-
Notifications
You must be signed in to change notification settings - Fork 39
253 lines (230 loc) · 10.5 KB
/
manual-upgrade-testnet-l2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
# Upgrades an existing Obscuro network on Azure for Testnet and Dev Testnet.
# The Obscuro network is composed of 2 Obscuro nodes running on individual VMs with SGX. At the moment the workflow can
# either be triggered manually as a workflow dispatch, or as a scheduled task. When manually triggered the testnet type
# (dev-testnet or testnet) can be supplied as an input argument. When triggered as a scheduled task, we always default
# to a dev-testnet deployment. A scheduled deployment of dev-testnet will additionally kick off the E2E tests via
# repository dispatch.
#
# The scheduled deployment runs at 03:05 on every day-of-week.
#
# This script uses GitHub Environments for variables (vars) and secrets - these are configured on GitHub and
# the environments match the input.testnet_type options
name: '[M] Upgrade Testnet L2'
run-name: '[M] Upgrade Testnet L2 ( ${{ github.event.inputs.testnet_type }} )'
on:
# schedule:
# - cron: '05 03 * * *'
workflow_dispatch:
inputs:
testnet_type:
description: 'Testnet Type'
required: true
default: 'dev-testnet'
type: choice
options:
- 'dev-testnet'
- 'uat-testnet'
- 'sepolia-testnet'
log_level:
description: 'Log Level 1-Error 5-Trace'
required: true
default: 3
type: number
jobs:
build:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
# Map a step output to a job output
outputs:
VM_BUILD_NUMBER: ${{ steps.outputVars.outputs.VM_BUILD_NUMBER }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: 1.21.8
- name: 'Print GitHub variables'
# This is a useful record of what the environment variables were at the time the job ran, for debugging and reference
run: |
echo "GitHub Variables = ${{ toJSON(vars) }}"
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Fetch latest VM hostnames by env tag and extract build number'
id: fetch_hostnames
run: |
VM_HOSTNAME=$(az vm list --query "[?tags.\"${{ vars.AZURE_DEPLOY_GROUP_L2 }}\"=='true'].{Name:name}[0]" -g Testnet -o tsv)
VM_BUILD_NUMBER=$(echo $VM_HOSTNAME | perl -ne 'if (/(-[0-9]{1}-)(\d+)/) { print $2 }') # Extract build number from VM hostname, e.g. D-0-321 -> 321
echo "VM_BUILD_NUMBER=${VM_BUILD_NUMBER}" >> $GITHUB_ENV
echo "VM_HOSTNAME: ${VM_HOSTNAME}"
echo "VM_BUILD_NUMBER: ${VM_BUILD_NUMBER}"
if ! [[ $VM_BUILD_NUMBER =~ ^[0-9]+$ ]]; then # fail if build number is not a number
echo "Error: Hostname lookup or regex extraction of build number failed."
exit 1
fi
- name: 'Output env vars'
id: outputVars
run: |
echo "VM_BUILD_NUMBER=${{ env.VM_BUILD_NUMBER }}" >> $GITHUB_OUTPUT
- name: 'Login to Azure docker registry'
uses: azure/docker-login@v1
with:
login-server: testnetobscuronet.azurecr.io
username: testnetobscuronet
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: 'Build and push obscuro node images'
run: |
DOCKER_BUILDKIT=1 docker build -t ${{ vars.L2_ENCLAVE_DOCKER_BUILD_TAG }} -f dockerfiles/enclave.Dockerfile .
docker push ${{ vars.L2_ENCLAVE_DOCKER_BUILD_TAG }}
DOCKER_BUILDKIT=1 docker build -t ${{ vars.L2_HOST_DOCKER_BUILD_TAG }} -f dockerfiles/host.Dockerfile .
docker push ${{ vars.L2_HOST_DOCKER_BUILD_TAG }}
deploy:
needs: build
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
strategy:
matrix:
host_id: [ 0,1,2 ]
include:
# Ensure there is a single genesis node
- is_genesis: true
host_id: 0
- is_genesis: false
host_id: 1
- is_genesis: false
host_id: 2
# Ensure there is a single sequencer
- node_type: sequencer
host_id: 0
- node_type: validator
host_id: 1
- node_type: validator
host_id: 2
# Hardcoded lookup keys because GH actions doesn't let you build them inline with the host_id
- node_pk_lookup: ACCOUNT_PK_NODE_0
host_id: 0
- node_pk_lookup: ACCOUNT_PK_NODE_1
host_id: 1
- node_pk_lookup: ACCOUNT_PK_NODE_2
host_id: 2
- node_addr_lookup: ACCOUNT_ADDR_NODE_0
host_id: 0
- node_addr_lookup: ACCOUNT_ADDR_NODE_1
host_id: 1
- node_addr_lookup: ACCOUNT_ADDR_NODE_2
host_id: 2
- node_l1_ws_lookup: L1_WS_URL_0
host_id: 0
- node_l1_ws_lookup: L1_WS_URL_1
host_id: 1
- node_l1_ws_lookup: L1_WS_URL_2
host_id: 2
# sequencer has an HA setup with 2 enclaves
- num_enclaves: 1
host_id: 0
- num_enclaves: 1
host_id: 1
- num_enclaves: 1
host_id: 2
steps:
- name: 'Extract branch name'
shell: bash
run: |
echo "Branch Name: ${GITHUB_REF_NAME}"
echo "BRANCH_NAME=${GITHUB_REF_NAME}" >> $GITHUB_ENV
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 'Update Obscuro node-${{ matrix.host_id }} on Azure'
uses: azure/CLI@v1
with:
inlineScript: |
az vm run-command invoke -g Testnet -n "${{ vars.AZURE_RESOURCE_PREFIX }}-${{ matrix.host_id }}-${{ needs.build.outputs.VM_BUILD_NUMBER }}" \
--command-id RunShellScript \
--scripts '
docker pull ${{ vars.L2_HOST_DOCKER_BUILD_TAG }} \
&& docker pull ${{ vars.L2_ENCLAVE_DOCKER_BUILD_TAG }} \
&& rm -rf /home/obscuro/go-obscuro \
&& git clone --depth 1 -b ${{ env.BRANCH_NAME }} https://github.com/ten-protocol/go-ten.git /home/obscuro/go-obscuro \
&& cd /home/obscuro/go-obscuro/ \
&& sudo go run /home/obscuro/go-obscuro/go/node/cmd \
-is_genesis=${{ matrix.is_genesis }} \
-node_type=${{ matrix.node_type }} \
-num_enclaves=${{ matrix.num_enclaves }} \
-is_sgx_enabled=true \
-host_id=${{ vars[matrix.node_addr_lookup] }} \
-l1_ws_url=${{ secrets[matrix.node_l1_ws_lookup] }} \
-private_key=${{ secrets[matrix.node_pk_lookup] }} \
-sequencer_addr=obscuronode-0-${{ github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:10000 \
-host_public_p2p_addr=obscuronode-${{ matrix.host_id }}-${{ github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com:10000 \
-host_p2p_port=10000 \
-enclave_docker_image=${{ vars.L2_ENCLAVE_DOCKER_BUILD_TAG }} \
-host_docker_image=${{ vars.L2_HOST_DOCKER_BUILD_TAG }} \
-is_debug_namespace_enabled=true \
-log_level=${{ github.event.inputs.log_level }} \
-batch_interval=${{ vars.L2_BATCH_INTERVAL }} \
-max_batch_interval=${{ vars.L2_MAX_BATCH_INTERVAL }} \
-rollup_interval=${{ vars.L2_ROLLUP_INTERVAL }} \
-l1_chain_id=${{ vars.L1_CHAIN_ID }} \
-l1_beacon_url=${{ vars.L1_BEACON_URL }} \
-l1_blob_archive_url=${{ vars.L1_BLOB_ARCHIVE_URL }} \
-postgres_db_host=postgres://tenuser:${{ secrets.TEN_POSTGRES_USER_PWD }}@postgres-ten-${{ github.event.inputs.testnet_type }}.postgres.database.azure.com:5432/ \
upgrade'
check-obscuro-is-healthy:
needs:
- build
- deploy
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
steps:
- uses: actions/checkout@v4
- name: "Wait until obscuro node is healthy"
shell: bash
run: |
./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-0-${{ github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com
./.github/workflows/runner-scripts/wait-node-healthy.sh --host=obscuronode-1-${{ github.event.inputs.testnet_type }}.uksouth.cloudapp.azure.com
deploy-faucet-on-dispatch:
uses: ./.github/workflows/manual-deploy-testnet-faucet.yml
if: ${{ github.event_name == 'workflow_dispatch' }}
with:
testnet_type: ${{ github.event.inputs.testnet_type }}
secrets: inherit
needs:
- check-obscuro-is-healthy
deploy-faucet-on-schedule:
uses: ./.github/workflows/manual-deploy-testnet-faucet.yml
if: ${{ github.event_name == 'schedule' }}
with:
testnet_type: 'dev-testnet'
secrets: inherit
needs:
- check-obscuro-is-healthy
obscuro-test-signal-on-dispatch:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
needs:
- deploy-faucet-on-dispatch
steps:
- name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet'
if: ${{ github.event.inputs.testnet_type == 'dev-testnet' }}
run: |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/ten-protocol/ten-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }'
- name: 'Send a repository dispatch to obscuro-test on upgrade of uat-testnet'
if: ${{ github.event.inputs.testnet_type == 'uat-testnet' }}
run: |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/ten-protocol/ten-test/dispatches --data '{ "event_type": "uat_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }'
obscuro-test-signal-on-schedule:
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.testnet_type }}
needs:
- deploy-faucet-on-schedule
steps:
- name: 'Send a repository dispatch to obscuro-test on upgrade of dev-testnet'
run: |
curl -XPOST -H "Authorization: Bearer ${{ secrets.GH_TOKEN }}" -H "Accept:application/vnd.github" -H "Content-Type:application/json" https://api.github.com/repos/ten-protocol/ten-test/dispatches --data '{ "event_type": "dev_testnet_upgraded", "client_payload": { "ref": "${{ github.ref_name }}" }'