup-action

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-west-2

	- name: Wait for PXE to be available
	run: \|
	env
	./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }}

	- name: Deploy protocol contracts
	run: \|
	set -e
	set -o pipefail
	docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
	docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-protocol-contracts \
	--rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \
	--l1-chain-id ${{ env.L1_CHAIN_ID }} \
	--json \| tee ./protocol_contracts.json

	aws s3 cp ./protocol_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/protocol_contracts.json

	- name: Bootstrap network
	run: \|
	set -e
	set -o pipefail
	docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} bootstrap-network \
	--rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \
	--l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \
	--l1-chain-id ${{ env.L1_CHAIN_ID }} \
	--l1-private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }} \
	--json \| tee ./basic_contracts.json

	aws s3 cp ./basic_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/basic_contracts.json

	deploy-faucet:
	if: ${{ github.event.inputs.no_deploy == 'false' }}
	runs-on: ubuntu-latest
	needs: [terraform-deploy, bootstrap, set-network]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FAUCET_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.faucet_lb_priority }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	- uses: ./.github/ci-setup-action
	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.7.5

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-west-2

	- name: Retrieve contract addresses
	run: \|
	set -e
	aws s3 cp ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/l1_contracts.json ./l1_contracts.json
	aws s3 cp ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/basic_contracts.json ./basic_contracts.json

	echo "TF_VAR_FEE_JUICE_CONTRACT_ADDRESS=$(jq -r '.feeJuiceAddress' ./l1_contracts.json)" >>$GITHUB_ENV
	echo "TF_VAR_DEV_COIN_CONTRACT_ADDRESS=$(jq -r '.devCoinL1' ./basic_contracts.json)" >>$GITHUB_ENV

	- name: Deploy Faucet
	working-directory: ./yarn-project/aztec-faucet/terraform
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-faucet"
	terraform apply -input=false -auto-approve

	enable-proving:
	if: ${{ github.event.inputs.no_deploy == 'false' }}
	runs-on: ubuntu-latest
	needs: [deploy-faucet, set-network]
	env:
	BRANCH_NAME: ${{ needs.set-network.outputs.branch_name }}
	DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	TF_VAR_DEPLOY_TAG: ${{ needs.set-network.outputs.deploy_tag }}
	API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	TF_VAR_API_KEY: ${{ secrets[needs.set-network.outputs.network_api_key] }}
	FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_FORK_ADMIN_API_KEY: ${{ secrets[needs.set-network.outputs.network_fork_admin_api_key] }}
	TF_VAR_AGENTS_PER_PROVER: ${{ needs.set-network.outputs.agents_per_prover }}
	TF_VAR_BOT_TX_INTERVAL_SECONDS: ${{ needs.set-network.outputs.bot_interval }}
	TF_VAR_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.node_lb_priority_range_start }}
	TF_VAR_PXE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.pxe_lb_priority_range_start }}
	TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: ${{ needs.set-network.outputs.prover_node_lb_priority_range_start }}
	TF_VAR_BOT_FLUSH_SETUP_TRANSACTIONS: ${{ needs.set-network.outputs.bot_flush_setup_txs }}
	TF_VAR_BOT_MAX_PENDING_TXS: ${{ needs.set-network.outputs.bot_max_pending_txs }}
	TF_VAR_SEQ_MIN_TX_PER_BLOCK: ${{ needs.set-network.outputs.min_txs_per_block }}
	TF_VAR_SEQ_MAX_TX_PER_BLOCK: ${{ needs.set-network.outputs.max_txs_per_block }}
	TF_VAR_BOT_FOLLOW_CHAIN: ${{ needs.set-network.outputs.bot_follow_chain }}
	TF_VAR_PROVING_ENABLED: true
	TF_VAR_BOT_NO_START: false
	TF_VAR_BOT_SKIP_PUBLIC_SIMULATION: ${{ needs.set-network.outputs.bot_skip_simulation }}
	TF_VAR_BOT_L2_GAS_LIMIT: ${{ needs.set-network.outputs.bot_l2_gas_limit }}
	TF_VAR_BOT_DA_GAS_LIMIT: ${{ needs.set-network.outputs.bot_da_gas_limit }}
	TF_VAR_BOT_COUNT: ${{ needs.set-network.outputs.bot_count }}
	steps:
	- uses: actions/checkout@v4
	with:
	ref: "${{ env.GIT_COMMIT }}"
	- uses: ./.github/ci-setup-action
	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.7.5

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-west-2

	# Unneded for now, since the prover-node runs with simulated proofs and submits them to L1, which does not verify them yet.
	# - name: Set latest block as proven
	# working-directory: ./yarn-project/aztec/terraform/pxe
	# run: \|
	# set -eo pipefail
	# docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} set-proven-until \
	# --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \
	# --l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \
	# --l1-chain-id ${{ env.L1_CHAIN_ID }} \
	# --l1-private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }}

	- name: Deploy PXE
	working-directory: ./yarn-project/aztec/terraform/pxe
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe"
	terraform apply -input=false -auto-approve

	- name: Deploy Aztec Nodes
	working-directory: ./yarn-project/aztec/terraform/node
	run: \|
	env
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node"
	terraform apply -input=false -auto-approve -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.node_udp_range_start }}"

	- name: Deploy Aztec Prover Nodes
	working-directory: ./yarn-project/aztec/terraform/prover-node
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-prover-node"
	terraform apply -input=false -auto-approve -var="NODE_P2P_TCP_PORT=${{ needs.set-network.outputs.prover_node_tcp_range_start }}" -var="NODE_P2P_UDP_PORT=${{ needs.set-network.outputs.prover_node_udp_range_start }}"

	- name: Deploy Provers
	working-directory: ./yarn-project/aztec/terraform/prover
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/prover"
	terraform apply -input=false -auto-approve

	- name: Wait for PXE to be available
	run: \|
	./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }}

	- name: Deploy verifier (allow failure)
	continue-on-error: true
	working-directory: ./yarn-project/aztec/terraform/pxe
	run: \|
	set -eo pipefail
	docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-l1-verifier \
	--rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ env.API_KEY }} \
	--l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/admin-${{ env.FORK_ADMIN_API_KEY }} \
	--l1-chain-id ${{ env.L1_CHAIN_ID }} \
	--l1-private-key ${{ env.CONTRACT_PUBLISHER_PRIVATE_KEY }}

	- name: Enable transactions bot
	working-directory: ./yarn-project/aztec/terraform/bot
	run: \|
	terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/bot"
	terraform apply -input=false -auto-approve

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy to network #403

Workflow file

Deploy to network #403

Jobs

Run details

Workflow file for this run