Option to add mitm as part of kurtosis deployment #2839

Workflow file for this run

	---
	# Basic deployment workflow.
	# Note that more advanced use cases are tested in the nightly workflow.
	name: Deploy

	on:
	pull_request:
	push:
	branches: [main]

	concurrency:
	group: deploy-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	env:
	POLYCLI_VERSION: v0.1.72 # https://github.com/0xPolygon/polygon-cli/releases/
	ENCLAVE_NAME: cdk

	jobs:
	run-without-args:
	runs-on: ubuntu-latest
	timeout-minutes: 20
	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	# This step will only execute if the necessary secrets are available, preventing failures
	# on pull requests from forked repositories.
	if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
	env:
	DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Install Kurtosis CDK tools
	uses: ./.github/actions/setup-kurtosis-cdk

	- name: Run Starlark
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --show-enclave-inspect=false .

	- name: Inspect enclave
	run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }}

	- name: Monitor CDK chain verified batches (CDK Erigon Permissionless RPC)
	working-directory: .github/scripts
	run: \|
	./monitor-cdk-chain.sh \
	--enclave ${{ env.ENCLAVE_NAME }} \
	--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)

	- name: Dump enclave
	if: ${{ !cancelled() }}
	run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump

	- name: Upload enclave dump
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@v4
	with:
	name: dump_run_without_args_${{ github.run_id }}
	path: ./dump

	list-ymls:
	runs-on: ubuntu-latest
	timeout-minutes: 2
	outputs:
	matrix: ${{ steps.set-matrix.outputs.matrix }}
	steps:
	- uses: actions/checkout@v4

	- name: Generate test combinations
	working-directory: .github/tests
	run: ./combine-ymls.sh

	- id: set-matrix
	run: \|
	# Only run a subset of the tests in CI.
	files=$(ls -R ./.github/tests/combinations/*.yml \| grep -v "sovereign")
	matrix=$(echo "$files" \| jq -R -s -c 'split("\n")[:-1]')
	echo "matrix=$matrix" >> $GITHUB_OUTPUT

	run-with-args:
	needs: list-ymls
	runs-on: ubuntu-latest
	timeout-minutes: 20
	strategy:
	fail-fast: false
	matrix:
	file_name: ${{ fromJson(needs.list-ymls.outputs.matrix) }}
	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	# This step will only execute if the necessary secrets are available, preventing failures
	# on pull requests from forked repositories.
	if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
	env:
	DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Install Kurtosis CDK tools
	uses: ./.github/actions/setup-kurtosis-cdk

	- name: Generate test combinations
	working-directory: .github/tests
	run: ./combine-ymls.sh

	- name: Run Starlark
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=${{ matrix.file_name }} --show-enclave-inspect=false .

	- name: Inspect enclave
	run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }}

	- name: Monitor CDK chain verified batches (Central RPC)
	run: \|
	result=$(yq --raw-output '.args.consensus_contract_type' ${{ matrix.file_name }})
	if [[ "$result" == "pessimistic" ]]; then
	echo "Skipping block verification as consensus is pessimistic."
	else
	sequencer_type=$(yq --raw-output '.args.sequencer_type' ${{ matrix.file_name }})
	rpc_name=""
	if [[ "$sequencer_type" == "erigon" ]]; then
	rpc_name="cdk-erigon-rpc-001"
	elif [[ "$sequencer_type" == "zkevm" ]]; then
	rpc_name="zkevm-node-rpc-001"
	elif [[ "$sequencer_type" == "null" ]]; then
	rpc_name="cdk-erigon-rpc-001"
	else
	echo "Unknown sequencer type: $sequencer_type"
	exit 1
	fi
	echo "RPC name: $rpc_name"
	./.github/scripts/monitor-cdk-chain.sh \
	--enclave ${{ env.ENCLAVE_NAME }} \
	--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} $rpc_name rpc)
	fi

	- name: Monitor CDK chain verified batches (zkEVM Permissionless RPC)
	run: \|
	result=$(yq --raw-output '.args.consensus_contract_type' ${{ matrix.file_name }})
	if [[ "$result" == "pessimistic" ]]; then
	echo "Skipping block verification as consensus is pessimistic."
	else
	result=$(yq --raw-output '.args.additional_services // [] \| contains(["pless_zkevm_node"])' ${{ matrix.file_name }})
	if [[ "$result" == "true" ]]; then
	./.github/scripts/monitor-cdk-chain.sh \
	--enclave ${{ env.ENCLAVE_NAME }} \
	--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-node-rpc-pless-001 rpc)
	else
	echo "Skipping batch verification as there is no zkevm permissionless RPC in the environment"
	fi
	fi

	- name: Monitor OP rollup finalized blocks (OP CL RPC)
	run: \|
	result=$(yq --raw-output '.deployment_stages.deploy_optimism_rollup' ${{ matrix.file_name }})
	if [[ "$result" == "true" ]]; then
	./.github/scripts/monitor-op-rollup.sh \
	--enclave ${{ env.ENCLAVE_NAME }} \
	--cl-rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} op-cl-1-op-node-op-geth-op-kurtosis http)
	else
	echo "Skipping block verification as there is no OP rollup in the environment"
	fi

	- name: Dump enclave
	if: ${{ !cancelled() }}
	run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump

	- name: Generate archive name
	if: ${{ !cancelled() }}
	run: \|
	file_name=$(basename "${{ matrix.file_name }}" ".yml")
	archive_name="dump_run_with_args_${file_name}_${{ github.run_id }}"
	echo "ARCHIVE_NAME=${archive_name}" >> "$GITHUB_ENV"
	echo "Generated archive name: ${archive_name}"

	- name: Upload enclave dump
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@v4
	with:
	name: ${{ env.ARCHIVE_NAME }}
	path: ./dump

	multi-cdk-chains:
	runs-on: ubuntu-latest
	timeout-minutes: 20
	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	# This step will only execute if the necessary secrets are available, preventing failures
	# on pull requests from forked repositories.
	if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
	env:
	DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Install polycli
	run: \|
	tmp_dir=$(mktemp -d)
	curl -L "https://github.com/0xPolygon/polygon-cli/releases/download/${{ env.POLYCLI_VERSION }}/polycli_${{ env.POLYCLI_VERSION }}_linux_amd64.tar.gz" \| tar -xz -C "$tmp_dir"
	mv "$tmp_dir"/* /usr/local/bin/polycli
	rm -rf "$tmp_dir"
	sudo chmod +x /usr/local/bin/polycli
	/usr/local/bin/polycli version

	- name: Install Kurtosis CDK tools
	uses: ./.github/actions/setup-kurtosis-cdk

	- name: Replace Agglayer SP1 Prover Key with Github Secrets
	run: \|
	sed -i "s/agglayer_prover_sp1_key: null/agglayer_prover_sp1_key: \"${{ secrets.SP1_PRIVATE_KEY }}\"/" ./.github/tests/chains/l1-cdk1-cdk2.yml
	# This step will only execute if the necessary secrets are available, preventing failures
	# on pull requests from forked repositories.
	if: ${{ env.agglayer_prover_sp1_key && env.agglayer_prover_sp1_key != '' }}
	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Deploy L1 chain, cdk-1 PP chain, and cdk-2 Sovereign chain (cdk-erigon sequencer + cdk PP stack + cdk opgeth stack)
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/chains/l1-cdk1-cdk2.yml .

	- name: Update the agglayer config
	run: \|
	# Download the agglayer config file.
	kurtosis files download ${{ env.ENCLAVE_NAME }} agglayer-config-artifact
	cd agglayer-config-artifact
	# Update the config by adding the rpc and proof signer of cdk-3.
	tomlq -Y --toml-output --in-place '."full-node-rpcs" += {"3": "http://cdk-erigon-rpc-003:8123"}' agglayer-config.toml
	# Update the config by adding the rpc and proof signer of cdk-4.
	tomlq -Y --toml-output --in-place '."full-node-rpcs" += {"4": "http://cdk-erigon-rpc-004:8123"}' agglayer-config.toml
	# Replace the agglayer config.
	agglayer_container_id="$(docker ps --filter name=agglayer --format json \| jq -r -s '. \| map(select(.Names \| startswith("agglayer--"))) \| .[].ID')"
	docker cp agglayer-config.toml "$agglayer_container_id:/etc/zkevm/agglayer-config.toml"
	# Restart the agglayer service.
	kurtosis service stop ${{ env.ENCLAVE_NAME }} agglayer
	kurtosis service start ${{ env.ENCLAVE_NAME }} agglayer

	- name: Attach a cdk-3 FEP L2 chain (cdk-erigon sequencer + cdk FEP stack)
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/chains/cdk3.yml .

	- name: Attach a cdk-4 PP L2 chain (cdk-erigon sequencer + cdk PP stack)
	if: ${{ env.agglayer_prover_sp1_key \|\| env.agglayer_prover_sp1_key != '' }}
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/chains/cdk4.yml .
	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Inspect enclave
	run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }}

	- name: Send bridge transactions from L1 to cdk-2
	if: ${{ env.agglayer_prover_sp1_key \|\| env.agglayer_prover_sp1_key != '' }}
	working-directory: .github/scripts
	shell: bash {0} # By default, GHA runs with `set -e`. This line disables that.
	run: \|
	echo "Sending a bridge transaction from L1 to the cdk-2 RPC..."
	l1_rpc_url=http://$(kurtosis port print ${{ env.ENCLAVE_NAME }} el-1-geth-lighthouse rpc)
	l1_prefunded_mnemonic="giant issue aisle success illegal bike spike question tent bar rely arctic volcano long crawl hungry vocal artwork sniff fantasy very lucky have athlete"
	private_key=$(cast wallet private-key --mnemonic "$l1_prefunded_mnemonic")
	eth_address=$(cast wallet address --private-key $private_key)
	polycli ulxly bridge asset \
	--bridge-address 0x83F138B325164b162b320F797b57f6f7E235ABAC \
	--destination-network 2 \
	--private-key $private_key \
	--rpc-url $l1_rpc_url \
	--value 10000000000000000000
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Deposit transaction successfuly sent!"
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Deposit transaction failed!"
	exit 1
	fi

	echo "Waiting for deposit to be autoclaimed..."
	sleep 60

	op_rollup_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} op-el-1-op-geth-op-node-op-kurtosis rpc)
	while true; do
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] 🔄 Checking if the deposit was claimed..."
	balance=$(cast balance --ether --rpc-url $op_rollup_rpc_url $eth_address)
	result=$(echo "$balance > 0" \| bc) # Use bc to compare floating-point numbers
	if [[ "$result" -eq 1 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Deposit claimed, balance is $balance"
	exit 0
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Deposit has not been claimed yet... Retrying in 15 seconds..."
	sleep 15
	fi
	done

	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Bridge from cdk-2 to L1
	if: ${{ env.agglayer_prover_sp1_key \|\| env.agglayer_prover_sp1_key != '' }}
	working-directory: .github/scripts
	shell: bash {0} # By default, GHA runs with `set -e`. This line disables that.
	run: \|
	echo "Sending a bridge transaction from cdk-2 to L1..."
	op_rollup_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} op-el-1-op-geth-op-node-op-kurtosis rpc)
	l1_prefunded_mnemonic="giant issue aisle success illegal bike spike question tent bar rely arctic volcano long crawl hungry vocal artwork sniff fantasy very lucky have athlete"
	private_key=$(cast wallet private-key --mnemonic "$l1_prefunded_mnemonic")
	eth_address=$(cast wallet address --private-key $private_key)
	polycli ulxly bridge asset \
	--bridge-address 0x9A1f8eA578835d2b7b1e1EB8CD5EE3Bb7692338C \
	--destination-network 0 \
	--private-key $private_key \
	--rpc-url $op_rollup_rpc_url \
	--value $(date +%s) \
	--destination-address 0xC0FFEE0000000000000000000000000000000001
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Deposit transaction successfuly sent!"
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Deposit transaction failed!"
	exit 1
	fi

	bridge_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} sovereign-bridge-service-001 rpc)
	l1_rpc_url=http://$(kurtosis port print ${{ env.ENCLAVE_NAME }} el-1-geth-lighthouse rpc)
	l1_prefunded_mnemonic="giant issue aisle success illegal bike spike question tent bar rely arctic volcano long crawl hungry vocal artwork sniff fantasy very lucky have athlete"
	private_key=$(cast wallet private-key --mnemonic "$l1_prefunded_mnemonic")
	eth_address=$(cast wallet address --private-key $private_key)
	while true; do
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] 🔄 Attempting to claim the deposit..."
	polycli ulxly claim asset \
	--bridge-address 0x83F138B325164b162b320F797b57f6f7E235ABAC \
	--bridge-service-url $bridge_url \
	--deposit-count 0 \
	--destination-address 0xc0FFee0000000000000000000000000000000001 \
	--deposit-network 2 \
	--private-key $private_key \
	--rpc-url $l1_rpc_url
	ret_code="$?"
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Claim transaction successfuly sent!"
	exit 0
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Claim transaction not available for now. Retrying in 15 seconds..."
	sleep 15
	fi
	done
	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Bridge from cdk-2 to cdk-1
	if: ${{ env.agglayer_prover_sp1_key \|\| env.agglayer_prover_sp1_key != '' }}
	working-directory: .github/scripts
	shell: bash {0} # By default, GHA runs with `set -e`. This line disables that.
	run: \|
	echo "Sending a bridge transaction from cdk-2 to cdk-1..."
	op_rollup_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} op-el-1-op-geth-op-node-op-kurtosis rpc)
	l1_prefunded_mnemonic="giant issue aisle success illegal bike spike question tent bar rely arctic volcano long crawl hungry vocal artwork sniff fantasy very lucky have athlete"
	private_key=$(cast wallet private-key --mnemonic "$l1_prefunded_mnemonic")
	eth_address=$(cast wallet address --private-key $private_key)
	polycli ulxly bridge asset \
	--bridge-address 0x9A1f8eA578835d2b7b1e1EB8CD5EE3Bb7692338C \
	--destination-network 1 \
	--private-key $private_key \
	--rpc-url $op_rollup_rpc_url \
	--value $(date +%s) \
	--destination-address 0xC0FFEE0000000000000000000000000000000002
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Deposit transaction successfuly sent!"
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Deposit transaction failed!"
	exit 1
	fi

	l2_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)
	bridge_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} sovereign-bridge-service-001 rpc)
	while true; do
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] 🔄 Attempting to claim the deposit..."
	gas_price=$(cast gas-price --rpc-url $l2_rpc_url)
	polycli ulxly claim asset \
	--bridge-address 0x83F138B325164b162b320F797b57f6f7E235ABAC \
	--bridge-service-url $bridge_url \
	--deposit-count 1 \
	--destination-address 0xc0FFee0000000000000000000000000000000002 \
	--deposit-network 2 \
	--private-key 0x12d7de8621a77640c9241b2595ba78ce443d05e94090365ab3bb5e19df82c625 \
	--rpc-url $l2_rpc_url \
	--gas-price $gas_price
	ret_code="$?"
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Claim transaction successfuly sent!"
	exit 0
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Claim transaction not available for now. Retrying in 15 seconds..."
	sleep 15
	fi
	done
	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Send bridge transactions from L1 to the cdk-4
	if: ${{ env.agglayer_prover_sp1_key \|\| env.agglayer_prover_sp1_key != '' }}
	working-directory: .github/scripts
	shell: bash {0} # By default, GHA runs with `set -e`. This line disables that.
	run: \|
	echo "Sending a bridge transaction from L1 to cdk-4 Erigon RPC..."
	bridge_address=$(kurtosis service exec ${{ env.ENCLAVE_NAME }} contracts-001 'jq -r .polygonZkEVMBridgeAddress /opt/zkevm/combined.json' 2>&1 \| grep -P '0x\h*')
	l1_rpc_url=http://$(kurtosis port print ${{ env.ENCLAVE_NAME }} el-1-geth-lighthouse rpc)
	polycli ulxly bridge asset \
	--private-key 12d7de8621a77640c9241b2595ba78ce443d05e94090365ab3bb5e19df82c625 \
	--value 1000000000000000000 \
	--rpc-url $l1_rpc_url \
	--bridge-address $bridge_address \
	--destination-network 4 \
	--force-update-root=true \
	--destination-address 0xc0FFee0000000000000000000000000000000003
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Deposit transaction successfuly sent!"
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Deposit transaction failed!"
	exit 1
	fi

	l2_cdk4_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-004 rpc)
	bridge_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-bridge-service-004 rpc)
	while true; do
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] 🔄 Attempting to claim the deposit..."
	gas_price=$(cast gas-price --rpc-url $l2_cdk4_rpc_url)
	polycli ulxly claim asset \
	--bridge-address $bridge_address \
	--private-key 12d7de8621a77640c9241b2595ba78ce443d05e94090365ab3bb5e19df82c625 \
	--deposit-count 4 \
	--destination-address 0xc0FFee0000000000000000000000000000000003 \
	--deposit-network 0 \
	--rpc-url $l2_cdk4_rpc_url \
	--bridge-service-url $bridge_url \
	--gas-price $gas_price
	ret_code=$?
	if [[ "$ret_code" -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Claim transaction successfuly sent!"
	exit 0
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Claim transaction not available for now. Retring in 15 seconds..."
	sleep 15
	fi
	done
	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Bridge from cdk-4 to cdk-1.
	if: ${{ env.agglayer_prover_sp1_key \|\| env.agglayer_prover_sp1_key != '' }}
	working-directory: .github/scripts
	shell: bash {0} # By default, GHA runs with `set -e`. This line disables that.
	run: \|
	echo "Sending a bridge transaction from cdk-4 to the cdk-1 Erigon RPC..."
	bridge_address=$(kurtosis service exec ${{ env.ENCLAVE_NAME }} contracts-001 'jq -r .polygonZkEVMBridgeAddress /opt/zkevm/combined.json' 2>&1 \| grep -P '0x\h*')
	l2_cdk4_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-004 rpc)
	gas_price=$(cast gas-price --rpc-url $l2_cdk4_rpc_url)
	polycli ulxly bridge asset \
	--private-key 12d7de8621a77640c9241b2595ba78ce443d05e94090365ab3bb5e19df82c625 \
	--value 1000000000000 \
	--rpc-url $l2_cdk4_rpc_url \
	--bridge-address $bridge_address \
	--destination-network 1 \
	--force-update-root=true \
	--destination-address 0xc0FFee0000000000000000000000000000000004 \
	--gas-price $gas_price
	ret_code=$?
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Deposit transaction successfuly sent!"
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Deposit transaction failed!"
	exit 1
	fi

	l2_cdk1_rpc_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)
	bridge_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-bridge-service-004 rpc)
	while true; do
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] 🔄 Attempting to claim the deposit..."
	gas_price=$(cast gas-price --rpc-url $l2_cdk1_rpc_url)
	polycli ulxly claim asset \
	--bridge-address $bridge_address \
	--private-key 12d7de8621a77640c9241b2595ba78ce443d05e94090365ab3bb5e19df82c625 \
	--deposit-count 0 \
	--destination-address 0xc0FFee0000000000000000000000000000000004 \
	--deposit-network 4 \
	--rpc-url $l2_cdk1_rpc_url \
	--bridge-service-url $bridge_url \
	--gas-price $gas_price
	ret_code=$?
	if [[ $ret_code -eq 0 ]]; then
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ✅ Claim transaction successfuly sent!"
	exit 0
	else
	echo "[$(date '+%Y-%m-%d %H:%M:%S')] ❌ Claim transaction not available for now. Retrying in 15 seconds..."
	sleep 15
	fi
	done
	env:
	agglayer_prover_sp1_key: ${{ secrets.SP1_PRIVATE_KEY }}

	- name: Dump enclave
	if: ${{ !cancelled() }}
	run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump

	- name: Upload enclave dump
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@v4
	with:
	name: dump_attach_cdks_${{ github.run_id }}
	path: ./dump

	additional-services:
	runs-on: ubuntu-latest
	timeout-minutes: 20
	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	# This step will only execute if the necessary secrets are available, preventing failures
	# on pull requests from forked repositories.
	if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
	env:
	DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Install Kurtosis CDK tools
	uses: ./.github/actions/setup-kurtosis-cdk

	- name: Run Starlark
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/additional-services.yml --show-enclave-inspect=false .

	- name: Inspect enclave
	run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }}

	- name: Monitor CDK chain verified batches (CDK Erigon Permissionless RPC)
	working-directory: .github/scripts
	run: \|
	./monitor-cdk-chain.sh \
	--enclave ${{ env.ENCLAVE_NAME }} \
	--rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)

	- name: Verify Arpeggio RPC
	run: \|
	result=$(yq '.args.additional_services \| contains(["arpeggio"])' ./.github/tests/additional-services.yml)
	if [ "$result" = "true" ]; then
	cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} arpeggio-001 rpc)
	else
	echo "Arpeggio is not deployed."
	fi

	- name: Verify Blutgang RPC
	run: \|
	result=$(yq '.args.additional_services \| contains(["blutgang"])' ./.github/tests/additional-services.yml)
	if [ "$result" = "true" ]; then
	cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} blutgang-001 http)
	else
	echo "Blutgang is not deployed."
	fi

	- name: Verify erpc RPC
	run: \|
	result=$(yq '.args.additional_services \| contains(["erpc"])' ./.github/tests/additional-services.yml)
	if [ "$result" = "true" ]; then
	cast bn --rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} erpc-001 rpc)/main/evm/10101"
	else
	echo "ERPC is not deployed."
	fi

	- name: Verify permissionless zkevm-node rpc
	run: \|
	result=$(yq '.args.additional_services \| contains(["pless_zkevm_node"])' ./.github/tests/additional-services.yml)
	if [ "$result" = "true" ]; then
	cast bn --rpc-url $(kurtosis port print ${{ env.ENCLAVE_NAME }} zkevm-node-rpc-pless-001 rpc)
	else
	echo "Permissionless zkevm-node is not deployed."
	fi

	- name: Verify that Prometheus collects Panoptichain metrics
	run: \|
	result=$(yq '.args.additional_services \| contains(["prometheus_grafana"])' ./.github/tests/additional-services.yml)
	if [ "$result" = "true" ]; then
	echo "Wait for one minute while Prometheus gathers metrics..."
	sleep 60

	echo "Retrieve Panoptichain metrics from Prometheus..."
	panoptichain_metric="panoptichain_system_uptime"
	prometheus_url=$(kurtosis port print ${{ env.ENCLAVE_NAME }} prometheus-001 http)
	prometheus_query=$(curl "$prometheus_url/api/v1/query?query=$panoptichain_metric")
	echo $prometheus_query \| jq
	if [ "$(jq -r '.data.result[0].metric.__name__' <<<$prometheus_query)" == "$panoptichain_metric" ]; then
	echo "✅ Prometheus collects panoptichain metrics!"
	else
	echo "❌ Prometheus does not collect panoptichain metrics..."
	exit 1
	fi
	else
	echo "Prometheus is not deployed."
	fi

	- name: Dump enclave
	if: ${{ !cancelled() }}
	run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump

	- name: Upload enclave dump
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@v4
	with:
	name: dump_additional_services_${{ github.run_id }}
	path: ./dump

	deploy-to-external-l1:
	runs-on: ubuntu-latest
	timeout-minutes: 30
	steps:
	- uses: actions/checkout@v4

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	# This step will only execute if the necessary secrets are available, preventing failures
	# on pull requests from forked repositories.
	if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
	env:
	DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
	DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Install Kurtosis CDK tools
	uses: ./.github/actions/setup-kurtosis-cdk

	- name: Deploy L1 chain
	run: kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/external-l1/deploy-local-l1.yml .

	- name: Deploy to local L1 chain
	run: \|
	kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/external-l1/deploy-cdk-to-local-l1.yml .

	- name: Inspect enclave
	run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }}

	- name: Monitor CDK chain verified batches (CDK Erigon Permissionless RPC)
	working-directory: .github/scripts
	run: \|
	./monitor-cdk-chain.sh \
	--enclave ${{ env.ENCLAVE_NAME }} \
	--rpc-url "$(kurtosis port print ${{ env.ENCLAVE_NAME }} cdk-erigon-rpc-001 rpc)"

	- name: Dump enclave
	if: ${{ !cancelled() }}
	run: kurtosis enclave dump ${{ env.ENCLAVE_NAME }} ./dump

	- name: Upload enclave dump
	if: ${{ !cancelled() }}
	uses: actions/upload-artifact@v4
	with:
	name: dump_deploy_to_external_l1_${{ github.run_id }}
	path: ./dump

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Option to add mitm as part of kurtosis deployment #2839

Workflow file

Option to add mitm as part of kurtosis deployment #2839

Jobs

Run details

Workflow file for this run