Skip to content

[M] Upgrade Testnet L2 ( sepolia-testnet ) #307

[M] Upgrade Testnet L2 ( sepolia-testnet )

[M] Upgrade Testnet L2 ( sepolia-testnet ) #307

# Upgrades an existing Obscuro network on Azure for Testnet and Dev Testnet.
# The Obscuro network is composed of 2 Obscuro nodes running on individual VMs with SGX. At the moment the workflow can
# either be triggered manually as a workflow dispatch, or as a scheduled task. When manually triggered the testnet type
# (dev-testnet or testnet) can be supplied as an input argument. When triggered as a scheduled task, we always default
# to a dev-testnet deployment. A scheduled deployment of dev-testnet will additionally kick off the E2E tests via
# repository dispatch.
#
# The scheduled deployment runs at 03:05 on every day-of-week.
#
# This script uses GitHub Environments for variables (vars) and secrets - these are configured on GitHub and
# the environments match the input.testnet_type options
name: '[M] Upgrade Testnet L2'
run-name: '[M] Upgrade Testnet L2 ( ${{ github.event.inputs.testnet_type }} )'
on:
# schedule:
# - cron: '05 03 * * *'
workflow_dispatch:
inputs:
testnet_type:
description: 'Testnet Type'
required: true
default: 'dev-testnet'
type: choice
options:
- 'dev-testnet'
- 'testnet'
- 'sepolia-testnet'
log_level:
description: 'Log Level 1-Error 5-Trace'
required: true
default: 3
type: number
jobs:
build:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
# Map a step output to a job output
outputs:
VM_BUILD_NUMBER: ${{ steps.outputVars.outputs.VM_BUILD_NUMBER }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: 1.20.4
- name: 'Print GitHub variables'
# This is a useful record of what the environment variables were at the time the job ran, for debugging and reference
run: |
echo "L2_ENCLAVE_DOCKER_BUILD_TAG=${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}}"
echo "L2_HARDHATDEPLOYER_DOCKER_BUILD_TAG=${{vars.L2_HARDHATDEPLOYER_DOCKER_BUILD_TAG}}"
echo "L2_HOST_DOCKER_BUILD_TAG=${{vars.L2_HOST_DOCKER_BUILD_TAG}}"
echo "RESOURCE_STARTING_NAME=${{vars.RESOURCE_STARTING_NAME}}"
echo "RESOURCE_TAG_NAME=${{vars.RESOURCE_TAG_NAME}}"
echo "RESOURCE_TESTNET_NAME=${{vars.RESOURCE_TESTNET_NAME}}"
echo "L1_CHAIN_ID=${{vars.L1_CHAIN_ID}}"
echo "NODE_WALLET_ADDR_0=${{vars.NODE_WALLET_ADDR_0}}"
echo "NODE_WALLET_ADDR_1=${{vars.NODE_WALLET_ADDR_1}}"
echo "WORKER_ADDR=${{vars.WORKER_ADDR}}"
echo "BATCH_INTERVAL=${{vars.BATCH_INTERVAL}}"
echo "L2_MAX_BATCH_INTERVAL=${{vars.L2_MAX_BATCH_INTERVAL}}"
echo "ROLLUP_INTERVAL=${{vars.ROLLUP_INTERVAL}}"
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Fetch latest VM hostnames by env tag and extract build number'
id: fetch_hostnames
run: |
VM_HOSTNAME=$(az vm list --query "[?tags.\"${{vars.RESOURCE_TAG_NAME}}\"=='true'].{Name:name}[0]" -g Testnet -o tsv)
VM_BUILD_NUMBER=$(echo $VM_HOSTNAME | perl -ne 'if (/(-[0-9]{1}-)(\d+)/) { print $2 }') # Extract build number from VM hostname, e.g. D-0-321 -> 321
echo "VM_BUILD_NUMBER=${VM_BUILD_NUMBER}" >> $GITHUB_ENV
echo "VM_HOSTNAME: ${VM_HOSTNAME}"
echo "VM_BUILD_NUMBER: ${VM_BUILD_NUMBER}"
if ! [[ $VM_BUILD_NUMBER =~ ^[0-9]+$ ]]; then # fail if build number is not a number
echo "Error: Hostname lookup or regex extraction of build number failed."
exit 1
fi
- name: 'Output env vars'
id: outputVars
run: |
echo "VM_BUILD_NUMBER=${{env.VM_BUILD_NUMBER}}" >> $GITHUB_OUTPUT
- name: 'Login to Azure docker registry'
uses: azure/docker-login@v1
with:
login-server: testnetobscuronet.azurecr.io
username: testnetobscuronet
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: 'Build and push obscuro node images'
run: |
DOCKER_BUILDKIT=1 docker build -t ${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} -f dockerfiles/enclave.Dockerfile .
docker push ${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}}
DOCKER_BUILDKIT=1 docker build -t ${{vars.L2_HOST_DOCKER_BUILD_TAG}} -f dockerfiles/host.Dockerfile .
docker push ${{vars.L2_HOST_DOCKER_BUILD_TAG}}
deploy:
needs: build
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
strategy:
matrix:
host_id: [ 0,1 ]
include:
# Ensure there is a single genesis node
- is_genesis: true
host_id: 0
- is_genesis: false
host_id: 1
# Ensure there is a single sequencer
- node_type: sequencer
host_id: 0
- node_type: validator
host_id: 1
# Hardcoded lookup keys because GH actions doesn't let you build them inline with the host_id
- node_pk_lookup: NODE_WALLET_PK_0
host_id: 0
- node_pk_lookup: NODE_WALLET_PK_1
host_id: 1
- node_addr_lookup: NODE_WALLET_ADDR_0
host_id: 0
- node_addr_lookup: NODE_WALLET_ADDR_1
host_id: 1
- node_l1_ws_lookup: L1_WS_URL_0
host_id: 0
- node_l1_ws_lookup: L1_WS_URL_1
host_id: 1
steps:
- name: 'Extract branch name'
shell: bash
run: |
echo "Branch Name: ${GITHUB_REF_NAME}"
echo "BRANCH_NAME=${GITHUB_REF_NAME}" >> $GITHUB_ENV
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Update Obscuro node-${{ matrix.host_id }} on Azure'
uses: azure/CLI@v1
with:
inlineScript: |
az vm run-command invoke -g Testnet -n "${{vars.RESOURCE_STARTING_NAME}}-${{ matrix.host_id }}-${{needs.build.outputs.VM_BUILD_NUMBER}}" \
--command-id RunShellScript \
--scripts '
docker pull ${{vars.L2_HOST_DOCKER_BUILD_TAG}} \
&& docker pull ${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} \
&& rm -rf /home/obscuro/go-obscuro \
&& git clone --depth 1 -b ${{ env.BRANCH_NAME }} https://github.com/obscuronet/go-obscuro.git /home/obscuro/go-obscuro \
&& cd /home/obscuro/go-obscuro/ \
&& sudo go run /home/obscuro/go-obscuro/go/node/cmd \
-is_genesis=${{ matrix.is_genesis }} \
-node_type=${{ matrix.node_type }} \
-is_sgx_enabled=true \
-host_id=${{ vars[matrix.node_addr_lookup] }} \
-l1_ws_url=${{ secrets[matrix.node_l1_ws_lookup] }} \
-private_key=${{ secrets[matrix.node_pk_lookup] }} \
-sequencer_id=${{ vars.NODE_WALLET_ADDR_0 }} \
-host_public_p2p_addr=obscuronode-${{ matrix.host_id }}-${{vars.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com:10000 \
-host_p2p_port=10000 \
-enclave_docker_image=${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} \
-host_docker_image=${{vars.L2_HOST_DOCKER_BUILD_TAG}} \
-log_level=${{ github.event.inputs.log_level }} \
-batch_interval=${{vars.BATCH_INTERVAL}} \
-max_batch_interval=${{vars.L2_MAX_BATCH_INTERVAL}} \
-rollup_interval=${{vars.ROLLUP_INTERVAL}} \
-l1_chain_id=${{vars.L1_CHAIN_ID}} \
upgrade'
check-obscuro-is-healthy:
needs:
- build
- deploy
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
steps:
- uses: actions/checkout@v3
- name: "Wait until obscuro node is healthy"
shell: bash
run: |
./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-0-${{vars.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com
./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-1-${{vars.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com
deploy-faucet-on-dispatch:
uses: ./.github/workflows/manual-deploy-testnet-faucet.yml
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
testnet_type: ${{ github.event.inputs.testnet_type }}
secrets: inherit
needs:
- check-obscuro-is-healthy
deploy-faucet-on-schedule:
uses: ./.github/workflows/manual-deploy-testnet-faucet.yml
if: ${{ github.event_name == 'schedule' }}
with:
testnet_type: 'dev-testnet'
secrets: inherit
needs:
- check-obscuro-is-healthy
obscuro-test-signal-on-dispatch:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
needs:
- deploy-faucet-on-dispatch
steps:
- name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet'
if: ${{ github.event.inputs.testnet_type == 'dev-testnet' }}
run: |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }'
- name: 'Send a repository dispatch to obscuro-test on upgrade of testnet'
if: ${{ github.event.inputs.testnet_type == 'testnet' }}
run: |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }'
obscuro-test-signal-on-schedule:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
needs:
- deploy-faucet-on-schedule
steps:
- name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet'
run: |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }'