AztecProtocol
diff --git a/‎.github/local_workflow.sh‎
Lines changed: 38 additions & 0 deletions b/‎.github/local_workflow.sh‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎.github/workflows/deploy-eth-devnet.yml‎
Lines changed: 266 additions & 0 deletions b/‎.github/workflows/deploy-eth-devnet.yml‎
Lines changed: 266 additions & 0 deletions
diff --git a/‎.github/workflows/publish-bb-mac.yml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/publish-bb-mac.yml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎spartan/.gitignore‎
Lines changed: 2 additions & 0 deletions b/‎spartan/.gitignore‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎spartan/scripts/cleanup_helm.sh‎
Lines changed: 41 additions & 0 deletions b/‎spartan/scripts/cleanup_helm.sh‎
Lines changed: 41 additions & 0 deletions
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Runs a github workflow locally.
+# Bind-mounts the local directory into the container, which executes as the current user.
+# Attempts to use a GCP service account, which you can download from
+# https://console.cloud.google.com/iam-admin/serviceaccounts
+
+# Your workflow may not need a GCP service account, nor a kubeconfig, etc.
+# Feel free to send a PR to tweak the script ;)
+
+# example usage:
+# export GOOGLE_APPLICATION_CREDENTIALS=/home/mitch/tokens/testnet-helm-sa.json
+# alias lwfl=/home/mitch/aztec-clones/alpha/.github/local_workflow.sh
+# lwfl deploy_eth_devnet --input cluster=kind --input resource_profile=dev --input namespace=mitch-eth-devnet --input create_static_ips=false
+# lwfl deploy_eth_devnet --input cluster=aztec-gke-private --input resource_profile=prod --input namespace=mitch-eth-devnet --input create_static_ips=false
+
+workflow_name=$1
+
+REPO_ROOT=$(git rev-parse --show-toplevel)
+
+if [ -z "$workflow_name" ]; then
+  echo "Usage: $0 <workflow_name> [args ...]"
+  exit 1
+fi
+
+# get the rest of the args (skip the first one which is the workflow name)
+shift
+args=("$@")
+
+SA_KEY_JSON=$(cat "$GOOGLE_APPLICATION_CREDENTIALS")
+
+act workflow_dispatch -j $workflow_name \
+  -s GITHUB_TOKEN="$(gh auth token)" \
+  -s GCP_SA_KEY="$SA_KEY_JSON" \
+  -s KUBECONFIG_B64="$(cat $HOME/.kube/config | base64 -w0)" \
+  --container-options "--user $(id -u):$(id -g)" \
+  --bind \
+  --directory $REPO_ROOT "${args[@]}"
@@ -0,0 +1,266 @@
+name: Deploy Eth Devnet
+
+# This workflow is used to deploy the eth devnet to a cluster.
+# It can be used to deploy to kind or a GKE cluster.
+#
+# Set yourself up to run locally with:
+# export GOOGLE_APPLICATION_CREDENTIALS=/home/mitch/tokens/testnet-helm-sa.json
+# alias lwfl=/home/mitch/aztec-clones/alpha/.github/local_workflow.sh
+#
+# Then deploy to kind:
+# lwfl deploy_eth_devnet --input cluster=kind --input resource_profile=dev --input namespace=mitch-eth-devnet --input create_static_ips=false
+#
+# Or to a GKE cluster:
+# lwfl deploy_eth_devnet --input cluster=aztec-gke-private --input resource_profile=prod --input namespace=mitch-eth-devnet --input create_static_ips=false
+
+on:
+  workflow_call:
+    inputs:
+      cluster:
+        description: The cluster to deploy to, e.g. aztec-gke-private or kind
+        required: true
+        type: string
+      namespace:
+        description: The namespace to deploy to
+        required: true
+        type: string
+      ref:
+        description: The branch name to deploy from
+        required: false
+        type: string
+        default: "next"
+      chain_id:
+        description: Ethereum chain ID for genesis generation
+        required: false
+        type: number
+        default: 1337
+      block_time:
+        description: Block time in seconds for genesis generation
+        required: false
+        type: number
+        default: 12
+      gas_limit:
+        description: Gas limit for blocks in genesis generation
+        required: false
+        type: string
+        default: "32000000"
+      resource_profile:
+        description: Resource profile to use (dev or prod)
+        required: false
+        type: string
+        default: "prod"
+      create_static_ips:
+        description: Whether to create static IPs as part of the eth devnet for the execution and beacon nodes
+        required: false
+        type: string
+        default: "false"
+      run_terraform_destroy:
+        description: Whether to run the terraform destroy
+        required: false
+        type: string
+        default: "false"
+    secrets:
+      GCP_SA_KEY:
+        description: The JSON key for the GCP service account
+        required: true
+      KUBECONFIG_B64:
+        description: The base64 encoded kubeconfig
+        required: true
+
+  workflow_dispatch:
+    inputs:
+      cluster:
+        description: The cluster to deploy to, e.g. aztec-gke-private or kind
+        required: false
+        type: string
+        default: "kind"
+      namespace:
+        description: The namespace to deploy to
+        required: false
+        type: string
+        default: "eth-devnet"
+      ref:
+        description: The branch name to deploy from.
+        required: false
+        type: string
+        default: "next"
+      chain_id:
+        description: Ethereum chain ID for genesis generation
+        required: false
+        type: number
+        default: 1337
+      block_time:
+        description: Block time in seconds for genesis generation
+        required: false
+        type: number
+        default: 12
+      gas_limit:
+        description: Gas limit for blocks in genesis generation
+        required: false
+        type: string
+        default: "32000000"
+      resource_profile:
+        description: Resource profile to use (dev or prod)
+        required: false
+        type: string
+        default: "prod"
+      create_static_ips:
+        description: Whether to create static IPs as part of the eth devnet for the execution and beacon nodes
+        required: false
+        type: string
+        default: "false"
+      run_terraform_destroy:
+        description: Whether to run the terraform destroy
+        required: false
+        type: string
+        default: "false"
+
+jobs:
+  deploy_eth_devnet:
+    runs-on: ubuntu-latest
+    env:
+      TF_STATE_BUCKET: aztec-terraform
+      REGION: us-west1-a
+
+    steps:
+      - name: debug inputs
+        run: |
+          echo "cluster: ${{ inputs.cluster }}"
+          echo "namespace: ${{ inputs.namespace }}"
+          echo "ref: ${{ inputs.ref }}"
+          echo "chain_id: ${{ inputs.chain_id }}"
+          echo "block_time: ${{ inputs.block_time }}"
+          echo "gas_limit: ${{ inputs.gas_limit }}"
+          echo "resource_profile: ${{ inputs.resource_profile }}"
+          echo "create_static_ips: ${{ inputs.create_static_ips }}"
+          echo "run_terraform_destroy: ${{ inputs.run_terraform_destroy }}"
+
+      - name: Check if directory exists
+        id: check_dir
+        run: |
+          if [ -d ".git" ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      # if running with `act`, skip the checkout since the code is mounted in
+      - name: Checkout code
+        if: ${{ steps.check_dir.outputs.exists != 'true' }}
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a
+
+      - name: Install GKE Auth Plugin
+        run: |
+          gcloud components install gke-gcloud-auth-plugin --quiet
+
+      - name: Configure kubectl with GKE cluster
+        if: ${{ inputs.cluster != 'kind' }}
+        run: |
+          gcloud container clusters get-credentials ${{ inputs.cluster }} --region ${{ env.REGION }}
+
+      - name: Configure kubectl with kind cluster
+        if: ${{ inputs.cluster == 'kind' }}
+        run: |
+          # fail if kubeconfig is not provided
+          if [ -z "${{ secrets.KUBECONFIG_B64 }}" ]; then
+            echo "KUBECONFIG_B64 is not set"
+            exit 1
+          fi
+          mkdir -p $HOME/.kube
+          echo "${{ secrets.KUBECONFIG_B64 }}" | base64 -d > $HOME/.kube/config
+          kubectl config use-context kind-kind
+
+      - name: Terraform Init
+        working-directory: ./spartan/terraform/deploy-eth-devnet
+        run: |
+          # Clean up any previous backend overrides
+          rm -f backend_override.tf
+
+          if [ "${{ inputs.cluster }}" == "kind" ]; then
+            # For kind, use local backend with explicit path
+            cat > backend_override.tf << EOF
+          terraform {
+            backend "local" {
+              path = "state/${{ inputs.cluster }}/${{ inputs.namespace }}/terraform.tfstate"
+            }
+          }
+          EOF
+          else
+            # For GKE, use GCS backend with explicit path
+            cat > backend_override.tf << EOF
+          terraform {
+            backend "gcs" {
+              bucket = "${{ env.TF_STATE_BUCKET }}"
+              prefix = "deploy-eth-devnet/${{ env.REGION }}/${{ inputs.cluster }}/${{ inputs.namespace }}/terraform.tfstate"
+            }
+          }
+          EOF
+          fi
+
+          terraform init -reconfigure
+
+      - name: Terraform Destroy
+        working-directory: ./spartan/terraform/deploy-eth-devnet
+        if: ${{ inputs.run_terraform_destroy == 'true' }}
+        # Destroy fails if the resources are already destroyed, so we continue on error
+        continue-on-error: true
+        run: |
+          # if going to kind, static-ips is not supported
+          if [ "${{ inputs.cluster }}" == "kind" ]; then
+            CREATE_STATIC_IPS=false
+          else
+            CREATE_STATIC_IPS=${{ inputs.create_static_ips || 'false' }}
+          fi
+
+          CLUSTER_CONTEXT=$(kubectl config current-context)
+
+          terraform destroy \
+            -var="CREATE_STATIC_IPS=${CREATE_STATIC_IPS}" \
+            -var="K8S_CLUSTER_CONTEXT=${CLUSTER_CONTEXT}" \
+            -var="NAMESPACE=${{ inputs.namespace || 'eth-devnet' }}" \
+            -var="CHAIN_ID=${{ inputs.chain_id || 1337 }}" \
+            -var="BLOCK_TIME=${{ inputs.block_time || 12 }}" \
+            -var="GAS_LIMIT=${{ inputs.gas_limit || '32000000' }}" \
+            -var="MNEMONIC_SECRET_NAME=eth-devnet-genesis-mnemonic" \
+            -var="PREFUNDED_MNEMONIC_INDICES=0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,1000,1001,1002,1003" \
+            -var="RESOURCE_PROFILE=${{ inputs.resource_profile || 'prod' }}" \
+            -auto-approve
+
+      - name: Terraform Plan
+        working-directory: ./spartan/terraform/deploy-eth-devnet
+        run: |
+          # if going to kind, static-ips is not supported
+          if [ "${{ inputs.cluster }}" == "kind" ]; then
+            CREATE_STATIC_IPS=false
+          else
+            CREATE_STATIC_IPS=${{ inputs.create_static_ips || 'false' }}
+          fi
+
+          CLUSTER_CONTEXT=$(kubectl config current-context)
+
+          terraform plan \
+            -var="CREATE_STATIC_IPS=${CREATE_STATIC_IPS}" \
+            -var="K8S_CLUSTER_CONTEXT=${CLUSTER_CONTEXT}" \
+            -var="NAMESPACE=${{ inputs.namespace || 'eth-devnet' }}" \
+            -var="CHAIN_ID=${{ inputs.chain_id || 1337 }}" \
+            -var="BLOCK_TIME=${{ inputs.block_time || 12 }}" \
+            -var="GAS_LIMIT=${{ inputs.gas_limit || '32000000' }}" \
+            -var="MNEMONIC_SECRET_NAME=eth-devnet-genesis-mnemonic" \
+            -var="PREFUNDED_MNEMONIC_INDICES=0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,1000,1001,1002,1003" \
+            -var="RESOURCE_PROFILE=${{ inputs.resource_profile || 'prod' }}" \
+            -out=tfplan
+
+      - name: Terraform Apply
+        working-directory: ./spartan/terraform/deploy-eth-devnet
+        run: |
+          terraform apply tfplan
@@ -43,11 +43,11 @@ jobs:
             optional: false
           - label: amd64-darwin-starknet
             runner: macos-13
-            cmake_flags: "-DCMAKE_CXX_FLAGS=\"-DSTARKNET_GARAGA_FLAVORS=1\""
+            cmake_flags: '-DCMAKE_CXX_FLAGS="-DSTARKNET_GARAGA_FLAVORS=1"'
             optional: true
           - label: arm64-darwin-starknet
             runner: macos-14
-            cmake_flags: "-DCMAKE_CXX_FLAGS=\"-DSTARKNET_GARAGA_FLAVORS=1\""
+            cmake_flags: '-DCMAKE_CXX_FLAGS="-DSTARKNET_GARAGA_FLAVORS=1"'
             optional: true
     steps:
       - name: Checkout
@@ -69,22 +69,22 @@ jobs:
 
       - name: Compile Barretenberg
         working-directory: barretenberg/cpp
-        continue-on-error: ${{ matrix.optional }}
+        continue-on-error: ${{ matrix.optional }}
         run: |
           cmake --preset homebrew ${{ matrix.cmake_flags }}
           cmake --build --preset homebrew --target bb
 
       - name: Package barretenberg artifact (${{ matrix.label }})
         working-directory: barretenberg/cpp/build/bin
-        continue-on-error: ${{ matrix.optional }}
+        continue-on-error: ${{ matrix.optional }}
         run: |
           mkdir dist
           cp ./bb ./dist/bb
           7z a -ttar -so -an ./dist/* | 7z a -si ./barretenberg-${{ matrix.label }}.tar.gz
 
       - name: Upload artifact (${{ matrix.label }})
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02
-        continue-on-error: ${{ matrix.optional }}
+        continue-on-error: ${{ matrix.optional }}
         with:
           name: barretenberg-${{ matrix.label }}.tar.gz
           path: ./barretenberg/cpp/build/bin/barretenberg-${{ matrix.label }}.tar.gz
 
@@ -1,3 +1,5 @@
 *.tgz
 scripts/logs
 scripts/LICENSE
+tfplan
+*_override.tf
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Script to manually clean up stuck Helm releases
+# Usage: ./cleanup_helm.sh [release-name] [namespace]
+
+RELEASE_NAME=${1:-"eth-devnet"}
+NAMESPACE=${2:-"eth-devnet"}
+
+echo "=== Cleaning up stuck Helm release: $RELEASE_NAME in namespace: $NAMESPACE ==="
+
+# Check current state
+echo "Current Helm releases:"
+helm list -n $NAMESPACE -a
+
+echo "Current Helm secrets:"
+kubectl get secrets -n $NAMESPACE -l owner=helm
+
+# Look for pending operations
+echo "Checking for pending operations..."
+kubectl get secrets -n $NAMESPACE -l owner=helm -o json | jq -r '.items[] | select(.metadata.labels.status == "pending-install" or .metadata.labels.status == "pending-upgrade" or .metadata.labels.status == "pending-rollback") | "\(.metadata.name) - \(.metadata.labels.status)"'
+
+# Force cleanup
+echo "Force deleting pending Helm secrets..."
+kubectl delete secrets -n $NAMESPACE -l owner=helm,status=pending-install --ignore-not-found=true
+kubectl delete secrets -n $NAMESPACE -l owner=helm,status=pending-upgrade --ignore-not-found=true
+kubectl delete secrets -n $NAMESPACE -l owner=helm,status=pending-rollback --ignore-not-found=true
+
+# Try to uninstall
+echo "Attempting to uninstall release..."
+helm uninstall $RELEASE_NAME -n $NAMESPACE --wait --timeout=60s || echo "Uninstall failed or no release found"
+
+# Nuclear option: delete all Helm secrets for this release
+echo "Force deleting all Helm secrets for release $RELEASE_NAME..."
+kubectl delete secrets -n $NAMESPACE -l name=$RELEASE_NAME,owner=helm --ignore-not-found=true
+
+# Clean up all resources in namespace
+echo "Cleaning up all resources in namespace..."
+kubectl delete all --all -n $NAMESPACE --ignore-not-found=true
+
+echo "=== Cleanup complete! ==="
+echo "You can now retry your deployment."