From ad801693592df3263b8a621a081c7616948524da Mon Sep 17 00:00:00 2001
From: spypsy <spypsy@users.noreply.github.com>
Date: Fri, 25 Oct 2024 18:00:20 +0100
Subject: [PATCH] fix: deploy & version aztec-up scripts (#9435)

Fixes https://github.com/AztecProtocol/aztec-packages/issues/9427
---
 .github/workflows/publish-aztec-packages.yml | 27 +++++++++++++++
 aztec-up/README.md                           |  2 +-
 aztec-up/bin/aztec-install                   | 10 ++++--
 aztec-up/bin/aztec-up                        |  9 ++++-
 aztec-up/terraform/main.tf                   | 35 +++++++++++++++++++-
 5 files changed, 78 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/publish-aztec-packages.yml b/.github/workflows/publish-aztec-packages.yml
index d7650f30933..9bc5f3e88fd 100644
--- a/.github/workflows/publish-aztec-packages.yml
+++ b/.github/workflows/publish-aztec-packages.yml
@@ -299,6 +299,33 @@ jobs:
             --VERSION=$VERSION \
             --DRY_RUN=${{ (github.event.inputs.publish == 'false') && '1' || '0' }}
 
+  publish-aztec-up:
+    needs: [configure, publish-manifests]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.GIT_COMMIT }}
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.7.5
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-2
+
+      - name: Publish aztec-up
+        working-directory: ./aztec-up/terraform
+        run: |
+          terraform init
+          TAG=${{ env.DEPLOY_TAG }}
+          export TF_VAR_VERSION=${TAG#aztec-packages-v}
+          terraform apply -auto-approve
+
   # Sometimes runners get killed because they can be spot, we try once more for good measure
   rerun-check:
     runs-on: ubuntu-latest
diff --git a/aztec-up/README.md b/aztec-up/README.md
index e46bfbceaec..285ed9c9070 100644
--- a/aztec-up/README.md
+++ b/aztec-up/README.md
@@ -25,7 +25,7 @@ VERSION=master aztec-up
 This will install the container built from master branch.
 
 ```
-VERSION=v1.2.3 aztec-up
+VERSION=1.2.3 aztec-up
 ```
 
 This will install tagged release version 1.2.3.
diff --git a/aztec-up/bin/aztec-install b/aztec-up/bin/aztec-install
index de49749faec..bec2edb9a43 100755
--- a/aztec-up/bin/aztec-install
+++ b/aztec-up/bin/aztec-install
@@ -114,8 +114,14 @@ curl -fsSL http://$INSTALL_HOST/docker-compose.sandbox.yml -o $AZTEC_PATH/docker
 curl -fsSL http://$INSTALL_HOST/docker-compose.test.yml -o $AZTEC_PATH/docker-compose.test.yml
 
 function install_bin {
-  curl -fsSL http://$INSTALL_HOST/$1 -o $BIN_PATH/$1
-  chmod +x $BIN_PATH/$1
+  local install_url
+  if [ "$VERSION" != "latest" ]; then
+    install_url="http://$INSTALL_HOST/$VERSION/$1"
+  else
+    install_url="http://$INSTALL_HOST/$1"
+  fi
+  curl -fsSL "$install_url" -o "$BIN_PATH/$1"
+  chmod +x "$BIN_PATH/$1"
   echo "Installed: $BIN_PATH/$1"
 }
 
diff --git a/aztec-up/bin/aztec-up b/aztec-up/bin/aztec-up
index 7e718a33dab..2328a9c5bf4 100755
--- a/aztec-up/bin/aztec-up
+++ b/aztec-up/bin/aztec-up
@@ -3,4 +3,11 @@ set -euo pipefail
 
 export VERSION=${1:-${VERSION:-}}
 export NON_INTERACTIVE=1
-bash -i <(curl -s https://install.aztec.network)
+
+if [ -n "$VERSION" ] && [ "$VERSION" != "latest" ]; then
+  INSTALL_URL="https://install.aztec.network/$VERSION/aztec-install"
+else
+  INSTALL_URL="https://install.aztec.network/aztec-install"
+fi
+
+bash -i <(curl -s $INSTALL_URL)
diff --git a/aztec-up/terraform/main.tf b/aztec-up/terraform/main.tf
index 4177d0ff285..63f44df06df 100644
--- a/aztec-up/terraform/main.tf
+++ b/aztec-up/terraform/main.tf
@@ -26,6 +26,11 @@ data "terraform_remote_state" "aztec2_iac" {
   }
 }
 
+variable "VERSION" {
+  description = "The version of the Aztec scripts to upload"
+  type        = string
+}
+
 # Create the website S3 bucket
 resource "aws_s3_bucket" "install_bucket" {
   bucket = "install.aztec.network"
@@ -71,7 +76,35 @@ resource "null_resource" "upload_public_directory" {
   }
 
   provisioner "local-exec" {
-    command = "aws s3 sync ../bin s3://${aws_s3_bucket.install_bucket.id}/"
+    interpreter = ["/bin/bash", "-c"]
+    command     = <<EOT
+      # Function to compare versions
+      version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+
+      # Read the current version from S3
+      CURRENT_VERSION=$(aws s3 cp s3://${aws_s3_bucket.install_bucket.id}/VERSION - 2>/dev/null || echo "0.0.0")
+
+      # Validate that var.VERSION is a valid semver
+      if [[ ! "${var.VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+        echo "Warning: ${var.VERSION} is not a valid semver version. Skipping version comparison."
+      else
+        # Check if new version is greater than current version
+        if version_gt "${var.VERSION}" "$CURRENT_VERSION"; then
+          echo "Uploading new version ${var.VERSION}"
+
+          # Upload new version to root
+          aws s3 sync ../bin s3://${aws_s3_bucket.install_bucket.id}/
+
+          # Update VERSION file
+          echo "${var.VERSION}" | aws s3 cp - s3://${aws_s3_bucket.install_bucket.id}/VERSION
+        else
+          echo "New version ${var.VERSION} is not greater than current version $CURRENT_VERSION. Skipping root upload."
+        fi
+      fi
+
+      # Always create a version directory and upload files there
+      aws s3 sync ../bin s3://${aws_s3_bucket.install_bucket.id}/${var.VERSION}/
+    EOT
   }
 }