feat: CI deploy on sepolia

.github/workflows/sepolia-deploy.yml

@@ -0,0 +1,120 @@
+name: Deploy to Sepolia network
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  IMAGE_TAG: latest
+  DEPLOY_TAG: sepolianet
+  CONTRACT_S3_BUCKET: s3://static.aztec.network
+
+  # TF Variables
+  TF_VAR_IMAGE_TAG: latest
+  TF_VAR_DEPLOY_TAG: sepolianet
+  TF_VAR_L1_CHAIN_ID: 11155111
+  TF_VAR_ETHEREUM_HOST: https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}
+  TF_VAR_PROVING_ENABLED: false
+  TF_VAR_API_KEY: ${{ secrets.SEPOLIANET_API_KEY }}
+  # Node / Sequencer
+  TF_VAR_BOOTSTRAP_NODES: ""
+  TF_VAR_P2P_ENABLED: "false"
+  TF_VAR_NODE_P2P_PRIVATE_KEYS: '[""]'
+  TF_VAR_SEQ_MIN_TX_PER_BLOCK: 1
+  TF_VAR_SEQ_MAX_TX_PER_BLOCK: 64
+  TF_VAR_NODE_LB_RULE_PRIORITY: 7000
+  TF_VAR_NODE_P2P_TCP_PORT: 40500
+  TF_VAR_NODE_P2P_UDP_PORT: 45500
+  # Address 0x652575Ff941e7c2850fB89f2B207efF6B06BC7B4
+  TF_VAR_SEQUENCER_PRIVATE_KEYS: '["${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }}"]'
+
+  # Prover Node
+  TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: 7100
+  # Address 0xE3b8F9F23b8D4BD7d437218Bff3bcED1ce5E70B3
+  TF_VAR_PROVER_PRIVATE_KEYS: '["${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }}"]'
+
+jobs:
+  setup:
+    uses: ./.github/workflows/setup-runner.yml
+    with:
+      username: ${{ github.event.pull_request.user.login || github.actor }}
+      runner_type: builder-x86
+    secrets: inherit
+
+  deploy:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: "${{ github.sha }}"
+
+      - uses: ./.github/ci-setup-action
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.7.5
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Deploy L1 Contracts to Sepolia
+        run: |
+          set -e
+          docker pull aztecprotocol/aztec:${{ env.IMAGE_TAG }}
+          docker run aztecprotocol/aztec:${{ env.IMAGE_TAG }} deploy-l1-contracts \
+            --private-key ${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }} \
+            --rpc-url ${{ env.TF_VAR_ETHEREUM_HOST }} \
+            --l1-chain-id ${{ env.TF_VAR_L1_CHAIN_ID }} \
+            --salt ${{ github.run_id }} \
+            --json | tee ./l1_contracts.json
+
+          # upload contract addresses to S3
+          aws s3 cp ./l1_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/l1_contracts.json
+
+          # export contract addresses so they can be used by subsequent terraform deployments
+          function extract() {
+            jq -r ".$1" ./l1_contracts.json
+          }
+
+          echo "TF_VAR_ROLLUP_CONTRACT_ADDRESS=$(extract rollupAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_REGISTRY_CONTRACT_ADDRESS=$(extract registryAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_INBOX_CONTRACT_ADDRESS=$(extract inboxAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_OUTBOX_CONTRACT_ADDRESS=$(extract outboxAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS=$(extract availabilityOracleAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_FEE_JUICE_CONTRACT_ADDRESS=$(extract feeJuiceAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_FEE_JUICE_PORTAL_CONTRACT_ADDRESS=$(extract feeJuicePortalAddress)" >>$GITHUB_ENV
+
+      - name: Apply l1-contracts Terraform
+        working-directory: ./l1-contracts/terraform
+        run: |
+          env
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/l1-contracts"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy Aztec Node
+        working-directory: ./yarn-project/aztec/terraform/node
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy Aztec Prover Node
+        working-directory: ./yarn-project/aztec/terraform/prover-node
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-prover-node"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy PXE
+        working-directory: ./yarn-project/aztec/terraform/pxe
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe"
+          terraform apply -input=false -auto-approve -replace="aws_efs_file_system.pxe_data_store"

.github/workflows/sepolia-test.yml

@@ -21,7 +21,7 @@ env:
   PROVER_PUBLISHER_PRIVATE_KEY: ${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }}
 
   ETHEREUM_HOST: "https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}"
-  L1_CHAIN_ID: "11155111"
+  L1_CHAIN_ID: 11155111
 
 jobs:
   setup:
@@ -55,10 +55,10 @@ jobs:
           cd ./yarn-project/end-to-end/
           export FORCE_COLOR=1
           ../../scripts/earthly-ci -P --no-output +e2e-public-testnet \
-          --SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }} \
-          --PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }} \
-          --ETHEREUM_HOST="https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}" \
-          --L1_CHAIN_ID="11155111"
+            --SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }} \
+            --PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }} \
+            --ETHEREUM_HOST="https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}" \
+            --L1_CHAIN_ID=${{ env.L1_CHAIN_ID }}
 
   success-check:
     runs-on: ubuntu-20.04

yarn-project/aztec/terraform/node/main.tf

@@ -58,6 +58,7 @@ locals {
   node_p2p_private_keys  = var.NODE_P2P_PRIVATE_KEYS
   node_count             = length(local.sequencer_private_keys)
   data_dir               = "/usr/src/yarn-project/aztec"
+  eth_host               = var.ETHEREUM_HOST != "" ? var.ETHEREUM_HOST : "https://${var.DEPLOY_TAG}-mainnet-fork.aztec.network:8545/admin-${var.FORK_ADMIN_API_KEY}"
 }
 
 output "node_count" {
@@ -253,16 +254,12 @@ resource "aws_ecs_task_definition" "aztec-node" {
         },
         {
           name  = "ETHEREUM_HOST"
-          value = "https://${var.DEPLOY_TAG}-mainnet-fork.aztec.network:8545/admin-${var.FORK_ADMIN_API_KEY}"
+          value = "${local.eth_host}"
         },
         {
           name  = "DATA_DIRECTORY"
           value = "${local.data_dir}/node_${count.index + 1}/data"
         },
-        {
-          name  = "IS_DEV_NET"
-          value = "true"
-        },
         {
           name  = "ARCHIVER_POLLING_INTERVAL"
           value = "10000"
@@ -377,7 +374,7 @@ resource "aws_ecs_task_definition" "aztec-node" {
         },
         {
           name  = "P2P_BLOCK_CHECK_INTERVAL_MS"
-          value = "1000"
+          value = "10000"
         },
         {
           name  = "P2P_PEER_CHECK_INTERVAL_MS"

yarn-project/aztec/terraform/node/variables.tf

@@ -12,7 +12,13 @@ variable "API_KEY" {
 }
 
 variable "FORK_ADMIN_API_KEY" {
-  type = string
+  type    = string
+  default = ""
+}
+
+variable "ETHEREUM_HOST" {
+  type    = string
+  default = ""
 }
 
 variable "SEQUENCER_PRIVATE_KEYS" {

yarn-project/aztec/terraform/prover-node/main.tf

@@ -58,6 +58,7 @@ locals {
   node_p2p_private_keys = var.NODE_P2P_PRIVATE_KEYS
   node_count            = length(local.prover_private_keys)
   data_dir              = "/usr/src/yarn-project/aztec"
+  eth_host              = var.ETHEREUM_HOST != "" ? var.ETHEREUM_HOST : "https://${var.DEPLOY_TAG}-mainnet-fork.aztec.network:8545/admin-${var.API_KEY}"
 }
 
 output "node_count" {
@@ -237,7 +238,7 @@ resource "aws_ecs_task_definition" "aztec-prover-node" {
         { name = "DEBUG", value = "aztec:*,-json-rpc:json_proxy:*,-aztec:avm_simulator:*" },
         { name = "DEPLOY_TAG", value = var.DEPLOY_TAG },
         { name = "NETWORK_NAME", value = "${var.DEPLOY_TAG}" },
-        { name = "ETHEREUM_HOST", value = "https://${var.DEPLOY_TAG}-mainnet-fork.aztec.network:8545/${var.API_KEY}" },
+        { name = "ETHEREUM_HOST", value = "${local.eth_host}" },
         { name = "L1_CHAIN_ID", value = var.L1_CHAIN_ID },
         { name = "DATA_DIRECTORY", value = "${local.data_dir}/prover_node_${count.index + 1}/data" },
         { name = "DEPLOY_AZTEC_CONTRACTS", value = "false" },

yarn-project/aztec/terraform/prover-node/variables.tf

@@ -7,8 +7,14 @@ variable "IMAGE_TAG" {
   default = "latest"
 }
 
+variable "ETHEREUM_HOST" {
+  type    = string
+  default = ""
+}
+
 variable "API_KEY" {
-  type = string
+  type    = string
+  default = ""
 }
 
 variable "PROVER_PRIVATE_KEYS" {

yarn-project/end-to-end/src/public-testnet/e2e_public_testnet_transfer.test.ts

@@ -53,7 +53,7 @@ describe(`deploys and transfers a private only token`, () => {
   });
 
   it('calls a private function', async () => {
-    const initialBalance = 100000000000n;
+    const initialBalance = 100_000_000_000n;
     const transferValue = 5n;
     secretKey1 = Fr.random();
     secretKey2 = Fr.random();