Remove JWT #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Contracts | |
on: | |
push: | |
branches: | |
- alvarof2/contracts | |
workflow_dispatch: | |
inputs: | |
broadcast: | |
required: false | |
type: boolean | |
default: true | |
l1_rpc_kind: | |
required: false | |
type: string | |
default: 'any' | |
deployment_context: | |
required: false | |
type: string | |
default: 'test-alvaro' | |
gs_admin_address: | |
required: false | |
type: string | |
default: '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82' | |
gs_batcher_address: | |
required: false | |
type: string | |
default: '0x0F82E82268FA5de5070A088e54eAbc2dec07D615' | |
gs_proposer_address: | |
required: false | |
type: string | |
default: '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb' | |
gs_sequenncer_address: | |
required: false | |
type: string | |
default: '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e' | |
jobs: | |
deploy-contracts: | |
runs-on: ubuntu-latest | |
permissions: # Must change the job token permissions to use Akeyless JWT auth | |
id-token: write | |
contents: read | |
if: ${{ ! startsWith(github.triggering_actor, 'akeyless') }} | |
env: | |
BROADCAST: ${{ github.event_name == 'push' && 'true' || inputs.broadcast }} | |
L1_RPC_KIND: ${{ github.event_name == 'push' && 'alchemy' || inputs.l1_rpc_kind }} | |
DEPLOYMENT_CONTEXT: ${{ github.event_name == 'push' && 'test-alvaro' || inputs.deployment_context }} | |
GS_ADMIN_ADDRESS: ${{ github.event_name == 'push' && '0x19c1696408E63d670ab8177bfafB0D37e9F3ed82' || inputs.gs_admin_address }} | |
GS_BATCHER_ADDRESS: ${{ github.event_name == 'push' && '0x0F82E82268FA5de5070A088e54eAbc2dec07D615' || inputs.gs_batcher_address }} | |
GS_PROPOSER_ADDRESS: ${{ github.event_name == 'push' && '0x8D20f1E387cDF78c4AF42F61FB48B1Be72056FEb' || inputs.gs_proposer_address }} | |
GS_SEQUENCER_ADDRESS: ${{ github.event_name == 'push' && '0xF20B236A87e26D1Ac7290D0F70f637af8145D54e' || inputs.gs_sequenncer_address }} | |
steps: | |
- name: "Get GitHub Token from Akeyless" | |
id: get_auth_token | |
uses: | |
docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest | |
with: | |
api-url: https://api.gateway.akeyless.celo-networks-dev.org | |
access-id: p-kf9vjzruht6l | |
dynamic-secrets: '{"/dynamic-secrets/keys/github/optimism/contents=write,pull_requests=write":"PAT"}' | |
- name: "Checkout current PR" | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ env.PAT }} | |
submodules: recursive | |
fetch-depth: 0 | |
- name: Setup | |
uses: ./.github/actions/setup | |
- name: Akeyless get L1 URL | |
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest | |
with: | |
api-url: https://api.gateway.akeyless.celo-networks-dev.org | |
access-id: p-kf9vjzruht6l | |
static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/l1-rpc-url":"L1_RPC_URL"}' | |
- name: Akeyless get GS ADMIN private key | |
uses: docker://us-west1-docker.pkg.dev/devopsre/akeyless-public/akeyless-action:latest | |
with: | |
api-url: https://api.gateway.akeyless.celo-networks-dev.org | |
access-id: p-kf9vjzruht6l | |
static-secrets: '{"/static-secrets/devops-circle/alvaro-test-opstack-sepolia/gs-admin-private-key":"GS_ADMIN_PRIVATE_KEY"}' | |
- name: Deploy L1 contracts | |
run: | | |
export IMPL_SALT=$(openssl rand -hex 32) | |
cd packages/contracts-bedrock | |
./scripts/getting-started/config.sh | |
if [[ -z "${BROADCAST}" ]] || [[ $BROADCAST == 'false' ]] | |
then | |
echo "Simulating ..." | |
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --rpc-url $L1_RPC_URL --slow | |
else | |
echo "Broadcasting ..." | |
forge script scripts/Deploy.s.sol:Deploy --private-key $GS_ADMIN_PRIVATE_KEY --broadcast --rpc-url $L1_RPC_URL --slow | |
fi | |
- name: Generate genesis files | |
run: | | |
mkdir -p l2-config-files/$DEPLOYMENT_CONTEXT | |
cd op-node | |
go run cmd/main.go genesis l2 \ | |
--deploy-config ../packages/contracts-bedrock/deploy-config/$DEPLOYMENT_CONTEXT.json \ | |
--l1-deployments ../packages/contracts-bedrock/deployments/$DEPLOYMENT_CONTEXT/.deploy \ | |
--outfile.l2 ../l2-config-files/$DEPLOYMENT_CONTEXT/genesis-$(date +%s).json \ | |
--outfile.rollup ../l2-config-files/$DEPLOYMENT_CONTEXT/rollup-$(date +%s).json \ | |
--l1-rpc $L1_RPC_URL | |
- name: "Commit genesis files" | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: '[Automatic] - Commit genesis files' |