feat: Add new Safe Wallet reusable workflow (#85)

* add new reusable workflow

* refactor: rename target-address to transaction-target-address in README, workflow, and source code for consistency

* chore: update changelog and version to 1.0.0 for safe transaction workflow

* chore: remove unused keywords from package.json

* chore: update README to reflect workflow usage changes and remove obsolete workflow file

* chore: remove unnecessary blank line in README for improved readability

* chore: remove redundant prepare script from package.json

* chore: move proposer-private-key and safe-api-key to secrets in workflow inputs

* chore: remove npm cache configuration from Node.js setup

* chore: add ref to checkout step in safe-transaction workflow for testing

* chore: add prepare script to package.json and clarify operation type in transaction creation

* refactor: update Safe initialization method from init to create for consistency

* refactor: enhance wallet initialization with provider and integrate EthersAdapter for improved functionality

* style: standardize quotation marks in index.js for consistency

* feat: add debug logging for safe transaction data and specify origin in transaction proposal

* feat: add transaction service URL for Safe API initialization

* feat: add debug logging for API Kit initialization in safe transaction

* feat: enhance debug logging for safe transaction process and API Kit state

* refactor: simplify wallet and Safe initialization by removing unnecessary dependencies and parameters

* refactor: remove chain-id input from workflow and update dependencies for improved compatibility

* refactor: update dependencies and improve Safe transaction proposal process with new API and Protocol Kits

* refactor: update API Kit and Protocol Kit initialization to use default exports

* refactor: update API and Protocol Kit initialization to remove default exports

* refactor: remove module type declaration from package.json

* refactor: add chain-id input to workflow and update README and index.ts for default handling

* refactor: move chain-id input definition to the correct position in the workflow

* refactor: rename transaction-target-address to transaction-to for consistency

* refactor: update Node.js version from 20 to 22 in workflow

* refactor: add origin field to transaction proposal for GitHub Action context

* Update safe-transaction/README.md

Co-authored-by: gfournieriExec <[email protected]>

* refactor: remove chain-id input and detect it from RPC URL in workflow

* refactor: replace ethers with viem for wallet and chain ID detection

* Update safe-transaction/package.json

Co-authored-by: Zied Guesmi <[email protected]>

* Update safe-transaction/package.json

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* Update .github/workflows/safe-transaction.yml

Co-authored-by: Zied Guesmi <[email protected]>

* feat: add reusable workflow for proposing Safe multisig transactions

- Created a new GitHub Actions workflow for proposing transactions to a Gnosis Safe multisig wallet.
- Added inputs for RPC URL, Safe address, transaction target, value, and data.
- Implemented job steps for checking out the repository, setting up Node.js, installing dependencies, building the action, and proposing the transaction.
- Included a README with usage instructions and a changelog.
- Added TypeScript configuration and source code for the action.
- Created .gitignore to exclude unnecessary files and directories.
- Initialized package.json and package-lock.json for dependency management.
- Added version tracking with version.txt.

* feat: add environment variable validation and update dependencies

* refactor: streamline transaction proposal logic and enhance error handling

* feat: update Safe multisig transaction workflow to use new environment variable structure and enhance validation

* feat: enhance validation for SAFE_PROPOSER_PRIVATE_KEY in environment configuration

* chore: remove redundant chain ID detection logs from transaction proposal workflow

* fix: update workflow name to 'Propose Safe Multisig Transaction' for clarity

* Update propose-safe-multisig-tx/src/index.ts

Co-authored-by: Zied Guesmi <[email protected]>

* Update propose-safe-multisig-tx/src/index.ts

Co-authored-by: Zied Guesmi <[email protected]>

* Update propose-safe-multisig-tx/src/index.ts

Co-authored-by: Zied Guesmi <[email protected]>

* Update propose-safe-multisig-tx/README.md

Co-authored-by: Zied Guesmi <[email protected]>

* feat: update workflow example for contract upgrade process

* chore: remove temporary reference for testing in workflow

---------

Co-authored-by: gfournieriExec <[email protected]>
Co-authored-by: Zied Guesmi <[email protected]>

Author: 3 people

.github/workflows/propose-safe-multisig-tx.yml

@@ -0,0 +1,78 @@
+name: 'Propose Safe Multisig Transaction'
+on:
+  workflow_call:
+    inputs:
+      rpc-url:
+        description: 'RPC URL for the blockchain network'
+        required: true
+        type: string
+      safe-address:
+        description: 'Address of the Safe contract'
+        required: true
+        type: string
+      transaction-to:
+        description: 'Target address of the transaction'
+        required: true
+        type: string
+      transaction-value:
+        description: 'Value to send in the transaction (in wei, default: 0)'
+        required: false
+        default: '0'
+        type: string
+      transaction-data:
+        description: 'Transaction data/calldata'
+        required: true
+        type: string
+    secrets:
+      safe-proposer-private-key:
+        description: 'Private key of the proposer wallet'
+        required: true
+      safe-api-key:
+        description: 'Safe API key for transaction service'
+        required: true
+    outputs:
+      tx-hash:
+        description: 'Hash of the Safe transaction'
+        value: ${{ jobs.propose-transaction.outputs.tx-hash }}
+      tx-details:
+        description: 'Created transaction details'
+        value: ${{ jobs.propose-transaction.outputs.tx-details }}
+
+jobs:
+  propose-transaction:
+    runs-on: ubuntu-latest
+    outputs:
+      tx-hash: ${{ steps.safe-transaction.outputs.tx-hash }}
+      tx-details: ${{ steps.safe-transaction.outputs.tx-details }}
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          repository: iExecBlockchainComputing/github-actions-workflows
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      - name: Install dependencies
+        run: npm ci
+        working-directory: ./propose-safe-multisig-tx
+
+      - name: Build action
+        run: npm run build
+        working-directory: ./propose-safe-multisig-tx
+
+      - name: Propose Safe Transaction
+        run: npm run propose
+        working-directory: ./propose-safe-multisig-tx
+        env:
+          RPC_URL: ${{ inputs.rpc-url }}
+          SAFE_ADDRESS: ${{ inputs.safe-address }}
+          TRANSACTION_TO: ${{ inputs.transaction-to }}
+          TRANSACTION_VALUE: ${{ inputs.transaction-value }}
+          TRANSACTION_DATA: ${{ inputs.transaction-data }}
+          SAFE_PROPOSER_PRIVATE_KEY: ${{ secrets.safe-proposer-private-key }}
+          SAFE_API_KEY: ${{ secrets.safe-api-key }}
+        id: safe-transaction

README.md

@@ -25,6 +25,9 @@ Provides a standardized workflow for building, testing, and publishing Rust pack
 ### 🧹 [Stale Issues and PRs](./stale)
 Automatically identifies and closes stale issues and pull requests to maintain a clean and focused repository. Helps your team concentrate on active work items and reduces maintenance overhead.
 
+### 🛡️ [Safe Multisig Transaction Proposer](./propose-safe-multisig-tx)
+Automates the process of proposing transactions to a Safe multi-signature wallet (Gnosis Safe). Features smart chain detection, comprehensive validation, and secure transaction handling for blockchain operations.
+
 ## 🔧 Usage
 
 Each workflow has its own detailed documentation in its respective directory. The comprehensive documentation includes:

propose-safe-multisig-tx/.gitignore

@@ -0,0 +1,22 @@
+# Dependencies
+node_modules/
+
+# Build outputs
+dist/
+
+# IDE
+.vscode/
+.idea/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Environment variables
+.env
+.env.local
+.env.*.local
+
+# Logs
+logs/
+*.log

propose-safe-multisig-tx/CHANGELOG.md

@@ -0,0 +1,7 @@
+# Changelog
+
+## 1.0.0 (2025-09-29)
+
+### Features
+
+* **safe-transaction:** add workflow for safe transaction submission ([#85](https://github.com/iExecBlockchainComputing/github-actions-workflows/pull/85))

propose-safe-multisig-tx/README.md

@@ -0,0 +1,58 @@
+# Safe Multisig Transaction Proposer - Reusable Workflow
+
+## Overview 🌟
+
+This reusable GitHub Actions workflow automates the process of proposing transactions to a Safe multi-signature wallet (Gnosis Safe). It handles the proposal submission, making it easy to integrate Safe transactions into your CI/CD pipeline.
+
+## Workflow Inputs 🛠️
+
+| **Input**                | **Description**                                               | **Required** | **Default**                         |
+| ------------------------ | ------------------------------------------------------------- | ------------ | ----------------------------------- |
+| **rpc-url**              | RPC URL for the blockchain network                            | Yes          | -                                   |
+| **safe-address**         | Address of the Safe contract                                  | Yes          | -                                   |
+| **transaction-to**       | Target address for the transaction                            | Yes          | -                                   |
+| **transaction-value**    | Value to send in the transaction (in wei)                     | No           | `0`                                 |
+| **transaction-data**     | Transaction data/calldata                                     | Yes           | -                                |
+| **safe-proposer-private-key** | Private key of the proposer wallet                           | Yes (Secret) | -                                   |
+| **safe-api-key**         | Safe API key for transaction service                          | Yes (Secret) | -                                   |
+
+## Workflow Outputs 📤
+
+| **Output**        | **Description**                           |
+| ----------------- | ----------------------------------------- |
+| **tx-hash**       | Hash of the Safe transaction created      |
+| **tx-details**    | Complete transaction details (JSON)       |
+
+## How to Use This Reusable Workflow 🔄
+
+1. **Call the Reusable Workflow**  
+   In another workflow file, invoke this reusable workflow like so:
+
+   ```yaml
+    name: Upgrade contract
+
+    on:
+      workflow_dispatch:
+
+    jobs:
+      upgrade:
+        uses: ./.github/workflows/propose-safe-multisig-tx.yml
+        secrets:
+          safe-proposer-private-key: ${{ secrets.SAFE_PROPOSER_PRIVATE_KEY }}
+          safe-api-key: ${{ secrets.SAFE_API_KEY }}
+        with:
+          rpc-url: 'https://...'
+          safe-address: '0xab...'
+          transaction-to: '0xcd...'
+          transaction-value: '0'
+          transaction-data: '0xef' # Upgrade transaction calldata
+   ```
+
+2. **Configure Secrets**  
+   Ensure that the required secrets are added to your repository's settings:
+   - `SAFE_PROPOSER_PRIVATE_KEY`: The private key of the wallet that will propose the transaction
+   - `SAFE_API_KEY`: Your Safe API key for the transaction service
+
+## Security Considerations 🛡️
+
+⚠️ **Important**: Never expose private keys in logs or code files. Always use GitHub Secrets to store sensitive information securely.