[M] Upgrade Testnet L2 #275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Upgrades an existing Obscuro network on Azure for Testnet and Dev Testnet. | |
| # The Obscuro network is composed of 2 Obscuro nodes running on individual VMs with SGX. At the moment the workflow can | |
| # either be triggered manually as a workflow dispatch, or as a scheduled task. When manually triggered the testnet type | |
| # (dev-testnet or testnet) can be supplied as an input argument. When triggered as a scheduled task, we always default | |
| # to a dev-testnet deployment. A scheduled deployment of dev-testnet will additionally kick off the E2E tests via | |
| # repository dispatch. | |
| # | |
| # The scheduled deployment runs at 03:05 on every day-of-week. | |
| name: '[M] Upgrade Testnet L2' | |
| on: | |
| schedule: | |
| - cron: '05 03 * * *' | |
| workflow_dispatch: | |
| inputs: | |
| testnet_type: | |
| description: 'Testnet Type' | |
| required: true | |
| default: 'dev-testnet' | |
| type: choice | |
| options: | |
| - 'dev-testnet' | |
| - 'testnet' | |
| log_level: | |
| description: 'Log Level 1-Error 5-Trace' | |
| required: true | |
| default: 3 | |
| type: number | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| # Map a step output to a job output | |
| outputs: | |
| L2_ENCLAVE_DOCKER_BUILD_TAG: ${{ steps.outputVars.outputs.L2_ENCLAVE_DOCKER_BUILD_TAG }} | |
| L2_HOST_DOCKER_BUILD_TAG: ${{ steps.outputVars.outputs.L2_HOST_DOCKER_BUILD_TAG }} | |
| RESOURCE_TAG_NAME: ${{ steps.outputVars.outputs.RESOURCE_TAG_NAME }} | |
| RESOURCE_STARTING_NAME: ${{ steps.outputVars.outputs.RESOURCE_STARTING_NAME }} | |
| RESOURCE_TESTNET_NAME: ${{ steps.outputVars.outputs.RESOURCE_TESTNET_NAME }} | |
| L1_HOST: ${{ steps.outputVars.outputs.L1_HOST }} | |
| VM_BUILD_NUMBER: ${{ steps.outputVars.outputs.VM_BUILD_NUMBER }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.20.4 | |
| - name: 'Login via Azure CLI' | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: 'Sets env vars for testnet' | |
| if: ${{ github.event.inputs.testnet_type == 'testnet' }} | |
| run: | | |
| echo "L2_ENCLAVE_DOCKER_BUILD_TAG=testnetobscuronet.azurecr.io/obscuronet/enclave:latest" >> $GITHUB_ENV | |
| echo "L2_HOST_DOCKER_BUILD_TAG=testnetobscuronet.azurecr.io/obscuronet/host:latest" >> $GITHUB_ENV | |
| echo "RESOURCE_TAG_NAME=testnetlatest" >> $GITHUB_ENV | |
| echo "RESOURCE_STARTING_NAME=T" >> $GITHUB_ENV | |
| echo "RESOURCE_TESTNET_NAME=testnet" >> $GITHUB_ENV | |
| echo "L1_HOST=testnet-eth2network.uksouth.cloudapp.azure.com" >> $GITHUB_ENV | |
| - name: 'Sets env vars for dev-testnet' | |
| if: ${{ (github.event.inputs.testnet_type == 'dev-testnet') || (github.event_name == 'schedule') }} | |
| run: | | |
| echo "L2_ENCLAVE_DOCKER_BUILD_TAG=testnetobscuronet.azurecr.io/obscuronet/dev_enclave:latest" >> $GITHUB_ENV | |
| echo "L2_HOST_DOCKER_BUILD_TAG=testnetobscuronet.azurecr.io/obscuronet/dev_host:latest" >> $GITHUB_ENV | |
| echo "RESOURCE_TAG_NAME=devtestnetlatest" >> $GITHUB_ENV | |
| echo "RESOURCE_STARTING_NAME=D" >> $GITHUB_ENV | |
| echo "RESOURCE_TESTNET_NAME=devtestnet" >> $GITHUB_ENV | |
| echo "L1_HOST=dev-testnet-eth2network.uksouth.cloudapp.azure.com" >> $GITHUB_ENV | |
| - name: 'Fetch latest VM hostnames by env tag and extract build number' | |
| id: fetch_hostnames | |
| run: | | |
| VM_HOSTNAME=$(az vm list --query "[?tags.${{env.RESOURCE_TAG_NAME}}=='true'].{Name:name}[0]" -g Testnet -o tsv) | |
| VM_BUILD_NUMBER=$(echo $VM_HOSTNAME | perl -ne 'if (/(-[0-9]{1}-)(\d+)/) { print $2 }') # Extract build number from VM hostname, e.g. D-0-321 -> 321 | |
| echo "VM_BUILD_NUMBER=${VM_BUILD_NUMBER}" >> $GITHUB_ENV | |
| echo "VM_HOSTNAME: ${VM_HOSTNAME}" | |
| echo "VM_BUILD_NUMBER: ${VM_BUILD_NUMBER}" | |
| if ! [[ $VM_BUILD_NUMBER =~ ^[0-9]+$ ]]; then # fail if build number is not a number | |
| echo "Error: Hostname lookup or regex extraction of build number failed." | |
| exit 1 | |
| fi | |
| - name: 'Output env vars' | |
| id: outputVars | |
| run: | | |
| echo "L2_ENCLAVE_DOCKER_BUILD_TAG=${{env.L2_ENCLAVE_DOCKER_BUILD_TAG}}" >> $GITHUB_OUTPUT | |
| echo "L2_HOST_DOCKER_BUILD_TAG=${{env.L2_HOST_DOCKER_BUILD_TAG}}" >> $GITHUB_OUTPUT | |
| echo "RESOURCE_TAG_NAME=${{env.RESOURCE_TAG_NAME}}" >> $GITHUB_OUTPUT | |
| echo "RESOURCE_STARTING_NAME=${{env.RESOURCE_STARTING_NAME}}" >> $GITHUB_OUTPUT | |
| echo "RESOURCE_TESTNET_NAME=${{env.RESOURCE_TESTNET_NAME}}" >> $GITHUB_OUTPUT | |
| echo "L1_HOST=${{env.L1_HOST}}" >> $GITHUB_OUTPUT | |
| echo "VM_BUILD_NUMBER=${{env.VM_BUILD_NUMBER}}" >> $GITHUB_OUTPUT | |
| - name: 'Login to Azure docker registry' | |
| uses: azure/docker-login@v1 | |
| with: | |
| login-server: testnetobscuronet.azurecr.io | |
| username: testnetobscuronet | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: 'Build and push obscuro node images' | |
| run: | | |
| DOCKER_BUILDKIT=1 docker build -t ${{env.L2_ENCLAVE_DOCKER_BUILD_TAG}} -f dockerfiles/enclave.Dockerfile . | |
| docker push ${{env.L2_ENCLAVE_DOCKER_BUILD_TAG}} | |
| DOCKER_BUILDKIT=1 docker build -t ${{env.L2_HOST_DOCKER_BUILD_TAG}} -f dockerfiles/host.Dockerfile . | |
| docker push ${{env.L2_HOST_DOCKER_BUILD_TAG}} | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| host_id: [ 0,1 ] | |
| include: | |
| # Hardcoded host addresses | |
| - host_addr: 0x0000000000000000000000000000000000000000 | |
| host_id: 0 | |
| - host_addr: 0x0000000000000000000000000000000000000001 | |
| host_id: 1 | |
| # Hardcoded host prefunded keys | |
| - node_pk_str: GETHNETWORK_PREFUNDED_PKSTR_0 | |
| host_id: 0 | |
| - node_pk_str: GETHNETWORK_PREFUNDED_PKSTR_1 | |
| host_id: 1 | |
| - node_pk_addr: GETHNETWORK_PREFUNDED_ADDR_0 | |
| host_id: 0 | |
| - node_pk_addr: GETHNETWORK_PREFUNDED_ADDR_1 | |
| host_id: 1 | |
| # Ensure there is a single genesis node | |
| - is_genesis: true | |
| host_id: 0 | |
| - is_genesis: false | |
| host_id: 1 | |
| # Ensure there is a single sequencer | |
| - node_type: sequencer | |
| host_id: 0 | |
| - node_type: validator | |
| host_id: 1 | |
| steps: | |
| - name: 'Extract branch name' | |
| shell: bash | |
| run: | | |
| echo "Branch Name: ${GITHUB_REF_NAME}" | |
| echo "BRANCH_NAME=${GITHUB_REF_NAME}" >> $GITHUB_ENV | |
| - name: 'Login via Azure CLI' | |
| uses: azure/login@v1 | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: 'Update Obscuro node-${{ matrix.host_id }} on Azure' | |
| uses: azure/CLI@v1 | |
| with: | |
| inlineScript: | | |
| az vm run-command invoke -g Testnet -n "${{needs.build.outputs.RESOURCE_STARTING_NAME}}-${{ matrix.host_id }}-${{needs.build.outputs.VM_BUILD_NUMBER}}" \ | |
| --command-id RunShellScript \ | |
| --scripts ' | |
| docker pull ${{needs.build.outputs.L2_HOST_DOCKER_BUILD_TAG}} \ | |
| && docker pull ${{needs.build.outputs.L2_ENCLAVE_DOCKER_BUILD_TAG}} \ | |
| && rm -rf /home/obscuro/go-obscuro \ | |
| && git clone --depth 1 -b ${{ env.BRANCH_NAME }} https://github.com/obscuronet/go-obscuro.git /home/obscuro/go-obscuro \ | |
| && cd /home/obscuro/go-obscuro/ \ | |
| && sudo go run /home/obscuro/go-obscuro/go/node/cmd \ | |
| -is_genesis=${{ matrix.is_genesis }} \ | |
| -node_type=${{ matrix.node_type }} \ | |
| -is_sgx_enabled=true \ | |
| -host_id=${{ secrets[matrix.node_pk_addr] }} \ | |
| -l1_host=${{needs.build.outputs.L1_HOST}} \ | |
| -private_key=${{ secrets[matrix.node_pk_str] }} \ | |
| -sequencer_id=${{ secrets.GETHNETWORK_PREFUNDED_ADDR_0 }} \ | |
| -host_public_p2p_addr=obscuronode-${{ matrix.host_id }}-${{needs.build.outputs.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com:10000 \ | |
| -host_p2p_port=10000 \ | |
| -enclave_docker_image=${{needs.build.outputs.L2_ENCLAVE_DOCKER_BUILD_TAG}} \ | |
| -host_docker_image=${{needs.build.outputs.L2_HOST_DOCKER_BUILD_TAG}} \ | |
| -log_level=${{ github.event.inputs.log_level }} \ | |
| upgrade' | |
| check-obscuro-is-healthy: | |
| needs: | |
| - build | |
| - deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: "Wait until obscuro node is healthy" | |
| shell: bash | |
| run: | | |
| ./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-0-${{needs.build.outputs.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com | |
| ./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-1-${{needs.build.outputs.RESOURCE_TESTNET_NAME}}-${{needs.build.outputs.VM_BUILD_NUMBER}}.uksouth.cloudapp.azure.com | |
| deploy-faucet-on-dispatch: | |
| uses: ./.github/workflows/manual-deploy-testnet-faucet.yml | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| with: | |
| testnet_type: ${{ github.event.inputs.testnet_type }} | |
| secrets: inherit | |
| needs: | |
| - check-obscuro-is-healthy | |
| deploy-faucet-on-schedule: | |
| uses: ./.github/workflows/manual-deploy-testnet-faucet.yml | |
| if: ${{ github.event_name == 'schedule' }} | |
| with: | |
| testnet_type: 'dev-testnet' | |
| secrets: inherit | |
| needs: | |
| - check-obscuro-is-healthy | |
| obscuro-test-signal-on-dispatch: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy-faucet-on-dispatch | |
| steps: | |
| - name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet' | |
| if: ${{ github.event.inputs.testnet_type == 'dev-testnet' }} | |
| run: | | |
| curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }' | |
| - name: 'Send a repository dispatch to obscuro-test on upgrade of testnet' | |
| if: ${{ github.event.inputs.testnet_type == 'testnet' }} | |
| run: | | |
| curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }' | |
| obscuro-test-signal-on-schedule: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy-faucet-on-schedule | |
| steps: | |
| - name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet' | |
| run: | | |
| curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/obscuronet/obscuro-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }' |