mitch/tmnt-168-create-test-network-scenariosyml

Author: just-mitch

.github/.gitignore

@@ -1 +1,2 @@
-.secrets
+.secrets
+.act-tool-cache

.github/local_workflow.sh

@@ -32,10 +32,13 @@ args=("$@")
 
 SA_KEY_JSON=$(cat "$GOOGLE_APPLICATION_CREDENTIALS")
 
+mkdir -p $REPO_ROOT/.github/.act-tool-cache
+
 act workflow_dispatch -j $workflow_name \
+  --env RUNNER_TOOL_CACHE=/work/toolcache \
   -s GITHUB_TOKEN="$(gh auth token)" \
   -s GCP_SA_KEY="$SA_KEY_JSON" \
   -s KUBECONFIG_B64="$(cat $HOME/.kube/config | base64 -w0)" \
-  --container-options "--user $(id -u):$(id -g)" \
+  --container-options "-v $REPO_ROOT/.github/.act-tool-cache:/work/toolcache --user $(id -u):$(id -g)" \
   --bind \
   --directory $REPO_ROOT "${args[@]}"

.github/workflows/ci3.yml

@@ -149,6 +149,25 @@ jobs:
         if: steps.ci_cache.outputs.cache-hit != 'true'
         run: echo "success" > ci-success.txt
 
+      - name: Get Semver from Tag
+        if: ${{ startsWith(github.ref, 'refs/tags/v') }}
+        id: semver
+        run: |
+          semver="${{ github.ref_name }}"
+          # Remove 'v' prefix if present (e.g., v1.2.3 -> 1.2.3)
+          semver=${semver#v}
+          # Extract major version (e.g., 1.2.3 -> 1)
+          major_version=${semver%%.*}
+          echo "semver=$semver" >> $GITHUB_OUTPUT
+          echo "major_version=$major_version" >> $GITHUB_OUTPUT
+
+      - name: Trigger Network Deployments
+        if: ${{ startsWith(github.ref, 'refs/tags/v') }}
+        uses: peter-evans/repository-dispatch@0ee9de00feb82e6165438c503f0bc29f628b8317
+        with:
+          event-type: network-deployments
+          client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "semver": "${{ steps.semver.outputs.semver }}", "major_version": "${{ steps.semver.outputs.major_version }}"}'
+
       # If we have passed CI and labelled with ci-squash-and-merge, squash the PR.
       # This will rerun CI on the squash commit - but is intended to be a no-op due to caching.
       - name: CI Squash and Merge

.github/workflows/deploy-scenario-network.yml

@@ -38,7 +38,7 @@ on:
         required: true
       KUBECONFIG_B64:
         description: The base64 encoded kubeconfig
-        required: true
+        required: false
 
   workflow_dispatch:
     inputs:
@@ -122,7 +122,7 @@ jobs:
       aztec_slashing_round_size: 10
       aztec_governance_proposer_quorum: 6
       aztec_governance_proposer_round_size: 10
-      aztec_mana_target: 1000000
+      aztec_mana_target: 1000000000
       aztec_proving_cost_per_mana: 100
     secrets:
       GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}

.github/workflows/test-network-scenarios.yml

@@ -0,0 +1,103 @@
+# CI for Aztec Network Scenarios.
+# Effectively runs CI_SCENARIO_TEST=1 spartan/bootstrap.sh test
+# Triggered by network-deployments event, which is emitted by ci3.yml when a tagged release passes "normal" CI.
+#
+name: Test Network Scenarios
+
+on:
+  repository_dispatch:
+    types:
+      - network-deployments
+
+concurrency:
+  group: network-scenarios-${{ github.event.client_payload.major_version }}
+  cancel-in-progress: true
+
+jobs:
+  test_network_scenarios_dispatch_deploy_scenario_network:
+    uses: ./.github/workflows/deploy-scenario-network.yml
+    with:
+      cluster: aztec-gke-private
+      namespace: v${{ github.event.client_payload.major_version }}-scenario
+      ref: ${{ github.event.client_payload.ref }}
+      aztec_docker_image: "aztecprotocol/aztec:${{ github.event.client_payload.semver }}"
+      devnet_mnemonic: "test test test test test test test test test test test junk"
+      rollup_deployment_mnemonic: "test test test test test test test test test test test junk"
+    secrets:
+      GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
+
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      #############
+      # Prepare Env
+      #############
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.sha }}
+          persist-credentials: false
+
+      - name: CI Network Scenario Override
+        run: echo "CI_NETWORK_SCENARIO=1" >> $GITHUB_ENV
+
+      - name: Compute Target Branch
+        id: target_branch
+        run: |
+          if [ "${{ github.event_name }}" == "merge_group" ]; then
+            target_branch=${{ github.event.merge_group.base_ref }}
+          elif [ "${{ github.event_name }}" == "pull_request" ]; then
+            target_branch=${{ github.event.pull_request.base.ref }}
+          else
+            target_branch=${{ github.ref_name }}
+          fi
+          target_branch=${target_branch#refs/heads/}
+          echo "target_branch=$target_branch" >> $GITHUB_OUTPUT
+          echo "TARGET_BRANCH=${target_branch}" >> $GITHUB_ENV
+
+      - name: Setup
+        run: |
+          # Ensure we can SSH into the spot instances we request.
+          mkdir -p ~/.ssh
+          echo ${{ secrets.BUILD_INSTANCE_SSH_KEY }} | base64 --decode > ~/.ssh/build_instance_key
+          chmod 600 ~/.ssh/build_instance_key
+          sudo apt install -y --no-install-recommends redis-tools parallel
+
+      - name: Prepare GCP key
+        env:
+          GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
+        run: |
+          echo "$GCP_SA_KEY" | base64 -w 0 > gcp_sa_key.b64
+          echo "GCP_SA_KEY_B64=$(cat gcp_sa_key.b64)" >> $GITHUB_ENV
+
+      - name: Get Tree Hash
+        run: echo "TREE_HASH=$(git rev-parse HEAD^{tree})" >> $GITHUB_ENV
+
+      - name: Check CI Cache
+        id: ci_cache
+        uses: actions/cache@v3
+        with:
+          path: ci-success.txt
+          key: ci-network-scenario-${{ env.TREE_HASH }}
+
+      #############
+      # Run
+      #############
+      - name: Run
+        if: steps.ci_cache.outputs.cache-hit != 'true'
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          RUN_ID: ${{ github.run_id }}
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          # Nightly test env vars.
+          GCP_SA_KEY_B64: ${{ env.GCP_SA_KEY_B64 }}
+          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+          NAMESPACE: "v${{ github.event.client_payload.major_version }}-scenario"
+        run: |
+          exec ./ci.sh network-scenario
+
+      - name: Save CI Success
+        if: steps.ci_cache.outputs.cache-hit != 'true'
+        run: echo "success" > ci-success.txt

bootstrap.sh

@@ -438,6 +438,13 @@ case "$cmd" in
     test
     release
     ;;
+  "ci-network-scenario")
+    export CI=1
+    export USE_TEST_CACHE=1
+    export CI_SCENARIO_TEST=1
+    build
+    spartan/bootstrap.sh test
+    ;;
   "ci-release")
     export CI=1
     export USE_TEST_CACHE=1

ci.sh

@@ -141,6 +141,17 @@ case "$cmd" in
       'run x4-full amd64 ci-full' \
       'run a1-fast arm64 ci-fast' | DUP=1 cache_log "Merge queue CI run" $RUN_ID
     ;;
+  "network-scenario")
+    prep_vars
+    # Spin up ec2 instance and run the network scenario flow.
+    run() {
+      JOB_ID=$1 INSTANCE_POSTFIX=$1 ARCH=$2 exec denoise "bootstrap_ec2 './bootstrap.sh ci-network-scenario'"
+    }
+    export -f run
+    # We need to run the network scenario flow on both x86 and arm64.
+    parallel --termseq 'TERM,10000' --tagstring '{= $_=~s/run (\w+).*/$1/; =}' --line-buffered --halt now,fail=1 ::: \
+      'run x-network-scenario amd64' | DUP=1 cache_log "Network scenario CI run" $RUN_ID
+    ;;
   "nightly")
     prep_vars
     # Spin up ec2 instance and run the nightly flow.

ci3/bootstrap_ec2

@@ -252,6 +252,7 @@ function run {
         -e NPM_TOKEN=${NPM_TOKEN:-} \
         -e SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN:-} \
         -e AWS_TOKEN=\$aws_token \
+        -e NAMESPACE=${NAMESPACE:-} \
         -v /tmp/gcp-key.json:/tmp/gcp-key.json:ro \
         --pids-limit=32768 \
         aztecprotocol/devbox:3.0 bash -c $(printf '%q' "$container_script")

ci3/source_refname

@@ -37,6 +37,7 @@ if [ -z "${CI_FULL:-}" ]; then
   fi
 fi
 export CI_NIGHTLY="${CI_NIGHTLY:-0}"
+export CI_SCENARIO_TEST="${CI_SCENARIO_TEST:-0}"
 
 if [ -z "${COMMIT_HASH:-}" ]; then
   export COMMIT_HASH=$(git rev-parse HEAD)

spartan/bootstrap.sh

@@ -61,10 +61,10 @@ function test_cmds {
   # TODO figure out why these take long sometimes.
   # echo "$hash ./spartan/bootstrap.sh test-kind-smoke"
 
-  if [ "$CI_NIGHTLY" -eq 1 ]; then
-    NIGHTLY_NS=nightly-$(date -u +%Y%m%d)
-    echo "$hash:TIMEOUT=20m FRESH_INSTALL=no-deploy NAMESPACE=$NIGHTLY_NS ./spartan/bootstrap.sh test-gke-transfer reth"
-    echo "$hash:TIMEOUT=20m FRESH_INSTALL=no-deploy NAMESPACE=$NIGHTLY_NS ./spartan/bootstrap.sh test-gke-transfer geth"
+  # if [ "$CI_NIGHTLY" -eq 1 ]; then
+  #   NIGHTLY_NS=nightly-$(date -u +%Y%m%d)
+  #   echo "$hash:TIMEOUT=20m FRESH_INSTALL=no-deploy NAMESPACE=$NIGHTLY_NS ./spartan/bootstrap.sh test-gke-transfer reth"
+  #   echo "$hash:TIMEOUT=20m FRESH_INSTALL=no-deploy NAMESPACE=$NIGHTLY_NS ./spartan/bootstrap.sh test-gke-transfer geth"
 
     # Nethermind test can be enabled once https://github.com/NethermindEth/nethermind/pull/8897 is released
     # echo "$hash:TIMEOUT=20m FRESH_INSTALL=no-deploy NAMESPACE=$NIGHTLY_NS ./spartan/bootstrap.sh test-gke-transfer nethermind"
@@ -79,6 +79,16 @@ function test_cmds {
     # TODO(#12791) re-enable
     # echo "$hash:TIMEOUT=50m ./spartan/bootstrap.sh test-kind-4epochs-sepolia"
     # echo "$hash:TIMEOUT=30m ./spartan/bootstrap.sh test-prod-deployment"
+  # fi
+  if [ "$CI_SCENARIO_TEST" -eq 1 ]; then
+    local run_test_script="yarn-project/end-to-end/scripts/run_test.sh"
+    NAMESPACE=${NAMESPACE:-"scenario"}
+    K8S_CLUSTER=${K8S_CLUSTER:-"aztec-gke-private"}
+    PROJECT_ID=${PROJECT_ID:-"testnet-440309"}
+    REGION=${REGION:-"us-west1-a"}
+    local env_vars="NAMESPACE=$NAMESPACE K8S_CLUSTER=$K8S_CLUSTER PROJECT_ID=$PROJECT_ID REGION=$REGION"
+    echo "$hash:TIMEOUT=20m $env_vars $run_test_script simple src/spartan/smoke.test.ts"
+    echo "$hash:TIMEOUT=20m $env_vars $run_test_script simple src/spartan/transfer.test.ts"
   fi
 }
 
@@ -105,7 +115,19 @@ function stop_env {
 
 function test {
   echo_header "spartan test"
-  test_cmds | filter_test_cmds | parallelize
+  if [ "$CI" -eq 1 ]; then
+    echo "Activating service account"
+    gcloud auth activate-service-account --key-file=/tmp/gcp-key.json
+    gcloud config set project "$GCP_PROJECT_ID"
+  fi
+
+  if [ "$CI_SCENARIO_TEST" -eq 1 ]; then
+    echo "Running network scenario tests sequentially"
+    test_cmds | filter_test_cmds
+  else
+    echo "Running spartan test"
+    test_cmds | filter_test_cmds | parallelize
+  fi
 }
 
 case "$cmd" in