Skip to content

chore: trim down fisherman deployment #18062

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alexghr merged 1 commit into from
Oct 31, 2025
Merged

chore: trim down fisherman deployment #18062

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions spartan/environments/ignition-fisherman.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,15 @@ ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET
ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET
ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET
ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET
FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
FUNDING_PRIVATE_KEY=""
LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-ignition-fisherman-mnemonic
LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET
ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
ROLLUP_DEPLOYMENT_PRIVATE_KEY=""
OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET

SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-ignition-sepolia}

ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET
ETHERSCAN_API_KEY=""
R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET
R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET
BOT_TRANSFERS_REPLICAS=0
Expand Down
1 change: 1 addition & 0 deletions spartan/environments/staging-ignition.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET
ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET
FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET
LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-staging-ignition-mnemonic
ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET
VERIFY_CONTRACTS=true
Expand Down
11 changes: 8 additions & 3 deletions spartan/scripts/deploy_network.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,9 +108,14 @@ DESTROY_CHAOS_MESH=${DESTROY_CHAOS_MESH:-false}
CREATE_CHAOS_MESH=${CREATE_CHAOS_MESH:-false}


# Compute validator addresses
VALIDATOR_ADDRESSES=$(echo "$VALIDATOR_INDICES" | tr ',' '\n' | xargs -I{} cast wallet address --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index {} | tr '\n' ',' | sed 's/,$//')
log "VALIDATOR_ADDRESSES: ${VALIDATOR_ADDRESSES}"
# Compute validator addresses (skip if no validators)
if [[ $VALIDATOR_REPLICAS -gt 0 ]]; then
VALIDATOR_ADDRESSES=$(echo "$VALIDATOR_INDICES" | tr ',' '\n' | xargs -I{} cast wallet address --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index {} | tr '\n' ',' | sed 's/,$//')
log "VALIDATOR_ADDRESSES: ${VALIDATOR_ADDRESSES}"
else
VALIDATOR_ADDRESSES=""
log "VALIDATOR_ADDRESSES: (none - no validators)"
fi

# Compute and include publisher indices in prefunding list
# Uses env overrides when provided, otherwise falls back to values.yaml defaults
Expand Down
19 changes: 18 additions & 1 deletion spartan/scripts/setup_gcp_secrets.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@ NETWORK=${NETWORK:-}

L1_NETWORK=${L1_NETWORK:-sepolia}

# Read optional custom secret name for LABS_INFRA_MNEMONIC
LABS_INFRA_MNEMONIC_SECRET_NAME=${LABS_INFRA_MNEMONIC_SECRET_NAME:-}

echo "Setting up GCP secrets for network: $NETWORK"

# Create secure temporary directory for secrets
Expand Down Expand Up @@ -67,6 +70,13 @@ mask_secret_value() {
fi
}

# Determine the mnemonic secret name: use custom if provided, otherwise use default pattern
if [[ -n "$LABS_INFRA_MNEMONIC_SECRET_NAME" ]]; then
MNEMONIC_SECRET="${LABS_INFRA_MNEMONIC_SECRET_NAME}"
else
MNEMONIC_SECRET="${L1_NETWORK}-labs-${NETWORK}-mnemonic"
fi

# Map of environment variables to GCP secret names
# Generic mappings - network-specific secrets use ${NETWORK} in the name
declare -A SECRET_MAPPINGS=(
Expand All @@ -78,7 +88,7 @@ declare -A SECRET_MAPPINGS=(
["ROLLUP_DEPLOYMENT_PRIVATE_KEY"]="${L1_NETWORK}-labs-rollup-private-key"
["OTEL_COLLECTOR_ENDPOINT"]="otel-collector-url"
["ETHERSCAN_API_KEY"]="etherscan-api-key"
["LABS_INFRA_MNEMONIC"]="${L1_NETWORK}-labs-${NETWORK}-mnemonic"
["LABS_INFRA_MNEMONIC"]="${MNEMONIC_SECRET}"
["STORE_SNAPSHOT_URL"]="r2-account-id"
["R2_ACCESS_KEY_ID"]="r2-access-key-id"
["R2_SECRET_ACCESS_KEY"]="r2-secret-access-key"
Expand All @@ -95,6 +105,13 @@ JSON_SECRETS=(
# Replace placeholders with actual secrets
for env_var in "${!SECRET_MAPPINGS[@]}"; do
secret_name="${SECRET_MAPPINGS[$env_var]}"

# Skip if the variable doesn't contain REPLACE_WITH_GCP_SECRET at all
if ! grep -q "^${env_var}=.*REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then
echo "Skipping $env_var (no placeholder value)"
continue
fi

echo "Fetching secret: $secret_name for $env_var"

if grep -q "^${env_var}=REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then
Expand Down
54 changes: 28 additions & 26 deletions spartan/terraform/deploy-aztec-infra/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ provider "helm" {
}

module "web3signer" {
# Only deploy web3signer if we have validators or provers that need to publish to L1
count = tonumber(var.VALIDATOR_REPLICAS) > 0 || (tonumber(var.PROVER_REPLICAS) > 0 && !var.PROVER_NODE_DISABLE_PROOF_PUBLISH) ? 1 : 0

source = "../modules/web3signer"
NAMESPACE = var.NAMESPACE
RELEASE_NAME = var.RELEASE_PREFIX
Expand Down Expand Up @@ -122,7 +125,7 @@ locals {
wait = true
} : null

validators = {
validators = tonumber(var.VALIDATOR_REPLICAS) > 0 ? {
name = "${var.RELEASE_PREFIX}-validator"
chart = "aztec-validator"
values = [
Expand Down Expand Up @@ -152,7 +155,6 @@ locals {
"validator.slash.offenseExpirationRounds" = var.SLASH_OFFENSE_EXPIRATION_ROUNDS
"validator.slash.maxPayloadSize" = var.SLASH_MAX_PAYLOAD_SIZE
"validator.node.env.TRANSACTIONS_DISABLED" = var.TRANSACTIONS_DISABLED
"validator.node.env.NETWORK" = var.NETWORK
"validator.node.env.KEY_INDEX_START" = var.VALIDATOR_MNEMONIC_START_INDEX
"validator.node.env.PUBLISHER_KEY_INDEX_START" = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX
"validator.node.env.VALIDATORS_PER_NODE" = var.VALIDATORS_PER_NODE
Expand All @@ -166,7 +168,7 @@ locals {
boot_node_host_path = "validator.node.env.BOOT_NODE_HOST"
bootstrap_nodes_path = "validator.node.env.BOOTSTRAP_NODES"
wait = true
}
} : null

prover = {
name = "${var.RELEASE_PREFIX}-prover"
Expand All @@ -176,27 +178,29 @@ locals {
"prover.yaml",
"prover-resources-${var.PROVER_RESOURCE_PROFILE}.yaml"
]
custom_settings = {
"node.mnemonic" = var.PROVER_MNEMONIC
"node.mnemonicStartIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
"node.node.proverRealProofs" = var.PROVER_REAL_PROOFS
"node.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/"
"node.node.env.NETWORK" = var.NETWORK
"node.node.env.PROVER_FAILED_PROOF_STORE" = var.PROVER_FAILED_PROOF_STORE
"node.node.env.KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
"node.node.env.PUBLISHER_KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
"node.node.env.PUBLISHERS_PER_PROVER" = var.PROVER_PUBLISHERS_PER_PROVER
"node.node.env.PROVER_NODE_DISABLE_PROOF_PUBLISH" = var.PROVER_NODE_DISABLE_PROOF_PUBLISH
"node.node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG
"broker.node.proverRealProofs" = var.PROVER_REAL_PROOFS
"broker.node.env.NETWORK" = var.NETWORK
"broker.node.env.BOOTSTRAP_NODES" = "asdf"
"agent.node.proverRealProofs" = var.PROVER_REAL_PROOFS
"agent.node.env.NETWORK" = var.NETWORK
"agent.replicaCount" = var.PROVER_REPLICAS
"agent.node.env.BOOTSTRAP_NODES" = "asdf"
"agent.node.env.AGENT_COUNT" = var.PROVER_AGENTS_PER_PROVER
}
custom_settings = merge(
{
"node.mnemonic" = var.PROVER_MNEMONIC
"node.mnemonicStartIndex" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
"node.node.proverRealProofs" = var.PROVER_REAL_PROOFS
"node.node.env.PROVER_FAILED_PROOF_STORE" = var.PROVER_FAILED_PROOF_STORE
"node.node.env.KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
"node.node.env.PUBLISHER_KEY_INDEX_START" = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
"node.node.env.PUBLISHERS_PER_PROVER" = var.PROVER_PUBLISHERS_PER_PROVER
"node.node.env.PROVER_NODE_DISABLE_PROOF_PUBLISH" = var.PROVER_NODE_DISABLE_PROOF_PUBLISH
"node.node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG
"broker.node.proverRealProofs" = var.PROVER_REAL_PROOFS
"broker.node.env.BOOTSTRAP_NODES" = "asdf"
"agent.node.proverRealProofs" = var.PROVER_REAL_PROOFS
"agent.replicaCount" = var.PROVER_REPLICAS
"agent.node.env.BOOTSTRAP_NODES" = "asdf"
"agent.node.env.AGENT_COUNT" = var.PROVER_AGENTS_PER_PROVER
},
# Only set web3signerUrl if proof publishing is enabled
!var.PROVER_NODE_DISABLE_PROOF_PUBLISH ? {
"node.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/"
} : {}
)
boot_node_host_path = "node.node.env.BOOT_NODE_HOST"
bootstrap_nodes_path = "node.node.env.BOOTSTRAP_NODES"
wait = true
Expand Down Expand Up @@ -235,7 +239,6 @@ locals {
custom_settings = {
"nodeType" = "rpc"
"replicaCount" = var.RPC_REPLICAS
"node.env.NETWORK" = var.NETWORK
Copy link
Member

@spypsy spypsy Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you mean to remove this?

Copy link
Contributor Author

@alexghr alexghr Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes! The network env var is already handled in the underlying helm chart. This was duplicating the env definition

"node.proverRealProofs" = var.PROVER_REAL_PROOFS
"ingress.rpc.enabled" = var.RPC_INGRESS_ENABLED
"ingress.rpc.host" = var.RPC_INGRESS_HOST
Expand All @@ -258,7 +261,6 @@ locals {
]
custom_settings = {
"nodeType" = "archive"
"node.env.NETWORK" = var.NETWORK
"node.env.P2P_ARCHIVED_TX_LIMIT" = "10000000"
"node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG
}
Expand Down
Loading