-
Notifications
You must be signed in to change notification settings - Fork 3
161 lines (141 loc) · 6.77 KB
/
manual-deploy-contract.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
---
name: "Manually Deploy contracts"
on:
workflow_dispatch:
inputs:
environment:
description: "Environment to deploy to"
required: true
default: "dev"
type: choice
options:
- "dev"
- "stage"
- "prod"
jobs:
deploy-contracts:
name: Deploy contracts on ${{ github.event.inputs.environment }}
runs-on: [self-hosted, Linux, X64, medium]
steps:
- name: GIT | Checkout
uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Prepare Rust env
uses: ./.github/actions/prepare-rust-env
with:
poseidon-gadget-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
zkos-circuits-private-key: ${{ secrets.ZKOS_CIRCUITS_SSH_PRIVATE_KEY }}
- name: Install Foundry
uses: foundry-rs/foundry-toolchain@v1.2.0
with:
cache-key: custom-seed-coverage-${{ github.ref_name }}
cache-restore-keys: |-
contract-suite
version: nightly-31dd1f77fd9156d09836486d97963cec7f555343
- name: Install deps
run: make deps
# for "dev" we use default owner address, as it's not important
- name: Set environment-specific variables
run: |
if [ "${{ github.event.inputs.environment }}" == "dev" ]; then
echo "PRIVATE_KEY=${{ secrets.CI_TESTNET_DEPLOYER_PRIVATE_KEY }}" >> $GITHUB_ENV
echo "NETWORK=https://rpc.alephzero-testnet.gelato.digital" >> $GITHUB_ENV
echo "EXPLORER_URL=https://evm-explorer-testnet.alephzero.org/api" >> $GITHUB_ENV
elif [ "${{ github.event.inputs.environment }}" == "stage" ]; then
echo "OWNER_ADDRESS=${{ vars.CI_TESTNET_STAGE_OWNER_ADDRESS }}" >> $GITHUB_ENV
echo "PRIVATE_KEY=${{ secrets.CI_TESTNET_DEPLOYER_PRIVATE_KEY }}" >> $GITHUB_ENV
echo "NETWORK=https://rpc.alephzero-testnet.gelato.digital" >> $GITHUB_ENV
echo "EXPLORER_URL=https://evm-explorer-testnet.alephzero.org/api" >> $GITHUB_ENV
elif [ "${{ github.event.inputs.environment }}" == "prod" ]; then
echo "OWNER_ADDRESS=${{ vars.MAINNET_PROD_OWNER_ADDRESS }}" >> $GITHUB_ENV
echo "PRIVATE_KEY=${{ secrets.CI_MAINNET_DEPLOYER_PRIVATE_KEY }}" >> $GITHUB_ENV
echo "NETWORK=https://rpc.alephzero.raas.gelato.cloud" >> $GITHUB_ENV
echo "EXPLORER_URL=https://evm-explorer.alephzero.org/api" >> $GITHUB_ENV
else
echo "Invalid environment selected!" >&2
exit 1
fi
- name: Compile eth contracts
run: make compile-contracts
- name: Deploy contracts
run: |
make deploy-contracts
- name: Verify Shielder contract
run: ./scripts/verify-shielder.sh
- name: Upload Shielder abi to artifacts
uses: actions/upload-artifact@v4
with:
name: shielder_abi
path: artifacts/Shielder.sol/Shielder.json
include-hidden-files: true
retention-days: 14
- name: Upload Shielder contract address to artifacts
uses: actions/upload-artifact@v4
with:
name: shielder_address
path: shielder_address.txt
include-hidden-files: true
retention-days: 14
- name: Create a JSON with address
run: |
echo -n $(cat shielder_address.txt | xargs) | jq -Rs '{ shielder: . }' \
> evm_addresses.json
- name: Prepare contract_spec JSON
uses: Cardinal-Cryptography/github-actions/generate-contract-spec@v6
with:
src-files: |-
evm_addresses.json|evm_
dst-file: contract_spec.json
spec-version: "0.1"
contract-version: "${{ github.sha }}"
- name: Add block numbers to contract_spec JSON
shell: bash
run: |
cat contract_spec.json | \
jq ".start_blocks = { evm: \"$(cat shielder_block_number.txt)\" }" \
> contract_spec_with_block_numbers.json
cat contract_spec_with_block_numbers.json
# yamllint disable rule:line-length
- name: Store addresses in S3 bucket (dev)
if: ${{ inputs.environment == 'dev' }}
shell: bash
env:
AWS_REGION: ${{ secrets.CONTRACTS_S3BUCKET_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.CONTRACTS_ZKOS_ADDRESSES_TESTNET_DEV_RW_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CONTRACTS_ZKOS_ADDRESSES_TESTNET_DEV_RW_AWS_SECRET_ACCESS_KEY }}
run: |
aws s3 cp contract_spec_with_block_numbers.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/addresses/testnet/dev.json
aws s3 cp broadcast/Shielder.s.sol/2039/run-latest.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/addresses/testnet/dev-broadcast.json
# yamllint disable rule:line-length
- name: Store addresses in S3 bucket (stage)
if: ${{ inputs.environment == 'stage' }}
shell: bash
env:
AWS_REGION: ${{ secrets.CONTRACTS_S3BUCKET_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.CONTRACTS_ZKOS_ADDRESSES_TESTNET_STAGE_RW_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CONTRACTS_ZKOS_ADDRESSES_TESTNET_STAGE_RW_AWS_SECRET_ACCESS_KEY }}
run: |
aws s3 cp contract_spec_with_block_numbers.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/addresses/testnet/stage.json
aws s3 cp broadcast/Shielder.s.sol/2039/run-latest.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/addresses/testnet/stage-broadcast.json
# yamllint disable rule:line-length
- name: Store addresses in S3 bucket (prod)
if: ${{ inputs.environment == 'prod' }}
shell: bash
env:
AWS_REGION: ${{ secrets.CONTRACTS_S3BUCKET_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.CONTRACTS_ZKOS_ADDRESSES_MAINNET_PROD_RW_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CONTRACTS_ZKOS_ADDRESSES_MAINNET_PROD_RW_AWS_SECRET_ACCESS_KEY }}
run: |
aws s3 cp contract_spec_with_block_numbers.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/addresses/mainnet/prod.json
aws s3 cp broadcast/Shielder.s.sol/41455/run-latest.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/addresses/mainnet/prod-broadcast.json
- name: Store artifact in S3 bucket
shell: bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CONTRACTS_ZKOS_ARTIFACTS_RW_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CONTRACTS_ZKOS_ARTIFACTS_RW_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.CONTRACTS_S3BUCKET_REGION }}
run: |
aws s3 cp artifacts/Shielder.sol/Shielder.json s3://${{ secrets.CONTRACTS_S3BUCKET_NAME }}/zkos/artifacts/${{ github.sha }}/eth_shielder/