diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 807b5c29..324d012a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,6 +18,7 @@ jobs: pos: [pos, no-pos] l3node: [l3node, l3node-token-6, no-l3node] tokenbridge: [tokenbridge, no-tokenbridge] + externalsigner: [externalsigner, no-externalsigner] simple: [simple, no-simple] steps: @@ -39,7 +40,7 @@ jobs: restore-keys: ${{ runner.os }}-buildx- - name: Startup Nitro testnode - run: ${{ github.workspace }}/.github/workflows/testnode.bash --init-force ${{ (matrix.l3node == 'l3node' && '--l3node') || (matrix.l3node == 'l3node-token-6' && '--l3node --l3-fee-token --l3-token-bridge --l3-fee-token-decimals 6') || '' }} ${{ matrix.tokenbridge == 'tokenbridge' && '--tokenbridge' || '--no-tokenbridge' }} --detach ${{ matrix.pos == 'pos' && '--pos' || '' }} --simple ${{ (matrix.simple == 'simple' && '--simple') || (matrix.simple == 'no-simple' && '--no-simple') || '' }} + run: ${{ github.workspace }}/.github/workflows/testnode.bash --init-force ${{ (matrix.l3node == 'l3node' && '--l3node') || (matrix.l3node == 'l3node-token-6' && '--l3node --l3-fee-token --l3-token-bridge --l3-fee-token-decimals 6') || '' }} ${{ matrix.tokenbridge == 'tokenbridge' && '--tokenbridge' || '--no-tokenbridge' }} --detach ${{ matrix.pos == 'pos' && '--pos' || '' }} --simple ${{ (matrix.simple == 'simple' && '--simple') || (matrix.simple == 'no-simple' && '--no-simple') || '' }} ${{ matrix.externalsigner == 'externalsigner' && '--externalsigner' || '' }}s bold_upgrade: runs-on: ubuntu-8 diff --git a/docker-compose.yaml b/docker-compose.yaml index 670d1238..2f4f2770 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -397,6 +397,13 @@ services: - "das-mirror-data:/das-mirror" command: + externalsigner: + image: nitro-node-dev-testnode + entrypoint: /usr/local/bin/mockexternalsigner + volumes: + - "config:/config" + command: + das-committee-a: pid: host # allow debugging image: nitro-node-dev-testnode diff --git a/scripts/config.ts b/scripts/config.ts index 15bc6f7b..3d646bb5 100644 --- a/scripts/config.ts +++ b/scripts/config.ts @@ -177,6 +177,7 @@ function writeConfigs(argv: any) { const valJwtSecret = path.join(consts.configpath, "val_jwt.hex") const chainInfoFile = path.join(consts.configpath, "l2_chain_info.json") let baseConfig = { + "ensure-rollup-deployment": false, "parent-chain": { "connection": { "url": argv.l1url, @@ -276,6 +277,26 @@ function writeConfigs(argv: any) { baseConfig.node["data-availability"]["sequencer-inbox-address"] = ethers.utils.hexlify(getChainInfo()[0]["rollup"]["sequencer-inbox"]); + if (argv.externalSignerUrl != "") { + baseConfig.node.staker["data-poster"]["external-signer"] = { + "url": argv.externalSignerUrl, + "address": argv.externalSignerAddress, + "method": argv.externalSignerMethod, + "root-ca": argv.externalSignerRootCA, + "client-cert": argv.externalSignerClientCert, + "client-private-key": argv.externalSignerClientPrivateKey, + "insecure-skip-verify": argv.externalSignerInsecureSkipVerify + } + baseConfig.node["batch-poster"]["data-poster"]["external-signer"] = { + "url": argv.externalSignerUrl, + "address": argv.externalSignerAddress, + "method": argv.externalSignerMethod, + "root-ca": argv.externalSignerRootCA, + "client-cert": argv.externalSignerClientCert, + "client-private-key": argv.externalSignerClientPrivateKey, + "insecure-skip-verify": argv.externalSignerInsecureSkipVerify + } + } const baseConfJSON = JSON.stringify(baseConfig) if (argv.simple) { @@ -538,6 +559,41 @@ export const writeConfigCommand = { describe: "DAS committee member B BLS pub key", default: "" }, + externalSignerUrl: { + string: true, + describe: "external signer URL", + default: "" + }, + externalSignerAddress: { + string: true, + describe: "external signer address", + default: "" + }, + externalSignerMethod: { + string: true, + describe: "external signer method", + default: "" + }, + externalSignerRootCA: { + string: true, + describe: "external signer root CA", + default: "" + }, + externalSignerClientCert: { + string: true, + describe: "external signer client cert", + default: "" + }, + externalSignerClientPrivateKey: { + string: true, + describe: "external signer client private key", + default: "" + }, + externalSignerInsecureSkipVerify: { + boolean: true, + describe: "external signer insecure skip verify", + default: false + } }, handler: (argv: any) => { diff --git a/test-node.bash b/test-node.bash index 9c6f6ef5..2a24e72d 100755 --- a/test-node.bash +++ b/test-node.bash @@ -59,6 +59,7 @@ devprivkey=b6b15c8cb491557369f3c7d2c287b053eb229daa9c22138887752191c9520659 l1chainid=1337 simple=true l2anytrust=false +externalsigner=false # Use the dev versions of nitro/blockscout dev_nitro=false @@ -251,6 +252,10 @@ while [[ $# -gt 0 ]]; do l2anytrust=true shift ;; + --externalsigner) + externalsigner=true + shift + ;; --redundantsequencers) simple=false redundantsequencers=$2 @@ -508,13 +513,20 @@ if $l2anytrust; then fi fi +externalsignerConfigLine="" + +if $externalsigner; then + echo == Generating External Signer Config + externalsignerConfigLine=$(docker compose run --entrypoint sh externalsigner "private_key") +fi + if $force_init; then if $simple; then echo == Writing configs - docker compose run scripts write-config --simple $anytrustNodeConfigLine + docker compose run scripts write-config --simple $anytrustNodeConfigLine $externalsignerConfigLine else echo == Writing configs - docker compose run scripts write-config $anytrustNodeConfigLine + docker compose run scripts write-config $anytrustNodeConfigLine $externalsignerConfigLine echo == Initializing redis docker compose up --wait redis