init monorepo

.cargo/config.toml

@@ -0,0 +1,2 @@
+[net]
+git-fetch-with-cli = true

.github/actions/install-solc/action.yml

@@ -0,0 +1,23 @@
+---
+name: 'Install Solc'
+description: 'Installs the Solc compiler.'
+inputs:
+  solc-version:
+    description: 'The latest version of solc.'
+    required: false
+    default: '0.8.26'
+runs:
+  using: "composite"
+  steps:
+    - name: Install solc compiler
+      shell: bash
+      run: |
+        if ! solc --version &> /dev/null ||
+          [[ $(solc --version | grep -oP '(\d+\.\d+\.\d+)' | head -n 1) \
+          != ${{ inputs.solc-version }} ]]; then
+            cargo install solc-select --force
+            solc-select install ${{ inputs.solc-version }}
+            solc-select use ${{ inputs.solc-version }}
+        else
+            echo "solc is already installed."
+        fi

.github/actions/prepare-rust-env/action.yml

@@ -0,0 +1,29 @@
+---
+name: 'Prepare Rust environment'
+description: >
+  Installs Rust toolchain, authenticates with SSH (in order to access Github private repos)
+inputs:
+  poseidon-gadget-private-key:
+    description: 'SSH private key that corresponds to the deploy key in poseidon2-gadget repository'
+    required: true
+  zkos-circuits-private-key:
+    description: 'SSH private key that corresponds to the deploy key in zkos-circuits repository'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: webfactory/[email protected]
+      with:
+        ssh-private-key: |
+          ${{ inputs.poseidon-gadget-private-key }}
+          ${{ inputs.zkos-circuits-private-key }}
+
+    - name: Install Rust toolchain
+      uses: Cardinal-Cryptography/github-actions/install-rust-toolchain@v7
+      with:
+        channel: nightly
+
+    - name: Install sccache
+      shell: bash
+      run: scripts/install-sccache

.github/actions/shielder-relayer/build-and-push/action.yml

@@ -0,0 +1,56 @@
+---
+name: Build and push docker image
+
+inputs:
+  aws-mainnet-ecr-access-key:
+    required: true
+  aws-mainnet-ecr-access-key-id:
+    required: true
+  ecr-private-host:
+    description: ECR private host
+    required: true
+
+outputs:
+  image_tag:
+    description: Tag of the pushed image
+    value: ${{ steps.outputs.outputs.image_tag }}
+
+runs:
+  using: composite
+  steps:
+    - name: Call action get-ref-properties
+      id: get-ref-properties
+      uses: Cardinal-Cryptography/github-actions/get-ref-properties@v6
+
+    - name: DOCKER | Login to private Amazon ECR
+      id: login-private-ecr
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ inputs.ecr-private-host }}
+        username: ${{ inputs.aws-mainnet-ecr-access-key-id }}
+        password: ${{ inputs.aws-mainnet-ecr-access-key }}
+      env:
+        AWS_REGION: us-east-1
+
+    - name: DOCKER | Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+      with:
+        version: v0.9.1
+
+    - name: DOCKER | Build and push latest docker image
+      id: build-image
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        builder: ${{ steps.buildx.outputs.name }}
+        file: ./crates/shielder-relayer/docker/Dockerfile
+        push: true
+        tags: "${{ inputs.ecr-private-host }}/shielder-relayer:\
+          ${{ steps.get-ref-properties.outputs.sha }}"
+
+    - name: OUTPUTS | Set output with docker image
+      id: outputs
+      shell: bash
+      run: |
+        echo "image_tag=${{ steps.get-ref-properties.outputs.sha }}" >> $GITHUB_OUTPUT

.github/actions/shielder-relayer/deploy/action.yml

@@ -0,0 +1,66 @@
+---
+name: Deploy docker image
+
+inputs:
+  image-tag:
+    description: Tag of the docker image to be deployed
+    required: true
+  autocommit-author:
+    description: Commit author
+    required: true
+  autocommit-email:
+    description: Commit author's mail
+    required: true
+  github-token:
+    description: Github token
+    required: true
+  ecr-private-host:
+    description: ECR private host
+    required: true
+  kustomize-version:
+    description: Kustomize version
+    required: true
+  environment:
+    type: choice
+    options:
+      - testnet-dev
+      - testnet
+      - mainnet
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: GIT | Checkout aleph-apps repo
+      uses: actions/checkout@v4
+      with:
+        repository: Cardinal-Cryptography/aleph-apps
+        token: ${{ inputs.github-token }}
+        path: "aleph-apps"
+        ref: main
+
+    - name: KUSTOMIZE | Init kustomize
+      uses: imranismail/setup-kustomize@v2
+      with:
+        kustomize-version: ${{ inputs.kustomize-version }}
+
+    - name: KUSTOMIZE | Update docker image tag
+      shell: bash
+      env:
+        DEPLOY_IMAGE: ${{ inputs.ecr-private-host }}/shielder-relayer:${{ inputs.image-tag }}
+      run: |
+        cd aleph-apps/shielder-relayer/overlays/${{ inputs.environment }}/eu-central-1
+        kustomize edit set image "shielder-relayer-image-placeholder=${{ env.DEPLOY_IMAGE }}"
+
+    - name: GIT | Commit changes to aleph-apps repository
+      uses: EndBug/[email protected]
+      env:
+        GITHUB_TOKEN: ${{ inputs.github-token }}
+      with:
+        author_name: ${{ inputs.autocommit-author }}
+        author_email: ${{ inputs.autocommit-email }}
+        message: >
+          Updating shielder-relayer ${{ inputs.environment }}
+          docker image tag: ${{ inputs.image-tag }}
+        add: "*.yaml"
+        cwd: 'aleph-apps'

.github/workflows/_build-contracts.yml

@@ -0,0 +1,60 @@
+---
+name: Generate, compile and lint contracts
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  main:
+    name: Generate, compile and lint contracts
+    runs-on: [self-hosted, Linux, X64, large]
+    #runs-on: ubuntu-20.04
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Prepare Rust env
+        uses: ./.github/actions/prepare-rust-env
+        with:
+          poseidon-gadget-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          zkos-circuits-private-key: ${{ secrets.ZKOS_CIRCUITS_SSH_PRIVATE_KEY }}
+
+      - name: Setup node
+        uses: asdf-vm/actions/install@v3
+
+      - name: Install Foundry
+        uses: foundry-rs/[email protected]
+        with:
+          cache-key: custom-seed-coverage-${{ github.ref_name }}
+          cache-restore-keys: |-
+            contract-suite
+          version: nightly-31dd1f77fd9156d09836486d97963cec7f555343
+
+      - name: Lint contracts code (excluding generated code)
+        shell: bash
+        run: make deps && make lint-contracts
+
+      - name: Regenerate verifier and Poseidon contracts and ensure that they are up-to-date
+        run: |
+          make generate-verifier-contracts && make generate-poseidon-contracts && \
+          git diff --exit-code -- contracts/
+
+      - name: Compile eth contracts
+        run: make compile-contracts
+
+      - name: Upload generated contracts to artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: generated-contracts
+          path: contracts
+          retention-days: 1
+
+      - name: Upload bytecode and ABI to artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: contract-artifacts
+          path: artifacts
+          retention-days: 1

.github/workflows/_build-wasm-packages.yml

@@ -0,0 +1,35 @@
+---
+name: Build wasm packages
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  main:
+    name: Build wasm packages
+    runs-on: [self-hosted, Linux, X64, large]
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Prepare Rust env
+        uses: ./.github/actions/prepare-rust-env
+        with:
+          poseidon-gadget-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          zkos-circuits-private-key: ${{ secrets.ZKOS_CIRCUITS_SSH_PRIVATE_KEY }}
+
+      - name: Install wasm-pack
+        run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
+
+      - name: Build shielder-wasm
+        run: cd crates/shielder-wasm && make all
+
+      - name: Upload generated wasm to artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: crates-shielder-wasm-pkg
+          path: crates/shielder-wasm/pkg
+          retention-days: 1

.github/workflows/_check-vars-and-secrets.yml

@@ -0,0 +1,55 @@
+---
+#  This workflow checks if vars and secrets are present and fails if one is empty.
+#  It should be included as a first step in all the workflows.
+name: Check vars and secrets
+on:
+  workflow_call:
+
+jobs:
+  main:
+    name: Check available vars and secrets
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Check vars
+        run: |
+          if [[ \
+            -z '${{ vars.SHIELDER_CONTRACT_ADDRESS }}' || \
+            -z '${{ vars.KUSTOMIZE_VERSION }}' || \
+            -z '${{ vars.CI_TESTNET_ALICE_PUBLIC_KEY }} }}' || \
+            -z '${{ vars.CI_TESTNET_BOB_PUBLIC_KEY }} }}' || \
+            -z '${{ vars.CI_TESTNET_CHARLIE_PUBLIC_KEY }} }}' || \
+            -z '${{ vars.CI_TESTNET_RELAYER_SIGNER_ADDRESSES }} }}' || \
+            -z '${{ vars.CI_TESTNET_FEE_DESTINATION }} }}'
+          ]]; then
+            echo '!!! Some repository variables are either missing or empty.'
+            echo '!!! Please check either repository or organization settings.'
+            exit 1
+          fi
+
+      - name: Check secrets
+        run: |
+          if [[ \
+            -z '${{ secrets.ZKOS_CIRCUITS_SSH_PRIVATE_KEY }}' || \
+            -z '${{ secrets.SSH_PRIVATE_KEY }}' || \
+            -z '${{ secrets.VERCEL_ORG_ID }}' || \
+            -z '${{ secrets.VERCEL_PROJECT_ID }}' || \
+            -z '${{ secrets.VERCEL_TOKEN }}' || \
+            -z '${{ secrets.AWS_MAINNET_ECR_ACCESS_KEY_ID }}' || \
+            -z '${{ secrets.AWS_MAINNET_ECR_ACCESS_KEY }}' || \
+            -z '${{ secrets.ECR_PRIVATE_HOST }}' || \
+            -z '${{ secrets.AUTOCOMMIT_AUTHOR }}' || \
+            -z '${{ secrets.AUTOCOMMIT_EMAIL }}' || \
+            -z '${{ secrets.CI_GH_TOKEN }}' || \
+            -z '${{ secrets.SLACK_WEBHOOK_ZKOS }}' || \
+            -z '${{ secrets.CI_TESTNET_DEPLOYER_PRIVATE_KEY }}' || \
+            -z '${{ secrets.CI_TESTNET_ALICE_PRIVATE_KEY }}' || \
+            -z '${{ secrets.CI_TESTNET_BOB_PRIVATE_KEY }}' || \
+            -z '${{ secrets.CI_TESTNET_CHARLIE_PRIVATE_KEY }}' || \
+            -z '${{ secrets.CI_TESTNET_FEE_DESTINATION_KEY }}' || \
+            -z '${{ secrets.CI_TESTNET_RELAYER_SIGNING_KEYS }}' || \
+            -z '${{ secrets.NPM_PUBLISHING_KEY }}'
+          ]]; then
+            echo '!!! Some repository secrets are either missing or empty.'
+            echo '!!! Please check either repository or organization settings.'
+            exit 1
+          fi

.github/workflows/_deploy-contracts.yml

@@ -0,0 +1,51 @@
+---
+name: Deploy contracts
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+  main:
+    name: Deploy contracts to the anvil network
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup node
+        uses: asdf-vm/actions/install@v3
+
+      - name: Install Foundry
+        uses: foundry-rs/[email protected]
+        with:
+          cache-key: custom-seed-coverage-${{ github.ref_name }}
+          cache-restore-keys: |-
+            contract-suite
+          version: nightly-31dd1f77fd9156d09836486d97963cec7f555343
+
+      - name: Run anvil node in background
+        shell: bash
+        run: make anvil &
+
+      - name: Install dependencies
+        shell: bash
+        run: make deps
+
+      - name: Download generated contracts from artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: generated-contracts
+          path: contracts
+
+      - name: Download compiled contracts from artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: contract-artifacts
+          path: artifacts
+
+      - name: deploy eth contracts
+        shell: bash
+        run: NETWORK=anvil make deploy-contracts