Merge branch 'master' into lx/move-add-gate-out-of-aux

.github/workflows/ci-arm.yml

@@ -25,7 +25,7 @@ jobs:
   setup:
     uses: ./.github/workflows/setup-runner.yml
     with:
-      username: ${{ github.event.pull_request.user.login || github.actor }}
+      username: master
       runner_type: builder-arm
     secrets: inherit
 
@@ -49,24 +49,28 @@ jobs:
 
   build-images:
     needs: [setup, changes]
-    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-arm
+    # Note we don't put the 'if' here as that would also apply to dependent jobs, instead we just copy it into each step
+    runs-on: master-arm
     steps:
       # permission kludge before checkout, see https://github.com/actions/checkout/issues/211#issuecomment-611986243
       - run: sudo chown -R $USER:$USER /home/ubuntu/
+        if: needs.changes.outputs.build-images == 'true'
       - uses: actions/checkout@v4
         with: { ref: "${{ env.GIT_COMMIT }}" }
+        if: needs.changes.outputs.build-images == 'true'
       - uses: ./.github/ci-setup-action
+        if: needs.changes.outputs.build-images == 'true'
         with:
           concurrency_key: build-images-arm
       - name: "Push Build Images If Changed"
-        if: ${{ needs.changes.outputs.build-images }}
+        if: needs.changes.outputs.build-images == 'true'
         timeout-minutes: 40
         run: |
           earthly-ci --push ./build-images/+build
 
   build:
     needs: [build-images]
-    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-arm
+    runs-on: master-arm
     steps:
       # permission kludge before checkout, see https://github.com/actions/checkout/issues/211#issuecomment-611986243
       - run: sudo chown -R $USER:$USER /home/ubuntu/
@@ -84,7 +88,7 @@ jobs:
   # all the non-bench end-to-end integration tests for aztec
   e2e:
     needs: [build]
-    runs-on: ${{ github.event.pull_request.user.login || github.actor }}-arm
+    runs-on: master-arm
     steps:
       # permission kludge before checkout, see https://github.com/actions/checkout/issues/211#issuecomment-611986243
       - run: sudo chown -R $USER:$USER /home/ubuntu/

.github/workflows/ci.yml

@@ -8,6 +8,7 @@ on:
       - reopened
       - synchronize
       - ready_for_review
+      - labeled
     branches-ignore: [devnet]
   workflow_dispatch:
     inputs: {}
@@ -113,7 +114,7 @@ jobs:
 
   build:
     needs: [build-images, changes]
-    if: needs.changes.outputs.non-docs == 'true' && needs.changes.outputs.non-misc-ci == 'true' && needs.changes.outputs.non-barretenberg-cpp == 'true'
+    if: (needs.changes.outputs.non-docs == 'true' && needs.changes.outputs.non-misc-ci == 'true' && needs.changes.outputs.non-barretenberg-cpp == 'true') || github.ref_name == 'master'
     runs-on: ${{ github.event.pull_request.user.login || github.actor }}-x86
     outputs:
       e2e_list: ${{ steps.e2e_list.outputs.list }}
@@ -133,15 +134,29 @@ jobs:
       # (Note ARM uses just 2 tests as a smoketest)
       - name: Create list of non-bench end-to-end jobs
         id: e2e_list
-        run: echo "list=$(earthly ls ./yarn-project/end-to-end | grep -v '+base' | grep -v '+bench' | grep -v "+network" | grep -v 'devnet' | sed 's/+//' | jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
+        run: |
+          if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
+            LABELS=$(jq -r '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH")
+          else
+            LABELS=""
+          fi
+          echo Labels: $LABELS
+          echo "list=$(./scripts/ci/get_e2e_jobs.sh ${{github.ref_name}} "$LABELS")" >> $GITHUB_OUTPUT
       - name: Create list of bench end-to-end jobs
         id: bench_list
-        run: echo "list=$(earthly ls ./yarn-project/end-to-end | grep '+bench' |  sed 's/+//' | jq -R . | jq -cs .)" >> $GITHUB_OUTPUT
+        run: |
+          if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
+            LABELS=$(jq -r '.pull_request.labels | map(.name) | join(",")' "$GITHUB_EVENT_PATH")
+          else
+            LABELS=""
+          fi
+          echo Labels: $LABELS
+          echo "list=$(./scripts/ci/get_bench_jobs.sh ${{github.ref_name}} "$LABELS")" >> $GITHUB_OUTPUT
 
   # all the non-bench end-to-end integration tests for aztec
   e2e:
     needs: [build, changes]
-    if: needs.changes.outputs.non-barretenberg-cpp == 'true'
+    if: needs.changes.outputs.non-barretenberg-cpp == 'true' || github.ref_name == 'master' || contains(github.event.pull_request.labels.*.name, 'e2e')
     runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
@@ -171,7 +186,7 @@ jobs:
   # all the benchmarking end-to-end integration tests for aztec (not required to merge)
   bench-e2e:
     needs: [build, changes]
-    if: needs.changes.outputs.non-barretenberg-cpp == 'true'
+    if: needs.changes.outputs.non-barretenberg-cpp == 'true' || github.ref_name == 'master' || contains(github.event.pull_request.labels.*.name, 'bench')
     runs-on: ubuntu-20.04
     strategy:
       fail-fast: false

.github/workflows/devnet-deploys.yml

@@ -770,7 +770,7 @@ jobs:
         run: |
           ./.github/scripts/wait_for_infra.sh pxe ${{ env.DEPLOY_TAG }} ${{ env.API_KEY }}
 
-      - name: Deploy verifier (allow failure)
+      - name: Deploy verifier
         working-directory: ./yarn-project/aztec/terraform/pxe
         run: |
           set -eo pipefail

.github/workflows/network-deploy.yml

@@ -0,0 +1,57 @@
+name: Aztec Network EKS Deployment
+
+# Manual trigerring of this workflow is intentionally disabled
+# Helm deployments do not support lock files
+# Without a lockfile, manual trigerring can lead to corrupted or partial deployments
+
+on:
+  push:
+    branches:
+      - staging
+      - production
+  pull_request:
+    branches:
+      - staging
+      - production
+
+jobs:
+  network_deployment:
+    # This job will run on Ubuntu
+    runs-on: ubuntu-latest
+    concurrency:
+      group: deploy-${{ github.ref }} # Only one job per branch
+      cancel-in-progress: false # Allow previous deployment to complete to avoid corruption
+
+    # Set up a variable based on the branch name
+    env:
+      NAMESPACE: ${{ github.ref == 'refs/heads/production' && 'production' || 'staging' }}
+      CHART_PATH: ./spartan/aztec-network
+
+    steps:
+      # Step 1: Check out the repository's code
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      # Step 2: Configure AWS credentials using GitHub Secrets
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-2
+
+      # Step 3: Set up Kubernetes context for AWS EKS
+      - name: Configure kubectl with EKS cluster
+        run: |
+          aws eks update-kubeconfig --region us-east-2 --name spartan_cluster
+
+      # Step 4: Install Helm
+      - name: Install Helm
+        run: |
+          curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+
+      # Step 5: Apply Helm Chart
+      - name: Deploy Helm chart
+        run: |
+          helm dependency update ${{ env.CHART_PATH }}
+          helm upgrade --install ${{ env.NAMESPACE }} ${{ env.CHART_PATH }} --namespace ${{ env.NAMESPACE }} --atomic

.github/workflows/redo-typo-pr.yml

@@ -0,0 +1,44 @@
+name: Redo Typo PR
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'The PR number to redo'
+        required: true
+        type: string
+
+  pull_request_target:
+    types: [labeled]
+    branches:
+      - master
+    paths-ignore:
+      - '**/README.md'
+
+jobs:
+  redo-typo-pr:
+    if: github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'redo-typo-pr')
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+      with:
+        token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+
+    - name: Authenticate with GitHub CLI
+      run: |
+        echo "${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}" | gh auth login --with-token
+
+    - name: Set git configure for commits
+      run: |
+        # Identify ourselves, needed to commit
+        git config --global user.name AztecBot
+        git config --global user.email tech@aztecprotocol.com
+
+    - name: Determine PR number
+      id: determine-pr-number
+      run: echo "PR_NUMBER=${{ github.event.inputs.pr_number || github.event.pull_request.number }}" >> $GITHUB_ENV
+
+    - name: Run repo-typo-pr script
+      run: ./scripts/redo-typo-pr ${{ env.PR_NUMBER }}

.github/workflows/sepolia-deploy.yml

@@ -0,0 +1,120 @@
+name: Deploy to Sepolia network
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  IMAGE_TAG: latest
+  DEPLOY_TAG: sepolianet
+  CONTRACT_S3_BUCKET: s3://static.aztec.network
+
+  # TF Variables
+  TF_VAR_IMAGE_TAG: latest
+  TF_VAR_DEPLOY_TAG: sepolianet
+  TF_VAR_L1_CHAIN_ID: 11155111
+  TF_VAR_ETHEREUM_HOST: https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}
+  TF_VAR_PROVING_ENABLED: false
+  TF_VAR_API_KEY: ${{ secrets.SEPOLIANET_API_KEY }}
+  # Node / Sequencer
+  TF_VAR_BOOTSTRAP_NODES: ""
+  TF_VAR_P2P_ENABLED: "false"
+  TF_VAR_NODE_P2P_PRIVATE_KEYS: '[""]'
+  TF_VAR_SEQ_MIN_TX_PER_BLOCK: 1
+  TF_VAR_SEQ_MAX_TX_PER_BLOCK: 64
+  TF_VAR_NODE_LB_RULE_PRIORITY: 7000
+  TF_VAR_NODE_P2P_TCP_PORT: 40500
+  TF_VAR_NODE_P2P_UDP_PORT: 45500
+  # Address 0x652575Ff941e7c2850fB89f2B207efF6B06BC7B4
+  TF_VAR_SEQUENCER_PRIVATE_KEYS: '["${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }}"]'
+
+  # Prover Node
+  TF_VAR_PROVER_NODE_LB_RULE_PRIORITY: 7100
+  # Address 0xE3b8F9F23b8D4BD7d437218Bff3bcED1ce5E70B3
+  TF_VAR_PROVER_PRIVATE_KEYS: '["${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }}"]'
+
+jobs:
+  setup:
+    uses: ./.github/workflows/setup-runner.yml
+    with:
+      username: ${{ github.event.pull_request.user.login || github.actor }}
+      runner_type: builder-x86
+    secrets: inherit
+
+  deploy:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: "${{ github.sha }}"
+
+      - uses: ./.github/ci-setup-action
+
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.7.5
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Deploy L1 Contracts to Sepolia
+        run: |
+          set -e
+          docker pull aztecprotocol/aztec:${{ env.IMAGE_TAG }}
+          docker run aztecprotocol/aztec:${{ env.IMAGE_TAG }} deploy-l1-contracts \
+            --private-key ${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }} \
+            --rpc-url ${{ env.TF_VAR_ETHEREUM_HOST }} \
+            --l1-chain-id ${{ env.TF_VAR_L1_CHAIN_ID }} \
+            --salt ${{ github.run_id }} \
+            --json | tee ./l1_contracts.json
+
+          # upload contract addresses to S3
+          aws s3 cp ./l1_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/${{ env.DEPLOY_TAG }}/l1_contracts.json
+
+          # export contract addresses so they can be used by subsequent terraform deployments
+          function extract() {
+            jq -r ".$1" ./l1_contracts.json
+          }
+
+          echo "TF_VAR_ROLLUP_CONTRACT_ADDRESS=$(extract rollupAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_REGISTRY_CONTRACT_ADDRESS=$(extract registryAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_INBOX_CONTRACT_ADDRESS=$(extract inboxAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_OUTBOX_CONTRACT_ADDRESS=$(extract outboxAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_AVAILABILITY_ORACLE_CONTRACT_ADDRESS=$(extract availabilityOracleAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_FEE_JUICE_CONTRACT_ADDRESS=$(extract feeJuiceAddress)" >>$GITHUB_ENV
+          echo "TF_VAR_FEE_JUICE_PORTAL_CONTRACT_ADDRESS=$(extract feeJuicePortalAddress)" >>$GITHUB_ENV
+
+      - name: Apply l1-contracts Terraform
+        working-directory: ./l1-contracts/terraform
+        run: |
+          env
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/l1-contracts"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy Aztec Node
+        working-directory: ./yarn-project/aztec/terraform/node
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-node"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy Aztec Prover Node
+        working-directory: ./yarn-project/aztec/terraform/prover-node
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/aztec-prover-node"
+          terraform apply -input=false -auto-approve
+
+      - name: Deploy PXE
+        working-directory: ./yarn-project/aztec/terraform/pxe
+        run: |
+          terraform init -input=false -backend-config="key=${{ env.DEPLOY_TAG }}/pxe"
+          terraform apply -input=false -auto-approve -replace="aws_efs_file_system.pxe_data_store"

.github/workflows/sepolia-test.yml

@@ -21,7 +21,7 @@ env:
   PROVER_PUBLISHER_PRIVATE_KEY: ${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }}
 
   ETHEREUM_HOST: "https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}"
-  L1_CHAIN_ID: "11155111"
+  L1_CHAIN_ID: 11155111
 
 jobs:
   setup:
@@ -55,10 +55,10 @@ jobs:
           cd ./yarn-project/end-to-end/
           export FORCE_COLOR=1
           ../../scripts/earthly-ci -P --no-output +e2e-public-testnet \
-          --SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }} \
-          --PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }} \
-          --ETHEREUM_HOST="https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}" \
-          --L1_CHAIN_ID="11155111"
+            --SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_SEQ_PRIVATE_KEY }} \
+            --PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.SEPOLIA_PROVER_PRIVATE_KEY }} \
+            --ETHEREUM_HOST="https://sepolia.infura.io/v3/${{ secrets.SEPOLIA_API_KEY }}" \
+            --L1_CHAIN_ID=${{ env.L1_CHAIN_ID }}
 
   success-check:
     runs-on: ubuntu-20.04

.github/workflows/spartan-test.yml

@@ -136,11 +136,10 @@ jobs:
           tester_ttl: 40
           run: |
             set -eux
-            cd ./yarn-project/end-to-end/
-            ./scripts/setup_local_k8s.sh
+            ./spartan/scripts/setup_local_k8s.sh
             export FORCE_COLOR=1
             export EARTHLY_BUILD_ARGS="${{ env.EARTHLY_BUILD_ARGS }}"
-            ../../scripts/earthly-ci --exec-stats -P --no-output ./+network-transfer --values-file=${{ matrix.values_file }}
+            ./scripts/earthly-ci --exec-stats -P --no-output ./yarn-project/end-to-end/+network-transfer --values-file=${{ matrix.values_file }}
 
   success-check:
     runs-on: ubuntu-20.04

.gitignore

@@ -8,6 +8,7 @@ build/
 .idea
 cmake-build-debug
 .terraform*
+terraform.tfstate*
 .bootstrapped
 .tsbuildinfo
 

.noir-sync-commit

@@ -1 +1 @@
-21425dedcc31287431a4a25589d52d5397e974bc
+fc74c55ffed892962413c6fe15af62e1d2e7b785