feat: support for public ports #2149
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Basic deployment workflow. | |
# Note that more advanced use cases are tested in the nightly workflow. | |
name: Deploy | |
on: | |
pull_request: | |
push: | |
branches: [main] | |
concurrency: | |
group: deploy-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
ENCLAVE_NAME: cdk | |
jobs: | |
run-without-args: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Run Starlark | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --show-enclave-inspect=false . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: List databases | |
run: | | |
postgres_port=$(kurtosis port print ${{ env.ENCLAVE_NAME }} postgres-001 postgres | cut -d':' -f3) | |
PGPASSWORD=master_password psql --host 127.0.0.1 --port "$postgres_port" --username master_user --dbname master --list | |
- name: Monitor verified batches (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc) | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_run_without_args_${{ github.run_id }} | |
path: ./dump | |
list-ymls: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Generate test combinations | |
working-directory: .github/tests | |
run: ./combine-ymls.sh | |
- id: set-matrix | |
# List all yml files in the .github/tests directory, as well as test combinations, except for the additional-services.yml file. | |
run: echo "matrix=$(ls -R ./.github/tests/combinations/*.yml ./.github/tests/public-ports/*.yml | grep -v 'additional-services.yml' | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT | |
run-with-args: | |
needs: list-ymls | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
file_name: ${{ fromJson(needs.list-ymls.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Generate test combinations | |
working-directory: .github/tests | |
run: ./combine-ymls.sh | |
- name: Run Starlark | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=${{ matrix.file_name }} --show-enclave-inspect=false . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Verify public ports | |
run: | | |
ports=$(kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | sed -n '/^========================================== User Services ==========================================$/,$ p' | tail -n +3) | |
echo "ports: $ports" | |
use_default_public_ports=$(yq --raw-output '.args.use_default_public_ports' ${{ matrix.file_name }}) | |
custom_public_ports=$(yq --raw-output '.args.public_ports' ${{ matrix.file_name }}) | |
if [[ "$use_default_public_ports" != "true" && "$custom_public_ports" == "null" ]]; then | |
echo "Skipping, public ports are not set." | |
exit 0 | |
fi | |
echo "use_default_public_ports: $use_default_public_ports" | |
if [[ "$use_default_public_ports" == "true" ]]; then | |
wrong_ports=$(echo "$ports" | grep -vE '127.0.0.1:5|none') # make sure all ports that with 5 | |
echo "wrong_ports: $wrong_ports" | |
if [[ "$wrong_ports" != "" ]]; then | |
echo "❌ Default public ports are not set correctly." | |
exit 1 | |
fi | |
fi | |
echo "custom_public_ports: $custom_public_ports" | |
if [[ "$custom_public_ports" != "null" ]]; then | |
wrong_ports=$(echo "$ports" | grep -vE '127.0.0.1:6|none') # make sure all ports that with 6 | |
echo "wrong_ports: $wrong_ports" | |
if [[ "$wrong_ports" != "" ]]; then | |
echo "❌ Custom public ports are not set correctly." | |
exit 1 | |
fi | |
fi | |
- name: Monitor verified batches (Central RPC) | |
run: | | |
sequencer_type=$(yq --raw-output '.args.sequencer_type' ${{ matrix.file_name }}) | |
rpc_name="" | |
if [[ "$sequencer_type" == "erigon" ]]; then | |
rpc_name="cdk-erigon-rpc-001" | |
elif [[ "$sequencer_type" == "zkevm" ]]; then | |
rpc_name="zkevm-node-rpc-001" | |
elif [[ "$sequencer_type" == "null" ]]; then | |
rpc_name="cdk-erigon-rpc-001" | |
else | |
echo "Unknown sequencer type: $sequencer_type" | |
exit 1 | |
fi | |
echo "RPC name: $rpc_name" | |
./.github/scripts/monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} $rpc_name rpc) | |
- name: Monitor verified batches (zkEVM Permissionless RPC) | |
run: | | |
result=$(yq --raw-output '.args.additional_services // [] | contains(["pless_zkevm_node"])' ${{ matrix.file_name }}) | |
if [[ "$result" == "true" ]]; then | |
./.github/scripts/monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-node-rpc-pless-001 rpc) | |
else | |
echo "Skipping batch verification as there is no zkevm permissionless RPC in the environment" | |
fi | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Generate archive name | |
if: ${{ !cancelled() }} | |
run: | | |
file_name=$(basename "${{ matrix.file_name }}" ".yml") | |
archive_name="dump_run_with_args_${file_name}_${{ github.run_id }}" | |
echo "ARCHIVE_NAME=${archive_name}" >> "$GITHUB_ENV" | |
echo "Generated archive name: ${archive_name}" | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.ARCHIVE_NAME }} | |
path: ./dump | |
additional-services: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Run Starlark | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/additional-services.yml --show-enclave-inspect=false . | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc) | |
- name: Verify Arpeggio RPC | |
run: | | |
result=$(yq '.args.additional_services | contains(["arpeggio"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} arpeggio-001 rpc) | |
else | |
echo "Arpeggio is not deployed." | |
fi | |
- name: Verify Blutgang RPC | |
run: | | |
result=$(yq '.args.additional_services | contains(["blutgang"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} blutgang-001 http) | |
else | |
echo "Blutgang is not deployed." | |
fi | |
- name: Verify erpc RPC | |
run: | | |
result=$(yq '.args.additional_services | contains(["erpc"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} erpc-001 rpc)/main/evm/10101" | |
else | |
echo "ERPC is not deployed." | |
fi | |
- name: Verify permissionless zkevm-node rpc | |
run: | | |
result=$(yq '.args.additional_services | contains(["pless_zkevm_node"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-node-rpc-pless-001 rpc) | |
else | |
echo "Permissionless zkevm-node is not deployed." | |
fi | |
- name: Verify that Prometheus collects Panoptichain metrics | |
run: | | |
result=$(yq '.args.additional_services | contains(["prometheus_grafana"])' ./.github/tests/additional-services.yml) | |
if [ "$result" = "true" ]; then | |
echo "Wait for one minute while Prometheus gathers metrics..." | |
sleep 60 | |
echo "Retrieve Panoptichain metrics from Prometheus..." | |
panoptichain_metric="panoptichain_system_uptime" | |
prometheus_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} prometheus-001 http) | |
prometheus_query=$(curl "$prometheus_url/api/v1/query?query=$panoptichain_metric") | |
echo $prometheus_query | jq | |
if [ "$(jq -r '.data.result[0].metric.__name__' <<<$prometheus_query)" == "$panoptichain_metric" ]; then | |
echo "✅ Prometheus collects panoptichain metrics!" | |
else | |
echo "❌ Prometheus does not collect panoptichain metrics..." | |
exit 1 | |
fi | |
else | |
echo "Prometheus is not deployed." | |
fi | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_additional_services_${{ github.run_id }} | |
path: ./dump | |
attach-second-cdk: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Deploy L1 chain and a first CDK L2 chain (cdk-erigon sequencer + cdk stack) | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} . | |
- name: Attach a second CDK L2 chain (cdk-erigon sequencer + cdk stack) | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/attach-second-cdk.yml . | |
- name: Update the agglayer config | |
run: | | |
# Download the agglayer config file. | |
kurtosis files download ${{ env.ENCLAVE_NAME }} agglayer-config-artifact | |
cd agglayer-config-artifact | |
# Update the config by adding the rpc and proof signer of the second chain. | |
tomlq -Y --toml-output --in-place '."full-node-rpcs" += {"2": "http://cdk-erigon-rpc-002:8123"}' agglayer-config.toml | |
# Replace the agglayer config. | |
agglayer_container_id="$(docker ps --filter name=agglayer --format json | jq -r -s '. | map(select(.Names | startswith("agglayer--"))) | .[].ID')" | |
docker cp agglayer-config.toml "$agglayer_container_id:/etc/zkevm/agglayer-config.toml" | |
# Restart the agglayer service. | |
kurtosis service stop ${{ env.ENCLAVE_NAME }} agglayer | |
kurtosis service start ${{ env.ENCLAVE_NAME }} agglayer | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches of the first L2 chain (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)" | |
- name: Monitor verified batches of the second L2 chain (CDK Erigon Permissionless RPC) | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-002 rpc)" | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_attach_ckds_${{ github.run_id }} | |
path: ./dump | |
deploy-to-external_l1: | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# This step will only execute if the necessary secrets are available, preventing failures | |
# on pull requests from forked repositories. | |
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} | |
env: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Install Kurtosis CDK tools | |
uses: ./.github/actions/setup-kurtosis-cdk | |
- name: Deploy L1 chain | |
run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/external-l1/deploy-local-l1.yml . | |
- name: Deploy to local L1 chain | |
run: | | |
kurtosis run --enclave=${{ env.ENCLAVE_NAME }} . '{"deployment_stages": {"deploy_l1": false}}' | |
- name: Inspect enclave | |
run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} | |
- name: Monitor verified batches | |
working-directory: .github/scripts | |
run: | | |
./monitor-verified-batches.sh \ | |
--enclave ${{ env.ENCLAVE_NAME }} \ | |
--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)" | |
- name: Dump enclave | |
if: ${{ !cancelled() }} | |
run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump | |
- name: Upload enclave dump | |
if: ${{ !cancelled() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dump_deploy_to_external_l1_${{ github.run_id }} | |
path: ./dump |