merge w main

.github/code-freeze-filter.yaml

@@ -0,0 +1,18 @@
+# Each component that is being frozen should have a section in this file.
+# The `changed` section should pull all the files that are changed
+# in order to put an error on the given file if it is changed.
+
+# Please provide a reasoning for each component that is frozen.
+
+# Frozen for audit.
+conductor: &conductor
+  - crates/astria-conductor/src/**
+# Frozen for audit.
+sequencer-relayer: &sequencer-relayer
+  - crates/astria-sequencer-relayer/src/**
+
+# if new components are added above update the list below to get better
+# gh pr level visibility into which files are frozen.
+changed:
+  - *conductor
+  - *sequencer-relayer

.github/workflows/code-freeze.yml

@@ -0,0 +1,60 @@
+name: Code Freeze
+on:
+  pull_request_target:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+      - unlabeled
+    branches:
+      - main
+
+jobs:
+  code_freeze:
+    name: Code Freeze
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Filter Check
+        id: filters
+        uses: dorny/paths-filter@v3
+        with:
+          list-files: shell
+          filters: .github/code-freeze-filter.yaml
+      - name: Output Failure
+        if: steps.filters.outputs.changes != '[]' && !contains(github.event.pull_request.labels.*.name, 'override-freeze')
+        run: |
+          TITLE="Code Freeze in Effect"
+          LEGIBLE_CHANGES=$(echo "${{ steps.filters.outputs.changes }}" | sed 's/,changed//g' | sed 's/,/, /g' | sed 's/[][]//g')
+          echo "### ${TITLE}" >> $GITHUB_STEP_SUMMARY
+          echo "This PR updates the following components which are code frozen: ${LEGIBLE_CHANGES}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The following files are modified and frozen:" >> $GITHUB_STEP_SUMMARY
+          FILES="${{ steps.filters.outputs.changed_files }}"
+          FILE_MESSAGE="This file is under code freeze."
+          for FILE in $FILES; do
+            echo " - ${FILE}" >> $GITHUB_STEP_SUMMARY
+            echo "::error file=$FILE,title=$TITLE::$FILE_MESSAGE"
+          done
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Freeze can be overriden by adding the 'override-freeze' label to the PR." >> $GITHUB_STEP_SUMMARY
+          exit 1
+      - name: Output Bypass
+        if: steps.filters.outputs.changes != '[]' && contains(github.event.pull_request.labels.*.name, 'override-freeze')
+        run: |
+          TITLE="Code Freeze in Effect - Bypassed"
+          LEGIBLE_CHANGES=$(echo "${{ steps.filters.outputs.changes }}" | sed 's/,changed//g' | sed 's/,/, /g' | sed 's/[][]//g')
+          echo "### ${TITLE}" >> $GITHUB_STEP_SUMMARY
+          echo "This PR updates the following components which are code frozen: ${LEGIBLE_CHANGES}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "The following files are modified and frozen:" >> $GITHUB_STEP_SUMMARY
+          FILES="${{ steps.filters.outputs.changed_files }}"
+          FILE_MESSAGE="This file is under code freeze."
+          for FILE in $FILES; do
+            echo " - ${FILE}" >> $GITHUB_STEP_SUMMARY
+            echo "::warning file=$FILE,title=$TITLE::$FILE_MESSAGE"
+          done
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "Freeze has been overriden by adding the 'override-freeze' label to the PR." >> $GITHUB_STEP_SUMMARY
+          exit 0

.github/workflows/scheduled.yml

@@ -11,6 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: rustsec/audit-check@v1.4.1
+      - uses: rustsec/audit-check@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -127,7 +127,7 @@ jobs:
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ env.RUSTUP_TOOLCHAIN }}
-      - uses: rustsec/audit-check@v1.4.1
+      - uses: rustsec/audit-check@v2.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 

charts/evm-rollup/Chart.yaml

@@ -15,13 +15,13 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.27.3
+version: 0.27.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.14.1"
+appVersion: "0.14.2"
 
 maintainers:
   - name: wafflesvonmaple

charts/evm-rollup/templates/configmap.yaml

@@ -31,6 +31,8 @@ data:
   OTEL_SERVICE_NAME: "{{ tpl .Values.otel.serviceNamePrefix . }}-conductor"
   {{- if not .Values.global.dev }}
   {{- else }}
+  ASTRIA_CONDUCTOR_EXPECTED_SEQUENCER_CHAIN_ID: "{{ tpl .Values.config.conductor.sequencerChainId . }}"
+  ASTRIA_CONDUCTOR_EXPECTED_CELESTIA_CHAIN_ID: "{{ tpl .Values.config.conductor.celestiaChainId . }}"
   {{- end }}
 ---
 apiVersion: v1

charts/evm-rollup/values.yaml

@@ -16,7 +16,7 @@ images:
   conductor:
     repo: ghcr.io/astriaorg/conductor
     pullPolicy: IfNotPresent
-    tag: "0.20.1"
+    tag: "0.21.0"
     devTag: latest
 
 
@@ -178,6 +178,8 @@ config:
     sequencerGrpc: ""
     # The maximum number of requests to make to the sequencer per second
     sequencerRequestsPerSecond: 500
+    # The chain id of the celestia network the conductor communicates with
+    celestiaChainId: ""
 
   celestia:
     # if config.rollup.executionLevel is NOT 'SoftOnly' AND celestia-node is not enabled

charts/evm-stack/Chart.lock

@@ -4,7 +4,7 @@ dependencies:
   version: 0.3.6
 - name: evm-rollup
   repository: file://../evm-rollup
-  version: 0.27.3
+  version: 0.27.4
 - name: composer
   repository: file://../composer
   version: 0.1.4
@@ -20,5 +20,5 @@ dependencies:
 - name: blockscout-stack
   repository: https://blockscout.github.io/helm-charts
   version: 1.6.2
-digest: sha256:6e62801b5f401ba653f88a5ed9d33a6de38b8bba5ba942d01a2af68371c8bfd8
-generated: "2024-09-19T12:52:41.503045-07:00"
+digest: sha256:b086adf099e986e3a5c1f7f25481aaf42ebf597029a70ee0bd3ff6711e6bdccf
+generated: "2024-09-25T14:31:21.35488-05:00"

charts/evm-stack/Chart.yaml

@@ -15,15 +15,15 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.6.0
+version: 0.6.1
 
 dependencies:
   - name: celestia-node
     version: 0.3.6
     repository: "file://../celestia-node"
     condition: celestia-node.enabled
   - name: evm-rollup
-    version: 0.27.3
+    version: 0.27.4
     repository: "file://../evm-rollup"
   - name: composer
     version: 0.1.4

charts/evm-stack/values.yaml

@@ -13,6 +13,7 @@ global:
   rollupName: ""
   evmChainId: ""
   sequencerChainId: ""
+  celestiaChainId: ""
   otel:
     endpoint: ""
     tracesEndpoint: ""
@@ -29,6 +30,7 @@ evm-rollup:
   config:
     conductor:
       sequencerChainId: "{{ .Values.global.sequencerChainId }}"
+      celestiaChainId: "{{ .Values.global.celestiaChainId }}"
       sequencerRpc: "{{ .Values.global.sequencerRpc }}"
       sequencerGrpc: "{{ .Values.global.sequencerGrpc }}"
   otel:

crates/astria-bridge-withdrawer/src/bridge_withdrawer/submitter/mod.rs

@@ -13,7 +13,6 @@ use astria_core::{
     },
     protocol::transaction::v1alpha1::{
         Action,
-        TransactionParams,
         UnsignedTransaction,
     },
 };
@@ -154,13 +153,12 @@ impl Submitter {
         .wrap_err("failed to get nonce from sequencer")?;
         debug!(nonce, "fetched latest nonce");
 
-        let unsigned = UnsignedTransaction {
-            actions,
-            params: TransactionParams::builder()
-                .nonce(nonce)
-                .chain_id(sequencer_chain_id)
-                .build(),
-        };
+        let unsigned = UnsignedTransaction::builder()
+            .actions(actions)
+            .nonce(nonce)
+            .chain_id(sequencer_chain_id)
+            .try_build()
+            .wrap_err("failed to build unsigned transaction")?;
 
         // sign transaction
         let signed = unsigned.into_signed(signer.signing_key());

crates/astria-cli/src/commands/bridge/submit.rs

@@ -7,7 +7,6 @@ use astria_core::{
     crypto::SigningKey,
     protocol::transaction::v1alpha1::{
         Action,
-        TransactionParams,
         UnsignedTransaction,
     },
 };
@@ -119,7 +118,7 @@ async fn submit_transaction(
     actions: Vec<Action>,
 ) -> eyre::Result<Response> {
     let from_address = Address::builder()
-        .array(signing_key.verification_key().address_bytes())
+        .array(*signing_key.verification_key().address_bytes())
         .prefix(prefix)
         .try_build()
         .wrap_err("failed constructing a valid from address from the provided prefix")?;
@@ -129,14 +128,13 @@ async fn submit_transaction(
         .await
         .wrap_err("failed to get nonce")?;
 
-    let tx = UnsignedTransaction {
-        params: TransactionParams::builder()
-            .nonce(nonce_res.nonce)
-            .chain_id(chain_id)
-            .build(),
-        actions,
-    }
-    .into_signed(signing_key);
+    let tx = UnsignedTransaction::builder()
+        .actions(actions)
+        .nonce(nonce_res.nonce)
+        .chain_id(chain_id)
+        .try_build()
+        .wrap_err("failed to build transaction from actions")?
+        .into_signed(signing_key);
     let res = client
         .submit_transaction_sync(tx)
         .await

crates/astria-cli/src/commands/sequencer.rs

@@ -16,7 +16,6 @@ use astria_core::{
             TransferAction,
             ValidatorUpdate,
         },
-        TransactionParams,
         UnsignedTransaction,
     },
 };
@@ -464,7 +463,7 @@ async fn submit_transaction(
     let sequencer_key = SigningKey::from(private_key_bytes);
 
     let from_address = Address::builder()
-        .array(sequencer_key.verification_key().address_bytes())
+        .array(*sequencer_key.verification_key().address_bytes())
         .prefix(prefix)
         .try_build()
         .wrap_err("failed constructing a valid from address from the provided prefix")?;
@@ -475,14 +474,13 @@ async fn submit_transaction(
         .await
         .wrap_err("failed to get nonce")?;
 
-    let tx = UnsignedTransaction {
-        params: TransactionParams::builder()
-            .nonce(nonce_res.nonce)
-            .chain_id(chain_id)
-            .build(),
-        actions: vec![action],
-    }
-    .into_signed(&sequencer_key);
+    let tx = UnsignedTransaction::builder()
+        .actions(vec![action])
+        .nonce(nonce_res.nonce)
+        .chain_id(chain_id)
+        .try_build()
+        .wrap_err("failed to build transaction from actions")?
+        .into_signed(&sequencer_key);
     let res = sequencer_client
         .submit_transaction_sync(tx)
         .await

crates/astria-composer/src/executor/builder.rs

@@ -58,7 +58,7 @@ impl Builder {
 
         let sequencer_address = Address::builder()
             .prefix(sequencer_address_prefix)
-            .array(sequencer_key.verification_key().address_bytes())
+            .array(*sequencer_key.verification_key().address_bytes())
             .try_build()
             .wrap_err("failed constructing a sequencer address from private key")?;
 

crates/astria-composer/src/executor/bundle_factory/mod.rs

@@ -13,6 +13,7 @@ use astria_core::{
     protocol::transaction::v1alpha1::{
         action::SequenceAction,
         Action,
+        UnsignedTransaction,
     },
     Protobuf as _,
 };
@@ -74,6 +75,27 @@ impl SizedBundle {
         }
     }
 
+    /// Constructs an [`UnsignedTransaction`] from the actions contained in the bundle and `params`.
+    /// # Panics
+    /// Method is expected to never panic because only `SequenceActions` are added to the bundle,
+    /// which should produce a valid variant of the `ActionGroup` type.
+    pub(super) fn to_unsigned_transaction(
+        &self,
+        nonce: u32,
+        chain_id: &str,
+    ) -> UnsignedTransaction {
+        UnsignedTransaction::builder()
+            .actions(self.buffer.clone())
+            .chain_id(chain_id)
+            .nonce(nonce)
+            .try_build()
+            .expect(
+                "method is expected to never panic because only `SequenceActions` are added to \
+                 the bundle, which should produce a valid variant of the `ActionGroup` type; this \
+                 is checked by `tests::transaction_construction_should_not_panic",
+            )
+    }
+
     /// Buffer `seq_action` into the bundle.
     /// # Errors
     /// - `seq_action` is beyond the max size allowed for the entire bundle
@@ -111,11 +133,6 @@ impl SizedBundle {
         self.curr_size
     }
 
-    /// Consume self and return the underlying buffer of actions.
-    pub(super) fn into_actions(self) -> Vec<Action> {
-        self.buffer
-    }
-
     /// Returns the number of sequence actions in the bundle.
     pub(super) fn actions_count(&self) -> usize {
         self.buffer.len()