Skip to content

Aztec Network Deployment #73

Aztec Network Deployment

Aztec Network Deployment #73

name: Aztec Network Deployment
on:
workflow_call:
inputs:
namespace:
description: The namespace to deploy to, e.g. smoke
required: true
type: string
values_file:
description: The values file to use, e.g. 1-validators.yaml
required: true
type: string
aztec_docker_image:
description: The Aztec Docker image to use, e.g. aztecprotocol/aztec:da809c58290f9590836f45ec59376cbf04d3c4ce-x86_64
required: true
type: string
deployment_mnemonic_secret_name:
description: The name of the secret which holds the boot node's contract deployment mnemonic
required: false
type: string
default: testnet-deployment-mnemonic
deployment_salt:
description: The salt to use for this deployment. Defaults to random
required: false
type: string
default: ""
respect_tf_lock:
description: Whether to respect the Terraform lock
required: false
type: string
default: "true"
run_terraform_destroy:
description: Whether to run terraform destroy before deploying
required: false
type: string
default: "false"
ref:
description: The branch name to deploy from
required: false
type: string
default: "master"
sepolia_deployment:
description: "Whether to deploy on Sepolia network (default: false)"
required: false
type: string
default: "false"
secrets:
GCP_SA_KEY:
required: true
workflow_dispatch:
inputs:
namespace:
description: The namespace to deploy to, e.g. smoke
required: true
values_file:
description: The values file to use, e.g. 1-validators.yaml
required: true
aztec_docker_image:
description: The Aztec Docker image to use, e.g. aztecprotocol/aztec:da809c58290f9590836f45ec59376cbf04d3c4ce-x86_64
required: true
deployment_mnemonic_secret_name:
description: The name of the secret which holds the boot node's contract deployment mnemonic
required: false
default: testnet-deployment-mnemonic
deployment_salt:
description: The salt to use for this deployment. Defaults to random
required: false
default: ""
respect_tf_lock:
description: Whether to respect the Terraform lock
required: false
default: "true"
run_terraform_destroy:
description: Whether to run terraform destroy before deploying
required: false
type: string
default: "false"
ref:
description: The branch name to deploy from
required: false
type: string
default: "master"
sepolia_deployment:
description: "Whether to deploy on Sepolia network (default: false)"
required: false
type: string
default: "false"
jobs:
network_deployment:
# This job will run on Ubuntu
runs-on: ubuntu-latest
concurrency:
group: deploy-${{ github.ref }} # Only one job per branch
cancel-in-progress: false # Allow previous deployment to complete to avoid corruption
# Set up a variable based on the branch name
env:
AZTEC_DOCKER_IMAGE: ${{ inputs.aztec_docker_image }}
NAMESPACE: ${{ inputs.namespace }}
VALUES_FILE: ${{ inputs.values_file }}
DEPLOYMENT_MNEMONIC_SECRET_NAME: ${{ inputs.deployment_mnemonic_secret_name }}
DEPLOYMENT_SALT: ${{ inputs.deployment_salt }}
CHART_PATH: ./spartan/aztec-network
CLUSTER_NAME: aztec-gke
REGION: us-west1-a
TF_STATE_BUCKET: aztec-terraform
GKE_CLUSTER_CONTEXT: gke_testnet-440309_us-west1-a_aztec-gke
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ inputs.ref }}
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_SA_KEY }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Install GKE Auth Plugin
run: |
gcloud components install gke-gcloud-auth-plugin --quiet
- name: Configure kubectl with GKE cluster
run: |
gcloud container clusters get-credentials ${{ env.CLUSTER_NAME }} --region ${{ env.REGION }}
- name: Ensure Terraform state bucket exists
run: |
if ! gsutil ls gs://${{ env.TF_STATE_BUCKET }} >/dev/null 2>&1; then
echo "Creating GCS bucket for Terraform state..."
gsutil mb -l us-east4 gs://${{ env.TF_STATE_BUCKET }}
gsutil versioning set on gs://${{ env.TF_STATE_BUCKET }}
else
echo "Terraform state bucket already exists"
fi
- name: Grab the boot node deployment mnemonic
id: get-mnemonic
run: |
echo "::add-mask::$(gcloud secrets versions access latest --secret=${{ env.DEPLOYMENT_MNEMONIC_SECRET_NAME }})"
echo "mnemonic=$(gcloud secrets versions access latest --secret=${{ env.DEPLOYMENT_MNEMONIC_SECRET_NAME }})" >> "$GITHUB_OUTPUT"
- name: Generate eth devnet config
id: generate-eth-devnet-config
run: |
REPO=$(git rev-parse --show-toplevel)
export VALUES_PATH="$REPO/spartan/aztec-network/values/${{ env.VALUES_FILE }}"
export DEFAULT_VALUES_PATH="$REPO/spartan/aztec-network/values.yaml"
export MNEMONIC="${{ steps.get-mnemonic.outputs.mnemonic }}"
$REPO/yarn-project/end-to-end/scripts/bash/generate_devnet_config.sh
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: "1.5.0" # Specify your desired version
- name: Terraform Init
working-directory: ./spartan/terraform/deploy-release
run: |
terraform init \
-backend-config="bucket=${{ env.TF_STATE_BUCKET }}" \
-backend-config="prefix=network-deploy/${{ env.REGION }}/${{ env.CLUSTER_NAME }}/${{ env.NAMESPACE }}/terraform.tfstate"
- name: Terraform Destroy
working-directory: ./spartan/terraform/deploy-release
if: ${{ inputs.run_terraform_destroy == 'true' }}
# Destroy fails if the resources are already destroyed, so we continue on error
continue-on-error: true
run: |
if ${{ inputs.sepolia_deployment == 'true' }}; then
terraform destroy -auto-approve \
-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
-var="L1_DEPLOYMENT_PRIVATE_KEY=${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }}" \
-var="VALIDATOR_KEYS=${{ secrets.SEPOLIA_VALIDATOR_KEYS }}" \
-var="BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY }}" \
-var="PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_PROVER_PUBLISHER_PRIVATE_KEY }}" \
-var="ETHEREUM_EXTERNAL_HOST=${{ secrets.SEPOLIA_EXTERNAL_HOST }}" \
-lock=${{ inputs.respect_tf_lock }}
else
terraform destroy -auto-approve \
-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
-var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}" \
-lock=${{ inputs.respect_tf_lock }}
fi
- name: Terraform Plan
working-directory: ./spartan/terraform/deploy-release
run: |
if ${{ inputs.sepolia_deployment == 'true' }}; then
terraform plan \
-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
-var="L1_DEPLOYMENT_PRIVATE_KEY=${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }}" \
-var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
-var="VALIDATOR_KEYS=${{ secrets.SEPOLIA_VALIDATOR_KEYS }}" \
-var="BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY }}" \
-var="PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_PROVER_PUBLISHER_PRIVATE_KEY }}" \
-var="ETHEREUM_EXTERNAL_HOST=${{ secrets.SEPOLIA_EXTERNAL_HOST }}" \
-out=tfplan \
-lock=${{ inputs.respect_tf_lock }}
else
terraform plan \
-var="RELEASE_NAME=${{ env.NAMESPACE }}" \
-var="VALUES_FILE=${{ env.VALUES_FILE }}" \
-var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
-var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
-var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}" \
-var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
-out=tfplan \
-lock=${{ inputs.respect_tf_lock }}
fi
- name: Terraform Apply
working-directory: ./spartan/terraform/deploy-release
run: terraform apply -lock=${{ inputs.respect_tf_lock }} -auto-approve tfplan