chore: remove use of pedersen where possible (#19823) #614
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AVM Circuit Inputs Collection and Check | |
| on: | |
| push: | |
| branches: | |
| - next | |
| schedule: | |
| # Also run nightly at 3:00 AM UTC as a safety net | |
| - cron: "0 3 * * *" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| collect-avm-circuit-inputs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| persist-credentials: false | |
| - name: Compute tarball name | |
| id: compute-hash | |
| run: | | |
| # Use tree hash for tarball name - consistent across all environments | |
| # Same content = same tree hash, even across different commits | |
| TREE_HASH=$(git rev-parse HEAD^{tree}) | |
| TARBALL_NAME="e2e-avm-circuit-inputs-$TREE_HASH.tar.gz" | |
| echo "tarball_name=$TARBALL_NAME" >> $GITHUB_OUTPUT | |
| echo "Tarball name: $TARBALL_NAME" | |
| - name: Collect AVM Circuit Inputs | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }} | |
| run: | | |
| set -eu | |
| # Setup SSH key for EC2 access | |
| mkdir -p ~/.ssh | |
| echo "${BUILD_INSTANCE_SSH_KEY}" | base64 --decode > ~/.ssh/build_instance_key | |
| chmod 600 ~/.ssh/build_instance_key | |
| # Run via ci.sh which spins up an EC2 instance and runs ./bootstrap.sh ci-avm-inputs-collection | |
| ./ci.sh avm-inputs-collection | |
| - name: Download and attach inputs as artifact | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: | | |
| set -eu | |
| TARBALL_NAME="${{ steps.compute-hash.outputs.tarball_name }}" | |
| echo "Downloading $TARBALL_NAME from S3..." | |
| aws s3 cp "s3://aztec-ci-artifacts/build-cache/$TARBALL_NAME" "./$TARBALL_NAME" | |
| - name: Upload AVM inputs artifact | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: avm-circuit-inputs | |
| path: ${{ steps.compute-hash.outputs.tarball_name }} | |
| retention-days: 30 | |
| avm-check-circuit: | |
| needs: collect-avm-circuit-inputs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| persist-credentials: false | |
| - name: Run AVM Check-Circuit | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }} | |
| run: | | |
| set -eu | |
| # Setup SSH key for EC2 access | |
| mkdir -p ~/.ssh | |
| echo "${BUILD_INSTANCE_SSH_KEY}" | base64 --decode > ~/.ssh/build_instance_key | |
| chmod 600 ~/.ssh/build_instance_key | |
| # Run via ci.sh which spins up an EC2 instance and runs ./bootstrap.sh ci-avm-check-circuit | |
| ./ci.sh avm-check-circuit | |
| - name: Notify Slack on failure | |
| if: failure() | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| run: | | |
| WORKFLOW_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| curl -X POST https://slack.com/api/chat.postMessage \ | |
| -H "Authorization: Bearer $SLACK_BOT_TOKEN" \ | |
| -H "Content-type: application/json" \ | |
| --data "{\"channel\": \"#team-bonobos\", \"text\": \"🚨 AVM check-circuit failed\\n<$WORKFLOW_URL|View Run>\"}" |