feat(sharing): Deploy DPS contract using Github action

.github/workflows/sharing-smart-contract-deploy.yml

@@ -0,0 +1,107 @@
+name: Sharing Smart Contract - Deployment
+
+on:
+  workflow_dispatch: # Manual trigger
+    inputs:
+      network:
+        description: 'Network'
+        required: true
+        type: choice
+        options:
+          - hardhat
+          - avalancheFujiTestnet
+          - arbitrumSepolia
+          - bellecour
+        default: 'hardhat'
+      environment:
+        description: 'Environment'
+        required: true
+        type: choice
+        options:
+          - testnets
+          - mainnets
+        default: 'testnets'
+
+jobs:
+
+  # Validate deployment network and environment.
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # On Github, the environment `mainnets` is restricted to
+      # the main branch. Here we check that it's only used with
+      # mainnet networks.
+      - name: Validate mainnet deployment
+        run: |
+          if [[ "${{ inputs.environment }}" == "mainnets" && "${{ inputs.network }}" != "bellecour" ]]; then
+              echo "::error::mainnets environment can only be used with mainnet networks."
+              exit 1
+          fi
+          echo "Deploying to network '${{ inputs.network }}' with environment '${{ inputs.environment }}'."
+
+  # Build and test before deploying.
+  ci:
+    needs: validate
+    uses: ./.github/workflows/sharing-smart-contracts-reusable.yml
+    with:
+      node-version: 18
+
+  # Deploy and verify contract.
+  deploy:
+    needs: ci
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Required to commit deployment files.
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Set environment variables
+        id: set-env
+        run: |
+          echo "PRIVATE_KEY=${{ secrets.PRIVATE_KEY }}" >> $GITHUB_ENV
+
+          if [ "${{ inputs.network }}" == "arbitrumSepolia" ]; then
+            echo "POCO_ADDRESS=0x14B465079537655E1662F012e99EBa3863c8B9E0" >> $GITHUB_ENV
+            echo "DATASET_REGISTRY_ADDRESS=0x3441A0C9FE488c51fcABa2bAAA048720f4D4F72D" >> $GITHUB_ENV
+            echo "ARBISCAN_API_KEY=${{ secrets.ARBISCAN_API_KEY }}" >> $GITHUB_ENV
+          fi
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 18
+
+      - name: Install dependencies
+        working-directory: packages/sharing-smart-contract
+        run: npm ci
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+        with:
+          version: stable
+          cache: true
+
+      - name: Deploy contracts
+        working-directory: packages/sharing-smart-contract
+        run: npm run deploy -- --network ${{ inputs.network }}
+
+      - name: Save deployment artifacts
+        if: inputs.network != 'hardhat'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'chore: save deployment artifacts for ${{ inputs.network }} (${{ inputs.environment }}, ${{ github.run_id }})'
+          file_pattern: 'packages/sharing-smart-contract/ignition/deployments/* packages/sharing-smart-contract/.openzeppelin/*'
+          commit_user_name: 'GitHub Actions Bot'
+          commit_user_email: 'github-actions[bot]@users.noreply.github.com'
+          commit_author: 'GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>'
+
+      # TODO
+      - name: Verify contracts
+        working-directory: packages/sharing-smart-contract
+        run: echo "Verify contracts" # npm run verify:ignition -- <deploymentId>

.github/workflows/sharing-smart-contracts-reusable.yml

@@ -13,7 +13,7 @@ jobs:
   build-and-test:
     runs-on: ubuntu-latest
     permissions:
-      contents: write
+      security-events: write # Required for SARIF upload.
 
     steps:
       - uses: actions/checkout@v4
@@ -23,14 +23,10 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           node-version: ${{ inputs.node-version }}
-          # cache: 'npm' # Cache dependencies
 
       - name: Install Dependencies
         working-directory: packages/sharing-smart-contract
-        run: |
-          node -v
-          npm -v
-          npm ci
+        run: npm ci
 
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1

packages/sharing-smart-contract/.env.template

@@ -15,3 +15,5 @@ RPC_URL=
 
 ## Mnemonic for the network
 MNEMONIC=
+
+ETHERSCAN_API_KEY=

packages/sharing-smart-contract/.gitignore

@@ -1,6 +1,7 @@
 # Hardhat files
 cache
 artifacts
+!ignition/deployments/**/artifacts
 
 # TypeChain files
 typechain

packages/sharing-smart-contract/README.md

@@ -1,83 +1,96 @@
 # Sharing Smart Contracts
 
-Brief description of your project.
-
-## Table of Contents
-
-- [Installation](#installation)
-- [Scripts](#scripts)
-  - [Compile](#compile)
-  - [Verify](#verify)
-  - [Deploy (Production)](#deploy-production)
-  - [Deploy (Test)](#deploy-test)
-  - [Run Tests](#run-tests)
-  - [Generate UML Diagrams](#generate-uml-diagrams)
+Note: all of the following commands should be executed inside `packages/sharing-smart-contract`.
 
 ## Installation
 
-Describe the steps to install the project dependencies.
-
 ```bash
 npm ci
 ```
 
-## Scripts
-
-### Compile
+## Build
 
 To clean and compile the project:
 
 ```bash
 npm run compile
 ```
 
-### Verify
+### Test
 
-To verify the contracts:
+Start a local Hardhat node that, by default, forks Bellecour network:
 
 ```bash
-npm run verify
+npx hardhat node
 ```
 
-### Deployment
-
-To deploy the contracts on a local hardhat network, run:
+Open a new terminal and run :
 
 ```bash
-npm run deploy # [-- --network <localhost>] if using an external local node.
+npm run test -- --network localhost
 ```
 
-To deploy the project on a live network, two options are available:
-1. Triggering the dedicated Github Action workflow (recommended).
-2. Or adding a private key locally and running:
+## Deployment
+
+To deploy contracts, set up a private key in `.env` file and run:
+
 ```bash
 npm run deploy -- --network <name>
 ```
 
-#### Note:
-* Deployment on chains that support CreateX factory will deploy contracts
-using `create2` strategy.
-* Github Actions workflow should be used for production deployments.
+**Note**: Deployment on chains that support CreateX factory will deploy contracts using `create2` strategy.
+
+### Mainnets deployment
 
+Deploying on any mainnet must happen through the dedicated Github action.
+The action can be triggered from Github UI or using Github CLI:
 
-### Run Tests
+```sh
+gh workflow run 'Sharing Smart Contract - Deployment' \
+  -f environment=<name> \ # testnets | mainnets
+  -f network=<name>
+ # [ --ref <branch name> ]
+```
 
-To deploy the project on the test network - localhost.
-You need first to start a local hardhat node which will be a fork of bellecour network :
+The output should be something like:
+
+```
+✓ Created workflow_dispatch event for sharing-smart-contract-deploy.yml at feature/sharing-deployment-with-actions
+```
+
+Then check the execution on [Github](https://github.com/iExecBlockchainComputing/dataprotector-sdk/actions/workflows/sharing-smart-contract-deploy.yml).
+
+### Testnets deployments
+
+It is **highly recommended** to use Github Actions to deploy on live testnets, especially for "final" versions that are going to be used by other services.
+
+It is ok to deploy manually on testnets in dev mode. In that case use random create2 salts to not interfere with the configured salt.
+
+### Verification
+
+First, set up the target explorer API key in `.env` file.
+
+1. To verify contracts that are deployed using Hardhat Ignition, run:
 
 ```bash
-npx hardhat node
+# Get deployment id using:
+npx hardhat ignition deployments
+
+# Verify
+npm run verify:ignition -- <deploymentId> # e.g. chain-421614
 ```
 
-Open a new terminal and run :
+**Note**: contracts deployed using Github Actions are automatically verified.
+
+2. To verify any contract, run
 
 ```bash
-npm run test
+npm run verify -- <address> --network <name>
 ```
 
-⚠️ Even if, the default network in the hardhat config is the local bellecour fork node. The tests will be run on a a simple snap hardhat node. That is why we need to specify the localhost network for the test which corresponds to the fork node of bellecour.
+## Docs and diagrams
 
-### Generate UML Diagrams
+#### UML Diagrams
 
 To generate UML diagrams for smart contracts (storage + class):
 
@@ -93,14 +106,14 @@ To convert Solidity files to storage UML diagrams:
 npm run sol-to-uml
 ```
 
-#### Storage to Diagrams
+#### Storage to diagrams
 
 To convert Solidity files to class UML diagrams:
 
 ```bash
 npm run storage-to-diagrams
 ```
 
-#### Issue
+#### Issues
 
 Do not use a more recent version of hardhat than the current one (2.20.1). Cf issue : <https://github.com/NomicFoundation/hardhat/issues/4974>

packages/sharing-smart-contract/hardhat.config.cjs

@@ -72,7 +72,9 @@ module.exports = {
   // to verify smart-contract on Blockscout
   etherscan: {
     apiKey: {
-      bellecour: 'abc',
+      bellecour: 'nothing', // a non-empty string is needed by the plugin.
+      avalancheFujiTestnet: 'nothing', // a non-empty string is needed by the plugin.
+      arbitrumSepolia: process.env.ETHERSCAN_API_KEY || '',
     },
     customChains: [
       {
@@ -86,7 +88,7 @@ module.exports = {
     ],
   },
   sourcify: {
-    enabled: false,
+    enabled: true,
   },
   // contract sizer
   contractSizer: {
@@ -109,7 +111,7 @@ module.exports = {
   ignition: {
     strategyConfig: {
       create2: {
-        salt: "0x0000000000000000000000000000000000000000000000000000000000000000",
+        salt: "0x5FD8F2C3DFCF36E174AC91A44AE6CAEBDDA012EFED601736E2C20A11A56CF537",
       },
     },
   },

packages/sharing-smart-contract/package.json

@@ -8,6 +8,7 @@
   "scripts": {
     "clean": "hardhat clean",
     "compile": "hardhat clean && hardhat compile && npm run artifact-to-abis",
+    "verify:ignition": "hardhat ignition verify --include-unrelated-contracts",
     "verify": "hardhat verify",
     "deploy": "hardhat run scripts/deploy.js",
     "update-env": "hardhat run ./scripts/updateEnv.js",
@@ -57,4 +58,4 @@
     "iexec": "^8.15.0",
     "rimraf": "^6.0.1"
   }
-}
+}