Preview celo rebase 16#411
Open
piersy wants to merge 77 commits intopiersy/celo-rebase-16-upstreamfrom
Open
Conversation
Adding funding.json file required to apply for retropgf
github: use step-security replacement for tj-actions/changed-files
* Add script to update `celo-org/op-geth` dependencies Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Add github action for update-geth script Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use inline geth base-ref Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Discard automatic fields Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * token perms Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use read-only GCP SA Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Better parameter handling in update-geth action Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Remove `update-celo-geth` cmd from justfile --------- Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Co-authored-by: alvarof2 <fernandez.f.alvaro@gmail.com> github: improve update-geth.sh * mark it as executable * allow running on both MacOS and linux (GNU vs BSD tool differences) * terminate on errors * less strict go.mod matching to allow applying it directly to upstream github: Fix update-geth.sh (#304) The script was not substituting the go.mod file and the Dockerfile since the regexes were not matching. The regex for the Dockerfile contained '@sha256:' which perl was interpreting as a global symbol, in order to interpret it literally we needed to escape the '@'. The regex for the go.mod file contained an extra space before the arrow 'go-ethereum .* => ', in a tidied go.mod file there is one space between the package name and the arrow '=>'. Also adds failure output so that it's easier to debug where this is going wrong. --------- Co-authored-by: Karl Bartel <karl@karl.berlin> Co-authored-by: Paul Lange <palango@users.noreply.github.com> github: The substitution was failing in the docker file since (#309) The substitution \1 and the beginning of the image hash together created \150 which perl interprets as the octal character code for h. To prevent this we need to use the \${1} notation to reference captured groups. github: Change base-branch for update-geth workflow github: Add `celo-org/op-geth` dependencies update script and gh-action (#263) * Add script to update `celo-org/op-geth` dependencies Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Add github action for update-geth script Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use inline geth base-ref Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Discard automatic fields Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * token perms Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Use read-only GCP SA Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Better parameter handling in update-geth action Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> * Remove `update-celo-geth` cmd from justfile --------- Signed-off-by: Maximilian Langenfeld <15726643+ezdac@users.noreply.github.com> Co-authored-by: alvarof2 <fernandez.f.alvaro@gmail.com> github: Update update geth approach (#319) Removed the old script because it referenced ops-bedrock which has been removed. Added a copy of the op-geth provided update script, decided on a copy to avoid conflicts. Updated the update-geth workflow to reference the new script github: Change update-geth base-branch to 'celo-rebase-13' (#382) github: Change update-geth base-branch to 'celo-rebase-14'
Setting `open-pull-requests-limit: 0` prevent version updates but should keep the security scans and updates according to https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file > If you only require security updates and want to exclude version > updates, you can set open-pull-requests-limit to 0 in order to prevent > version updates for a given package-ecosystem.
…ckchain-public registry (#395) * Build op-node using docker-bake and push to devopsre/celo-blockchain-public registry * Set-Tags
We have to do this because the orb used by optimsim is not public. I published an orb by fetching the project https://github.com/ethereum-optimism/circleci-utils setting up the circleci command-line utility and following the instructions from the readme (also shown below) to publish an orb. Note that the namespace for this orb is just piersy, not piersy/circleci-utils. To publish production versions (e.g., `1.2.3`): - **Required role:** GitHub organization **Owner/Admin** - **What you can do:** - `circleci namespace create` - `circleci orb create` - `circleci orb publish` (production version)
The op config set this to a private URL that we couldn't access, instead we now set this to now be the MAINNET_RPC_URL which is defined as a project env var.
Currently we set this to celo-rebase-15-upstream, but once we've constructed celo-rebase-15 we will want to set the base branch to that.
This cheatcode is used to store the Celo L2 predeploy addresses in a JSON file when run with forge. Inside TestEndToEndApply/initial_chain , the same code is called but we don't care for the generated JSON file. So just returning `nil` makes the test work without any disadvantages.
Remove common/interfaces/IExchange.sol (duplicate) We keep the one in the `mento` directory. Remove common/libraries/ReentrancyGuard.sol (duplicate) Directly use the original from OpenZeppelin. contracts: Skip Celo contracts in test_cannotReinitialize_succeeds
Add console2 import in L2Genesis.s.sol
Until we fix the errors caused by enabling it.
This makes it possible to modify the FeeCurrencyDirectory entries in devnet.
contracts: Revert to upstream L2Genesis.s.sol
…ithMedian (#277) * Ignore AddressSortedLinkedList and AddressSortedLinkedListWithMedian as targets in fuzzing test of SafeCall_Test * Format test/libraries/SafeCall.t.sol
Those have warnings with `scripts/checks/interfaces`. Ignore those warnings for now. contracts: Add Celo contracts in exclusions for interface check contracts: disable interface check for IERC20Upgradeable I don't think we broke anything, so let's make the upstream versions pass the check by adding them to the ignore list.
… holocene order (#379) * fix(batcher): altda parallel submitted blobs respect strict holocene order (#21) test(e2e): new altda e2e test for concurrent blob submissions to maintain new holocene strict ordering rules test(batcher): add altda unit tests for unhappy failure cases (except channel timeout) test(batcher): fix flaky driver tests + speed them up test(batcher): robustify batcher driver altda tests fix(batcher): altda concurrent blob responses are reordered to respect holocene strict ordering rules docs: fix typos and add documentation comments for some batcher public methods test(op-alt-da): fix MockDAClient.DeleteData decrement semantic chore(batcher): move channel failover behavior from TxFailed to AltDASubmissionFailed The failover logic in the failover feature commits was aded on TxFailed, as the separate function AltDASubmissionFailed didn't exist yet. This change makes it much cleaner as a tx having failed cannot lead to a failover given... since that would come from an ethereum issue. fix(batcher): bug in sendTransaction chore(test-logger): fix test logger.Crit which wasn't getting flushed test(batcher): fix altDASetup w new channel config DaType was added, so needed to change config to use DaTypeAltDA style: wrap errors style(damock): dont explicitly initialize to 0 We make use default values instead docs(batcher-test): document why channel timeout test is left unimplemented docs(batcher): fix todos in batcher readme chore: make lint-go-fix docs(batcher): fix readme typo * Change test to write a log instead of stdout --------- Co-authored-by: Samuel Laferriere <samlaf92@gmail.com>
Add default to switch for lint Allow to override with flags the celo forks 22nd Jan 2026: Noted that we didn't need to set the PectraBlobScheduleTime flag, but now we do need to keep it as removing it would be a hardfork.
* isthmus: Update L1Block contract bytecode --------- Co-authored-by: Gastón Ponti <gaston.ponti@clabs.co> Co-authored-by: Gaston Ponti <pontigaston@gmail.com>
It is also prepared for using the bridged WETH as fee currency, but we are currently lacking a simple way to send fee currency txs, so I left the final tx out.
This uses the default fee-currency-directory address from op-geth. It will fix the issue that the EVM calls into the directoy will fail when executed on the local devnet. e2e: use `--broadcast` with `forge create` (#281) Forge started to require the `--broadcast` flag for actually deploying a contract. Otherwise it will only do a dry-run. We should really pin our foundry version. But let's wait until we rebase to the latest upstream, since there have been changes to the overall setup. Closes #278
These tests perform a check at the end to ensure that the total funds after a test match the total funds before the test. We had modified the state transition function to direct baseFee payments to the fee handler instead of optimism's OperatorFeeVault when in a cel2 context. This caused the tests to fail because the tests were not including the balance of the fee handler. This change ensures that we do consider the fee handler balance when calculating the total.
The test was configured with MaxFrameSize: 150 which was too small for the compressed block data (~291 bytes), causing 2 frames per block instead of 1. This doubled the AltDA Store count from the expected 5 to 10. Fixed by increasing MaxFrameSize to 400 to ensure each block fits in a single frame as the test intended.
Update the test to deploy a 65KB contract that exceeds Celo's increased 64KB MaxCodeSize limit. The previous 25KB test contract no longer triggers the max code size check. Changes: - Use PUSH3 (0x62) instead of PUSH2 to push the 3-byte size value - Update runtime size from 25KB to 65KB - Update init code offset from 0x0c to 0x10 (16 bytes)
setup_remote_docker configures the job to be able to build docker images, however this only works with circleci runners.
The issue was using opcm.opcmStandardValidator() directly, which fails when the OPCM_V2 feature is enabled (the validator should come from opcmV2).
The previous snapshot update was generated without Celo forge-artifacts, which caused all Celo snapshot files to be deleted. Rebuild and regenerate to restore them and update the semver-lock initCodeHashes.
It needs a kona version and I'm not clear what this is, but we don't actually use op-challenger so simply disabling it seems to be a good solution.
Celo does not use cannon, so we can safely skip these tests.
karlb
reviewed
Feb 11, 2026
karlb
left a comment
karlb
left a comment
There was a problem hiding this comment.
Looks good, just some questions and nitpicks!
| base: | ||
| name: OP | ||
| url: https://github.com/celo-org/optimism | ||
| ref: refs/remotes/origin/celo-rebase-14-upstream |
There was a problem hiding this comment.
This ref needs to be updated.
Does anyone use the forkdiff? If not, we should consider removing it.
Author
There was a problem hiding this comment.
I've not used it personally, it seems it was originally added by you, so if you don't think it's worth keeping, then I agree.
There was a problem hiding this comment.
@palango occasionally uses the one for op-geth, but not this one. So we can remove it.
|
|
||
| contracts-bedrock-tests: | ||
| circleci_ip_ranges: true | ||
| # circleci_ip_ranges: true |
There was a problem hiding this comment.
Which IPs outside of CircleCI do we access that OP doesn't?
Author
There was a problem hiding this comment.
This feature routes outbound traffic from jobs through a known fixed ip range. I guess it serves to help lock down access to networked dependencies used by jobs. We don't need the feature though and it costs credits to use it, hence the disabling.
| requires: | ||
| - contracts-bedrock-build | ||
| - cannon-prestate-quick | ||
| # scheduled-kurtosis-acceptance-tests: |
There was a problem hiding this comment.
I wonder if we should use a different way to disable workflows, since this is likely to create merge conflicts on every rebase. Maybe a
when:
condition: false
?
Author
There was a problem hiding this comment.
Sounds good, I will see if that can work.
| if err != nil { | ||
| t.Fatalf("failed to create memory state db: %v", err) | ||
| } | ||
|
|
Comment on lines
+43
to
+55
| func init() { | ||
| DeprecatedFlags = append(DeprecatedFlags, deprecatedP2PFlags(EnvVarPrefix)...) | ||
| optionalFlags = append(optionalFlags, P2PFlags(EnvVarPrefix)...) | ||
| optionalFlags = append(optionalFlags, oplog.CLIFlagsWithCategory(EnvVarPrefix, OperationsCategory)...) | ||
| optionalFlags = append(optionalFlags, oppprof.CLIFlagsWithCategory(EnvVarPrefix, OperationsCategory)...) | ||
| optionalFlags = append(optionalFlags, opmetrics.CLIFlagsWithCategory(EnvVarPrefix, OperationsCategory)...) | ||
| optionalFlags = append(optionalFlags, oprpc.CLIFlagsWithCategory(EnvVarPrefix, OperationsCategory, rpcDefaults)...) | ||
| optionalFlags = append(optionalFlags, DeprecatedFlags...) | ||
| optionalFlags = append(optionalFlags, opflags.CLIFlags(EnvVarPrefix, RollupCategory)...) | ||
| optionalFlags = append(optionalFlags, altda.CLIFlags(EnvVarPrefix, AltDACategory)...) | ||
| Flags = append(requiredFlags, optionalFlags...) | ||
| } | ||
|
|
There was a problem hiding this comment.
This function has been moved within the file. If there is no good reason for it, let's put if back to its original place.
* Fix TestFees acceptance test * Skip TestBatcherFullChannelsAfterDowntime, as upstream does This test is also skipped upstream (01a4115) due to a nonce tracking race condition in the async event system. * Increase retry attempts to make acceptance tests likelier to pass * Hardcode Cel2Time to 0 op-geth requires all pre-Cel2 blocks to come from migrated Celo L1 chaindata. If Cel2 is after genesis, op-geth expects blocks between genesis and Cel2 to already exist, causing test failures. * Skip TestSyncTesterHFS acceptance tests, not applicable to Celo These tests sync across hard-fork activation boundaries on op-sepolia. Celo activates all forks through Granite at genesis (Cel2Time=0), so there are no fork boundaries to cross. The Holocene/Isthmus tests also target op-sepolia endpoints and block numbers, not Celo infrastructure. We could keep running the test against the OP testnet, but we're lacking the respective node RPCs to do that cheaply and reliably. * Skip flashblocks acceptance tests, not applicable to Celo Skip both flashblocks tests since Celo doesn't use flashblocks.
* mise: upgrade semgrep from 1.90.0 to 1.131.0 Semgrep 1.90.0 has a transitive dependency on opentelemetry-instrumentation which imports pkg_resources from setuptools. Python 3.12 does not include setuptools by default in venvs, so when the mise cache is invalidated (by any change to mise.toml), a fresh pipx install of semgrep 1.90.0 fails with: ModuleNotFoundError: No module named 'pkg_resources' This was reported as semgrep/semgrep#11069 and fixed in later versions. Upgrading to 1.131.0 resolves the issue. Co-Authored-By: Kelvin Fichter <kelvinfichter@gmail.com> * mise: upgrade semgrep from 1.131.0 to 1.137.0 v1.137.0 is the first version that actually bumps the opentelemetry packages (PR semgrep/semgrep#11180), fixing the pkg_resources ModuleNotFoundError on Python 3.12 without setuptools. Co-Authored-By: Kelvin Fichter <kelvinfichter@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Kelvin Fichter <kelvinfichter@gmail.com>
…num to da-server (#45) * feat(altda-client): pass l1_inclusion_block_number as query param to da server This is used to perform punctuality check on EigenDA, but is generic and should be used by all da layers for the same purpose. * feat(altda): drop invalid certs Defined generic protocol where da-server will return a 418 (TEAPOT) error when a cert is invalid, along with the reason (250 bytes) in the body. The 418 error is transformed into an internal golang InvalidCommitmentError which when received by the derivation pipeline, causes it to skip the commitment and move forward. * chore(daclient): use uint64 for blocknum directly instead of L1BlockRef struct The struct was confusing to use in tests because it wasnt sure only the .Number field of it was used, so made implementers unsure whether they needed to populate the whole struct. Since we only used the .Number field, I opted to just take a uint64 directly as argument to GetInput. * style(daclient): use MaxBytesReader Use MaxBytesReader and document why we restrict error body to 1000 characters (upped from 250 previously): to prevent DDoS
) feat: InvalidCommitmentError contains status code This commit goes hand-in-hand with Layr-Labs/eigenda-proxy#406, as it now parses the StatusCodes that are returned during 418 TEAPOT errors by proxy.
feat(altda): implement all teapot statuscodes This should (hopefully!) be the last PR changing the teapot error handling. I think (??) we've finally nailed it with the recent spec: https://github.com/Layr-Labs/eigenda/blob/f4ef5cd55633d70bed0d54416c2d253684f0639c/docs/spec/src/integration/spec/6-secure-integration.md#derivation-process This PR thus implements handling of the 4 types of TEAPOT errors possible. Still need to update proxy to return those errors.
* op-node/derive: Gate BPO activation in L1InfoDeposit per L2 chain Disable BPO/Osaka blob fee formula for Celo L2 chains (mainnet, sepolia, chaos) until Jovian hardfork, matching the gating in celo-kona PR #121. For non-Celo chains, BPO remains enabled by default (preserving upstream behavior). * Update op-geth Updates op-geth to a version that specifies CeloChaosChainID * Fix TestBlobBaseFeeFromSepolia: use stripBPOActivations and inline header data The test was failing because it computed BlobBaseFee using the full SepoliaChainConfig (which includes BPO activation times), but the expected value was the Prague-era blob fee from the actual Celo Sepolia L2 block (derived before BPO was known). Fix by: - Using stripBPOActivations on the config, which is exactly what the production code does for Celo chains - Inlining the header data (ExcessBlobGas, Time) instead of making a live RPC call, so the test runs in CI's -short mode - Removing unused context and ethclient imports * ci: Skip OP mainnet upgrade tests not relevant to Celo The contracts-bedrock-tests-upgrade and coverage-upgrade tests fork OP mainnet to test OP-specific upgrade paths. These fail on the Celo fork because ForkLive.s.sol is out of sync with upstream (the DelayedWETHProxy deployment lookup fails). Since these tests are not relevant to Celo chains, skip them: - Comment out contracts-bedrock-tests-upgrade workflow jobs - Use coverage-lcov instead of coverage-lcov-all (which includes upgrade coverage) --------- Co-authored-by: Karl Bartel <karl.bartel@clabs.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a preview of the optimism rebase.
The memory-all ci workflow still has some failing tests: https://github.com/celo-org/celo-blockchain-planning/issues/1339