chore: trim down fisherman deployment (#18062)

This PR builds on top of
#18060 and removes
some components that are not going to be necessary for fisherman
networks (like web3signer)

Author: alexghr

spartan/environments/ignition-fisherman.env

@@ -21,14 +21,15 @@ ETHEREUM_RPC_URLS=REPLACE_WITH_GCP_SECRET
 ETHEREUM_CONSENSUS_HOST_URLS=REPLACE_WITH_GCP_SECRET
 ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET
 ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET
-FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
+FUNDING_PRIVATE_KEY=""
+LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-ignition-fisherman-mnemonic
 LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET
-ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
+ROLLUP_DEPLOYMENT_PRIVATE_KEY=""
 OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET
 
 SNAPSHOT_BUCKET_DIRECTORY=${SNAPSHOT_BUCKET_DIRECTORY:-ignition-sepolia}
 
-ETHERSCAN_API_KEY=REPLACE_WITH_GCP_SECRET
+ETHERSCAN_API_KEY=""
 R2_ACCESS_KEY_ID=REPLACE_WITH_GCP_SECRET
 R2_SECRET_ACCESS_KEY=REPLACE_WITH_GCP_SECRET
 BOT_TRANSFERS_REPLICAS=0

spartan/environments/staging-ignition.env

@@ -17,6 +17,7 @@ ETHEREUM_CONSENSUS_HOST_API_KEYS=REPLACE_WITH_GCP_SECRET
 ETHEREUM_CONSENSUS_HOST_API_KEY_HEADERS=REPLACE_WITH_GCP_SECRET
 FUNDING_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
 LABS_INFRA_MNEMONIC=REPLACE_WITH_GCP_SECRET
+LABS_INFRA_MNEMONIC_SECRET_NAME=sepolia-labs-staging-ignition-mnemonic
 ROLLUP_DEPLOYMENT_PRIVATE_KEY=REPLACE_WITH_GCP_SECRET
 OTEL_COLLECTOR_ENDPOINT=REPLACE_WITH_GCP_SECRET
 VERIFY_CONTRACTS=true

spartan/scripts/deploy_network.sh

@@ -108,9 +108,14 @@ DESTROY_CHAOS_MESH=${DESTROY_CHAOS_MESH:-false}
 CREATE_CHAOS_MESH=${CREATE_CHAOS_MESH:-false}
 
 
-# Compute validator addresses
-VALIDATOR_ADDRESSES=$(echo "$VALIDATOR_INDICES" | tr ',' '\n' | xargs -I{} cast wallet address --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index {} | tr '\n' ',' | sed 's/,$//')
-log "VALIDATOR_ADDRESSES: ${VALIDATOR_ADDRESSES}"
+# Compute validator addresses (skip if no validators)
+if [[ $VALIDATOR_REPLICAS -gt 0 ]]; then
+  VALIDATOR_ADDRESSES=$(echo "$VALIDATOR_INDICES" | tr ',' '\n' | xargs -I{} cast wallet address --mnemonic "$LABS_INFRA_MNEMONIC" --mnemonic-index {} | tr '\n' ',' | sed 's/,$//')
+  log "VALIDATOR_ADDRESSES: ${VALIDATOR_ADDRESSES}"
+else
+  VALIDATOR_ADDRESSES=""
+  log "VALIDATOR_ADDRESSES: (none - no validators)"
+fi
 
 # Compute and include publisher indices in prefunding list
 # Uses env overrides when provided, otherwise falls back to values.yaml defaults

spartan/scripts/setup_gcp_secrets.sh

@@ -17,6 +17,9 @@ NETWORK=${NETWORK:-}
 
 L1_NETWORK=${L1_NETWORK:-sepolia}
 
+# Read optional custom secret name for LABS_INFRA_MNEMONIC
+LABS_INFRA_MNEMONIC_SECRET_NAME=${LABS_INFRA_MNEMONIC_SECRET_NAME:-}
+
 echo "Setting up GCP secrets for network: $NETWORK"
 
 # Create secure temporary directory for secrets
@@ -67,6 +70,13 @@ mask_secret_value() {
     fi
 }
 
+# Determine the mnemonic secret name: use custom if provided, otherwise use default pattern
+if [[ -n "$LABS_INFRA_MNEMONIC_SECRET_NAME" ]]; then
+    MNEMONIC_SECRET="${LABS_INFRA_MNEMONIC_SECRET_NAME}"
+else
+    MNEMONIC_SECRET="${L1_NETWORK}-labs-${NETWORK}-mnemonic"
+fi
+
 # Map of environment variables to GCP secret names
 # Generic mappings - network-specific secrets use ${NETWORK} in the name
 declare -A SECRET_MAPPINGS=(
@@ -78,7 +88,7 @@ declare -A SECRET_MAPPINGS=(
     ["ROLLUP_DEPLOYMENT_PRIVATE_KEY"]="${L1_NETWORK}-labs-rollup-private-key"
     ["OTEL_COLLECTOR_ENDPOINT"]="otel-collector-url"
     ["ETHERSCAN_API_KEY"]="etherscan-api-key"
-    ["LABS_INFRA_MNEMONIC"]="${L1_NETWORK}-labs-${NETWORK}-mnemonic"
+    ["LABS_INFRA_MNEMONIC"]="${MNEMONIC_SECRET}"
     ["STORE_SNAPSHOT_URL"]="r2-account-id"
     ["R2_ACCESS_KEY_ID"]="r2-access-key-id"
     ["R2_SECRET_ACCESS_KEY"]="r2-secret-access-key"
@@ -95,6 +105,13 @@ JSON_SECRETS=(
 # Replace placeholders with actual secrets
 for env_var in "${!SECRET_MAPPINGS[@]}"; do
     secret_name="${SECRET_MAPPINGS[$env_var]}"
+
+    # Skip if the variable doesn't contain REPLACE_WITH_GCP_SECRET at all
+    if ! grep -q "^${env_var}=.*REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then
+        echo "Skipping $env_var (no placeholder value)"
+        continue
+    fi
+
     echo "Fetching secret: $secret_name for $env_var"
 
     if grep -q "^${env_var}=REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then

spartan/terraform/deploy-aztec-infra/main.tf

@@ -36,6 +36,9 @@ provider "helm" {
 }
 
 module "web3signer" {
+  # Only deploy web3signer if we have validators or provers that need to publish to L1
+  count = tonumber(var.VALIDATOR_REPLICAS) > 0 || (tonumber(var.PROVER_REPLICAS) > 0 && !var.PROVER_NODE_DISABLE_PROOF_PUBLISH) ? 1 : 0
+
   source                                   = "../modules/web3signer"
   NAMESPACE                                = var.NAMESPACE
   RELEASE_NAME                             = var.RELEASE_PREFIX
@@ -122,7 +125,7 @@ locals {
       wait                 = true
     } : null
 
-    validators = {
+    validators = tonumber(var.VALIDATOR_REPLICAS) > 0 ? {
       name  = "${var.RELEASE_PREFIX}-validator"
       chart = "aztec-validator"
       values = [
@@ -152,7 +155,6 @@ locals {
         "validator.slash.offenseExpirationRounds"               = var.SLASH_OFFENSE_EXPIRATION_ROUNDS
         "validator.slash.maxPayloadSize"                        = var.SLASH_MAX_PAYLOAD_SIZE
         "validator.node.env.TRANSACTIONS_DISABLED"              = var.TRANSACTIONS_DISABLED
-        "validator.node.env.NETWORK"                            = var.NETWORK
         "validator.node.env.KEY_INDEX_START"                    = var.VALIDATOR_MNEMONIC_START_INDEX
         "validator.node.env.PUBLISHER_KEY_INDEX_START"          = var.VALIDATOR_PUBLISHER_MNEMONIC_START_INDEX
         "validator.node.env.VALIDATORS_PER_NODE"                = var.VALIDATORS_PER_NODE
@@ -166,7 +168,7 @@ locals {
       boot_node_host_path  = "validator.node.env.BOOT_NODE_HOST"
       bootstrap_nodes_path = "validator.node.env.BOOTSTRAP_NODES"
       wait                 = true
-    }
+    } : null
 
     prover = {
       name  = "${var.RELEASE_PREFIX}-prover"
@@ -176,27 +178,29 @@ locals {
         "prover.yaml",
         "prover-resources-${var.PROVER_RESOURCE_PROFILE}.yaml"
       ]
-      custom_settings = {
-        "node.mnemonic"                                    = var.PROVER_MNEMONIC
-        "node.mnemonicStartIndex"                          = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
-        "node.node.proverRealProofs"                       = var.PROVER_REAL_PROOFS
-        "node.web3signerUrl"                               = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/"
-        "node.node.env.NETWORK"                            = var.NETWORK
-        "node.node.env.PROVER_FAILED_PROOF_STORE"          = var.PROVER_FAILED_PROOF_STORE
-        "node.node.env.KEY_INDEX_START"                    = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
-        "node.node.env.PUBLISHER_KEY_INDEX_START"          = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
-        "node.node.env.PUBLISHERS_PER_PROVER"              = var.PROVER_PUBLISHERS_PER_PROVER
-        "node.node.env.PROVER_NODE_DISABLE_PROOF_PUBLISH"  = var.PROVER_NODE_DISABLE_PROOF_PUBLISH
-        "node.node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG
-        "broker.node.proverRealProofs"                     = var.PROVER_REAL_PROOFS
-        "broker.node.env.NETWORK"                          = var.NETWORK
-        "broker.node.env.BOOTSTRAP_NODES"                  = "asdf"
-        "agent.node.proverRealProofs"                      = var.PROVER_REAL_PROOFS
-        "agent.node.env.NETWORK"                           = var.NETWORK
-        "agent.replicaCount"                               = var.PROVER_REPLICAS
-        "agent.node.env.BOOTSTRAP_NODES"                   = "asdf"
-        "agent.node.env.AGENT_COUNT"                       = var.PROVER_AGENTS_PER_PROVER
-      }
+      custom_settings = merge(
+        {
+          "node.mnemonic"                                    = var.PROVER_MNEMONIC
+          "node.mnemonicStartIndex"                          = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
+          "node.node.proverRealProofs"                       = var.PROVER_REAL_PROOFS
+          "node.node.env.PROVER_FAILED_PROOF_STORE"          = var.PROVER_FAILED_PROOF_STORE
+          "node.node.env.KEY_INDEX_START"                    = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
+          "node.node.env.PUBLISHER_KEY_INDEX_START"          = var.PROVER_PUBLISHER_MNEMONIC_START_INDEX
+          "node.node.env.PUBLISHERS_PER_PROVER"              = var.PROVER_PUBLISHERS_PER_PROVER
+          "node.node.env.PROVER_NODE_DISABLE_PROOF_PUBLISH"  = var.PROVER_NODE_DISABLE_PROOF_PUBLISH
+          "node.node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG
+          "broker.node.proverRealProofs"                     = var.PROVER_REAL_PROOFS
+          "broker.node.env.BOOTSTRAP_NODES"                  = "asdf"
+          "agent.node.proverRealProofs"                      = var.PROVER_REAL_PROOFS
+          "agent.replicaCount"                               = var.PROVER_REPLICAS
+          "agent.node.env.BOOTSTRAP_NODES"                   = "asdf"
+          "agent.node.env.AGENT_COUNT"                       = var.PROVER_AGENTS_PER_PROVER
+        },
+        # Only set web3signerUrl if proof publishing is enabled
+        !var.PROVER_NODE_DISABLE_PROOF_PUBLISH ? {
+          "node.web3signerUrl" = "http://${var.RELEASE_PREFIX}-signer-web3signer.${var.NAMESPACE}.svc.cluster.local:9000/"
+        } : {}
+      )
       boot_node_host_path  = "node.node.env.BOOT_NODE_HOST"
       bootstrap_nodes_path = "node.node.env.BOOTSTRAP_NODES"
       wait                 = true
@@ -235,7 +239,6 @@ locals {
       custom_settings = {
         "nodeType"                                    = "rpc"
         "replicaCount"                                = var.RPC_REPLICAS
-        "node.env.NETWORK"                            = var.NETWORK
         "node.proverRealProofs"                       = var.PROVER_REAL_PROOFS
         "ingress.rpc.enabled"                         = var.RPC_INGRESS_ENABLED
         "ingress.rpc.host"                            = var.RPC_INGRESS_HOST
@@ -258,7 +261,6 @@ locals {
       ]
       custom_settings = {
         "nodeType"                                    = "archive"
-        "node.env.NETWORK"                            = var.NETWORK
         "node.env.P2P_ARCHIVED_TX_LIMIT"              = "10000000"
         "node.env.P2P_TX_POOL_DELETE_TXS_AFTER_REORG" = var.P2P_TX_POOL_DELETE_TXS_AFTER_REORG
       }