Merge branch 'v2' into mralj/bp-discv5-patch-backport

Author: PhilWindle

.github/workflows/backport.yml

@@ -28,16 +28,79 @@ jobs:
     if: github.event.pull_request.merged == true && needs.label_checker.outputs.state == 'success'
     runs-on: ubuntu-latest
     steps:
-      - name: Backport Action
-        uses: sorenlouv/backport-github-action@ad888e978060bc1b2798690dd9d03c4036560947
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
-          github_token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
-          auto_backport_label_prefix: backport-to-
+          fetch-depth: 0
+          token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
 
-      - name: Info log
-        if: ${{ success() }}
-        run: cat ~/.backport/backport.info.log
+      - name: Extract target branch from labels
+        id: extract-branch
+        run: |
+          LABELS='${{ toJson(github.event.pull_request.labels.*.name) }}'
+          echo "All labels: $LABELS"
 
-      - name: Debug log
-        if: ${{ failure() }}
-        run: cat ~/.backport/backport.debug.log
+          # Extract the branch name from backport-to-* label
+          TARGET_BRANCH=$(echo "$LABELS" | jq -r '.[] | select(startswith("backport-to-")) | sub("backport-to-"; "")')
+
+          if [ -z "$TARGET_BRANCH" ]; then
+            echo "No backport-to-* label found"
+            exit 1
+          fi
+
+          echo "target_branch=$TARGET_BRANCH" >> $GITHUB_OUTPUT
+          echo "Target branch: $TARGET_BRANCH"
+
+      - name: Run backport script
+        id: backport
+        continue-on-error: true
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          ./scripts/backport_to_staging.sh \
+            ${{ github.event.pull_request.number }} \
+            ${{ steps.extract-branch.outputs.target_branch }}
+
+      - name: Comment on original PR (success)
+        if: steps.backport.outcome == 'success'
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          TARGET_BRANCH="${{ steps.extract-branch.outputs.target_branch }}"
+          STAGING_BRANCH="backport-to-${TARGET_BRANCH}-staging"
+          COMMIT_COUNT=$(gh pr view "${{ github.event.pull_request.number }}" --json commits --jq '.commits | length')
+
+          gh pr comment "${{ github.event.pull_request.number }}" --body \
+            "✅ Successfully cherry-picked $COMMIT_COUNT commit(s) to backport staging branch \`$STAGING_BRANCH\`."
+
+      - name: Comment on original PR (failure)
+        if: steps.backport.outcome == 'failure'
+        env:
+          GH_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+        run: |
+          TARGET_BRANCH="${{ steps.extract-branch.outputs.target_branch }}"
+
+          gh pr comment "${{ github.event.pull_request.number }}" --body \
+            "❌ Failed to cherry-pick to \`$TARGET_BRANCH\` due to conflicts. Please backport manually."
+
+      - name: Notify Slack on backport failure
+        if: steps.backport.outcome == 'failure'
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        run: |
+          PR_NUMBER="${{ github.event.pull_request.number }}"
+          PR_TITLE="${{ github.event.pull_request.title }}"
+          TARGET_BRANCH="${{ steps.extract-branch.outputs.target_branch }}"
+          WORKFLOW_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+          data=$(cat <<EOF
+          {
+            "channel": "#team-alpha",
+            "text": "⚠️ Automatic backport failed\n• PR #$PR_NUMBER - $PR_TITLE\n• Target: $TARGET_BRANCH\n• Reason: Cherry-pick conflicts\n\nAction needed: Manual backport required\n<$WORKFLOW_URL|View Run>"
+          }
+          EOF
+          )
+          curl -X POST https://slack.com/api/chat.postMessage \
+            -H "Authorization: Bearer $SLACK_BOT_TOKEN" \
+            -H "Content-type: application/json" \
+            --data "$data"

.github/workflows/deploy-fisherman-network.yaml

@@ -0,0 +1,189 @@
+# Deploy fisherman network with specified L1 network
+# This workflow can be called directly or from other workflows
+name: Deploy Fisherman Network
+
+on:
+  workflow_call:
+    inputs:
+      l1_network:
+        description: "L1 network (sepolia or mainnet)"
+        required: true
+        type: string
+      semver:
+        description: "Semver version (e.g., 2.3.4)"
+        required: true
+        type: string
+      ref:
+        description: "Git ref to checkout"
+        required: false
+        type: string
+  workflow_dispatch:
+    inputs:
+      l1_network:
+        description: "L1 network (sepolia or mainnet)"
+        required: true
+        type: choice
+        options:
+          - sepolia
+          - mainnet
+      semver:
+        description: "Semver version (e.g., 2.3.4)"
+        required: true
+        type: string
+
+concurrency:
+  group: deploy-fisherman-network-${{ inputs.l1_network }}-${{ inputs.semver }}-${{ github.ref || github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  deploy-fisherman:
+    runs-on: ubuntu-latest
+    env:
+      GOOGLE_APPLICATION_CREDENTIALS: /tmp/gcp-key.json
+    steps:
+      - name: Determine checkout ref
+        id: checkout-ref
+        run: |
+          # Use inputs.ref if provided (workflow_call), otherwise use github.ref
+          if [[ -n "${{ inputs.ref }}" ]]; then
+            echo "ref=${{ inputs.ref }}" >> $GITHUB_OUTPUT
+          else
+            echo "ref=${{ github.ref }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ steps.checkout-ref.outputs.ref }}
+          fetch-depth: 0
+          persist-credentials: false
+          submodules: recursive # Initialize git submodules for l1-contracts dependencies
+
+      - name: Validate inputs
+        run: |
+          # Validate l1_network
+          if [[ "${{ inputs.l1_network }}" != "sepolia" && "${{ inputs.l1_network }}" != "mainnet" ]]; then
+            echo "Error: L1 network must be 'sepolia' or 'mainnet', got '${{ inputs.l1_network }}'"
+            exit 1
+          fi
+
+          # Validate environment file exists
+          if [[ ! -f "spartan/environments/ignition-fisherman.env" ]]; then
+            echo "Error: Environment file not found: spartan/environments/ignition-fisherman.env"
+            exit 1
+          fi
+
+          # Validate semver format
+          if ! echo "${{ inputs.semver }}" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+(-.*)?$'; then
+            echo "Error: Invalid semver format '${{ inputs.semver }}'. Expected format: X.Y.Z or X.Y.Z-suffix"
+            exit 1
+          fi
+
+          # Extract major version for v2 check
+          major_version="${{ inputs.semver }}"
+          major_version="${major_version%%.*}"
+          echo "MAJOR_VERSION=$major_version" >> $GITHUB_ENV
+
+      - name: Store the GCP key in a file
+        env:
+          GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
+        run: |
+          set +x
+          umask 077
+          printf '%s' "$GCP_SA_KEY" > "$GOOGLE_APPLICATION_CREDENTIALS"
+          jq -e . "$GOOGLE_APPLICATION_CREDENTIALS" >/dev/null
+
+      - name: Setup GCP authentication
+        run: |
+          gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS"
+
+      - name: Setup gcloud and install GKE auth plugin
+        uses: google-github-actions/setup-gcloud@v2
+        with:
+          install_components: "gke-gcloud-auth-plugin"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1
+        with:
+          terraform_version: "1.7.5"
+          terraform_wrapper: false # Disable the wrapper that adds debug output, this messes with reading terraform output
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Set environment variables
+        run: |
+          # Set environment variables for ignition-fisherman.env
+          if [[ "${{ inputs.l1_network }}" == "sepolia" ]]; then
+            echo "NETWORK=staging-ignition" >> $GITHUB_ENV
+            echo "NAMESPACE=ignition-fisherman-sepolia" >> $GITHUB_ENV
+            echo "ETHEREUM_CHAIN_ID=11155111" >> $GITHUB_ENV
+            echo "L1_NETWORK=sepolia" >> $GITHUB_ENV
+            echo "SNAPSHOT_BUCKET_DIRECTORY=ignition-sepolia" >> $GITHUB_ENV
+            echo "USE_NETWORK_CONFIG=true" >> $GITHUB_ENV
+          elif [[ "${{ inputs.l1_network }}" == "mainnet" ]]; then
+            echo "NETWORK=mainnet" >> $GITHUB_ENV
+            echo "NAMESPACE=ignition-fisherman-mainnet" >> $GITHUB_ENV
+            echo "ETHEREUM_CHAIN_ID=1" >> $GITHUB_ENV
+            echo "L1_NETWORK=mainnet" >> $GITHUB_ENV
+            echo "SNAPSHOT_BUCKET_DIRECTORY=ignition-mainnet" >> $GITHUB_ENV
+            echo "USE_NETWORK_CONFIG=true" >> $GITHUB_ENV
+          fi
+
+      - name: Deploy fisherman network
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
+          RUN_ID: ${{ github.run_id }}
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          GOOGLE_APPLICATION_CREDENTIALS: ${{ env.GOOGLE_APPLICATION_CREDENTIALS }}
+          REF_NAME: "v${{ inputs.semver }}"
+          GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+          AZTEC_DOCKER_IMAGE: "aztecprotocol/aztec:${{ inputs.semver }}"
+        run: |
+          echo "Deploying fisherman network on L1: ${{ inputs.l1_network }}"
+          echo "Using image: $AZTEC_DOCKER_IMAGE"
+          echo "Using branch/ref: ${{ steps.checkout-ref.outputs.ref }}"
+          echo "Network: $NETWORK"
+          echo "Namespace: $NAMESPACE"
+          echo "Ethereum Chain ID: $ETHEREUM_CHAIN_ID"
+          echo "L1 Network: $L1_NETWORK"
+          echo "Snapshot Bucket Directory: $SNAPSHOT_BUCKET_DIRECTORY"
+          echo "Use Network Config: $USE_NETWORK_CONFIG"
+
+          cd spartan
+          ./scripts/install_deps.sh
+          ./scripts/network_deploy.sh ignition-fisherman
+
+      - name: Setup IRM
+        env:
+          MONITORING_NAMESPACE: ${{ env.NETWORK }}-irm
+          INFURA_SECRET_NAME: infura-${{ env.L1_NETWORK }}-url
+          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+        run: |
+
+          echo "Setting up IRM for namespace: $NAMESPACE, monitoring namespace: $MONITORING_NAMESPACE"
+          echo "Network: $NETWORK"
+
+          echo "INFURA Secret Name: $INFURA_SECRET_NAME"
+
+          ./spartan/metrics/testnet-monitor/scripts/update-monitoring.sh $NAMESPACE ${{ env.MONITORING_NAMESPACE }} $NETWORK $INFURA_SECRET_NAME
+
+      - name: Notify Slack on failure
+        if: failure()
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+        run: |
+          if [ -n "${SLACK_BOT_TOKEN}" ]; then
+            read -r -d '' data <<EOF || true
+            {
+              "channel": "#alerts-fisherman-${{ inputs.l1_network }}",
+              "text": "Deploy Fisherman Network workflow FAILED for *${{ inputs.l1_network }}* (version ${{ inputs.semver }}): <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Run>"
+            }
+          EOF
+            curl -X POST https://slack.com/api/chat.postMessage \
+              -H "Authorization: Bearer $SLACK_BOT_TOKEN" \
+              -H "Content-type: application/json" \
+              --data "$data"
+          fi