Merge branch 'master' into lx/reinstate-aggregation

.github/scripts/wait_for_infra.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+INFRA=$1
+DEPLOY_TAG=$2
+API_KEY=$3
+
+# When destroying and applying terraforms, they may not be
+# ready for a while, as it must register with DNS etc.
+# This script waits on a healthy status from the infra - a valid response to a request
+# We retry every 20 seconds, and wait for a total of 5 minutes (15 times)
+
+if [ "$INFRA" == "mainnet-fork" ]; then
+  export ETHEREUM_HOST="https://$DEPLOY_TAG-mainnet-fork.aztec.network:8545/$API_KEY"
+  curl -H "Content-Type: application/json" -X POST --data '{"method":"eth_chainId","params":[],"id":49,"jsonrpc":"2.0"}' \
+    --connect-timeout 30 \
+    --retry 15 \
+    --retry-delay 20 \
+    $ETHEREUM_HOST
+elif [ "$INFRA" == "pxe" ]; then
+  export PXE_URL="https://api.aztec.network/$DEPLOY_TAG/aztec-pxe/$API_KEY/status"
+  curl \
+    --connect-timeout 30 \
+    --retry 15 \
+    --retry-delay 20 \
+    $PXE_URL
+else
+  echo "Invalid infra type"
+  exit 1
+fi

.github/workflows/ci.yml

@@ -255,6 +255,8 @@ jobs:
         working-directory: ./yarn-project/scripts
         run: |
           earthly-ci -P +bench-comment
+        env:
+          AZTEC_BOT_GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
 
   bb-gcc:
     needs: [build-images, changes]

.github/workflows/devnet-deploys.yml

@@ -11,16 +11,22 @@ env:
   DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
   GIT_COMMIT: ${{ github.sha }}
   DEPLOY_TAG: devnet
-  FILE_PATH: ./l1-contracts/addresses.txt
+  L1_CHAIN_ID: 677692
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   # TF Vars
   TF_VAR_DOCKERHUB_ACCOUNT: aztecprotocol
-  TF_VAR_CHAIN_ID: 31337
+  TF_VAR_L1_CHAIN_ID: 677692
   TF_VAR_BOOTNODE_1_PRIVATE_KEY: ${{ secrets.BOOTNODE_1_PRIVATE_KEY }}
   TF_VAR_BOOTNODE_2_PRIVATE_KEY: ${{ secrets.BOOTNODE_2_PRIVATE_KEY }}
   TF_VAR_SEQ_1_PUBLISHER_PRIVATE_KEY: ${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }}
   TF_VAR_SEQ_2_PUBLISHER_PRIVATE_KEY: ${{ secrets.SEQ_2_PUBLISHER_PRIVATE_KEY }}
   TF_VAR_DEPLOY_TAG: devnet
   TF_VAR_API_KEY: ${{ secrets.FORK_API_KEY }}
+  TF_VAR_FORK_MNEMONIC: ${{ secrets.FORK_MNEMONIC }}
+  TF_VAR_INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+  TF_VAR_FAUCET_ACCOUNT_INDEX: 5
+  CONTRACT_S3_BUCKET: s3://aztec-${{ env.DEPLOY_TAG }}-deployments
 
 jobs:
   setup:
@@ -29,7 +35,6 @@ jobs:
       username: master
       runner_type: builder-x86
     secrets: inherit
-
   build:
     needs: setup
     runs-on: ${{ github.actor }}-x86
@@ -44,20 +49,26 @@ jobs:
           dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}"
       - name: "Build & Push aztec images"
         timeout-minutes: 40
-        # Run the build steps for each image with version and arch, push to dockerhub
         run: |
-          earthly-ci --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ env.DEPLOY_TAG }}
+          earthly-ci \
+          --no-output --push ./yarn-project+export-aztec-arch --DIST_TAG=${{ env.DEPLOY_TAG }}
 
-      - name: Check if L1 contracts need deployment
-        id: check_changes_build
+      - name: Check if mainnet fork needs deployment
+        id: check_fork_changes
         uses: actions/github-script@v7
         with:
           script: |
             const { execSync } = require('child_process');
             const changedFiles = execSync('git diff --name-only ${{ github.event.before }} ${{ github.sha }}').toString().split('\n');
-            const fileChanged = changedFiles.includes('l1-contracts/REDEPLOY');
+            const fileChanged = changedFiles.some(file => file.startsWith('iac/mainnet-fork'));
             return fileChanged
 
+      - name: Build & push mainnet fork image
+        if: steps.check_fork_changes.outputs.result == 'true'
+        run: |
+          earthly-ci \
+          --no-output --push ./iac/mainnet-fork+export-mainnet-fork --DIST_TAG=${{ env.DEPLOY_TAG }}
+
   terraform_deploy:
     runs-on: ubuntu-latest
     needs: build
@@ -76,58 +87,152 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
+          aws-region: eu-west-2
+
+      - name: Deploy mainnet fork
+        working-directory: ./iac/mainnet-fork/terraform
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/mainnet-fork"
+          terraform apply -input=false -auto-approve -replace="aws_efs_file_system.aztec_mainnet_fork_data_store"
+
+      - name: Wait for mainnet fork deployment
+        run: |
+          ./.github/scripts/wait_for_infra.sh mainnet-fork ${{ env.DEPLOY_TAG }} ${{ secrets.FORK_API_KEY }}
 
-      - name: Check if L1 contracts need deployment
-        id: check_changes_release
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const { execSync } = require('child_process');
-            const changedFiles = execSync('git diff --name-only ${{ github.event.before }} ${{ github.sha }}').toString().split('\n');
-            const fileChanged = changedFiles.includes('l1-contracts/REDEPLOY');
-            return fileChanged
       - name: Deploy L1 Contracts
-        if: steps.check_changes_release.outputs.result == 'true'
         run: |
           docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
-          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} \
-            deploy-l1-contracts -p ${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }} \
-            -u https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/${{ secrets.FORK_API_KEY }} \
-            | tee ${{ env.FILE_PATH }}
-          ./.github/scripts/extract_l1_addresses.sh ${{ env.FILE_PATH }}
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-l1-contracts \
+            --private-key ${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }} \
+            --rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/${{ secrets.FORK_API_KEY }} \
+            --l1-chain-id ${{ env.L1_CHAIN_ID }} \
+            --json \
+            | tee  ./l1-contract_addresses.json
+
+          # upload contract addresses to S3
+          aws s3 cp ./l1-contract_addresses.json ${{ env.CONTRACT_S3_BUCKET }}/l1_contract_addresses.json
+
+          # export contract addresses so they can be used by subsequent terraform deployments
+          function extract() {
+            jq -r ".$1" ./l1-contract_addresses.json
+          }
+
+          echo "TF_VAR_ROLLUP_CONTRACT_ADDRESS=$(extract rollupAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_REGISTRY_CONTRACT_ADDRESS=$(extract registryAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_INBOX_CONTRACT_ADDRESS=$(extract inboxAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_OUTBOX_CONTRACT_ADDRESS=$(extract outboxAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS=$(extract availabilityOracleAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_GAS_TOKEN_CONTRACT_ADDRESS=$(extract gasTokenAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_GAS_PORTAL_CONTRACT_ADDRESS=$(extract gasPortalAddress)" >>$GITHUB_ENV
 
       - name: Apply l1-contracts Terraform
-        if: steps.check_changes_release.outputs.result == 'true'
         working-directory: ./l1-contracts/terraform
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/l1-contracts"
           terraform apply -input=false -auto-approve
 
-      - name: Deploy P2P Bootstrap Nodes
-        working-directory: ./yarn-project/p2p-bootstrap/terraform
-        run: |
-          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/p2p-bootstrap"
-          terraform apply -input=false -auto-approve
-
       - name: Init Aztec Node Terraform
         working-directory: ./yarn-project/aztec/terraform/node
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node"
 
-      - name: Taint node filesystem if L1 contracts are redeployed
-        if: steps.check_changes_release.outputs.result == 'true'
-        working-directory: ./yarn-project/aztec/terraform/node
-        run: |
-          terraform state list | grep 'aws_efs_file_system.node_data_store' | xargs -n1 terraform taint
-
       - name: Deploy Aztec Nodes
         working-directory: ./yarn-project/aztec/terraform/node
         run: |
-          terraform apply -input=false -auto-approve
+          terraform apply -input=false -auto-approve -replace="aws_efs_file_system.node_data_store"
 
       - name: Deploy Provers
         working-directory: ./yarn-project/aztec/terraform/prover
         run: |
           terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/prover"
           terraform apply -input=false -auto-approve
+
+      - name: Deploy PXE
+        working-directory: ./yarn-project/aztec/terraform/pxe
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy P2P Bootstrap Nodes
+        working-directory: ./yarn-project/p2p-bootstrap/terraform
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/p2p-bootstrap"
+          terraform apply -input=false -auto-approve
+
+  bootstrap:
+    runs-on: ubuntu-latest
+    needs: terraform_deploy
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: "${{ env.GIT_COMMIT }}"
+
+      - uses: ./.github/ci-setup-action
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Wait for PXE to be available
+        run: |
+          ./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ secrets.FORK_API_KEY }}
+
+      - name: Deploy protocol contracts
+        run: |
+          docker pull aztecprotocol/aztec:${{ env.DEPLOY_TAG }}
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} deploy-protocol-contracts \
+            --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ secrets.FORK_API_KEY }} \
+            --l1-chain-id ${{ env.L1_CHAIN_ID }} \
+            --json \
+            | tee  ./protocol-contracts.json
+
+          aws s3 cp ./protocol-contracts.json ${{ env.CONTRACT_S3_BUCKET }}/protocol-contracts.json
+
+      - name: Bootstrap devnet
+        run: |
+          docker run aztecprotocol/aztec:${{ env.DEPLOY_TAG }} bootstrap-devnet \
+            --rpc-url https://api.aztec.network/${{ env.DEPLOY_TAG }}/aztec-pxe/${{ secrets.FORK_API_KEY }} \
+            --l1-rpc-url https://${{ env.DEPLOY_TAG }}-mainnet-fork.aztec.network:8545/${{ secrets.FORK_API_KEY }} \
+            --l1-chain-id ${{ env.L1_CHAIN_ID }} \
+            --l1-private-key ${{ secrets.SEQ_1_PUBLISHER_PRIVATE_KEY }} \
+            --json \
+            | tee ./devnet-contracts.json
+
+          aws s3 cp ./devnet-contracts.json ${{ env.CONTRACT_S3_BUCKET }}/devnet-contracts.json
+
+  deploy-faucet:
+    runs-on: ubuntu-latest
+    needs: [terraform_deploy, bootstrap]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: "${{ env.GIT_COMMIT }}"
+          fetch-depth: 0
+      - uses: ./.github/ci-setup-action
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.7.5
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Retrieve contract addresses
+        run: |
+          aws s3 cp ${{ env.CONTRACT_S3_BUCKET }}/l1_contract_addresses.json ./l1-contract_addresses.json
+          aws s3 cp ${{ env.CONTRACT_S3_BUCKET }}/devnet-contracts.json ./devnet-contracts.json
+
+          echo "TF_VAR_GAS_TOKEN_CONTRACT_ADDRESS=$(jq -r '.gasTokenAddress' ./l1-contract_addresses.json)" >>$GITHUB_ENV
+          echo "TF_VAR_DEV_COIN_CONTRACT_ADDRESS=$(jq -r '.devCoinL1' ./devnet-contracts.json)" >>$GITHUB_ENV
+
+      - name: Deploy Faucet
+        working-directory: ./yarn-project/aztec/aztec-faucet
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-faucet"
+          terraform apply -input=false -auto-approve

.github/workflows/publish-docs.yml

@@ -24,17 +24,14 @@ jobs:
       - uses: ./.github/ci-setup-action
         env:
           DOCKERHUB_PASSWORD: "${{ secrets.DOCKERHUB_PASSWORD }}"
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         with:
           concurrency_key: docs-preview-${{ inputs.username || github.actor }}-x86
 
       - timeout-minutes: 25
         run: |
-          touch .secrets
-          echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID" > .secrets
-          echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY" >> .secrets
-
           earthly-ci --no-output ./docs/+deploy-prod \
-          --secret-file-path .secrets \
           --NETLIFY_AUTH_TOKEN=${{ secrets.NETLIFY_AUTH_TOKEN }} \
           --NETLIFY_SITE_ID=${{ secrets.NETLIFY_SITE_ID }} \
           --COMMIT_TAG=${{ inputs.tag }}

.gitignore

@@ -23,3 +23,6 @@ cmake-build-debug
 .arg
 .secret
 .bb_tmp
+
+# Terraform
+*.tfvars

.noir-sync-commit

@@ -1 +1 @@
-90b636e71333cfe46c5e3062ded34b583fcb64d5
+453ed590ae3ae6ee8a8d3113419fc51b825b2538

.release-please-manifest.json

@@ -1,7 +1,7 @@
 {
-  ".": "0.46.6",
+  ".": "0.47.0",
   "yarn-project/cli": "0.35.1",
-  "yarn-project/aztec": "0.46.6",
-  "barretenberg": "0.46.6",
-  "barretenberg/ts": "0.46.6"
+  "yarn-project/aztec": "0.47.0",
+  "barretenberg": "0.47.0",
+  "barretenberg/ts": "0.47.0"
 }