Skip to content

Remove JWT

Remove JWT #38

Workflow file for this run

name: Deploy Contracts
on:
push:
branches:
- alvarof2/contracts
workflow_dispatch:
inputs:
broadcast:
required: false
type: boolean
default: true
l1_rpc_kind:
required: false
type: string
default: 'any'
deployment_context:
required: false
type: string
default: 'test-alvaro'
gs_admin_address:
required: false
type: string
default: '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82'
gs_batcher_address:
required: false
type: string
default: '0x0F82E82268FA5de5070A088e54eAbc2dec07D615'
gs_proposer_address:
required: false
type: string
default: '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb'
gs_sequenncer_address:
required: false
type: string
default: '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e'
jobs:
deploy-contracts:
runs-on: ubuntu-latest
permissions: # Must change the job token permissions to use Akeyless JWT auth
id-token: write
contents: read
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }}
env:
BROADCAST: ${{ github.event_name == 'push' && 'true' || inputs.broadcast }}
L1_RPC_KIND: ${{ github.event_name == 'push' && 'alchemy' || inputs.l1_rpc_kind }}
DEPLOYMENT_CONTEXT: ${{ github.event_name == 'push' && 'test-alvaro' || inputs.deployment_context }}
GS_ADMIN_ADDRESS: ${{ github.event_name == 'push' && '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82' || inputs.gs_admin_address }}
GS_BATCHER_ADDRESS: ${{ github.event_name == 'push' && '0x0F82E82268FA5de5070A088e54eAbc2dec07D615' || inputs.gs_batcher_address }}
GS_PROPOSER_ADDRESS: ${{ github.event_name == 'push' && '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb' || inputs.gs_proposer_address }}
GS_SEQUENCER_ADDRESS: ${{ github.event_name == 'push' && '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e' || inputs.gs_sequenncer_address }}
steps:
- name: "Get GitHub Token from Akeyless"
id: get_auth_token
uses:
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
dynamic-secrets: '{"/dynamic-secrets/keys/github/optimism/contents=write,pull_requests=write":"PAT"}'
- name: "Checkout current PR"
uses: actions/checkout@v4
with:
token: ${{ env.PAT }}
submodules: recursive
fetch-depth: 0
- name: Setup
uses: ./.github/actions/setup
- name: Akeyless get L1 URL
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/l1-rpc-url":"L1_RPC_URL"}'
- name: Akeyless get GS ADMIN private key
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest
with:
api-url: https://api.gateway.akeyless.celo-networks-dev.org
access-id: p-kf9vjzruht6l
static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/gs-admin-private-key":"GS_ADMIN_PRIVATE_KEY"}'
- name: Deploy L1 contracts
run: |
export IMPL_SALT=$(openssl rand -hex 32)
cd packages/contracts-bedrock
./scripts/getting-started/config.sh
if [[ -z "${BROADCAST}" ]] || [[ $BROADCAST == 'false' ]]
then
echo "Simulating ..."
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --rpc-url $L1_RPC_URL --slow
else
echo "Broadcasting ..."
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --broadcast --rpc-url $L1_RPC_URL --slow
fi
- name: Generate genesis files
run: |
mkdir -p l2-config-files/$DEPLOYMENT_CONTEXT
cd op-node
go run cmd/main.go genesis l2 \
--deploy-config ../packages/contracts-bedrock/deploy-config/$DEPLOYMENT_CONTEXT.json \
--l1-deployments ../packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT/.deploy \
--outfile.l2 ../l2-config-files/$DEPLOYMENT_CONTEXT/genesis-$(date +%s).json \
--outfile.rollup ../l2-config-files/$DEPLOYMENT_CONTEXT/rollup-$(date +%s).json \
--l1-rpc $L1_RPC_URL
- name: "Commit genesis files"
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: '[Automatic] - Commit genesis files'