forked from ethereum-optimism/optimism
-
Notifications
You must be signed in to change notification settings - Fork 3
147 lines (133 loc) · 6.38 KB
/
contracts-op-stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Deploy Contracts
on:
push:
branches:
- alvarof2/contracts
workflow_dispatch:
inputs:
deploy_contracts:
required: false
type: boolean
default: true
contracts_tag:
required: false
type: string
default: 'op-contracts/v1.3.0'
l1_chain_id:
required: false
type: string
default: '17000'
l1_rpc_url:
required: false
type: string
deployment_context:
required: false
type: string
default: 'test-alvaro'
gs_admin_address:
required: false
type: string
default: '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82'
gs_batcher_address:
required: false
type: string
default: '0x0F82E82268FA5de5070A088e54eAbc2dec07D615'
gs_proposer_address:
required: false
type: string
default: '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb'
gs_sequenncer_address:
required: false
type: string
default: '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e'
jobs:
deploy-contracts:
runs-on: ubuntu-latest
permissions: # Must change the job token permissions to use Akeyless JWT auth
id-token: write
contents: read
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
env:
DEPLOY_CONTRACTS: ${{ github.event_name == 'push' && 'false' || inputs.deploy_contracts }}
CONTRACTS_TAG: ${{ github.event_name == 'push' && 'op-contracts/v1.3.0' || inputs.contracts_tag }}
L1_CHAIN_ID: ${{ github.event_name == 'push' && '17000' || inputs.l1_chain_id }}
L1_RPC_URL: ${{ github.event_name == 'push' && 'https://ethereum-holesky-rpc.publicnode.com' || inputs.l1_rpc_url }}
DEPLOYMENT_CONTEXT: ${{ github.event_name == 'push' && 'test' || inputs.deployment_context }}
GS_ADMIN_ADDRESS: ${{ github.event_name == 'push' && '0xb2397dF29AFB4B4661559436180019bEb7912985' || inputs.gs_admin_address }}
GS_BATCHER_ADDRESS: ${{ github.event_name == 'push' && '0x7fDBe8F4D22ab511340667d7Ce5675568d09eBB4' || inputs.gs_batcher_address }}
GS_PROPOSER_ADDRESS: ${{ github.event_name == 'push' && '0xdCf30236Fa0aBE2ca0BEc2eE0a2F40b16A144DB3' || inputs.gs_proposer_address }}
GS_SEQUENCER_ADDRESS: ${{ github.event_name == 'push' && '0x3e2Df8efB6fA1d6E6021572a99BB67BA9ab2C59D' || inputs.gs_sequenncer_address }}
steps:
- name: "Get GitHub Token from Akeyless"
id: get_auth_token
uses:
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
dynamic-secrets: '{"/dynamic-secrets/keys/github/optimism/contents=write,pull_requests=write":"PAT"}'
- name: Akeyless get L1 URL
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
if: ${{ env.L1_RPC_URL == 'false' }}
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
static-secrets: '{"/static-secrets/devops-circle/alfajores/op-testnet-alfajores/HOLESKY_INFURA_URL":"L1_RPC_URL", "/static-secrets/devops-circle/alfajores/op-testnet-alfajores/GS_ADMIN_PRIVATE_KEY":"GS_ADMIN_PRIVATE_KEY"}'
# - name: Akeyless get GS ADMIN private key
# uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
# with:
# api-url: https://api.gateway.akeyless.celo-networks-dev.org
# access-id: p-kf9vjzruht6l
# static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/gs-admin-private-key":"GS_ADMIN_PRIVATE_KEY"}'
- name: "Checkout"
uses: actions/checkout@v4
with:
token: ${{ env.PAT }}
submodules: recursive
fetch-depth: 0
- name: "Checkout OP Repo"
uses: actions/checkout@v4
with:
repository: 'ethereum-optimism/optimism'
ref: '${{ env.CONTRACTS_TAG }}'
path: ethereum-optimism
submodules: recursive
fetch-depth: 0
- name: Setup
uses: ./.github/actions/setup
- name: Generate config JSON
run: |
cd packages/contracts-bedrock
./scripts/getting-started/config.sh
cp deploy-config/$DEPLOYMENT_CONTEXT.json /home/runner/work/optimism/optimism/ethereum-optimism/packages/contracts-bedrock/deploy-config/$DEPLOYMENT_CONTEXT.json
- name: Deploy L1 contracts
if: ${{ env.DEPLOY_CONTRACTS != 'false' }}
run: |
export IMPL_SALT=$(openssl rand -hex 32)
cd ethereum-optimism/packages/contracts-bedrock
echo "Broadcasting ..."
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --broadcast --rpc-url $L1_RPC_URL
mkdir -p /home/runner/work/optimism/optimism/packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT
cp deployments/$DEPLOYMENT_CONTEXT/.deploy /home/runner/work/optimism/optimism/packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT/.deploy
- name: Copy old .deploy file if contracts not deployed
if: ${{ env.DEPLOY_CONTRACTS == 'false' }}
run: |
mkdir -p ethereum-optimism/packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT
cp packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT/.deploy ethereum-optimism/packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT/.deploy
- name: Generate genesis files
run: |
mkdir -p l2-config-files/$DEPLOYMENT_CONTEXT
cd ethereum-optimism/op-node
go run cmd/main.go genesis l2 \
--deploy-config ../packages/contracts-bedrock/deploy-config/$DEPLOYMENT_CONTEXT.json \
--l1-deployments ../packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT/.deploy \
--outfile.l2 ../../l2-config-files/$DEPLOYMENT_CONTEXT/genesis-$(date +%s).json \
--outfile.rollup ../../l2-config-files/$DEPLOYMENT_CONTEXT/rollup-$(date +%s).json \
--l1-rpc $L1_RPC_URL
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3.17
- name: "Commit genesis files"
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: '[Automatic] - Commit genesis files'
file_pattern: 'l2-config-files packages/contracts-bedrock/**'