Skip to content

Solana deployment scripts and module configs #4355

Solana deployment scripts and module configs

Solana deployment scripts and module configs #4355

Workflow file for this run

name: Solidity
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
paths:
- "solidity/**"
- ".github/workflows/contracts.yml"
pull_request:
# We intend to use `workflow dispatch` in two different situations/paths:
# 1. If a workflow will be manually dispatched from branch named
# `dapp-development`, workflow will deploy the contracts on the selected
# testnet and publish them to NPM registry with `dapp-dev-<environment>`
# suffix and `dapp-development-<environment>` tag. Such packages are meant
# to be used locally by the team developing Threshold Token dApp and may
# contain contracts that have different values from the ones used on
# mainnet.
# 2. If a workflow will be manually dispatched from a branch which name is not
# `dapp-development`, the workflow will deploy the contracts on the
# selected testnet and publish them to NPM registry with `<environment>`
# suffix and tag. Such packages will be used later to deploy public
# Threshold Token dApp on a testnet, with contracts resembling those used
# on mainnet.
workflow_dispatch:
inputs:
environment:
description: "Environment (network) for workflow execution, e.g. `goerli`"
required: false
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"
jobs:
contracts-detect-changes:
runs-on: ubuntu-latest
outputs:
path-filter: ${{ steps.filter.outputs.path-filter }}
steps:
- uses: actions/checkout@v3
if: github.event_name == 'pull_request'
- uses: dorny/paths-filter@v2
if: github.event_name == 'pull_request'
id: filter
with:
filters: |
path-filter:
- './solidity/**'
- './.github/workflows/contracts.yml'
contracts-build-and-test:
needs: contracts-detect-changes
if: |
github.event_name != 'pull_request'
|| needs.contracts-detect-changes.outputs.path-filter == 'true'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
# We need this step because the `@keep-network/tbtc` which we update in
# next step has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Build contracts
run: yarn build
# We don't want to execute the tests for dapp-friendly contracts (either
# when deploying from `dapp-development` or during PR checks on that branch).
- name: Run tests
if: github.ref != 'refs/heads/dapp-development' && github.head_ref != 'dapp-development'
run: yarn test
- name: Run integration tests
if: github.ref != 'refs/heads/dapp-development' && github.head_ref != 'dapp-development'
run: yarn test:integration
contracts-deployment-dry-run:
needs: contracts-detect-changes
if: |
github.event_name != 'pull_request'
|| needs.contracts-detect-changes.outputs.path-filter == 'true'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `tbtc-v2` dependencies by
# default uses `git://` and we needed to manually remove it every time
# it re-appeared in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Deploy contracts
run: yarn deploy:test
contracts-deployment-testnet:
needs: [contracts-build-and-test]
if: |
github.event_name == 'workflow_dispatch'
&& github.ref != 'refs/heads/dapp-development'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
registry-url: "https://registry.npmjs.org"
# We need this step because the `@keep-network/tbtc` which we update in
# next steps has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`. This step also prevents the
# error during `yarn install --frozen-lockfile` step in case `git://` gets
# introduced to tbtc-v2's `yarn.lock`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Get upstream packages versions
uses: keep-network/ci/actions/upstream-builds-query@v2
id: upstream-builds-query
with:
upstream-builds: ${{ github.event.inputs.upstream_builds }}
query: |
random-beacon-contracts-version = github.com/keep-network/keep-core/random-beacon#version
ecdsa-contracts-version = github.com/keep-network/keep-core/ecdsa#version
- name: Resolve latest contracts
run: |
yarn upgrade \
@keep-network/random-beacon@${{ steps.upstream-builds-query.outputs.random-beacon-contracts-version }} \
@keep-network/ecdsa@${{ steps.upstream-builds-query.outputs.ecdsa-contracts-version }} \
@keep-network/tbtc@${{ github.event.inputs.environment }}
- name: Configure tenderly
env:
TENDERLY_TOKEN: ${{ secrets.TENDERLY_TOKEN }}
run: ./config_tenderly.sh
- name: Deploy contracts
env:
CHAIN_API_URL: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
ACCOUNTS_PRIVATE_KEYS: ${{ secrets.GOERLI_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
work-dir: solidity
environment: ${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access=public --tag ${{ github.event.inputs.environment }} --network=${{ github.event.inputs.environment }}
- name: Notify CI about completion of the workflow
uses: keep-network/ci/actions/notify-workflow-completed@v2
env:
GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
with:
module: "github.com/keep-network/tbtc-v2"
url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
environment: ${{ github.event.inputs.environment }}
upstream_builds: ${{ github.event.inputs.upstream_builds }}
upstream_ref: ${{ github.event.inputs.upstream_ref }}
version: ${{ steps.npm-version-bump.outputs.version }}
- name: Upload files needed for etherscan verification
uses: actions/upload-artifact@v3
with:
name: Artifacts for etherscan verification
path: |
./solidity/deployments
./solidity/package.json
./solidity/yarn.lock
contracts-etherscan-verification:
needs: [contracts-deployment-testnet]
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- name: Download files needed for etherscan verification
uses: actions/download-artifact@v3
with:
name: Artifacts for etherscan verification
path: ./solidity
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the `tbtc-v2` dependencies by
# default uses `git://` and we needed to manually remove it every time
# it re-appeared in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install needed dependencies
run: yarn install --frozen-lockfile
# If we don't remove the contracts from `node-modules`, the
# `etherscan-verify` plugins tries to verify them, which is not desired.
- name: Prepare for verification on Etherscan
run: |
rm -rf ./node_modules/@keep-network/random-beacon/artifacts
rm -rf ./node_modules/@keep-network/ecdsa/artifacts
rm -rf ./node_modules/@keep-network/tbtc/artifacts
- name: Verify contracts on Etherscan
env:
ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
CHAIN_API_URL: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
run: yarn run hardhat --network ${{ github.event.inputs.environment }} etherscan-verify
# This job is responsible for publishing packackes with slightly modified
# contracts. The modifications are there to help with the process of testing
# some features on the T Token Dashboard. The job starts only if workflow
# gets triggered by the `workflow_dispatch` event on the branch called
# `dapp-development`.
contracts-dapp-development-deployment-testnet:
needs: [contracts-build-and-test]
if: |
github.event_name == 'workflow_dispatch'
&& github.ref == 'refs/heads/dapp-development'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
registry-url: "https://registry.npmjs.org"
# We need this step because the `@keep-network/tbtc` which we update in
# next steps has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`. This step also prevents the
# error during `yarn install --frozen-lockfile` step in case `git://` gets
# introduced to tbtc-v2's `yarn.lock`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: Get upstream packages versions
uses: keep-network/ci/actions/upstream-builds-query@v2
id: upstream-builds-query
with:
upstream-builds: ${{ github.event.inputs.upstream_builds }}
query: |
random-beacon-contracts-version = github.com/keep-network/keep-core/random-beacon#version
ecdsa-contracts-version = github.com/keep-network/keep-core/ecdsa#version
- name: Resolve latest contracts
run: |
yarn upgrade \
@keep-network/random-beacon@${{ steps.upstream-builds-query.outputs.random-beacon-contracts-version }} \
@keep-network/ecdsa@${{ steps.upstream-builds-query.outputs.ecdsa-contracts-version }} \
@keep-network/tbtc@${{ github.event.inputs.environment }}
- name: Deploy contracts
env:
CHAIN_API_URL: ${{ secrets.GOERLI_ETH_HOSTNAME_HTTP }}
ACCOUNTS_PRIVATE_KEYS: ${{ secrets.DAPP_DEV_GOERLI_ETH_CONTRACT_OWNER_PRIVATE_KEY }}
run: yarn deploy --network ${{ github.event.inputs.environment }}
- name: Bump up package version
id: npm-version-bump
uses: keep-network/npm-version-bump@v2
with:
work-dir: solidity
environment: dapp-dev-${{ github.event.inputs.environment }}
branch: ${{ github.ref }}
commit: ${{ github.sha }}
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm publish --access=public --tag dapp-development-${{ github.event.inputs.environment }} --network=${{ github.event.inputs.environment }}
contracts-format:
needs: contracts-detect-changes
if: |
github.event_name == 'push'
|| needs.contracts-detect-changes.outputs.path-filter == 'true'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
# Below step is a workaround. Eslint executed in `solidity` directory
# finds `.prettierrc.js` config in the root directory and fails if
# referenced `@keep-network/prettier-config-keep` module is missing.
- name: Install dependencies in the root directory
run: |
cd ..
yarn install --frozen-lockfile
# We need this step because the `@keep-network/tbtc` which we update in
# next steps has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Build
run: yarn build
- name: Check formatting
run: yarn format
contracts-slither:
needs: contracts-detect-changes
if: |
github.event_name == 'push'
|| needs.contracts-detect-changes.outputs.path-filter == 'true'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./solidity
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "14.x"
cache: "yarn"
cache-dependency-path: solidity/yarn.lock
- uses: actions/setup-python@v4
with:
python-version: 3.10.8
- name: Install Solidity
env:
SOLC_VERSION: 0.8.9 # according to solidity.version in hardhat.config.ts
run: |
pip3 install solc-select
solc-select install $SOLC_VERSION
solc-select use $SOLC_VERSION
- name: Install Slither
env:
SLITHER_VERSION: 0.8.3
run: pip3 install slither-analyzer==$SLITHER_VERSION
# We need this step because the `@keep-network/tbtc` which we update in
# next steps has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install
- name: Run Slither
run: slither --hardhat-artifacts-directory build .