iExecBlockchainComputing · zguesmi · May 16, 2025 · May 15, 2025 · May 15, 2025 · May 15, 2025
diff --git a/.github/workflows/sharing-smart-contract-deploy.yml b/.github/workflows/sharing-smart-contract-deploy.yml
@@ -0,0 +1,113 @@
+name: Sharing Smart Contract - Deployment
+
+on:
+  workflow_dispatch: # Manual trigger
+    inputs:
+      network:
+        description: 'Network'
+        required: true
+        type: choice
+        options:
+          - hardhat
+          - avalancheFujiTestnet
+          - arbitrumSepolia
+          - bellecour
+        default: 'hardhat'
+      environment:
+        description: 'Environment'
+        required: true
+        type: choice
+        options:
+          - testnets
+          - mainnets
+        default: 'testnets'
+
+jobs:
+
+  # Validate deployment network and environment.
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Validate mainnet deployment conditions
+        # Use `mainnets` environment (wallet) only for mainnet deployments
+        # and only from the main branch.
+        # TODO update this when we have other mainnets
+        run: |
+          if [[ \
+              "${{ inputs.environment }}" == "mainnets" && \
+              !("${{ inputs.network }}" == "bellecour" && "${{ github.ref }}" == "refs/heads/main") \
+          ]]; then
+              echo "::error::Bellecour mainnet deployments must be made from the main branch. Current branch: ${GITHUB_REF#refs/heads/}"
+              exit 1
+          fi
+          echo "Deployment validated!"
+
+  # Build and test before deploying.
+  ci:
+    needs: validate
+    uses: ./.github/workflows/sharing-smart-contracts-reusable.yml
+    with:
+      node-version: 18
+
+  # Run deployment steps.
+  deploy:
+    needs: ci
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # Required for saving deployment
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Say Hello
+        run: echo "Hello from env - ${{ inputs.environment }}"
+
+      # - uses: actions/checkout@v4
+      #   with:
+      #     fetch-depth: 0
+
+      # - uses: actions/setup-node@v4
+      #   with:
+      #     node-version: 18
+      #     cache: 'npm' # Cache dependencies
+
+      # - name: Install dependencies
+      #   run: npm ci
+
+      # - name: Set environment variables
+      #   id: set-env
+      #   run: |
+      #     echo "PRIVATE_KEY=${{ secrets.PRIVATE_KEY }}" >> $GITHUB_ENV
+      #     if [ "${{ inputs.network }}" == "avalancheFujiTestnet" ]; then
+      #       echo "FUJI_RPC_URL=${{ secrets.FUJI_RPC_URL }}" >> $GITHUB_ENV
+      #       echo "SNOWTRACE_API_KEY=${{ secrets.SNOWTRACE_API_KEY }}" >> $GITHUB_ENV
+      #     fi
+
+      #     if [ "${{ inputs.network }}" == "arbitrumSepolia" ]; then
+      #       echo "ARBITRUM_SEPOLIA_RPC_URL=${{ secrets.ARBITRUM_SEPOLIA_RPC_URL }}" >> $GITHUB_ENV
+      #       echo "ARBISCAN_API_KEY=${{ secrets.ARBISCAN_API_KEY }}" >> $GITHUB_ENV
+      #     fi
+
+      #     if [ "${{ inputs.network }}" == "bellecour" ]; then
+      #       echo "BELLECOUR_RPC_URL=${{ secrets.BELLECOUR_RPC_URL }}" >> $GITHUB_ENV
+      #     fi
+
+      # - name: Deploy contracts
+      #   run: |
+      #     echo "Deploying to: ${{ inputs.network }} with ${{ inputs.environment }} environment"
+      #     npm run deploy -- --network ${{ inputs.network }}
+
+      # - name: Update config.json with ERC1538Proxy address
+      #   if: inputs.network != 'hardhat'
+      #   run: npx hardhat run scripts/tools/update-config.ts --network ${{ inputs.network }}
+
+      # - name: Save deployment artifacts and updated config
+      #   if: inputs.network != 'hardhat'
+      #   uses: stefanzweifel/git-auto-commit-action@v5
+      #   with:
+      #     commit_message: 'chore: save deployment artifacts for ${{ inputs.network }} (${{ inputs.environment }}, ${{ github.run_id }})'
+      #     file_pattern: 'deployments/${{ inputs.network }}/* config/config.json'
+      #     commit_user_name: 'GitHub Actions Bot'
+      #     commit_user_email: 'github-actions[bot]@users.noreply.github.com'
+      #     commit_author: 'GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>'
diff --git a/.github/workflows/sharing-smart-contracts-reusable.yml b/.github/workflows/sharing-smart-contracts-reusable.yml
@@ -54,61 +54,61 @@ jobs:
         working-directory: packages/sharing-smart-contract
         run: npm run uml
 
-      - name: Static Analyzer
-        uses: crytic/[email protected]
-        id: slither
-        with:
-          sarif: result.sarif
-          fail-on: none
-          target: 'packages/sharing-smart-contract/'
-
-      - name: Start Anvil
-        run: |
-          anvil --host 0.0.0.0 --port 8545 --hardfork berlin --fork-url https://bellecour.iex.ec --chain-id 134 --gas-limit 6700000 --gas-price 0 &
-
-      - name: Wait for Anvil to start
-        run: |
-          timeout=30
-          interval=1
-          echo "Waiting for Anvil to start..."
-          for ((i=0; i<timeout; i++)); do
-            if nc -z localhost 8545; then
-              echo "Anvil is operational."
-              exit 0
-            fi
-            echo "Attempt $((i+1)) of $timeout: Anvil is not ready, waiting ${interval}s..."
-            sleep $interval
-          done
-          echo "Error: Anvil did not start within the timeout period."
-          exit 1
-
-      - name: Upgrade test
-        working-directory: packages/sharing-smart-contract
-        run: npm run upgrade-local-fork -- --network local-bellecour-fork
-
-        # TODO check why the CI does not fail when the following error occurs
-        # (when the RPC node is not available):
-        # 1) Uncaught error outside test suite
-      - name: Hardhat tests
-        working-directory: packages/sharing-smart-contract
-        run: npm run test -- --network local-bellecour-fork
-
-      - name: Test deployment script
-        working-directory: packages/sharing-smart-contract
-        run: |
-          POCO_ADDRESS=0x3eca1B216A7DF1C7689aEb259fFB83ADFB894E7f \
-          DATASET_REGISTRY_ADDRESS=0x799DAa22654128d0C64d5b79eac9283008158730 \
-            npm run deploy -- --network local-bellecour-fork
-
-      - name: Set Directory Permissions
-        working-directory: packages/sharing-smart-contract
-        run: sudo chmod -R 777 .
-
-      - name: Forge Tests
-        working-directory: packages/sharing-smart-contract
-        run: forge test --no-match-test "invariant" -vvvv
-
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: ${{ steps.slither.outputs.sarif }}
+      # - name: Static Analyzer
+      #   uses: crytic/[email protected]
+      #   id: slither
+      #   with:
+      #     sarif: result.sarif
+      #     fail-on: none
+      #     target: 'packages/sharing-smart-contract/'
+
+      # - name: Start Anvil
+      #   run: |
+      #     anvil --host 0.0.0.0 --port 8545 --hardfork berlin --fork-url https://bellecour.iex.ec --chain-id 134 --gas-limit 6700000 --gas-price 0 &
+
+      # - name: Wait for Anvil to start
+      #   run: |
+      #     timeout=30
+      #     interval=1
+      #     echo "Waiting for Anvil to start..."
+      #     for ((i=0; i<timeout; i++)); do
+      #       if nc -z localhost 8545; then
+      #         echo "Anvil is operational."
+      #         exit 0
+      #       fi
+      #       echo "Attempt $((i+1)) of $timeout: Anvil is not ready, waiting ${interval}s..."
+      #       sleep $interval
+      #     done
+      #     echo "Error: Anvil did not start within the timeout period."
+      #     exit 1
+
+      # - name: Upgrade test
+      #   working-directory: packages/sharing-smart-contract
+      #   run: npm run upgrade-local-fork -- --network local-bellecour-fork
+
+      #   # TODO check why the CI does not fail when the following error occurs
+      #   # (when the RPC node is not available):
+      #   # 1) Uncaught error outside test suite
+      # - name: Hardhat tests
+      #   working-directory: packages/sharing-smart-contract
+      #   run: npm run test -- --network local-bellecour-fork
+
+      # - name: Test deployment script
+      #   working-directory: packages/sharing-smart-contract
+      #   run: |
+      #     POCO_ADDRESS=0x3eca1B216A7DF1C7689aEb259fFB83ADFB894E7f \
+      #     DATASET_REGISTRY_ADDRESS=0x799DAa22654128d0C64d5b79eac9283008158730 \
+      #       npm run deploy -- --network local-bellecour-fork
+
+      # - name: Set Directory Permissions
+      #   working-directory: packages/sharing-smart-contract
+      #   run: sudo chmod -R 777 .
+
+      # - name: Forge Tests
+      #   working-directory: packages/sharing-smart-contract
+      #   run: forge test --no-match-test "invariant" -vvvv
+
+      # - name: Upload SARIF file
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   with:
+      #     sarif_file: ${{ steps.slither.outputs.sarif }}
diff --git a/packages/sharing-smart-contract/README.md b/packages/sharing-smart-contract/README.md
@@ -1,83 +1,82 @@
 # Sharing Smart Contracts
 
-Brief description of your project.
-
-## Table of Contents
-
-- [Installation](#installation)
-- [Scripts](#scripts)
-  - [Compile](#compile)
-  - [Verify](#verify)
-  - [Deploy (Production)](#deploy-production)
-  - [Deploy (Test)](#deploy-test)
-  - [Run Tests](#run-tests)
-  - [Generate UML Diagrams](#generate-uml-diagrams)
+Note: all of the following commands should be executed inside `packages/sharing-smart-contract`.
 
 ## Installation
 
-Describe the steps to install the project dependencies.
-
 ```bash
 npm ci
 ```
 
-## Scripts
-
-### Compile
+## Build
 
 To clean and compile the project:
 
 ```bash
 npm run compile
 ```
 
-### Verify
+### Test
 
-To verify the contracts:
+Start a local Hardhat node that, by default, forks Bellecour network:
 
 ```bash
-npm run verify
+npx hardhat node
 ```
 
-### Deployment
-
-To deploy the contracts on a local hardhat network, run:
+Open a new terminal and run :
 
 ```bash
-npm run deploy # [-- --network <localhost>] if using an external local node.
+npm run test -- --network localhost
 ```
 
-To deploy the project on a live network, two options are available:
-1. Triggering the dedicated Github Action workflow (recommended).
-2. Or adding a private key locally and running:
+## Deployment
+
+To deploy contracts, set up a private key in `.env` file and run:
+
 ```bash
 npm run deploy -- --network <name>
 ```
 
-#### Note:
-* Deployment on chains that support CreateX factory will deploy contracts
-using `create2` strategy.
-* Github Actions workflow should be used for production deployments.
+**Note**: Deployment on chains that support CreateX factory will deploy contracts using `create2` strategy.
+
+### Mainnets deployment
 
+Deploying on any mainnet must happen through the dedicated Github action.
+The action can be triggered from Github UI or using Github CLI:
 
-### Run Tests
+```sh
+gh workflow run 'Sharing Smart Contract - Deployment' \
+  -f environment=<name> \ # testnets | mainnets
+  -f network=<name>
+ # [ --ref <branch name> ]
+```
 
-To deploy the project on the test network - localhost.
-You need first to start a local hardhat node which will be a fork of bellecour network :
+The output should be something like:
 
-```bash
-npx hardhat node
+```
+✓ Created workflow_dispatch event for sharing-smart-contract-deploy.yml at feature/sharing-deployment-with-actions
 ```
 
-Open a new terminal and run :
+Then check the execution on [Github](https://github.com/iExecBlockchainComputing/dataprotector-sdk/actions/workflows/sharing-smart-contract-deploy.yml).
+
+### Testnets deployments
+
+It is **highly recommended** to use Github Actions to deploy on live testnets, especially for "final" versions that are going to be used by other services.
+
+It is ok to deploy manually on testnets in dev mode. In that case use random create2 salts to not interfere with the configured salt.
+
+### Verification
+
+To verify contracts run:
 
 ```bash
-npm run test
+npm run verify -- --network <name>
 ```
 
-⚠️ Even if, the default network in the hardhat config is the local bellecour fork node. The tests will be run on a a simple snap hardhat node. That is why we need to specify the localhost network for the test which corresponds to the fork node of bellecour.
+## Docs and diagrams
 
-### Generate UML Diagrams
+#### UML Diagrams
 
 To generate UML diagrams for smart contracts (storage + class):
 
@@ -93,14 +92,14 @@ To convert Solidity files to storage UML diagrams:
 npm run sol-to-uml
 ```
 
-#### Storage to Diagrams
+#### Storage to diagrams
 
 To convert Solidity files to class UML diagrams:
 
 ```bash
 npm run storage-to-diagrams
 ```
 
-#### Issue
+#### Issues
 
 Do not use a more recent version of hardhat than the current one (2.20.1). Cf issue : <https://github.com/NomicFoundation/hardhat/issues/4974>
diff --git a/packages/sharing-smart-contract/hardhat.config.cjs b/packages/sharing-smart-contract/hardhat.config.cjs
@@ -109,7 +109,7 @@ module.exports = {
   ignition: {
     strategyConfig: {
       create2: {
-        salt: "0x0000000000000000000000000000000000000000000000000000000000000000",
+        salt: "0x5FD8F2C3DFCF36E174AC91A44AE6CAEBDDA012EFED601736E2C20A11A56CF532",
-        salt: "0x5FD8F2C3DFCF36E174AC91A44AE6CAEBDDA012EFED601736E2C20A11A56CF532",
+        salt: "0x0000000000000000000000000000000000000000000000000000000000000000",
-        salt: "0x5FD8F2C3DFCF36E174AC91A44AE6CAEBDDA012EFED601736E2C20A11A56CF532",
+        salt: "0x0000000000000000000000000000000000000000000000000000000000000000",
       },
     },
   },