chore: values for sepolia deployment (#10362)

Fixes #9926

.github/workflows/devnet-deploy.yml

@@ -22,6 +22,11 @@ on:
         description: Whether to respect the Terraform lock
         required: false
         default: "true"
+      sepolia_deployment:
+        description: "Whether to deploy on Sepolia network (default: false)"
+        required: false
+        type: boolean
+        default: false
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -46,6 +51,7 @@ jobs:
       deployment_mnemonic_secret_name: ${{ github.event.inputs.deployment_mnemonic_secret_name }}
       deployment_salt: ${{ github.event.inputs.deployment_salt }}
       respect_tf_lock: ${{ github.event.inputs.respect_tf_lock }}
+      sepolia_deployment: ${{ github.event.inputs.sepolia_deployment }}
     secrets:
       GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
 
@@ -127,11 +133,20 @@ jobs:
           # wait for port-forwards to establish
           sleep 5
 
-          docker run --rm --network host $AZTEC_DOCKER_IMAGE bootstrap-network \
-            --rpc-url http://127.0.0.1:$PXE_PORT \
-            --l1-rpc-url http://127.0.0.1:$ETHEREUM_PORT \
-            --l1-chain-id "$L1_CHAIN_ID" \
-            --mnemonic "$MNEMONIC" \
-            --json | tee ./basic_contracts.json
+          if ${{ inputs.sepolia_deployment }}; then
+            docker run --rm --network host $AZTEC_DOCKER_IMAGE bootstrap-network \
+              --rpc-url http://127.0.0.1:$PXE_PORT \
+              --l1-rpc-url ${{ secrets.SEPOLIA_EXTERNAL_HOST }} \
+              --l1-chain-id "$L1_CHAIN_ID" \
+              --l1-private-key ${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }} \
+              --json | tee ./basic_contracts.json
+          else
+            docker run --rm --network host $AZTEC_DOCKER_IMAGE bootstrap-network \
+              --rpc-url http://127.0.0.1:$PXE_PORT \
+              --l1-rpc-url http://127.0.0.1:$ETHEREUM_PORT \
+              --l1-chain-id "$L1_CHAIN_ID" \
+              --mnemonic "$MNEMONIC" \
+              --json | tee ./basic_contracts.json
+          fi
 
           aws s3 cp ./basic_contracts.json ${{ env.CONTRACT_S3_BUCKET }}/devnet/basic_contracts.json

.github/workflows/network-deploy.yml

@@ -17,7 +17,7 @@ on:
         type: string
       deployment_mnemonic_secret_name:
         description: The name of the secret which holds the boot node's contract deployment mnemonic
-        required: true
+        required: false
         type: string
         default: testnet-deployment-mnemonic
       deployment_salt:
@@ -40,6 +40,11 @@ on:
         required: false
         type: string
         default: "master"
+      sepolia_deployment:
+        description: "Whether to deploy on Sepolia network (default: false)"
+        required: false
+        type: boolean
+        default: false
     secrets:
       GCP_SA_KEY:
         required: true
@@ -56,7 +61,7 @@ on:
         required: true
       deployment_mnemonic_secret_name:
         description: The name of the secret which holds the boot node's contract deployment mnemonic
-        required: true
+        required: false
         default: testnet-deployment-mnemonic
       deployment_salt:
         description: The salt to use for this deployment. Defaults to random
@@ -76,6 +81,11 @@ on:
         required: false
         type: string
         default: "master"
+      sepolia_deployment:
+        description: "Whether to deploy on Sepolia network (default: false)"
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   network_deployment:
@@ -154,26 +164,56 @@ jobs:
         # Destroy fails if the resources are already destroyed, so we continue on error
         continue-on-error: true
         run: |
-          terraform destroy -auto-approve \
-            -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
-            -var="VALUES_FILE=${{ env.VALUES_FILE }}" \
-            -var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
-            -var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
-            -var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}"
+          if ${{ inputs.sepolia_deployment }}; then
+            terraform destroy -auto-approve \
+              -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
+              -var="VALUES_FILE=${{ env.VALUES_FILE }}" \
+              -var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
+              -var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
+              -var="L1_DEPLOYMENT_PRIVATE_KEY=${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }}" \
+              -var="VALIDATOR_KEYS=${{ secrets.VALIDATOR_KEYS }}" \
+              -var="BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY }}" \
+              -var="PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.PROVER_PUBLISHER_PRIVATE_KEY }}" \
+              -var="ETHEREUM_EXTERNAL_HOST=${{ secrets.SEPOLIA_EXTERNAL_HOST }}" \
             -lock=${{ inputs.respect_tf_lock }}
+          else
+            terraform destroy -auto-approve \
+              -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
+              -var="VALUES_FILE=${{ env.VALUES_FILE }}" \
+              -var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
+              -var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
+              -var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}"
+            -lock=${{ inputs.respect_tf_lock }}
+          fi
 
       - name: Terraform Plan
         working-directory: ./spartan/terraform/deploy-release
         run: |
-          terraform plan \
-            -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
-            -var="VALUES_FILE=${{ env.VALUES_FILE }}" \
-            -var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
-            -var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
-            -var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}" \
-            -var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
-            -out=tfplan \
-            -lock=${{ inputs.respect_tf_lock }}
+          if ${{ inputs.sepolia_deployment }}; then
+            terraform plan \
+              -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
+              -var="VALUES_FILE=${{ env.VALUES_FILE }}" \
+              -var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
+              -var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
+              -var="L1_DEPLOYMENT_PRIVATE_KEY=${{ secrets.SEPOLIA_L1_DEPLOYMENT_PRIVATE_KEY }}" \
+              -var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
+              -var="VALIDATOR_KEYS=${{ secrets.VALIDATOR_KEYS }}" \
+              -var="BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY=${{ secrets.BOOT_NODE_SEQ_PUBLISHER_PRIVATE_KEY }}" \
+              -var="PROVER_PUBLISHER_PRIVATE_KEY=${{ secrets.PROVER_PUBLISHER_PRIVATE_KEY }}" \
+              -var="ETHEREUM_EXTERNAL_HOST=${{ secrets.SEPOLIA_EXTERNAL_HOST }}" \
+              -out=tfplan \
+              -lock=${{ inputs.respect_tf_lock }}
+          else
+            terraform plan \
+              -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
+              -var="VALUES_FILE=${{ env.VALUES_FILE }}" \
+              -var="GKE_CLUSTER_CONTEXT=${{ env.GKE_CLUSTER_CONTEXT }}" \
+              -var="AZTEC_DOCKER_IMAGE=${{ env.AZTEC_DOCKER_IMAGE }}" \
+              -var="L1_DEPLOYMENT_MNEMONIC=${{ steps.get-mnemonic.outputs.mnemonic }}" \
+              -var="L1_DEPLOYMENT_SALT=${DEPLOYMENT_SALT:-$RANDOM}" \
+              -out=tfplan \
+              -lock=${{ inputs.respect_tf_lock }}
+          fi
 
       - name: Terraform Apply
         working-directory: ./spartan/terraform/deploy-release

scripts/run_interleaved.sh

@@ -3,13 +3,24 @@ set -eu
 # propagate errors inside while loop pipe
 set -o pipefail
 
-# Usage: run_interleaved.sh <main command> <background commands>...
+# Usage: run_interleaved.sh [-w "condition command"] <main command> <background commands>...
 # Runs commands in parallel, with interleaved output. See ci3/tmux_split for another approach.
 # Finishes when the main command exits.
+# -w: Optional wait condition command that must succeed before starting next command
+
+# Parse options
+WAIT_CMD=""
+while getopts "w:" opt; do
+  case $opt in
+    w) WAIT_CMD="$OPTARG";;
+    \?) echo "Invalid option -$OPTARG" >&2; exit 1;;
+  esac
+done
+shift $((OPTIND-1))
 
 # Check if at least two commands are provided (otherwise what is the point)
 if [ "$#" -lt 2 ]; then
-  echo "Usage: $0 <main-command> <background commands>..."
+  echo "Usage: $0 [-w 'condition command'] <main-command> <background commands>..."
   exit 1
 fi
 
@@ -51,6 +62,13 @@ function run_command() {
 # Run background commands without logging output
 i=0
 for cmd in "$@"; do
+  if [ $i -gt 0 ] && [ -n "$WAIT_CMD" ]; then
+    echo "Waiting for condition before starting next command..."
+    until eval "$WAIT_CMD"; do
+      sleep 1
+    done
+  fi
+
   (run_command "$cmd" "${colors[$((i % ${#colors[@]}))]}" || [ $FINISHED = true ] || (echo "$cmd causing terminate" && kill 0) ) &
   ((i++)) || true # annoyingly considered a failure based on result
 done

spartan/aztec-network/files/config/config-validator-env.sh

@@ -3,7 +3,7 @@ set -eu
 
 # Pass a PXE url as an argument
 # Ask the PXE's node for l1 contract addresses
-output=$(node --no-warnings /usr/src/yarn-project/aztec/dest/bin/index.js get-node-info -u $1 --node-url '')
+output=$(node --no-warnings /usr/src/yarn-project/aztec/dest/bin/index.js get-node-info -u $1)
 
 echo "$output"
 

spartan/aztec-network/files/config/deploy-l1-contracts.sh

@@ -8,19 +8,31 @@ CHAIN_ID=$2
 output=""
 MAX_RETRIES=5
 RETRY_DELAY=60
-export LOG_LEVEL=debug
 
 for attempt in $(seq 1 $MAX_RETRIES); do
-  # if INIT_VALIDATORS is true, then we need to pass the validators flag to the deploy-l1-contracts command
+  # Construct base command
+  base_cmd="node --no-warnings /usr/src/yarn-project/aztec/dest/bin/index.js deploy-l1-contracts"
+
+  # Add account - use private key if set, otherwise use mnemonic
+  if [ -n "${L1_DEPLOYMENT_PRIVATE_KEY:-}" ]; then
+    base_cmd="$base_cmd --private-key $L1_DEPLOYMENT_PRIVATE_KEY"
+  else
+    base_cmd="$base_cmd --mnemonic '$MNEMONIC'"
+  fi
+
+  # Add validators if INIT_VALIDATORS is true
   if [ "${INIT_VALIDATORS:-false}" = "true" ]; then
-    output=$(node --no-warnings /usr/src/yarn-project/aztec/dest/bin/index.js deploy-l1-contracts --mnemonic "$MNEMONIC" --validators $3 --l1-chain-id $CHAIN_ID --salt $SALT) && break
+    output=$(eval $base_cmd --validators $3 --l1-chain-id $CHAIN_ID --salt $SALT) && break
   else
-    output=$(node --no-warnings /usr/src/yarn-project/aztec/dest/bin/index.js deploy-l1-contracts --mnemonic "$MNEMONIC" --l1-chain-id $CHAIN_ID --salt $SALT) && break
+    output=$(eval $base_cmd --l1-chain-id $CHAIN_ID --salt $SALT) && break
   fi
+
   echo "Attempt $attempt failed. Retrying in $RETRY_DELAY seconds..."
   sleep "$RETRY_DELAY"
-done || { echo "All l1 contract deploy attempts failed."; exit 1; }
-
+done || {
+  echo "All l1 contract deploy attempts failed."
+  exit 1
+}
 
 echo "$output"
 
@@ -38,7 +50,7 @@ governance_proposer_address=$(echo "$output" | grep -oP 'GovernanceProposer Addr
 governance_address=$(echo "$output" | grep -oP 'Governance Address: \K0x[a-fA-F0-9]{40}')
 
 # Write the addresses to a file in the shared volume
-cat <<EOF > /shared/contracts/contracts.env
+cat <<EOF >/shared/contracts/contracts.env
 export ROLLUP_CONTRACT_ADDRESS=$rollup_address
 export REGISTRY_CONTRACT_ADDRESS=$registry_address
 export INBOX_CONTRACT_ADDRESS=$inbox_address

spartan/aztec-network/files/config/setup-service-addresses.sh

@@ -53,8 +53,8 @@ get_service_address() {
 }
 
 # Configure Ethereum address
-if [ "${ETHEREUM_EXTERNAL_HOST}" != "" ]; then
-    ETHEREUM_ADDR="${ETHEREUM_EXTERNAL_HOST}"
+if [ "${EXTERNAL_ETHEREUM_HOST}" != "" ]; then
+    ETHEREUM_ADDR="${EXTERNAL_ETHEREUM_HOST}"
 elif [ "${NETWORK_PUBLIC}" = "true" ]; then
     ETHEREUM_ADDR=$(get_service_address "ethereum" "${ETHEREUM_PORT}")
 else

spartan/aztec-network/templates/boot-node.yaml

@@ -44,8 +44,8 @@ spec:
               cat /shared/config/service-addresses
               echo "Awaiting ethereum node at ${ETHEREUM_HOST}"
               until curl -s -X POST -H 'Content-Type: application/json' \
-                -d '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":67}' \
-                ${ETHEREUM_HOST} | grep -q reth; do
+                -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":67}' \
+                ${ETHEREUM_HOST} | grep 0x; do
                 echo "Waiting for Ethereum node ${ETHEREUM_HOST}..."
                 sleep 5
               done
@@ -97,6 +97,8 @@ spec:
               value: "true"
             - name: MNEMONIC
               value: "{{ .Values.aztec.l1DeploymentMnemonic }}"
+            - name: L1_DEPLOYMENT_PRIVATE_KEY
+              value: "{{ .Values.ethereum.deployL1ContractsPrivateKey }}"
             - name: ETHEREUM_SLOT_DURATION
               value: "{{ .Values.ethereum.blockTime }}"
             - name: AZTEC_SLOT_DURATION
@@ -189,6 +191,8 @@ spec:
               value: "{{ .Values.bootNode.sequencer.minTxsPerBlock }}"
             - name: VALIDATOR_PRIVATE_KEY
               value: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
+            - name: SEQ_PUBLISHER_PRIVATE_KEY
+              value: "{{ .Values.bootNode.seqPublisherPrivateKey }}"
             - name: OTEL_RESOURCE_ATTRIBUTES
               value: service.name={{ .Release.Name }},service.namespace={{ .Release.Namespace }},service.version={{ .Chart.AppVersion }},environment={{ .Values.environment | default "production" }}
             - name: PROVER_REAL_PROOFS
@@ -203,6 +207,14 @@ spec:
               value: "{{ .Values.aztec.epochDuration }}"
             - name: AZTEC_EPOCH_PROOF_CLAIM_WINDOW_IN_L2_SLOTS
               value: "{{ .Values.aztec.epochProofClaimWindow }}"
+            - name: ARCHIVER_POLLING_INTERVAL_MS
+              value: {{ .Values.bootNode.archiverPollingInterval | quote }}
+            - name: ARCHIVER_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.bootNode.archiverViemPollingInterval | quote }}
+            - name: L1_READER_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.bootNode.archiverViemPollingInterval | quote }}
+            - name: SEQ_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.bootNode.viemPollingInterval | quote }}
             - name: PEER_ID_PRIVATE_KEY
               value: "{{ .Values.bootNode.peerIdPrivateKey }}"
           ports:

spartan/aztec-network/templates/prover-node.yaml

@@ -34,8 +34,8 @@ spec:
             - |
               source /shared/config/service-addresses
               until curl -s -X POST -H 'Content-Type: application/json' \
-                -d '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":67}' \
-                ${ETHEREUM_HOST} | grep -q reth; do
+                -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":67}' \
+                ${ETHEREUM_HOST} | grep 0x; do
                 echo "Waiting for Ethereum node ${ETHEREUM_HOST}..."
                 sleep 5
               done
@@ -144,7 +144,7 @@ spec:
             - name: PROVER_BROKER_DATA_DIRECTORY
               value: "{{ .Values.proverNode.proverBroker.dataDirectory }}"
             - name: PROVER_PUBLISHER_PRIVATE_KEY
-              value: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
+              value: "{{ .Values.proverNode.proverPublisherPrivateKey }}"
             - name: OTEL_RESOURCE_ATTRIBUTES
               value: service.name={{ .Release.Name }},service.namespace={{ .Release.Namespace }},service.version={{ .Chart.AppVersion }},environment={{ .Values.environment | default "production" }}
             - name: L1_CHAIN_ID
@@ -163,6 +163,8 @@ spec:
               value: "{{ .Values.aztec.epochDuration }}"
             - name: AZTEC_EPOCH_PROOF_CLAIM_WINDOW_IN_L2_SLOTS
               value: "{{ .Values.aztec.epochProofClaimWindow }}"
+            - name: PROVER_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.proverNode.viemPollingInterval | quote }}
           ports:
             - containerPort: {{ .Values.proverNode.service.nodePort }}
             - containerPort: {{ .Values.proverNode.service.p2pTcpPort }}

spartan/aztec-network/templates/reth.yaml

@@ -1,3 +1,4 @@
+{{- if not .Values.ethereum.externalHost }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -144,4 +145,5 @@ spec:
     requests:
       storage: {{ .Values.ethereum.storage }}
 {{- end }}
----
+---
+{{ end }}

spartan/aztec-network/templates/validator.yaml

@@ -45,8 +45,8 @@ spec:
               cat /shared/config/service-addresses
               # First check ethereum node
               until curl -s -X POST -H 'Content-Type: application/json' \
-                -d '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":67}' \
-                $ETHEREUM_HOST | grep -q reth; do
+                -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":67}' \
+                $ETHEREUM_HOST | grep 0x; do
                 echo "Waiting for Ethereum node ${ETHEREUM_HOST}..."
                 sleep 5
               done
@@ -190,6 +190,16 @@ spec:
               value: "{{ .Values.aztec.epochDuration }}"
             - name: AZTEC_EPOCH_PROOF_CLAIM_WINDOW_IN_L2_SLOTS
               value: "{{ .Values.aztec.epochProofClaimWindow }}"
+            - name: VALIDATOR_ATTESTATIONS_POLLING_INTERVAL_MS
+              value: {{ .Values.validator.attestationPollingInterval | quote }}
+            - name: ARCHIVER_POLLING_INTERVAL_MS
+              value: {{ .Values.validator.archiverPollingInterval | quote }}
+            - name: ARCHIVER_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.validator.viemPollingInterval | quote }}
+            - name: L1_READER_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.validator.viemPollingInterval | quote }}
+            - name: SEQ_VIEM_POLLING_INTERVAL_MS
+              value: {{ .Values.validator.viemPollingInterval | quote }}
           ports:
             - containerPort: {{ .Values.validator.service.nodePort }}
             - containerPort: {{ .Values.validator.service.p2pTcpPort }}