Skip to content

Write token AK

Write token AK #29

Workflow file for this run

name: Deploy Contracts
on:
push:
branches:
- alvarof2/contracts
workflow_dispatch:
inputs:
broadcast:
required: false
type: boolean
default: true
l1_rpc_kind:
required: false
type: string
default: 'any'
deployment_context:
required: false
type: string
default: 'test-alvaro'
gs_admin_address:
required: false
type: string
default: '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82'
gs_batcher_address:
required: false
type: string
default: '0x0F82E82268FA5de5070A088e54eAbc2dec07D615'
gs_proposer_address:
required: false
type: string
default: '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb'
gs_sequenncer_address:
required: false
type: string
default: '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e'
jobs:
deploy-contracts:
runs-on: ubuntu-latest
permissions: # Must change the job token permissions to use Akeyless JWT auth
id-token: write
contents: read
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
env:
BROADCAST: ${{ github.event_name == 'push' && 'true' || inputs.broadcast }}
L1_RPC_KIND: ${{ github.event_name == 'push' && 'alchemy' || inputs.l1_rpc_kind }}
DEPLOYMENT_CONTEXT: ${{ github.event_name == 'push' && 'test-alvaro' || inputs.deployment_context }}
GS_ADMIN_ADDRESS: ${{ github.event_name == 'push' && '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82' || inputs.gs_admin_address }}
GS_BATCHER_ADDRESS: ${{ github.event_name == 'push' && '0x0F82E82268FA5de5070A088e54eAbc2dec07D615' || inputs.gs_batcher_address }}
GS_PROPOSER_ADDRESS: ${{ github.event_name == 'push' && '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb' || inputs.gs_proposer_address }}
GS_SEQUENCER_ADDRESS: ${{ github.event_name == 'push' && '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e' || inputs.gs_sequenncer_address }}
steps:
- name: "Get GitHub Token from Akeyless"
id: get_auth_token
uses:
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
dynamic-secrets: '{"/dynamic-secrets/keys/github/optimism/contents=write,pull_requests=write":"PAT"}'
- name: "Checkout current PR"
uses: actions/checkout@v4
with:
token: ${{ env.PAT }}
submodules: recursive
fetch-depth: 0
- name: Setup
uses: ./.github/actions/setup
- name: Akeyless get L1 URL
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/l1-rpc-url":"L1_RPC_URL"}'
- name: Akeyless get GS ADMIN private key
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/gs-admin-private-key":"GS_ADMIN_PRIVATE_KEY"}'
- name: Deploy L1 contracts
run: |
export IMPL_SALT=$(openssl rand -hex 32)
cd packages/contracts-bedrock
./scripts/getting-started/config.sh
if [[ -z "${BROADCAST}" ]] || [[ $BROADCAST == 'false' ]]
then
echo "Simulating ..."
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --rpc-url $L1_RPC_URL --slow
else
echo "Broadcasting ..."
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --broadcast --rpc-url $L1_RPC_URL --slow
fi
- name: Generate L1 contract artifacts
run: |
cd packages/contracts-bedrock
forge script scripts/Deploy.s.sol:Deploy --sig 'sync()' --rpc-url $L1_RPC_URL
- name: "Commit changed files"
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: '[Automatic] - Commit files'