feat: update Safe multisig transaction workflow to use new environment variable structure and enhance validation

Author: Le-Caignec

.github/workflows/propose-safe-multisig-tx.yml

@@ -70,11 +70,11 @@ jobs:
         run: npm run propose
         working-directory: ./propose-safe-multisig-tx
         env:
-          PROPOSER_PRIVATE_KEY: ${{ secrets.safe-proposer-private-key }}
-          SAFE_API_KEY: ${{ secrets.safe-api-key }}
           RPC_URL: ${{ inputs.rpc-url }}
           SAFE_ADDRESS: ${{ inputs.safe-address }}
           TRANSACTION_TO: ${{ inputs.transaction-to }}
           TRANSACTION_VALUE: ${{ inputs.transaction-value }}
           TRANSACTION_DATA: ${{ inputs.transaction-data }}
+          SAFE_PROPOSER_PRIVATE_KEY: ${{ secrets.safe-proposer-private-key }}
+          SAFE_API_KEY: ${{ secrets.safe-api-key }}
         id: safe-transaction

README.md

@@ -25,6 +25,9 @@ Provides a standardized workflow for building, testing, and publishing Rust pack
 ### 🧹 [Stale Issues and PRs](./stale)
 Automatically identifies and closes stale issues and pull requests to maintain a clean and focused repository. Helps your team concentrate on active work items and reduces maintenance overhead.
 
+### 🛡️ [Safe Multisig Transaction Proposer](./propose-safe-multisig-tx)
+Automates the process of proposing transactions to a Safe multi-signature wallet (Gnosis Safe). Features smart chain detection, comprehensive validation, and secure transaction handling for blockchain operations.
+
 ## 🔧 Usage
 
 Each workflow has its own detailed documentation in its respective directory. The comprehensive documentation includes:

propose-safe-multisig-tx/README.md

@@ -10,13 +10,13 @@ This reusable GitHub Actions workflow automates the process of proposing transac
 
 | **Input**                | **Description**                                               | **Required** | **Default**                         |
 | ------------------------ | ------------------------------------------------------------- | ------------ | ----------------------------------- |
-| **proposer-private-key** | Private key of the proposer wallet                           | Yes          | -                                   |
 | **rpc-url**              | RPC URL for the blockchain network                            | Yes          | -                                   |
 | **safe-address**         | Address of the Safe contract                                  | Yes          | -                                   |
 | **transaction-to**       | Target address for the transaction                            | Yes          | -                                   |
-| **safe-api-key**         | Safe API key for transaction service                          | Yes          | -                                   |
 | **transaction-value**    | Value to send in the transaction (in wei)                     | No           | `0`                                 |
 | **transaction-data**     | Transaction data/calldata                                     | No           | `0x`                                |
+| **safe-proposer-private-key** | Private key of the proposer wallet                           | Yes (Secret) | -                                   |
+| **safe-api-key**         | Safe API key for transaction service                          | Yes (Secret) | -                                   |
 
 ## Workflow Outputs 📤
 
@@ -25,13 +25,6 @@ This reusable GitHub Actions workflow automates the process of proposing transac
 | **tx-hash**       | Hash of the Safe transaction created      |
 | **tx-details**    | Complete transaction details (JSON)       |
 
-## Secrets 🔐
-
-| **Secret**                    | **Description**                                    | **Required** |
-| ----------------------------- | -------------------------------------------------- | ------------ |
-| **SAFE_PROPOSER_PRIVATE_KEY** | Private key of the proposer wallet                 | Yes          |
-| **SAFE_API_KEY**              | Safe API key for transaction service               | Yes          |
-
 ## How to Use This Reusable Workflow 🔄
 
 1. **Call the Reusable Workflow**  
@@ -61,9 +54,9 @@ This reusable GitHub Actions workflow automates the process of proposing transac
          safe-api-key: ${{ secrets.SAFE_API_KEY }}
        with:
          rpc-url: ${{ vars.RPC_URL }}
-       with:
          safe-address: ${{ inputs.safe-address }}
          transaction-to: ${{ inputs.transaction-to }}
+         transaction-value: ${{ inputs.transaction-value }}
          transaction-data: ${{ inputs.transaction-data }}
    ```
 

propose-safe-multisig-tx/src/env.ts

@@ -6,47 +6,49 @@ const privateKeyRegex = /(^|\b)(0x)?[0-9a-fA-F]{64}(\b|$)/;
 const hexDataRegex = /^0x[0-9a-fA-F]*$/;
 
 const envSchema = z.object({
-  // Private key of the proposer wallet
-  PROPOSER_PRIVATE_KEY: z
-    .string()
-    .regex(privateKeyRegex, 'Invalid private key format')
-    .min(1, 'Proposer private key is required'),
-
   // RPC URL for blockchain network connection
   RPC_URL: z
     .string()
-    .url('RPC_URL must be a valid URL')
-    .min(1, 'RPC URL is required'),
+    .url("RPC_URL must be a valid URL")
+    .min(1, "RPC URL is required"),
 
   // Safe multisig contract address
   SAFE_ADDRESS: z
     .string()
-    .regex(addressRegex, 'Invalid Safe address format')
-    .min(1, 'Safe address is required'),
+    .regex(addressRegex, "Invalid Safe address format")
+    .min(1, "Safe address is required"),
 
   // Target address for the transaction
   TRANSACTION_TO: z
     .string()
-    .regex(addressRegex, 'Invalid transaction target address format')
-    .min(1, 'Transaction target address is required'),
-
-  // Safe API key for transaction service
-  SAFE_API_KEY: z
-    .string()
-    .min(1, 'Safe API key is required'),
+    .regex(addressRegex, "Invalid transaction target address format")
+    .min(1, "Transaction target address is required"),
 
   // Value to send in the transaction (in wei)
   TRANSACTION_VALUE: z
     .string()
-    .default('0')
-    .pipe(z.coerce.bigint().nonnegative('Transaction value must be a positive amount'))
+    .default("0")
+    .pipe(
+      z.coerce
+        .bigint()
+        .nonnegative("Transaction value must be a positive amount")
+    )
     .transform(String),
 
   // Transaction data/calldata
   TRANSACTION_DATA: z
     .string()
-    .regex(hexDataRegex, 'Transaction data must be valid hex data')
-    .default('0x'),
+    .regex(hexDataRegex, "Transaction data must be valid hex data")
+    .default("0x"),
+
+  // Private key of the proposer wallet
+  SAFE_PROPOSER_PRIVATE_KEY: z
+    .string()
+    .regex(privateKeyRegex, "Invalid private key format")
+    .min(1, "Safe proposer private key is required"),
+
+  // Safe API key for transaction service
+  SAFE_API_KEY: z.string().min(1, "Safe API key is required"),
 });
 
 export const env = envSchema.parse(process.env);

propose-safe-multisig-tx/src/index.ts

@@ -9,21 +9,21 @@ import { env } from "./env.js";
 async function run() {
   // Environment variables are already validated and parsed
   const {
-    PROPOSER_PRIVATE_KEY: proposerPrivateKey,
     RPC_URL: rpcUrl,
     SAFE_ADDRESS: safeAddress,
     TRANSACTION_TO: transactionTo,
-    SAFE_API_KEY: safeApiKey,
     TRANSACTION_VALUE: transactionValue,
     TRANSACTION_DATA: transactionData,
+    SAFE_PROPOSER_PRIVATE_KEY: safeProposerPrivateKey,
+    SAFE_API_KEY: safeApiKey,
   } = env;
 
   core.info(`🚀 Starting Safe transaction proposal...`);
   core.info(`📍 Safe Address: ${safeAddress}`);
   core.info(`🎯 Target Address: ${transactionTo}`);
 
   // Initialize wallet
-  const account = privateKeyToAccount(proposerPrivateKey as `0x${string}`);
+  const account = privateKeyToAccount(safeProposerPrivateKey as `0x${string}`);
   core.info(`🔑 Proposer Address: ${account.address}`);
 
   // Detect chainId from RPC
@@ -43,7 +43,7 @@ async function run() {
   // Initialize Protocol Kit
   const protocolKit = await Safe.init({
     provider: rpcUrl,
-    signer: proposerPrivateKey,
+    signer: safeProposerPrivateKey,
     safeAddress: safeAddress,
   });