ci/dataProtector sharing fix ci (#469)

* feat: add core smart contract CI and deploy workflows with environment configuration

* refactor: consolidate CI workflows and update environment variables for smart contract deployment

* feat: enhance deployment workflow with environment selection and Arbitrum support

* fix: update changelog to reference Arbitrum mainnet deployment issue #469

* fix: update deploy script to use ignition module for DataProtectorSharing

* fix: remove unused Arbitrum API key references from hardhat config

* fix: update cache configuration for node setup in CI workflow

* feat: add admin private key support for deployment and configuration

* fix: rollback for less change

* fix: correct proxy address reference for DataProtectorSharing import

* feat: add deployment ID support for DataProtectorSharing contract deployment

* feat: add deployment ID output and verification step for contract deployment

* fix: format deployment ID parsing for better readability

* fix: remove a deployement folder

* fix: add missing admin private key comment in .env.template

* feat: add validation for mainnet deployment environment in workflow

* fix: tmp

* feat: re-enable manual trigger

* fix: comment out manual trigger inputs in deployment workflow

* feat: re-enable manual trigger inputs in deployment workflow

* feat: add deployment ID support for Hardhat Ignition in environment configuration and deployment script

* fix: Remove useless check

* feat: enhance account management by adding support for ADMIN_PRIVATE_KEY in Hardhat configuration and DataProtectorSharingModule

* chore: comment out build-and-test job in deployment workflow to test

* feat: update Hardhat configuration to simplify account management for private keys

* feat: enhance deployment process with improved error handling and fallback strategy for CREATE2

* feat: add logging for proxy admin owner selection in DataProtectorSharingModule

* fix: remove unnecessary deployment-id from verification command in sharing-smart-contract deployment workflow

* fix: remove redundant fallback to DEPLOYER_PRIVATE_KEY in Hardhat configuration

* fix: update salt value for CREATE2 strategy configuration in Hardhat setup

* refactor: streamline deployment process by removing fallback logic for CREATE2 strategy

* fix: remove unnecessary flag from verification command in sharing-smart-contract deployment workflow

* fix: update salt value for CREATE2 strategy in Hardhat configuration

* fix: update verification command to include deployment ID in sharing-smart-contract deployment workflow

* fix: update salt value for CREATE2 strategy in sharing-smart-contract configuration

* fix: correct logging of proxy admin owner by removing .address reference

* fix: update salt value for CREATE2 strategy in hardhat configuration

* fix: add step to save deployment artifacts in sharing-smart-contract workflow

* fix: update salt value for CREATE2 strategy in hardhat configuration

* chore: save deployment artifacts for arbitrumSepolia dev (16524739368)

* fix: remove verification step for hardhat network and add TODO note

* chore: remove deployment folder

* fix: update salt value for CREATE2 strategy in hardhat configuration

* fix: uncomment build-and-test job in deployment workflow

* chore: remove unused .openzeppelin configuration file

---------

Co-authored-by: gfournieriExec <[email protected]>
Co-authored-by: Zied <[email protected]>
Co-authored-by: GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>

Author: 4 people

.github/workflows/sharing-smart-contract-ci.yml

@@ -11,72 +11,42 @@ on:
           - hardhat
           - avalancheFujiTestnet
           - arbitrumSepolia
+          - arbitrum
           - bellecour
         default: 'hardhat'
       environment:
         description: 'Environment'
         required: true
         type: choice
         options:
-          - testnets
-          - mainnets
-        default: 'testnets'
+          - dev
+          - prod
+        default: 'dev'
 
 jobs:
-
-  # Validate deployment network and environment.
-  validate:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      # On Github, the environment `mainnets` is restricted to
-      # the main branch. Here we check that it's only used with
-      # mainnet networks.
-      - name: Validate mainnet deployment
-        run: |
-          if [[ "${{ inputs.environment }}" == "mainnets" && "${{ inputs.network }}" != "bellecour" ]]; then
-              echo "::error::mainnets environment can only be used with mainnet networks."
-              exit 1
-          fi
-          echo "Deploying to network '${{ inputs.network }}' with environment '${{ inputs.environment }}'."
-
-  # Build and test before deploying.
-  ci:
-    needs: validate
-    uses: ./.github/workflows/sharing-smart-contracts-reusable.yml
+  build-and-test:
+    uses: ./.github/workflows/sharing-smart-contracts-ci.yml
     with:
-      node-version: 18
+      node-version: 20
 
-  # Deploy and verify contract.
   deploy:
-    needs: ci
+    # needs: build-and-test
     runs-on: ubuntu-latest
+    env:
+      CI: true
     permissions:
       contents: write # Required to commit deployment files.
-    environment: ${{ inputs.environment }}
+    environment: ${{ inputs.network }}
     steps:
-      - name: Set environment variables
-        id: set-env
-        run: |
-          echo "PRIVATE_KEY=${{ secrets.PRIVATE_KEY }}" >> $GITHUB_ENV
-
-          if [ "${{ inputs.network }}" == "arbitrumSepolia" ]; then
-            echo "POCO_ADDRESS=0x14B465079537655E1662F012e99EBa3863c8B9E0" >> $GITHUB_ENV
-            echo "DATASET_REGISTRY_ADDRESS=0x3441A0C9FE488c51fcABa2bAAA048720f4D4F72D" >> $GITHUB_ENV
-            echo "ETHERSCAN_API_KEY=${{ secrets.ETHERSCAN_API_KEY }}" >> $GITHUB_ENV
-            echo "DEPLOYMENT_ID=chain-421614" >> $GITHUB_ENV
-          fi
-
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: 'packages/sharing-smart-contract'
 
       - name: Install dependencies
         working-directory: packages/sharing-smart-contract
@@ -88,20 +58,62 @@ jobs:
           version: stable
           cache: true
 
+      - name: Validate deployment environment and prepare variables
+        if: inputs.network != 'hardhat'
+        run: |
+          NETWORK="${{ inputs.network }}"
+          ENVIRONMENT="${{ inputs.environment }}"
+
+          case "$NETWORK" in
+            arbitrum|bellecour)
+              if [ "$ENVIRONMENT" = "dev" ]; then
+                echo "Error: Cannot deploy to mainnet ($NETWORK) with dev environment"
+                exit 1
+              fi
+              echo "IS_MAINNET=true" >> $GITHUB_ENV
+              ;;
+            *)
+              echo "IS_MAINNET=false" >> $GITHUB_ENV
+              ;;
+          esac
+
       - name: Deploy contracts
+        id: deploy
         working-directory: packages/sharing-smart-contract
-        run: npm run deploy -- --network ${{ inputs.network }}
+        env:
+          # For Deployment
+          RPC_URL: ${{ secrets.RPC_URL }}
+          DEPLOYER_PRIVATE_KEY: ${{ secrets.DEPLOYER_PRIVATE_KEY }}
+          ADMIN_PRIVATE_KEY: ${{ secrets.ADMIN_PRIVATE_KEY }}
+          POCO_ADDRESS: ${{ vars.POCO_ADDRESS }}
+          DATASET_REGISTRY_ADDRESS: ${{ vars.DATASET_REGISTRY_ADDRESS }}
+        run: |
+          if [ "${{ inputs.network }}" = "hardhat" ]; then
+            npm run deploy -- --network ${{ inputs.network }}
+          else
+            # For testnets, use network-environment; for mainnets, use network only
+            if [ "$IS_MAINNET" = false ]; then
+              DEPLOYMENT_ID="${{ inputs.network }}-${{ inputs.environment }}"
+            else
+              DEPLOYMENT_ID="${{ inputs.network }}"
+            fi
+            echo "deployment-id=$DEPLOYMENT_ID" >> $GITHUB_OUTPUT
+            POCO_ADDRESS="${{ vars.POCO_ADDRESS }}" \
+            DATASET_REGISTRY_ADDRESS="${{ vars.DATASET_REGISTRY_ADDRESS }}" \
+            DEPLOYMENT_ID="$DEPLOYMENT_ID" \
+              npm run deploy -- --network ${{ inputs.network }}
+          fi
 
       - name: Save deployment artifacts
         if: inputs.network != 'hardhat'
         uses: stefanzweifel/git-auto-commit-action@v5
         with:
-          commit_message: 'chore: save deployment artifacts for ${{ inputs.network }} (${{ inputs.environment }}, ${{ github.run_id }})'
+          commit_message: 'chore: save deployment artifacts for ${{ inputs.network }} ${{ inputs.environment }} (${{ github.run_id }})'
           file_pattern: 'packages/sharing-smart-contract/ignition/deployments/* packages/sharing-smart-contract/.openzeppelin/*'
           commit_user_name: 'GitHub Actions Bot'
           commit_user_email: 'github-actions[bot]@users.noreply.github.com'
           commit_author: 'GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>'
 
       - name: Verify contracts
-        working-directory: packages/sharing-smart-contract
-        run: echo "TODO" # npm run verify:ignition -- $DEPLOYMENT_ID
+      # TODO
+        run: echo "Verification step is not implemented yet"

.github/workflows/sharing-smart-contract-deploy.yml

@@ -1,13 +1,18 @@
-name: Sharing Smart Contract - Reusable
+name: Sharing Smart Contract - Default
 
 on:
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'packages/sharing-smart-contract/**'
   workflow_call:
     inputs:
       node-version:
         description: Node.js version to use
-        required: true
+        required: false
         type: number
-        default: 18
+        default: 20
 
 jobs:
   build-and-test:
@@ -23,6 +28,8 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: ${{ inputs.node-version }}
+          cache: 'npm'
+          cache-dependency-path: 'packages/sharing-smart-contract'
 
       - name: Install Dependencies
         working-directory: packages/sharing-smart-contract
@@ -42,7 +49,7 @@ jobs:
         working-directory: packages/sharing-smart-contract
         run: npm run check-format
 
-      - name: Lint
+      - name: Check Lint
         working-directory: packages/sharing-smart-contract
         run: npm run lint
 
@@ -51,12 +58,13 @@ jobs:
         run: npm run uml
 
       - name: Static Analyzer
-        uses: crytic/[email protected].0
+        uses: crytic/[email protected].1
         id: slither
         with:
-          sarif: result.sarif
-          fail-on: none
           target: 'packages/sharing-smart-contract/'
+          slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
+          fail-on: none
+          sarif: result.sarif
 
       - name: Start Anvil
         run: |

…ows/sharing-smart-contracts-reusable.yml …workflows/sharing-smart-contracts-ci.yml.github/workflows/sharing-smart-contracts-reusable.yml renamed to .github/workflows/sharing-smart-contracts-ci.yml .github/workflows/sharing-smart-contracts-reusable.yml renamed to .github/workflows/sharing-smart-contracts-ci.yml

@@ -1,5 +1,8 @@
 # wallet used for transactions
-PRIVATE_KEY=...
+DEPLOYER_PRIVATE_KEY=...
+
+# wallet used for admin operations
+ADMIN_PRIVATE_KEY=...
 
 # environment to use for configuration (prod/staging). The default is prod.
 ENV=...
@@ -16,4 +19,11 @@ RPC_URL=
 ## Mnemonic for the network
 MNEMONIC=
 
-ETHERSCAN_API_KEY=
+## API key to verify contracts
+EXPLORER_API_KEY=
+
+## Whether to use API V2 verification format
+IS_VERIFICATION_API_V2=
+## Deployment ID for Hardhat Ignition
+
+DEPLOYMENT_ID=...

packages/sharing-smart-contract/.env.template

@@ -1 +1 @@
-18
+20