feat: implement encryption to an address point and decryption from an address secret #24382

Workflow file for this run

	name: CI
	on:
	push:
	branches:
	- master
	- provernet
	- '/ci-push'
	pull_request:
	types:
	- opened
	- reopened
	- synchronize
	- ready_for_review
	- labeled
	branches-ignore: [devnet]
	workflow_dispatch:
	inputs: {}

	concurrency:
	# force parallelism in master
	group: ci-${{ github.ref_name == 'master' && github.run_id \|\| github.ref_name }}
	cancel-in-progress: true

	env:
	DOCKERHUB_PASSWORD: "${{ secrets.DOCKERHUB_PASSWORD }}"
	RUN_ID: ${{ github.run_id }}
	RUN_ATTEMPT: ${{ github.run_attempt }}
	GITHUB_TOKEN: ${{ github.token }}
	GH_SELF_HOSTED_RUNNER_TOKEN: ${{ secrets.GH_SELF_HOSTED_RUNNER_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }}
	GIT_COMMIT: ${{ github.event.pull_request.head.sha \|\| github.sha }}
	# kludge until we move away from runners
	WAIT_FOR_RUNNERS: false

	jobs:
	configure:
	runs-on: ubuntu-20.04
	if: github.event.pull_request.draft == false
	# Required permissions.
	permissions:
	pull-requests: read
	# Set job outputs to values from filter step.
	# Set username to a value derived from our github username.
	outputs:
	username: ${{ steps.compute_username.outputs.username }}
	avm-transpiler: ${{ steps.filter.outputs.avm-transpiler }}
	build-images: ${{ steps.filter.outputs.build-images }}
	barretenberg: ${{ steps.filter.outputs.barretenberg }}
	barretenberg-cpp: ${{ steps.filter.outputs.barretenberg-cpp }}
	noir: ${{ steps.filter.outputs.noir }}
	noir-projects: ${{ steps.filter.outputs.noir-projects }}
	txe: ${{ steps.filter.outputs.txe }}
	l1-contracts: ${{ steps.filter.outputs.l1-contracts }}
	non-docs: ${{ steps.filter.outputs.non-docs }}
	non-misc-ci: ${{ steps.filter.outputs.non-misc-ci }}
	non-barretenberg-cpp: ${{ steps.filter.outputs.non-barretenberg-cpp }}
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- name: Compute Username
	id: compute_username
	shell: bash
	env:
	REPO: "${{ github.repository }}"
	BRANCH: "${{ github.ref_name }}"
	run: \|
	if [ "${{ github.event_name }}" == "pull_request" ]; then
	echo "username=${{ github.event.pull_request.user.login }}"
	echo "username=${{ github.event.pull_request.user.login }}" >> $GITHUB_OUTPUT
	else
	GIT_HASH="${{ github.sha }}"
	GIT_HASH_LAST8=${GIT_HASH: -8}
	GIT_HASH_LAST8_DEC=$(printf "%d" 0x$GIT_HASH_LAST8)
	GIT_HASH_MODULO_8=$((GIT_HASH_LAST8_DEC % 8))
	echo "username=master-${GIT_HASH_MODULO_8}"
	echo "username=master-${GIT_HASH_MODULO_8}" >> $GITHUB_OUTPUT
	fi
	- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
	id: filter
	with:
	filters: \|
	barretenberg:
	- 'barretenberg/**'
	barretenberg-cpp:
	- 'barretenberg/cpp/**'
	build-images:
	- 'build-images/**'
	noir:
	- 'noir/**'
	avm-transpiler:
	- 'avm-transpiler/**'
	l1-contracts:
	- 'l1-contracts/**'
	noir-projects:
	- 'noir-projects/**'
	txe:
	- 'yarn-project/txe/**'
	non-barretenberg-cpp:
	- '!(barretenberg/cpp/**)'
	# don't consider AVM stuff 'core bb'
	- barretenberg/cpp/pil/**
	- barretenberg/cpp/src/barretenberg/vm/**
	- barretenberg/cpp/src/barretenberg/*/generated/
	- barretenberg/cpp/src/barretenberg/client_ivc/client_ivc.{hpp,cpp}
	- barretenberg/cpp/src/barretenberg/bb/main.cpp
	non-docs:
	- '!(docs/**)'
	non-misc-ci:
	- '!(.github/**)'
	# Always rebuild when this file changes
	- .github/workflows/ci.yml

	setup:
	needs: [configure]
	if: github.event.pull_request.draft == false
	uses: ./.github/workflows/setup-runner.yml
	with:
	username: ${{ needs.configure.outputs.username }}-x86
	runner_type: builder-x86
	secrets: inherit

	build-images:
	needs: [setup, configure]
	# Note we don't but the 'if' here as that would also apply to dependent jobs, instead we just copy it into each step
	runs-on: ${{ needs.configure.outputs.username }}-x86
	steps:
	- uses: actions/checkout@v4
	if: needs.configure.outputs.build-images == 'true'
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	if: needs.configure.outputs.build-images == 'true'
	with:
	concurrency_key: build-images-x86
	- name: "Push Build Images If Changed"
	if: needs.configure.outputs.build-images == 'true'
	timeout-minutes: 40
	run: \|
	earthly-ci --push ./build-images/+build

	build:
	needs: [build-images, configure]
	# NOTE: we don't skip this job here instead using if's below to avoid gotcha if dependent jobs have their own if's
	runs-on: ${{ needs.configure.outputs.username }}-x86
	outputs:
	e2e_list: ${{ steps.e2e_list.outputs.list }}
	bench_list: ${{ steps.bench_list.outputs.list }}
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-x86
	# prepare images locally, tagged by commit hash
	- name: "Build E2E Image"
	timeout-minutes: 40
	if: (needs.configure.outputs.non-docs == 'true' && needs.configure.outputs.non-misc-ci == 'true' && needs.configure.outputs.non-barretenberg-cpp == 'true') \|\| github.ref_name == 'master'
	run: \|
	earthly-ci ./yarn-project+export-e2e-test-images
	# We base our e2e list used in e2e-x86 off the targets in ./yarn-project/end-to-end
	# (Note ARM uses just 2 tests as a smoketest)
	- name: Create list of non-bench end-to-end jobs
	id: e2e_list
	run: \|
	if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
	LABELS=$(jq -r '.pull_request.labels \| map(.name) \| join(",")' "$GITHUB_EVENT_PATH")
	else
	LABELS=""
	fi
	echo Labels: $LABELS
	echo "list=$(./scripts/ci/get_e2e_jobs.sh ${{github.ref_name}} "$LABELS")" >> $GITHUB_OUTPUT
	- name: Create list of bench end-to-end jobs
	id: bench_list
	run: \|
	if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
	LABELS=$(jq -r '.pull_request.labels \| map(.name) \| join(",")' "$GITHUB_EVENT_PATH")
	else
	LABELS=""
	fi
	echo Labels: $LABELS
	echo "list=$(./scripts/ci/get_bench_jobs.sh ${{github.ref_name}} "$LABELS")" >> $GITHUB_OUTPUT

	# all the non-bench end-to-end integration tests for aztec
	e2e:
	needs: [build, configure]
	if: (needs.configure.outputs.non-docs == 'true' && needs.configure.outputs.non-misc-ci == 'true' && needs.configure.outputs.non-barretenberg-cpp == 'true') \|\| github.ref_name == 'master' \|\| contains(github.event.pull_request.labels.*.name, 'e2e')
	runs-on: ubuntu-20.04
	strategy:
	fail-fast: false
	matrix:
	test: ${{ fromJson( needs.build.outputs.e2e_list )}}
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	- name: Setup and Test
	timeout-minutes: 40
	uses: ./.github/ensure-tester-with-images
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	with:
	runner_type: ${{ contains(matrix.test, 'prover') && '64core-tester-x86' \|\| '8core-tester-x86' }}
	builder_type: builder-x86
	# these are copied to the tester and expected by the earthly command below
	# if they fail to copy, it will try to build them on the tester and fail
	builder_images_to_copy: aztecprotocol/aztec:${{ env.GIT_COMMIT }} aztecprotocol/end-to-end:${{ env.GIT_COMMIT }}
	# command to produce the images in case they don't exist
	builder_command: scripts/earthly-ci ./yarn-project+export-e2e-test-images
	run: \|
	set -eux
	cd ./yarn-project/end-to-end/
	export FORCE_COLOR=1
	../../scripts/earthly-ci -P --no-output +${{ matrix.test }}

	# all the benchmarking end-to-end integration tests for aztec (not required to merge)
	bench-e2e:
	needs: [build, configure]
	if: needs.build.outputs.bench_list != '[]' && ((needs.configure.outputs.non-docs == 'true' && needs.configure.outputs.non-misc-ci == 'true' && needs.configure.outputs.non-barretenberg-cpp == 'true') \|\| github.ref_name == 'master' \|\| contains(github.event.pull_request.labels.*.name, 'bench'))
	runs-on: ubuntu-20.04
	strategy:
	fail-fast: false
	matrix:
	test: ${{ fromJson( needs.build.outputs.bench_list )}}
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	- name: Setup and Test
	uses: ./.github/ensure-tester-with-images
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	timeout-minutes: 45
	with:
	runner_type: ${{ contains(matrix.test, 'prover') && '64core-tester-x86' \|\| '16core-tester-x86' }}
	builder_type: builder-x86
	# these are copied to the tester and expected by the earthly command below
	# if they fail to copy, it will try to build them on the tester and fail
	builder_images_to_copy: aztecprotocol/aztec:${{ env.GIT_COMMIT }} aztecprotocol/end-to-end:${{ env.GIT_COMMIT }}
	# command to produce the images in case they don't exist
	builder_command: scripts/earthly-ci ./yarn-project+export-e2e-test-images
	tester_ttl: 40
	run: \|
	set -eux
	cd ./yarn-project/end-to-end/
	export FORCE_COLOR=1
	export EARTHLY_BUILD_ARGS="${{ env.EARTHLY_BUILD_ARGS }}"
	../../scripts/earthly-ci --exec-stats -P --no-output +${{ matrix.test }}

	acir-bench:
	runs-on: ubuntu-20.04
	needs: [build, configure]
	# Note: not fully accurate, but to work with bench-summary needs to be the same as bench-e2e
	if: needs.configure.outputs.non-barretenberg-cpp == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	- name: Setup and Test
	uses: ./.github/ensure-tester-with-images
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	timeout-minutes: 40
	with:
	runner_type: 16core-tester-x86
	builder_type: builder-x86
	# these are copied to the tester and expected by the earthly command below
	# if they fail to copy, it will try to build them on the tester and fail
	builder_images_to_copy: aztecprotocol/barretenberg-acir-benches:${{ env.GIT_COMMIT }}
	# command to produce the images in case they don't exist
	builder_command: cd noir && ../scripts/earthly-ci +export-bench-acir-bb
	run: \|
	set -eux
	cd ./noir/
	export FORCE_COLOR=1
	export EARTHLY_BUILD_ARGS="${{ env.EARTHLY_BUILD_ARGS }}"
	../scripts/earthly-ci -P --no-output +bench-publish-acir-bb

	bench-summary:
	needs:
	- acir-bench
	- bench-e2e
	- configure
	runs-on: ${{ needs.configure.outputs.username }}-x86
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 100 # Downloading base benchmark from master requires access to history
	ref: "${{ github.event.pull_request.head.sha }}"
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: bench-summary-x86
	- name: "Build and upload bench aggregate file"
	working-directory: ./yarn-project/scripts
	run: \|
	earthly-ci -P +bench-aggregate
	- name: "Download base benchmark and package into earthly"
	if: github.event_name == 'pull_request'
	run: \|
	# Download the base benchmark locally (requires AWS creds and .git history)
	mkdir -p $BENCH_FOLDER
	./scripts/logs/download_base_benchmark_from_s3.sh
	# Package it into an earthly artifact to read from bench-comment
	earthly-ci -P ./scripts/logs+pack-base-benchmark
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	BENCH_FOLDER: "./scripts/logs/tmp/bench"
	PULL_REQUEST: "${{ github.event.pull_request.number }}"
	- name: "Generate summary comment if pull request"
	if: github.event_name == 'pull_request'
	working-directory: ./yarn-project/scripts
	run: \|
	earthly-ci -P +bench-comment
	env:
	AZTEC_BOT_GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}

	bb-gcc:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg-cpp == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	# Only allow one memory-hunger prover test to use this runner
	- uses: ./.github/ci-setup-action
	with:
	# must be globally unique for build x runner
	concurrency_key: bb-gcc
	- name: "Ensure GCC Builds"
	working-directory: ./barretenberg/cpp/
	timeout-minutes: 40
	# limit our parallelism to half our cores
	run: earthly-ci --no-output +preset-gcc

	# barretenberg (prover) native, AVM (public VM) and Merkle tree (world state) tests
	# ran on own runner for resource reasons (memory x cpu intensive)
	bb-native-tests:
	runs-on: ubuntu-20.04
	needs: [build-images, configure]
	if: needs.configure.outputs.barretenberg-cpp == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	- name: "Native Prover Tests"
	uses: ./.github/ensure-tester
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	# note: tester by default times out at 30, would need to delay shutdwon for more
	timeout-minutes: 30
	with:
	runner_type: 128core-tester-x86
	run: \|
	echo ${{ secrets.DOCKERHUB_PASSWORD }} \| docker login -u aztecprotocolci --password-stdin
	scripts/earthly-ci --exec-stats --no-output --no-cache ./barretenberg/cpp+test --hardware_concurrency=32

	bb-js-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: bb-js-test-x86
	- name: "bb.js Tests"
	working-directory: ./barretenberg/ts/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+test

	noir-build-acir-tests:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: build-acir-tests-x86
	- name: "Build Acir Tests"
	timeout-minutes: 40
	run: earthly-ci --no-output ./noir/+build-acir-tests

	bb-acir-tests-bb:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-bb-x86
	- name: "BB Native Acir Tests (Misc)"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-bb

	bb-acir-tests-bb-ultra-plonk:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-bb-ultra-plonk-x86
	- name: "BB Native Acir Tests (Ultraplonk)"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-ultra-plonk

	bb-acir-tests-bb-ultra-honk:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-bb-ultra-honk-x86
	- name: "BB Native Acir Tests (Ultrahonk)"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-ultra-honk

	bb-acir-tests-bb-mega-honk:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-bb-mega-honk-x86
	- name: "BB Native Acir Tests (Megahonk)"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-bb-mega-honk

	bb-acir-tests-sol:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-sol-x86
	- name: "BB Solidity Acir Tests"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-sol

	bb-acir-tests-sol-honk:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-sol-honk-x86
	- name: "BB Solidity Acir Tests"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-sol-honk

	bb-acir-tests-bb-js:
	needs: [noir-build-acir-tests, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: barretenberg-acir-tests-bb-js-x86
	- name: "BB JS Acir Tests"
	working-directory: ./barretenberg/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+barretenberg-acir-tests-bb.js

	noir-format:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.noir == 'true' \|\| needs.configure.outputs.noir-projects == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: noir-format-x86
	- name: "Format Noir"
	working-directory: ./noir/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+format
	- name: "Format noir-projects"
	working-directory: ./noir-projects/
	timeout-minutes: 40
	run: \|
	earthly-ci --no-output ./+format

	noir-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: noir-x86
	- name: "Test Nargo"
	run: earthly-ci --no-output ./noir+test

	noir-examples:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: noir-examples-x86
	- name: "Test Noir examples"
	run: earthly-ci --no-output ./noir+examples

	noir-packages-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: noir-packages-x86
	- name: "Test Noir JS packages"
	timeout-minutes: 50
	run: earthly-ci --no-output ./noir+packages-test

	noir-projects:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.barretenberg == 'true' \|\| needs.configure.outputs.noir == 'true' \|\| needs.configure.outputs.noir-projects == 'true' \|\| needs.configure.outputs.txe == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: noir-projects-x86
	- name: "Noir Projects"
	timeout-minutes: 40
	run: \|
	earthly-ci --no-output ./noir-projects/+test --RAYON_NUM_THREADS=$(nproc)

	avm-format:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.avm-transpiler == 'true' \|\| needs.configure.outputs.noir == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: avm-transpiler-format-x86
	- name: "Format AVM transpiler"
	working-directory: ./avm-transpiler/
	timeout-minutes: 40
	run: earthly-ci --no-output ./+format

	yarn-project-formatting:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: yarn-project-formatting-x86
	- name: "Yarn Project Tests"
	timeout-minutes: 40
	run: earthly-ci --no-output ./yarn-project/+format-check

	yarn-project-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: yarn-project-test-x86
	- name: "Yarn Project Tests"
	timeout-minutes: 40
	run: earthly-ci --no-output ./yarn-project/+test

	prover-client-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: prover-client-test-x86
	- name: "Prover Client Tests"
	timeout-minutes: 40
	run: earthly-ci --no-output ./yarn-project/+prover-client-test

	# proving disabled
	network-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	strategy:
	fail-fast: false
	matrix:
	test: [test-transfer.sh, test-4epochs.sh]
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: network-test-${{ matrix.test }}
	- name: "Setup and Local Network Tests"
	timeout-minutes: 40
	# Only allow transfer test to run on every (non-network-all) PR
	if: matrix.test == 'test-transfer.sh' \|\| github.ref_name == 'master' \|\| contains(github.event.pull_request.labels.*.name, 'network-all')
	run: earthly-ci --no-output ./yarn-project/+network-test --test=./${{ matrix.test }}

	# note: proving disabled
	kind-network-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	strategy:
	fail-fast: false
	matrix:
	test: [smoke.test.ts, transfer.test.ts, 4epochs.test.ts]
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: kind-network-test-${{ matrix.test }}
	- name: Setup and KIND Network Test
	timeout-minutes: 60
	uses: ./.github/ensure-tester-with-images
	if: matrix.test == 'smoke.test.ts' \|\| github.ref_name == 'master' \|\| contains(github.event.pull_request.labels.*.name, 'network-all')
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	with:
	runner_type: 8core-tester-x86
	spot_strategy: None # use on-demand machines
	builder_type: builder-x86
	# these are copied to the tester and expected by the earthly command below
	# if they fail to copy, it will try to build them on the tester and fail
	builder_images_to_copy: aztecprotocol/aztec:${{ env.GIT_COMMIT }} aztecprotocol/end-to-end:${{ env.GIT_COMMIT }}
	# command to produce the images in case they don't exist
	builder_command: scripts/earthly-ci ./yarn-project+export-e2e-test-images
	run: \|
	sudo shutdown -P 60 # extend ttl
	cd yarn-project/end-to-end
	echo ${{ secrets.DOCKERHUB_PASSWORD }} \| docker login -u aztecprotocolci --password-stdin
	test=${{ matrix.test }}
	NAMESPACE="${test%.test.ts}" FRESH_INSTALL=true VALUES_FILE=${values_file:-default.yaml} ./scripts/network_test.sh ./src/spartan/$test

	l1-contracts-test:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.l1-contracts == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: l1-contracts-${{ needs.configure.outputs.username }}-x86
	- name: "Test l1 contracts"
	run: earthly-ci --no-output ./l1-contracts+test

	docs-preview:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: needs.configure.outputs.non-barretenberg-cpp == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: docs-preview-x86
	- name: "Docs Preview"
	if: github.event.number
	timeout-minutes: 40
	run: \|
	earthly-ci --no-output \
	./docs/+deploy-preview --ENV=staging --PR=${{ github.event.number }} \
	--AZTEC_BOT_COMMENTER_GITHUB_TOKEN=${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} \
	--NETLIFY_AUTH_TOKEN=${{ secrets.NETLIFY_AUTH_TOKEN }} \
	--NETLIFY_SITE_ID=${{ secrets.NETLIFY_SITE_ID }}

	bb-bench:
	runs-on: ubuntu-20.04
	needs: [build, configure]
	if: needs.configure.outputs.barretenberg-cpp == 'true'
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	- uses: ./.github/ci-setup-action
	- name: Build Bench Binaries
	uses: ./.github/ensure-builder
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	with:
	runner_type: builder-x86
	run: \|
	set -eux
	echo ${{ secrets.DOCKERHUB_PASSWORD }} \| docker login -u aztecprotocolci --password-stdin
	scripts/earthly-ci --push ./barretenberg/cpp/+bench-binaries
	- name: Run Bench
	uses: ./.github/ensure-tester
	env:
	USERNAME: ${{ needs.configure.outputs.username }}
	timeout-minutes: 40
	with:
	runner_type: 16core-tester-x86
	run: \|
	scripts/earthly-ci --artifact ./barretenberg/cpp/+bench/bench.json --bench_mode=cache
	- name: Copy Bench.json
	run: copy_from_tester /home/ubuntu/run-${{ env.RUN_ID }}/barretenberg/cpp/bench.json bench.json
	# Utilize github-action-benchmark to automatically update the plots at
	# https://aztecprotocol.github.io/aztec-packages/dev/bench/ with new benchmark data.
	# This also creates an alert if benchmarks exceed the threshold specified below.
	- name: Store benchmark result
	if: github.ref == 'refs/heads/master'
	uses: benchmark-action/github-action-benchmark@4de1bed97a47495fc4c5404952da0499e31f5c29
	with:
	name: C++ Benchmark
	tool: "googlecpp"
	output-file-path: bench.json
	# Access token to deploy GitHub Pages branch
	github-token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }}
	# Push and deploy GitHub pages branch automatically
	auto-push: true
	# Show alert with commit comment on detecting possible performance regression
	alert-threshold: "105%" # alert if bench result is 1.05x worse
	comment-on-alert: true
	fail-on-alert: false
	alert-comment-cc-users: "@ludamad @codygunton"
	max-items-in-chart: 50

	boxes:
	needs: [build, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	if: github.ref_name == 'master' \|\| contains(github.event.pull_request.labels..name, 'boxes') \|\| contains(github.event.pull_request.labels..name, 'e2e-all')
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ github.event.pull_request.head.sha }}" }
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: boxes
	- name: Build
	working-directory: ./boxes
	timeout-minutes: 40
	run: earthly-ci +export-boxes

	boxes-test:
	needs: [boxes, configure]
	runs-on: ${{ needs.configure.outputs.username }}-x86
	strategy:
	fail-fast: false
	matrix:
	box: [vanilla, react]
	# intermittent issues with firefox https://github.com/AztecProtocol/aztec-packages/issues/6676
	# browser: [chromium, webkit, firefox]
	browser: [chromium, webkit]
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ github.event.pull_request.head.sha }}" }
	- uses: ./.github/ci-setup-action
	with:
	# must be globally unique for build x runner
	concurrency_key: boxes-${{ needs.configure.outputs.username }}-x86-${{ matrix.box }}-${{ matrix.browser }}
	- name: Box test
	working-directory: ./boxes
	timeout-minutes: 40
	run: earthly-ci -P --no-output +test --box=${{ matrix.box }} --browser=${{ matrix.browser }} --mode=cache

	protocol-circuits-gates-report:
	needs: [build, configure]
	if: needs.configure.outputs.non-docs == 'true' && needs.configure.outputs.non-misc-ci == 'true'
	runs-on: ${{ needs.configure.outputs.username }}-x86
	permissions:
	pull-requests: write
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	# Only allow one memory-hunger prover test to use this runner
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: protocol-circuits-gates-report-x86
	- name: "Noir Protocol Circuits Report"
	working-directory: ./noir-projects/
	timeout-minutes: 40
	run: \|
	earthly-ci \
	--artifact +gates-report/gates_report.json
	mv gates_report.json ../protocol_circuits_report.json

	- name: Compare gates reports
	id: gates_diff
	uses: vezenovm/noir-gates-diff@acf12797860f237117e15c0d6e08d64253af52b6
	with:
	report: protocol_circuits_report.json
	summaryQuantile: 0 # Display any diff in gate count

	- name: Add gates diff to sticky comment
	if: github.event_name == 'pull_request' \|\| github.event_name == 'pull_request_target'
	uses: marocchino/sticky-pull-request-comment@v2
	with:
	# delete the comment in case changes no longer impact circuit sizes
	delete: ${{ !steps.gates_diff.outputs.markdown }}
	message: ${{ steps.gates_diff.outputs.markdown }}

	public-functions-size-report:
	needs: [build, configure]
	if: needs.configure.outputs.non-docs == 'true' && needs.configure.outputs.non-misc-ci == 'true'
	runs-on: ${{ needs.configure.outputs.username }}-x86
	permissions:
	pull-requests: write
	steps:
	- uses: actions/checkout@v4
	with: { ref: "${{ env.GIT_COMMIT }}" }
	# Only allow one memory-hunger prover test to use this runner
	- uses: ./.github/ci-setup-action
	with:
	concurrency_key: public-functions-size-report-x86
	- name: "Aztec Public Functions Bytecode Size Report"
	working-directory: ./noir-projects/
	timeout-minutes: 40
	run: \|
	earthly-ci \
	--artifact +public-functions-report/public_functions_report.json
	mv public_functions_report.json ../public_functions_report.json

	- name: Compare public functions bytecode size reports
	id: public_functions_sizes_diff
	uses: noir-lang/noir-gates-diff@d88f7523b013b9edd3f31c5cfddaef87a3fe1b48
	with:
	report: public_functions_report.json
	header: \|
	# Changes to public function bytecode sizes
	brillig_report: true
	brillig_report_bytes: true
	summaryQuantile: 0 # Display any diff in bytecode size count

	- name: Add bytecode size diff to sticky comment
	if: github.event_name == 'pull_request' \|\| github.event_name == 'pull_request_target'
	uses: marocchino/sticky-pull-request-comment@v2
	with:
	header: public_functions_size
	# delete the comment in case changes no longer impact circuit sizes
	delete: ${{ !steps.public_functions_sizes_diff.outputs.markdown }}
	message: ${{ steps.public_functions_sizes_diff.outputs.markdown }}

	merge-check:
	runs-on: ubuntu-20.04
	needs:
	# must be kept in sync with rerun-check
	- setup
	- configure
	- build
	- e2e
	# - bench-e2e # non-blocking
	# - acir-bench # non-blocking
	# - bench-summary # non-blocking
	- bb-gcc
	- bb-native-tests
	- bb-js-test
	- noir-build-acir-tests
	- bb-acir-tests-bb
	- bb-acir-tests-bb-ultra-plonk
	- bb-acir-tests-bb-ultra-honk
	- bb-acir-tests-bb-mega-honk
	- bb-acir-tests-sol
	- bb-acir-tests-sol-honk
	- bb-acir-tests-bb-js
	- noir-format
	- noir-test
	- noir-examples
	- noir-packages-test
	- noir-projects
	- avm-format
	- yarn-project-formatting
	- yarn-project-test
	- prover-client-test
	- network-test
	- kind-network-test
	- l1-contracts-test
	- docs-preview
	# - bb-bench # non-blocking
	- boxes
	- boxes-test
	# - protocol-circuits-gates-report # non-blocking
	if: always()
	steps:
	- name: Report overall success (non-draft)
	if: github.event.pull_request.draft == false
	env:
	# We treat any skipped or failing jobs as a failure for the workflow as a whole.
	FAIL: ${{ contains(needs..result, 'failure') \|\| contains(needs..result, 'cancelled') }}
	run: \|
	if [[ $FAIL == true ]]; then
	echo "At least one job failed (or cancelled), merging not allowed."
	exit 1
	else
	echo "All jobs succeeded, merge allowed."
	exit 0
	fi
	- name: Block merge (draft)
	if: github.event.pull_request.draft
	run: echo "Can't merge drafts." && exit 1

	rerun-check:
	runs-on: ubuntu-20.04
	permissions:
	actions: write
	needs:
	# must be kept in sync with merge-check
	- setup
	- configure
	- build
	- e2e
	# - bench-e2e # non-blocking
	# - acir-bench # non-blocking
	# - bench-summary # non-blocking
	- bb-gcc
	- bb-native-tests
	- bb-js-test
	- noir-build-acir-tests
	- bb-acir-tests-bb
	- bb-acir-tests-bb-ultra-plonk
	- bb-acir-tests-bb-ultra-honk
	- bb-acir-tests-bb-mega-honk
	- bb-acir-tests-sol
	- bb-acir-tests-sol-honk
	- bb-acir-tests-bb-js
	- noir-format
	- noir-test
	- noir-examples
	- noir-packages-test
	- noir-projects
	- avm-format
	- yarn-project-formatting
	- yarn-project-test
	- prover-client-test
	- network-test
	- kind-network-test
	- l1-contracts-test
	- docs-preview
	# - bb-bench # non-blocking
	- boxes
	- boxes-test
	# - protocol-circuits-gates-report # non-blocking
	if: github.event.pull_request.draft == false && !cancelled()
	steps:
	- name: Check for Rerun
	env:
	# We treat any skipped or failing jobs as a failure for the workflow as a whole.
	HAD_FAILURE: ${{ contains(needs.*.result, 'failure') }}
	GH_REPO: ${{ github.repository }}
	GH_TOKEN: ${{ github.token }}
	run: \|
	if [[ $HAD_FAILURE == true ]] && [[ $RUN_ATTEMPT -lt 2 ]] ; then
	echo "Retrying first workflow failure. This is a stop-gap until things are more stable."
	gh workflow run rerun.yml -F run_id=${{ github.run_id }}
	fi

	# NOTE: we only notify failures after a rerun has occurred
	notify:
	needs:
	- merge-check
	runs-on: ubuntu-20.04
	if: github.event.pull_request.draft == false && github.ref == 'refs/heads/master' && failure() && github.run_attempt >= 2
	steps:
	- name: Send notification to aztec3-ci channel if workflow failed on master
	uses: slackapi/slack-github-action@v1.25.0
	with:
	payload: \|
	{
	"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_NOTIFY_WORKFLOW_TRIGGER_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: implement encryption to an address point and decryption from an address secret #24382

Workflow file

feat: implement encryption to an address point and decryption from an address secret #24382

Jobs

Run details

Workflow file for this run