Preview celo rebase 16#411
Closed
piersy wants to merge 79 commits intopiersy/celo-rebase-16-upstreamfrom
Closed
Conversation
Adding funding.json file required to apply for retropgf
github: use step-security replacement for tj-actions/changed-files
* Add script to update `celo-org/op-geth` dependencies Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Add github action for update-geth script Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use inline geth base-ref Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Discard automatic fields Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * token perms Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use read-only GCP SA Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Better parameter handling in update-geth action Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Remove `update-celo-geth` cmd from justfile --------- Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Co-authored-by: alvarof2 <fernandez.f.alvaro@gmail.com> github: improve update-geth.sh * mark it as executable * allow running on both MacOS and linux (GNU vs BSD tool differences) * terminate on errors * less strict go.mod matching to allow applying it directly to upstream github: Fix update-geth.sh (#304) The script was not substituting the go.mod file and the Dockerfile since the regexes were not matching. The regex for the Dockerfile contained '@sha256:' which perl was interpreting as a global symbol, in order to interpret it literally we needed to escape the '@'. The regex for the go.mod file contained an extra space before the arrow 'go-ethereum .* => ', in a tidied go.mod file there is one space between the package name and the arrow '=>'. Also adds failure output so that it's easier to debug where this is going wrong. --------- Co-authored-by: Karl Bartel <karl@karl.berlin> Co-authored-by: Paul Lange <palango@users.noreply.github.com> github: The substitution was failing in the docker file since (#309) The substitution \1 and the beginning of the image hash together created \150 which perl interprets as the octal character code for h. To prevent this we need to use the \${1} notation to reference captured groups. github: Change base-branch for update-geth workflow github: Add `celo-org/op-geth` dependencies update script and gh-action (#263) * Add script to update `celo-org/op-geth` dependencies Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Add github action for update-geth script Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use inline geth base-ref Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Discard automatic fields Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * token perms Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use read-only GCP SA Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Better parameter handling in update-geth action Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Remove `update-celo-geth` cmd from justfile --------- Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Co-authored-by: alvarof2 <fernandez.f.alvaro@gmail.com> github: Update update geth approach (#319) Removed the old script because it referenced ops-bedrock which has been removed. Added a copy of the op-geth provided update script, decided on a copy to avoid conflicts. Updated the update-geth workflow to reference the new script github: Change update-geth base-branch to 'celo-rebase-13' (#382) github: Change update-geth base-branch to 'celo-rebase-14'
Setting `open-pull-requests-limit: 0` prevent version updates but should keep the security scans and updates according to https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file > If you only require security updates and want to exclude version > updates, you can set open-pull-requests-limit to 0 in order to prevent > version updates for a given package-ecosystem.
…ckchain-public registry (#395) * Build op-node using docker-bake and push to devopsre/celo-blockchain-public registry * Set-Tags
We have to do this because the orb used by optimsim is not public. I published an orb by fetching the project https://github.com/ethereum-optimism/circleci-utils setting up the circleci command-line utility and following the instructions from the readme (also shown below) to publish an orb. Note that the namespace for this orb is just piersy, not piersy/circleci-utils. To publish production versions (e.g., `1.2.3`): - **Required role:** GitHub organization **Owner/Admin** - **What you can do:** - `circleci namespace create` - `circleci orb create` - `circleci orb publish` (production version)
The op config set this to a private URL that we couldn't access, instead we now set this to now be the MAINNET_RPC_URL which is defined as a project env var.
Currently we set this to celo-rebase-15-upstream, but once we've constructed celo-rebase-15 we will want to set the base branch to that.
This cheatcode is used to store the Celo L2 predeploy addresses in a JSON file when run with forge. Inside TestEndToEndApply/initial_chain , the same code is called but we don't care for the generated JSON file. So just returning `nil` makes the test work without any disadvantages.
Remove common/interfaces/IExchange.sol (duplicate) We keep the one in the `mento` directory. Remove common/libraries/ReentrancyGuard.sol (duplicate) Directly use the original from OpenZeppelin. contracts: Skip Celo contracts in test_cannotReinitialize_succeeds
Add console2 import in L2Genesis.s.sol
Until we fix the errors caused by enabling it.
This makes it possible to modify the FeeCurrencyDirectory entries in devnet.
contracts: Revert to upstream L2Genesis.s.sol
…ithMedian (#277) * Ignore AddressSortedLinkedList and AddressSortedLinkedListWithMedian as targets in fuzzing test of SafeCall_Test * Format test/libraries/SafeCall.t.sol
Those have warnings with `scripts/checks/interfaces`. Ignore those warnings for now. contracts: Add Celo contracts in exclusions for interface check contracts: disable interface check for IERC20Upgradeable I don't think we broke anything, so let's make the upstream versions pass the check by adding them to the ignore list.
It is also prepared for using the bridged WETH as fee currency, but we are currently lacking a simple way to send fee currency txs, so I left the final tx out.
This uses the default fee-currency-directory address from op-geth. It will fix the issue that the EVM calls into the directoy will fail when executed on the local devnet. e2e: use `--broadcast` with `forge create` (#281) Forge started to require the `--broadcast` flag for actually deploying a contract. Otherwise it will only do a dry-run. We should really pin our foundry version. But let's wait until we rebase to the latest upstream, since there have been changes to the overall setup. Closes #278
These tests perform a check at the end to ensure that the total funds after a test match the total funds before the test. We had modified the state transition function to direct baseFee payments to the fee handler instead of optimism's OperatorFeeVault when in a cel2 context. This caused the tests to fail because the tests were not including the balance of the fee handler. This change ensures that we do consider the fee handler balance when calculating the total.
The test was configured with MaxFrameSize: 150 which was too small for the compressed block data (~291 bytes), causing 2 frames per block instead of 1. This doubled the AltDA Store count from the expected 5 to 10. Fixed by increasing MaxFrameSize to 400 to ensure each block fits in a single frame as the test intended.
Update the test to deploy a 65KB contract that exceeds Celo's increased 64KB MaxCodeSize limit. The previous 25KB test contract no longer triggers the max code size check. Changes: - Use PUSH3 (0x62) instead of PUSH2 to push the 3-byte size value - Update runtime size from 25KB to 65KB - Update init code offset from 0x0c to 0x10 (16 bytes)
setup_remote_docker configures the job to be able to build docker images, however this only works with circleci runners.
The issue was using opcm.opcmStandardValidator() directly, which fails when the OPCM_V2 feature is enabled (the validator should come from opcmV2).
The previous snapshot update was generated without Celo forge-artifacts, which caused all Celo snapshot files to be deleted. Rebuild and regenerate to restore them and update the semver-lock initCodeHashes.
It needs a kona version and I'm not clear what this is, but we don't actually use op-challenger so simply disabling it seems to be a good solution.
Celo does not use cannon, so we can safely skip these tests.
* Fix TestFees acceptance test * Skip TestBatcherFullChannelsAfterDowntime, as upstream does This test is also skipped upstream (01a4115) due to a nonce tracking race condition in the async event system. * Increase retry attempts to make acceptance tests likelier to pass * Hardcode Cel2Time to 0 op-geth requires all pre-Cel2 blocks to come from migrated Celo L1 chaindata. If Cel2 is after genesis, op-geth expects blocks between genesis and Cel2 to already exist, causing test failures. * Skip TestSyncTesterHFS acceptance tests, not applicable to Celo These tests sync across hard-fork activation boundaries on op-sepolia. Celo activates all forks through Granite at genesis (Cel2Time=0), so there are no fork boundaries to cross. The Holocene/Isthmus tests also target op-sepolia endpoints and block numbers, not Celo infrastructure. We could keep running the test against the OP testnet, but we're lacking the respective node RPCs to do that cheaply and reliably. * Skip flashblocks acceptance tests, not applicable to Celo Skip both flashblocks tests since Celo doesn't use flashblocks.
* mise: upgrade semgrep from 1.90.0 to 1.131.0 Semgrep 1.90.0 has a transitive dependency on opentelemetry-instrumentation which imports pkg_resources from setuptools. Python 3.12 does not include setuptools by default in venvs, so when the mise cache is invalidated (by any change to mise.toml), a fresh pipx install of semgrep 1.90.0 fails with: ModuleNotFoundError: No module named 'pkg_resources' This was reported as semgrep/semgrep#11069 and fixed in later versions. Upgrading to 1.131.0 resolves the issue. Co-Authored-By: Kelvin Fichter <kelvinfichter@gmail.com> * mise: upgrade semgrep from 1.131.0 to 1.137.0 v1.137.0 is the first version that actually bumps the opentelemetry packages (PR semgrep/semgrep#11180), fixing the pkg_resources ModuleNotFoundError on Python 3.12 without setuptools. Co-Authored-By: Kelvin Fichter <kelvinfichter@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Kelvin Fichter <kelvinfichter@gmail.com>
…num to da-server (#45) * feat(altda-client): pass l1_inclusion_block_number as query param to da server This is used to perform punctuality check on EigenDA, but is generic and should be used by all da layers for the same purpose. * feat(altda): drop invalid certs Defined generic protocol where da-server will return a 418 (TEAPOT) error when a cert is invalid, along with the reason (250 bytes) in the body. The 418 error is transformed into an internal golang InvalidCommitmentError which when received by the derivation pipeline, causes it to skip the commitment and move forward. * chore(daclient): use uint64 for blocknum directly instead of L1BlockRef struct The struct was confusing to use in tests because it wasnt sure only the .Number field of it was used, so made implementers unsure whether they needed to populate the whole struct. Since we only used the .Number field, I opted to just take a uint64 directly as argument to GetInput. * style(daclient): use MaxBytesReader Use MaxBytesReader and document why we restrict error body to 1000 characters (upped from 250 previously): to prevent DDoS
) feat: InvalidCommitmentError contains status code This commit goes hand-in-hand with Layr-Labs/eigenda-proxy#406, as it now parses the StatusCodes that are returned during 418 TEAPOT errors by proxy.
feat(altda): implement all teapot statuscodes This should (hopefully!) be the last PR changing the teapot error handling. I think (??) we've finally nailed it with the recent spec: https://github.com/Layr-Labs/eigenda/blob/f4ef5cd55633d70bed0d54416c2d253684f0639c/docs/spec/src/integration/spec/6-secure-integration.md#derivation-process This PR thus implements handling of the 4 types of TEAPOT errors possible. Still need to update proxy to return those errors.
* op-node/derive: Gate BPO activation in L1InfoDeposit per L2 chain Disable BPO/Osaka blob fee formula for Celo L2 chains (mainnet, sepolia, chaos) until Jovian hardfork, matching the gating in celo-kona PR #121. For non-Celo chains, BPO remains enabled by default (preserving upstream behavior). * Update op-geth Updates op-geth to a version that specifies CeloChaosChainID * Fix TestBlobBaseFeeFromSepolia: use stripBPOActivations and inline header data The test was failing because it computed BlobBaseFee using the full SepoliaChainConfig (which includes BPO activation times), but the expected value was the Prague-era blob fee from the actual Celo Sepolia L2 block (derived before BPO was known). Fix by: - Using stripBPOActivations on the config, which is exactly what the production code does for Celo chains - Inlining the header data (ExcessBlobGas, Time) instead of making a live RPC call, so the test runs in CI's -short mode - Removing unused context and ethclient imports * ci: Skip OP mainnet upgrade tests not relevant to Celo The contracts-bedrock-tests-upgrade and coverage-upgrade tests fork OP mainnet to test OP-specific upgrade paths. These fail on the Celo fork because ForkLive.s.sol is out of sync with upstream (the DelayedWETHProxy deployment lookup fails). Since these tests are not relevant to Celo chains, skip them: - Comment out contracts-bedrock-tests-upgrade workflow jobs - Use coverage-lcov instead of coverage-lcov-all (which includes upgrade coverage) --------- Co-authored-by: Karl Bartel <karl.bartel@clabs.co>
This update contains upstream security fixes and a fix for snap syncing.
This reduces the likelihood of encountering merge conficts with changes from upstream.
Jobs do not have a when field unless explicitly set as a parameter.
piersy
force-pushed
the
piersy/celo-rebase-16
branch
from
db578c0 to
95de656
Compare
Author
|
This has now been made the default branch celo-rebase-16 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a preview of the optimism rebase.
The memory-all ci workflow still has some failing tests: https://github.com/celo-org/celo-blockchain-planning/issues/1339