[M] Upgrade Testnet L2 ( sepolia-testnet ) #307
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Upgrades an existing Obscuro network on Azure for Testnet and Dev Testnet. | |
# The Obscuro network is composed of 2 Obscuro nodes running on individual VMs with SGX. At the moment the workflow can | |
# either be triggered manually as a workflow dispatch, or as a scheduled task. When manually triggered the testnet type | |
# (dev-testnet or testnet) can be supplied as an input argument. When triggered as a scheduled task, we always default | |
# to a dev-testnet deployment. A scheduled deployment of dev-testnet will additionally kick off the E2E tests via | |
# repository dispatch. | |
# | |
# The scheduled deployment runs at 03:05 on every day-of-week. | |
# | |
# This script uses GitHub Environments for variables (vars) and secrets - these are configured on GitHub and | |
# the environments match the input.testnet_type options | |
name: '[M] Upgrade Testnet L2' | |
run-name: '[M] Upgrade Testnet L2 ( ${{ github.event.inputs.testnet_type }} )' | |
on: | |
# schedule: | |
# - cron: '05 03 * * *' | |
workflow_dispatch: | |
inputs: | |
testnet_type: | |
description: 'Testnet Type' | |
required: true | |
default: 'dev-testnet' | |
type: choice | |
options: | |
- 'dev-testnet' | |
- 'testnet' | |
- 'sepolia-testnet' | |
log_level: | |
description: 'Log Level 1-Error 5-Trace' | |
required: true | |
default: 3 | |
type: number | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ github.event.inputs.testnet_type }} | |
# Map a step output to a job output | |
outputs: | |
VM_BUILD_NUMBER: ${{ steps.outputVars.outputs.VM_BUILD_NUMBER }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: 1.20.4 | |
- name: 'Print GitHub variables' | |
# This is a useful record of what the environment variables were at the time the job ran, for debugging and reference | |
run: | | |
echo "L2_ENCLAVE_DOCKER_BUILD_TAG=${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}}" | |
echo "L2_HARDHATDEPLOYER_DOCKER_BUILD_TAG=${{vars.L2_HARDHATDEPLOYER_DOCKER_BUILD_TAG}}" | |
echo "L2_HOST_DOCKER_BUILD_TAG=${{vars.L2_HOST_DOCKER_BUILD_TAG}}" | |
echo "RESOURCE_STARTING_NAME=${{vars.RESOURCE_STARTING_NAME}}" | |
echo "RESOURCE_TAG_NAME=${{vars.RESOURCE_TAG_NAME}}" | |
echo "RESOURCE_TESTNET_NAME=${{vars.RESOURCE_TESTNET_NAME}}" | |
echo "L1_CHAIN_ID=${{vars.L1_CHAIN_ID}}" | |
echo "NODE_WALLET_ADDR_0=${{vars.NODE_WALLET_ADDR_0}}" | |
echo "NODE_WALLET_ADDR_1=${{vars.NODE_WALLET_ADDR_1}}" | |
echo "WORKER_ADDR=${{vars.WORKER_ADDR}}" | |
echo "BATCH_INTERVAL=${{vars.BATCH_INTERVAL}}" | |
echo "L2_MAX_BATCH_INTERVAL=${{vars.L2_MAX_BATCH_INTERVAL}}" | |
echo "ROLLUP_INTERVAL=${{vars.ROLLUP_INTERVAL}}" | |
- name: 'Login via Azure CLI' | |
uses: azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: 'Fetch latest VM hostnames by env tag and extract build number' | |
id: fetch_hostnames | |
run: | | |
VM_HOSTNAME=$(az vm list --query "[?tags.\"${{vars.RESOURCE_TAG_NAME}}\"=='true'].{Name:name}[0]" -g Testnet -o tsv) | |
VM_BUILD_NUMBER=$(echo $VM_HOSTNAME | perl -ne 'if (/(-[0-9]{1}-)(\d+)/) { print $2 }') # Extract build number from VM hostname, e.g. D-0-321 -> 321 | |
echo "VM_BUILD_NUMBER=${VM_BUILD_NUMBER}" >> $GITHUB_ENV | |
echo "VM_HOSTNAME: ${VM_HOSTNAME}" | |
echo "VM_BUILD_NUMBER: ${VM_BUILD_NUMBER}" | |
if ! [[ $VM_BUILD_NUMBER =~ ^[0-9]+$ ]]; then # fail if build number is not a number | |
echo "Error: Hostname lookup or regex extraction of build number failed." | |
exit 1 | |
fi | |
- name: 'Output env vars' | |
id: outputVars | |
run: | | |
echo "VM_BUILD_NUMBER=${{env.VM_BUILD_NUMBER}}" >> $GITHUB_OUTPUT | |
- name: 'Login to Azure docker registry' | |
uses: azure/docker-login@v1 | |
with: | |
login-server: testnetobscuronet.azurecr.io | |
username: testnetobscuronet | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: 'Build and push obscuro node images' | |
run: | | |
DOCKER_BUILDKIT=1 docker build -t ${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} -f dockerfiles/enclave.Dockerfile . | |
docker push ${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} | |
DOCKER_BUILDKIT=1 docker build -t ${{vars.L2_HOST_DOCKER_BUILD_TAG}} -f dockerfiles/host.Dockerfile . | |
docker push ${{vars.L2_HOST_DOCKER_BUILD_TAG}} | |
deploy: | |
needs: build | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ github.event.inputs.testnet_type }} | |
strategy: | |
matrix: | |
host_id: [ 0,1 ] | |
include: | |
# Ensure there is a single genesis node | |
- is_genesis: true | |
host_id: 0 | |
- is_genesis: false | |
host_id: 1 | |
# Ensure there is a single sequencer | |
- node_type: sequencer | |
host_id: 0 | |
- node_type: validator | |
host_id: 1 | |
# Hardcoded lookup keys because GH actions doesn't let you build them inline with the host_id | |
- node_pk_lookup: NODE_WALLET_PK_0 | |
host_id: 0 | |
- node_pk_lookup: NODE_WALLET_PK_1 | |
host_id: 1 | |
- node_addr_lookup: NODE_WALLET_ADDR_0 | |
host_id: 0 | |
- node_addr_lookup: NODE_WALLET_ADDR_1 | |
host_id: 1 | |
- node_l1_ws_lookup: L1_WS_URL_0 | |
host_id: 0 | |
- node_l1_ws_lookup: L1_WS_URL_1 | |
host_id: 1 | |
steps: | |
- name: 'Extract branch name' | |
shell: bash | |
run: | | |
echo "Branch Name: ${GITHUB_REF_NAME}" | |
echo "BRANCH_NAME=${GITHUB_REF_NAME}" >> $GITHUB_ENV | |
- name: 'Login via Azure CLI' | |
uses: azure/login@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: 'Update Obscuro node-${{ matrix.host_id }} on Azure' | |
uses: azure/CLI@v1 | |
with: | |
inlineScript: | | |
az vm run-command invoke -g Testnet -n "${{vars.RESOURCE_STARTING_NAME}}-${{ matrix.host_id }}-${{needs.build.outputs.VM_BUILD_NUMBER}}" \ | |
--command-id RunShellScript \ | |
--scripts ' | |
docker pull ${{vars.L2_HOST_DOCKER_BUILD_TAG}} \ | |
&& docker pull ${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} \ | |
&& rm -rf /home/obscuro/go-obscuro \ | |
&& git clone --depth 1 -b ${{ env.BRANCH_NAME }} https://github.com/obscuronet/go-obscuro.git /home/obscuro/go-obscuro \ | |
&& cd /home/obscuro/go-obscuro/ \ | |
&& sudo go run /home/obscuro/go-obscuro/go/node/cmd \ | |
-is_genesis=${{ matrix.is_genesis }} \ | |
-node_type=${{ matrix.node_type }} \ | |
-is_sgx_enabled=true \ | |
-host_id=${{ vars[matrix.node_addr_lookup] }} \ | |
-l1_ws_url=${{ secrets[matrix.node_l1_ws_lookup] }} \ | |
-private_key=${{ secrets[matrix.node_pk_lookup] }} \ | |
-sequencer_id=${{ vars.NODE_WALLET_ADDR_0 }} \ | |
-host_public_p2p_addr=obscuronode-${{ matrix.host_id }}-${{vars.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com:10000 \ | |
-host_p2p_port=10000 \ | |
-enclave_docker_image=${{vars.L2_ENCLAVE_DOCKER_BUILD_TAG}} \ | |
-host_docker_image=${{vars.L2_HOST_DOCKER_BUILD_TAG}} \ | |
-log_level=${{ github.event.inputs.log_level }} \ | |
-batch_interval=${{vars.BATCH_INTERVAL}} \ | |
-max_batch_interval=${{vars.L2_MAX_BATCH_INTERVAL}} \ | |
-rollup_interval=${{vars.ROLLUP_INTERVAL}} \ | |
-l1_chain_id=${{vars.L1_CHAIN_ID}} \ | |
upgrade' | |
check-obscuro-is-healthy: | |
needs: | |
- build | |
- deploy | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ github.event.inputs.testnet_type }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: "Wait until obscuro node is healthy" | |
shell: bash | |
run: | | |
./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-0-${{vars.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com | |
./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-1-${{vars.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com | |
deploy-faucet-on-dispatch: | |
uses: ./.github/workflows/manual-deploy-testnet-faucet.yml | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
with: | |
testnet_type: ${{ github.event.inputs.testnet_type }} | |
secrets: inherit | |
needs: | |
- check-obscuro-is-healthy | |
deploy-faucet-on-schedule: | |
uses: ./.github/workflows/manual-deploy-testnet-faucet.yml | |
if: ${{ github.event_name == 'schedule' }} | |
with: | |
testnet_type: 'dev-testnet' | |
secrets: inherit | |
needs: | |
- check-obscuro-is-healthy | |
obscuro-test-signal-on-dispatch: | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ github.event.inputs.testnet_type }} | |
needs: | |
- deploy-faucet-on-dispatch | |
steps: | |
- name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet' | |
if: ${{ github.event.inputs.testnet_type == 'dev-testnet' }} | |
run: | | |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }' | |
- name: 'Send a repository dispatch to obscuro-test on upgrade of testnet' | |
if: ${{ github.event.inputs.testnet_type == 'testnet' }} | |
run: | | |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }' | |
obscuro-test-signal-on-schedule: | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ github.event.inputs.testnet_type }} | |
needs: | |
- deploy-faucet-on-schedule | |
steps: | |
- name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet' | |
run: | | |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }' |