diff --git a/.claude/skills/release-docs/SKILL.md b/.claude/skills/release-docs/SKILL.md index 6eb78293f32d..88d7a10b63b1 100644 --- a/.claude/skills/release-docs/SKILL.md +++ b/.claude/skills/release-docs/SKILL.md @@ -79,14 +79,14 @@ returned by the RPC (e.g. the network is still running `4.1.3` but the user wants to prepare docs for `4.2.0`), this is a **pre-release** docs preparation. Ask the user to confirm the target version, then use that version instead of `nodeVersion` throughout the remaining steps. The git tag for the target version -must still exist. Contract addresses from the RPC reflect the *current* network +must still exist. Contract addresses from the RPC reflect the _current_ network state (the old version); they are still valid if the upgrade reuses the same contracts, but ask the user to confirm whether any addresses will change at upgrade time. **Run all work on the tag, not `next`.** Cut on the tag so the snapshot reflects what shipped. Then stash, switch to `next`, pop. Backport any newer -docs from `next` into the snapshot as an explicit step *after* the cut. +docs from `next` into the snapshot as an explicit step _after_ the cut. ### Unversioned root pages @@ -116,10 +116,11 @@ VERSION= bash -i <(curl -sL https://install.aztec.network/) aztec get-canonical-sponsored-fpc-address ``` -Store the address for updating docs. +Store the address for updating docs. Be sure to update the address with the appropriate value wherever it appears in the versioned docs. -**Note:** The Sponsored FPC is only deployed on devnet. For mainnet and testnet releases, +**Note:** The Sponsored FPC is deployed on testnet and devnet. For mainnet releases, mark the SponsoredFPC row as "Not deployed" in the L2 Contract Addresses table. +If the Sponsored FPC address changes for a testnet release, send a reminder that the new address must be funded on testnet. ### Step 5: Update Version Configs @@ -234,6 +235,7 @@ docs (Step 13), the generated content is included in the snapshot automatically. 1. **Triage existing TBD items.** Not all items under `## TBD` necessarily belong to the current release. Review each entry and decide whether it: + - Shipped in this release → move it under the new `## ` heading - Targets a future major version → move it under a new `## Unreleased (v)` heading (create this heading if it doesn't exist, placed between `## TBD` and @@ -250,6 +252,7 @@ docs (Step 13), the generated content is included in the snapshot automatically. 4. Check for missing migration items by analyzing the diff between the previous release tag and the new one: + ```bash git diff v..v -- yarn-project/ noir-projects/ ``` diff --git a/.claude/skills/release-network-docs/SKILL.md b/.claude/skills/release-network-docs/SKILL.md index eeaf2b6ce24e..2c0b07599e2d 100644 --- a/.claude/skills/release-network-docs/SKILL.md +++ b/.claude/skills/release-network-docs/SKILL.md @@ -144,13 +144,14 @@ in each table: - **L1 Contract Addresses table**: update all addresses from the RPC response, on-chain queries, and any additional addresses provided by the user. + - Mainnet: use `https://etherscan.io/address/0xADDR` link format - Testnet: use `https://sepolia.etherscan.io/address/0xADDR` link format - For contracts that are not deployed on this network, use `N/A` - **L2 Contract Addresses table**: update if any canonical protocol contract addresses changed (check the `protocolContractAddresses` from the RPC - response). SponsoredFPC is always "Not deployed" on mainnet and testnet. + response). SponsoredFPC is always "Not deployed" on mainnet. Also grep for any old addresses that may appear elsewhere in the docs: diff --git a/.github/workflows/deploy-staging-internal.yml b/.github/workflows/deploy-staging-internal.yml index d5f3eb127984..18194d96f9eb 100644 --- a/.github/workflows/deploy-staging-internal.yml +++ b/.github/workflows/deploy-staging-internal.yml @@ -34,12 +34,12 @@ jobs: tag: ${{ steps.resolve.outputs.tag }} semver: ${{ steps.resolve.outputs.semver }} steps: - - name: Checkout v5-next + - name: Checkout next uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: - ref: v5-next + ref: next token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} - fetch-depth: 0 + fetch-depth: 1 - name: Resolve nightly tag id: resolve @@ -50,6 +50,11 @@ jobs: else TAG="v5.0.0-nightly.$(date -u +%Y%m%d)" echo "Using today's nightly tag: $TAG" + if ! git ls-remote --exit-code --tags origin "refs/tags/$TAG" >/dev/null; then + echo "Error: nightly tag $TAG does not exist on origin" + exit 1 + fi + echo "Confirmed nightly tag $TAG exists on origin" fi SEMVER="${TAG#v}" @@ -82,6 +87,7 @@ jobs: network: staging-internal semver: ${{ needs.determine-tag.outputs.semver }} source_tag: ${{ needs.determine-tag.outputs.tag }} + ref: next deploy_contracts: ${{ inputs.deploy_contracts == true }} use_internal_docker_registry: true secrets: inherit diff --git a/.github/workflows/deploy-staging-public.yml b/.github/workflows/deploy-staging-public.yml index 8aaea198d33c..65c094f9534e 100644 --- a/.github/workflows/deploy-staging-public.yml +++ b/.github/workflows/deploy-staging-public.yml @@ -34,12 +34,12 @@ jobs: tag: ${{ steps.resolve.outputs.tag }} semver: ${{ steps.resolve.outputs.semver }} steps: - - name: Checkout v5-next + - name: Checkout next uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 with: - ref: v5-next + ref: next token: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} - fetch-depth: 0 + fetch-depth: 1 - name: Resolve nightly tag id: resolve @@ -50,6 +50,11 @@ jobs: else TAG="v5.0.0-nightly.$(date -u +%Y%m%d)" echo "Using today's nightly tag: $TAG" + if ! git ls-remote --exit-code --tags origin "refs/tags/$TAG" >/dev/null; then + echo "Error: nightly tag $TAG does not exist on origin" + exit 1 + fi + echo "Confirmed nightly tag $TAG exists on origin" fi SEMVER="${TAG#v}" @@ -82,5 +87,6 @@ jobs: network: staging-public semver: ${{ needs.determine-tag.outputs.semver }} source_tag: ${{ needs.determine-tag.outputs.tag }} + ref: next deploy_contracts: ${{ inputs.deploy_contracts == true }} secrets: inherit diff --git a/CLAUDE.md b/CLAUDE.md index 96b74c043987..d4df966e403d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -83,6 +83,10 @@ Tests should validate behavior, not mock call-count. Prefer `expect(result).toEq Before writing a new helper, utility, or component, search for an existing one with Grep or Glob. Reuse or refactor to a shared module; do not introduce a parallel implementation. + +Do the work in this session by default. Do not spawn parallel subagents (the Agent/Task tool) or launch dynamic workflows (the Workflow tool) unless the user explicitly asks for it. Each extra agent multiplies token spend — roughly 2x for one helper and far more when a request fans out to many — and the user cannot see the fan-out coming or stop it; a single prompt that quietly started ~30 agents has exhausted an operator's budget. Searching the codebase, summarizing, researching, and ordinary multi-file edits are inline work: run the tool calls yourself. Reach for a subagent only when the user requested orchestration, or when one clearly-scoped read-heavy helper genuinely needs isolation from the main context — prefer a single agent over many, and never start a dynamic workflow by default. If a task would benefit from parallel agents but the user has not asked, either do it directly or describe the multi-agent option and ask before spending the budget. + + Preserve existing `// TODO`, `// TODO(name)`, and `// NOTE:` comments unless the current task is to resolve them. A "tidy up" refactor that deletes another author's deferred-work markers destroys context that is not recoverable from git history. diff --git a/ci3/dashboard/rk.py b/ci3/dashboard/rk.py index ac1f40e3f50d..f3354d146268 100644 --- a/ci3/dashboard/rk.py +++ b/ci3/dashboard/rk.py @@ -556,6 +556,26 @@ def make_options(param_name, options, current_value, suffix=''): # Dashboard server needs local repo checkout at REPO_PATH repo_path = os.environ.get('REPO_PATH') if repo_path: + # Refresh the launcher checkout to current origin/next before launching. + # REPO_PATH only supplies the orchestration scripts (ci.sh/bootstrap_ec2); + # the grind target commit is checked out on the remote box. The launcher + # must stay current so grind uses the same transport (SSM) as the rest of + # CI -- a drifted checkout silently falls back to the retired SSH path and + # every instance times out waiting for SSH. + refresh = subprocess.run( + ['git', '-C', repo_path, 'fetch', '--quiet', 'origin', 'next'], + stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True + ) + if refresh.returncode == 0: + refresh = subprocess.run( + ['git', '-C', repo_path, 'checkout', '--quiet', '--force', 'origin/next'], + stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True + ) + if refresh.returncode != 0: + r.setex(run_id, 86400, + f'Failed to refresh launcher checkout at {repo_path}:\n{refresh.stdout}\n'.encode()) + return redirect(f'/{run_id}') + subprocess.Popen( ['bash', '-c', f'cd {repo_path} && RUN_ID={run_id} CPUS={cpus} ./ci.sh grind-test {shlex.quote(full_cmd)} {grind_time} {jobs_pct} {memsuspend_pct} {commit}'], stdout=subprocess.DEVNULL, diff --git a/docs/developer_versioned_docs/version-v4.3.1/docs/resources/community_calls.md b/docs/developer_versioned_docs/version-v4.3.1/docs/resources/community_calls.md index e4b1ce02e3f1..954031a15068 100644 --- a/docs/developer_versioned_docs/version-v4.3.1/docs/resources/community_calls.md +++ b/docs/developer_versioned_docs/version-v4.3.1/docs/resources/community_calls.md @@ -21,7 +21,7 @@ Every week you can join office hours and ecosystem calls to get unblocked, learn ## Aztec & Noir Developer Office Hours - **When:** Thursdays · 14:00 - 15:00 UTC -- **Where:** [Google Meet](https://meet.google.com/sdd-rdsr-shu) +- **Where:** [Google Meet](https://meet.google.com/vev-waao-mab) - **For:** Developers building with Aztec.nr smart contracts or writing and debugging Noir. Bring your questions about syntax, tooling, patterns, or protocol-level topics. Share a project you're working on, or just hang out with the Aztec Labs Dev Rel team and other devs. --- diff --git a/docs/developer_versioned_docs/version-v4.3.1/getting_started_on_testnet.md b/docs/developer_versioned_docs/version-v4.3.1/getting_started_on_testnet.md index 9d755acd9ae0..6bc673862b36 100644 --- a/docs/developer_versioned_docs/version-v4.3.1/getting_started_on_testnet.md +++ b/docs/developer_versioned_docs/version-v4.3.1/getting_started_on_testnet.md @@ -53,7 +53,7 @@ Set the required environment variables: ```bash export NODE_URL=https://rpc.testnet.aztec-labs.com -export SPONSORED_FPC_ADDRESS=0x254082b62f9108d044b8998f212bb145619d91bfcd049461d74babb840181257 +export SPONSORED_FPC_ADDRESS=0x08b888c4be63ed67f61a622fdd013ea028326bac22a8982a3b5a7e9ec62f765b ``` ### Step 2: Register the Sponsored FPC diff --git a/docs/docs-developers/docs/resources/community_calls.md b/docs/docs-developers/docs/resources/community_calls.md index e4b1ce02e3f1..954031a15068 100644 --- a/docs/docs-developers/docs/resources/community_calls.md +++ b/docs/docs-developers/docs/resources/community_calls.md @@ -21,7 +21,7 @@ Every week you can join office hours and ecosystem calls to get unblocked, learn ## Aztec & Noir Developer Office Hours - **When:** Thursdays · 14:00 - 15:00 UTC -- **Where:** [Google Meet](https://meet.google.com/sdd-rdsr-shu) +- **Where:** [Google Meet](https://meet.google.com/vev-waao-mab) - **For:** Developers building with Aztec.nr smart contracts or writing and debugging Noir. Bring your questions about syntax, tooling, patterns, or protocol-level topics. Share a project you're working on, or just hang out with the Aztec Labs Dev Rel team and other devs. --- diff --git a/docs/docs-developers/getting_started_on_testnet.md b/docs/docs-developers/getting_started_on_testnet.md index 5f66aff0aa21..674850a5fab2 100644 --- a/docs/docs-developers/getting_started_on_testnet.md +++ b/docs/docs-developers/getting_started_on_testnet.md @@ -53,7 +53,7 @@ Set the required environment variables: ```bash export NODE_URL=https://rpc.testnet.aztec-labs.com -export SPONSORED_FPC_ADDRESS=0x254082b62f9108d044b8998f212bb145619d91bfcd049461d74babb840181257 +export SPONSORED_FPC_ADDRESS=0x08b888c4be63ed67f61a622fdd013ea028326bac22a8982a3b5a7e9ec62f765b ``` ### Step 2: Register the Sponsored FPC diff --git a/docs/docs/networks.md b/docs/docs/networks.md index ffa2d8261fe4..7c3a140925ca 100644 --- a/docs/docs/networks.md +++ b/docs/docs/networks.md @@ -85,7 +85,7 @@ Stable releases target roughly one per month, typically mid-month. Dates are not | **Class Registry** | `0x0000000000000000000000000000000000000000000000000000000000000003` | `0x0000000000000000000000000000000000000000000000000000000000000003` | | **MultiCall Entrypoint** | `0x0000000000000000000000000000000000000000000000000000000000000004` | `0x0000000000000000000000000000000000000000000000000000000000000004` | | **Fee Juice** | `0x0000000000000000000000000000000000000000000000000000000000000005` | `0x0000000000000000000000000000000000000000000000000000000000000005` | -| **SponsoredFPC** | Not deployed | `0x254082b62f9108d044b8998f212bb145619d91bfcd049461d74babb840181257` | +| **SponsoredFPC** | Not deployed | `0x08b888c4be63ed67f61a622fdd013ea028326bac22a8982a3b5a7e9ec62f765b` | ## Governance parameters diff --git a/spartan/terraform/gke-cluster/iam.tf b/spartan/terraform/gke-cluster/iam.tf index 077a549f5b0c..0d5dee9509e5 100644 --- a/spartan/terraform/gke-cluster/iam.tf +++ b/spartan/terraform/gke-cluster/iam.tf @@ -95,6 +95,30 @@ resource "google_dns_managed_zone_iam_member" "ci_rpc_dns_admin" { member = "serviceAccount:${google_service_account.ci.email}" } +resource "google_project_iam_member" "ci_network_deploy_project_roles" { + for_each = toset([ + "roles/container.developer", + "roles/secretmanager.secretAccessor", + "roles/compute.loadBalancerAdmin" + ]) + project = var.project + role = each.key + member = "serviceAccount:${google_service_account.ci.email}" +} + +resource "google_storage_bucket_iam_member" "ci_terraform_state_object_user" { + bucket = "aztec-terraform" + role = "roles/storage.objectUser" + member = "serviceAccount:${google_service_account.ci.email}" +} + +resource "google_dns_managed_zone_iam_member" "ci_rpc_dns_admin" { + project = var.project + managed_zone = "rpc-aztec-labs-com" + role = "roles/dns.admin" + member = "serviceAccount:${google_service_account.ci.email}" +} + resource "google_service_account" "npm_registry_reader" { account_id = var.npm_registry_reader_service_account_id display_name = "npm Registry Reader Service Account"