feat: Delayed signature verification during block proposals #25660
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI for Aztec. At a high-level, runs ./bootstrap.sh ci in root. See root README.md for more details. | |
| # Only for internal devs. For external devs, see ci3-external.yml. | |
| # | |
| # CAREFUL! We use "exec" a lot to ensure signal propagation to the child process, to allow proper ec2 cleanup. | |
| name: CI3 | |
| on: | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - "v*" | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review, labeled] | |
| merge_group: {} | |
| concurrency: | |
| # Allow full concurrency for merge-train PRs, one-run-per-branch for everything else. | |
| group: ci3-${{ (startsWith(github.event.pull_request.head.ref, 'merge-train/') && github.run_id) || github.event.merge_group.head_ref || github.ref_name }} | |
| cancel-in-progress: true | |
| jobs: | |
| ci: | |
| runs-on: ubuntu-latest | |
| # exclusive with ci3-external.yml: never run on forks | |
| # (github.event.pull_request.head.repo.fork resolves to nil if not a pull request) | |
| if: github.event.pull_request.head.repo.fork != true && github.event.pull_request.draft == false | |
| environment: ${{ startsWith(github.ref, 'refs/tags/v') && 'master' || '' }} | |
| steps: | |
| ############# | |
| # Prepare Env | |
| ############# | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| # The commit to checkout. We want our actual commit, and not the result of merging the PR to the target. | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: CI Merge Queue Override (grind on PR) | |
| if: contains(github.event.pull_request.labels.*.name, 'ci-merge-queue') | |
| run: echo "CI_MERGE_QUEUE=1" >> $GITHUB_ENV | |
| - name: CI Full Override | |
| if: contains(github.event.pull_request.labels.*.name, 'ci-full') | |
| run: echo "CI_FULL=1" >> $GITHUB_ENV | |
| - name: Cache Override | |
| if: contains(github.event.pull_request.labels.*.name, 'ci-no-cache') | |
| run: echo "NO_CACHE=1" >> $GITHUB_ENV | |
| - name: Fail Fast Override | |
| if: contains(github.event.pull_request.labels.*.name, 'ci-no-fail-fast') | |
| run: echo "NO_FAIL_FAST=1" >> $GITHUB_ENV | |
| - name: Barretenberg CI Override | |
| if: contains(github.event.pull_request.labels.*.name, 'ci-barretenberg') | |
| run: echo "BARRETENBERG_CI=1" >> $GITHUB_ENV | |
| - name: Compute Target Branch | |
| id: target_branch | |
| run: | | |
| if [ "${{ github.event_name }}" == "merge_group" ]; then | |
| target_branch=${{ github.event.merge_group.base_ref }} | |
| elif [ "${{ github.event_name }}" == "pull_request" ]; then | |
| target_branch=${{ github.event.pull_request.base.ref }} | |
| else | |
| target_branch=${{ github.ref_name }} | |
| fi | |
| target_branch=${target_branch#refs/heads/} | |
| echo "target_branch=$target_branch" >> $GITHUB_OUTPUT | |
| echo "TARGET_BRANCH=${target_branch}" >> $GITHUB_ENV | |
| - name: Docs CI Override | |
| if: contains(github.event.pull_request.labels.*.name, 'ci-docs') || (steps.target_branch.outputs.target_branch == 'merge-train/docs') | |
| run: echo "CI_DOCS=1" >> $GITHUB_ENV | |
| - name: Barretenberg CI Override | |
| if: contains(github.event.pull_request.labels.*.name, 'barretenberg-ci') || (github.event.pull_request.base.ref == 'merge-train/barretenberg') | |
| run: echo "CI_BARRETENBERG=1" >> $GITHUB_ENV | |
| # Allow full concurrency for merge-train PRs, one-run-per-branch for everything else. | |
| - name: Set Instance Postfix for merge-train | |
| if: startsWith(github.event.pull_request.head.ref, 'merge-train/') | |
| run: echo "INSTANCE_POSTFIX=${{ github.event.pull_request.commits }}" >> $GITHUB_ENV | |
| - name: Setup | |
| run: | | |
| # Ensure we can SSH into the spot instances we request. | |
| mkdir -p ~/.ssh | |
| echo ${{ secrets.BUILD_INSTANCE_SSH_KEY }} | base64 --decode > ~/.ssh/build_instance_key | |
| chmod 600 ~/.ssh/build_instance_key | |
| # Install required packages. | |
| sudo apt update && sudo apt install -y redis-tools parallel | |
| - name: Prepare GCP key | |
| env: | |
| GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} | |
| run: | | |
| echo "$GCP_SA_KEY" | base64 -w 0 > gcp_sa_key.b64 | |
| echo "GCP_SA_KEY_B64=$(cat gcp_sa_key.b64)" >> $GITHUB_ENV | |
| ############# | |
| # Run | |
| ############# | |
| - name: Run | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} | |
| RUN_ID: ${{ github.run_id }} | |
| NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| # Nightly test env vars. | |
| GCP_SA_KEY_B64: ${{ env.GCP_SA_KEY_B64 }} | |
| EXTERNAL_ETHEREUM_HOSTS: "https://json-rpc.${{ secrets.GCP_SEPOLIA_URL }}?key=${{ secrets.GCP_SEPOLIA_API_KEY }},${{ secrets.INFURA_SEPOLIA_URL }}" | |
| EXTERNAL_ETHEREUM_CONSENSUS_HOST: "https://beacon.${{ secrets.GCP_SEPOLIA_URL }}" | |
| EXTERNAL_ETHEREUM_CONSENSUS_HOST_API_KEY: ${{ secrets.GCP_SEPOLIA_API_KEY }} | |
| EXTERNAL_ETHEREUM_CONSENSUS_HOST_API_KEY_HEADER: "X-goog-api-key" | |
| GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
| run: | | |
| if [ "${{ github.event_name }}" == "merge_group" ] || [ "${CI_MERGE_QUEUE:-0}" -eq 1 ]; then | |
| exec ./ci.sh merge-queue | |
| elif [ "${CI_FULL:-0}" -eq 1 ]; then | |
| exec ./ci.sh full | |
| elif [ "${CI_DOCS:-0}" -eq 1 ]; then | |
| exec ./ci.sh docs | |
| elif [ "${CI_BARRETENBERG:-0}" -eq 1 ]; then | |
| exec ./ci.sh barretenberg | |
| elif [ "${{ contains(github.ref, '-nightly.') }}" == "true" ]; then | |
| exec ./ci.sh nightly | |
| elif [ "${{ startsWith(github.ref, 'refs/tags/v') }}" == "true" ]; then | |
| exec ./ci.sh release | |
| else | |
| exec ./ci.sh fast | |
| fi | |
| - name: Download benchmarks | |
| if: github.event_name == 'merge_group' | |
| run: ./ci.sh gh-bench | |
| - name: Upload benchmarks | |
| if: github.event_name == 'merge_group' | |
| uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29 | |
| with: | |
| name: Aztec Benchmarks | |
| benchmark-data-dir-path: "bench/${{ steps.target_branch.outputs.target_branch }}" | |
| tool: "customSmallerIsBetter" | |
| output-file-path: ./bench-out/bench.json | |
| github-token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} | |
| auto-push: true | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| alert-threshold: "105%" | |
| comment-on-alert: false | |
| fail-on-alert: false | |
| max-items-in-chart: 100 | |
| notify: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && failure() | |
| needs: | |
| - ci | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| - name: Get Context | |
| id: get_context | |
| run: | | |
| authors=$(git log -1 --pretty=format:'%an <%ae>') | |
| echo "authors=${authors}" >> $GITHUB_OUTPUT | |
| # Note, we have to make sure double quotes don't break our JSON. | |
| title=$(git log -1 --pretty=format:'%s' | sed s/\"/\'/g) | |
| echo "commit_title=${title}" >> $GITHUB_OUTPUT | |
| failed_jobs="" | |
| [ "${{ needs.ci-grind.result }}" = "failure" ] && failed_jobs+="ci-grind" | |
| [ "${{ needs.ci.result }}" = "failure" ] && failed_jobs+="ci" | |
| echo "failed_jobs=${failed_jobs}" >> $GITHUB_OUTPUT | |
| cat $GITHUB_OUTPUT | |
| - name: Send Notification | |
| uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 | |
| with: | |
| payload: | | |
| { | |
| "text": "Failure on ${{ github.ref_name }}\nCommit: ${{ steps.get_context.outputs.commit_title }}", | |
| "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}", | |
| "authors": "${{ steps.get_context.outputs.authors }}", | |
| "failed_jobs": "${{ steps.get_context.outputs.failed_jobs }}" | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFY_WORKFLOW_TRIGGER_URL2 }} |