Skip to content

Commit 20463da

Browse files
abbesBenayacheabbesBenayache
committed
fix(workflows): use environment secrets/vars for multi-env, cleanup secret mapping, and improve input handling
1 parent c4182f8 commit 20463da

File tree

4 files changed

+34
-157
lines changed

4 files changed

+34
-157
lines changed

.github/workflows/dapp-deploy.yml

Lines changed: 7 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,9 @@ jobs:
3535
outputs:
3636
clean_tag: ${{ steps.tag.outputs.clean_tag }}
3737
steps:
38+
- name: Checkout code
39+
uses: actions/checkout@v4
40+
3841
- name: Extract tag
3942
id: tag
4043
run: |
@@ -46,23 +49,11 @@ jobs:
4649
fi
4750
4851
deploy-dapp:
52+
needs: extract-tag
4953
uses: ./.github/workflows/reusable-dapp-deploy.yml
5054
with:
55+
environment: ${{ inputs.environment }}
5156
tag: ${{ needs.extract-tag.outputs.clean_tag }}
5257
sconify-version: ${{ inputs.sconify-version }}
53-
environment: ${{ inputs.environment }}
54-
price: ${{ inputs.price != '' && inputs.price || vars.SELL_ORDER_PRICE }}
55-
volume: ${{ inputs.volume != '' && inputs.volume || vars.SELL_ORDER_VOLUME }}
56-
secrets:
57-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
58-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
59-
mj_sender: ${{ secrets.MAILJET_SENDER }}
60-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
61-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
62-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
63-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
64-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
65-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
66-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
67-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
68-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}
58+
price: ${{ inputs.price }}
59+
volume: ${{ inputs.volume }}

.github/workflows/dapp-release.yml

Lines changed: 0 additions & 90 deletions
Original file line numberDiff line numberDiff line change
@@ -24,21 +24,6 @@ jobs:
2424
environment: bellecour-prod
2525
tag: ${{ needs.extract-tag.outputs.clean_tag }}
2626
sconify-version: 5.9.0-v15
27-
price: ${{ vars.SELL_ORDER_PRICE }}
28-
volume: ${{ vars.SELL_ORDER_VOLUME }}
29-
secrets:
30-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
31-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
32-
mj_sender: ${{ secrets.MAILJET_SENDER }}
33-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
34-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
35-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
36-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
37-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
38-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
39-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
40-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
41-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}
4227

4328
deploy-bellecour-staging:
4429
uses: ./.github/workflows/reusable-dapp-deploy.yml
@@ -47,21 +32,6 @@ jobs:
4732
environment: bellecour-staging
4833
tag: ${{ needs.extract-tag.outputs.clean_tag }}
4934
sconify-version: 5.9.0-v15
50-
price: ${{ vars.SELL_ORDER_PRICE }}
51-
volume: ${{ vars.SELL_ORDER_VOLUME }}
52-
secrets:
53-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
54-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
55-
mj_sender: ${{ secrets.MAILJET_SENDER }}
56-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
57-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
58-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
59-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
60-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
61-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
62-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
63-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
64-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}
6535

6636
deploy-arbitrum-prod:
6737
uses: ./.github/workflows/reusable-dapp-deploy.yml
@@ -70,21 +40,6 @@ jobs:
7040
environment: arbitrum-prod
7141
tag: ${{ needs.extract-tag.outputs.clean_tag }}
7242
sconify-version: 5.9.0-v15
73-
price: ${{ vars.SELL_ORDER_PRICE }}
74-
volume: ${{ vars.SELL_ORDER_VOLUME }}
75-
secrets:
76-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
77-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
78-
mj_sender: ${{ secrets.MAILJET_SENDER }}
79-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
80-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
81-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
82-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
83-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
84-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
85-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
86-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
87-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}
8843

8944
deploy-arbitrum-staging:
9045
uses: ./.github/workflows/reusable-dapp-deploy.yml
@@ -93,21 +48,6 @@ jobs:
9348
environment: arbitrum-staging
9449
tag: ${{ needs.extract-tag.outputs.clean_tag }}
9550
sconify-version: 5.9.0-v15
96-
price: ${{ vars.SELL_ORDER_PRICE }}
97-
volume: ${{ vars.SELL_ORDER_VOLUME }}
98-
secrets:
99-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
100-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
101-
mj_sender: ${{ secrets.MAILJET_SENDER }}
102-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
103-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
104-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
105-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
106-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
107-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
108-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
109-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
110-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}
11151

11252
deploy-avalanche-prod:
11353
uses: ./.github/workflows/reusable-dapp-deploy.yml
@@ -116,21 +56,6 @@ jobs:
11656
environment: avalanche-prod
11757
tag: ${{ needs.extract-tag.outputs.clean_tag }}
11858
sconify-version: 5.9.0-v15
119-
price: ${{ vars.SELL_ORDER_PRICE }}
120-
volume: ${{ vars.SELL_ORDER_VOLUME }}
121-
secrets:
122-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
123-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
124-
mj_sender: ${{ secrets.MAILJET_SENDER }}
125-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
126-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
127-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
128-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
129-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
130-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
131-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
132-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
133-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}
13459

13560
deploy-avalanche-staging:
13661
uses: ./.github/workflows/reusable-dapp-deploy.yml
@@ -139,18 +64,3 @@ jobs:
13964
environment: avalanche-staging
14065
tag: ${{ needs.extract-tag.outputs.clean_tag }}
14166
sconify-version: 5.9.0-v15
142-
price: ${{ vars.SELL_ORDER_PRICE }}
143-
volume: ${{ vars.SELL_ORDER_VOLUME }}
144-
secrets:
145-
mj_apikey_public: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
146-
mj_apikey_private: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
147-
mj_sender: ${{ secrets.MAILJET_SENDER }}
148-
mailgun_apikey: ${{ secrets.MAILGUN_APIKEY }}
149-
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
150-
docker-pat: ${{ secrets.DOCKERHUB_PAT }}
151-
scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
152-
scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
153-
sconify-signing-private-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
154-
wallet_private_key: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
155-
whitelisted_apps: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
156-
whitelist_address: ${{ secrets.WEB3MAIL_WHITELIST_ADDRESS }}

.github/workflows/release-please.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
name: release-please-sdk
1+
name: release-please
22
on:
33
push:
44
branches:

.github/workflows/reusable-dapp-deploy.yml

Lines changed: 26 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,23 @@
1-
name: deploy-dapp
1+
name: reusable-dapp-deploy
22

33
on:
44
workflow_call:
55
inputs:
66
environment:
7-
description: 'GitHub Environment to use'
8-
required: true
9-
type: string
10-
sconify-version:
11-
description: 'Version of the sconify image to use'
7+
description: 'Deployment environment'
128
required: true
139
type: string
1410
default: ''
1511
tag:
16-
description: 'npm publish tag (e.g., latest, nightly)'
12+
description: 'Tag for the Docker image'
1713
required: true
1814
default: ''
1915
type: string
16+
sconify-version:
17+
description: 'Version of the sconify image to use'
18+
required: true
19+
type: string
20+
default: ''
2021
price:
2122
description: 'Sell order price (optional)'
2223
required: false
@@ -27,29 +28,6 @@ on:
2728
required: false
2829
type: string
2930
default: ''
30-
secrets:
31-
docker-username:
32-
description: 'Dockerhub username'
33-
required: true
34-
docker-pat:
35-
description: 'Dockerhub password'
36-
required: true
37-
scontain-username:
38-
description: 'Scontain registry username'
39-
required: true
40-
scontain-password:
41-
description: 'Scontain registry password'
42-
required: true
43-
sconify-signing-private-key:
44-
description: 'Sconify signing private key'
45-
required: true
46-
wallet_private_key:
47-
description: 'Wallet private key'
48-
required: true
49-
whitelisted_apps:
50-
description: 'Whitelisted apps'
51-
required: true
52-
5331
jobs:
5432
docker-publish:
5533
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
@@ -64,8 +42,8 @@ jobs:
6442
push: true
6543
image-tag: ${{ inputs.tag }}
6644
secrets:
67-
username: ${{ secrets.dockerhub-username }}
68-
password: ${{ secrets.dockerhub-pat}}
45+
username: ${{ secrets.DOCKERHUB_USERNAME }}
46+
password: ${{ secrets.DOCKERHUB_PAT}}
6947

7048
sconify:
7149
uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
@@ -87,12 +65,11 @@ jobs:
8765
dlopen: 1
8866
mprotect: 1
8967
secrets:
90-
docker-username: ${{ secrets.dockerhub-username }}
91-
docker-password: ${{ secrets.dockerhub-pat }}
92-
scontain-username: ${{ secrets.scontain-username }}
93-
scontain-password: ${{ secrets.scontain-password }}
94-
scone-signing-key: ${{ secrets.sconify-signing-private-key }}
95-
whitelisted_apps: ${{ secrets.whitelisted_apps }}
68+
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
69+
docker-password: ${{ secrets.DOCKERHUB_PAT }}
70+
scontain-username: ${{ secrets.SCONTAIN_USERNAME }}
71+
scontain-password: ${{ secrets.SCONTAIN_PASSWORD }}
72+
scone-signing-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
9673

9774
deploy-dapp:
9875
runs-on: ubuntu-latest
@@ -118,7 +95,7 @@ jobs:
11895
11996
- name: Deploy dapp contract
12097
env:
121-
WALLET_PRIVATE_KEY: ${{ secrets.wallet_private_key }}
98+
WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
12299
DOCKER_IMAGE_TAG: ${{ needs.sconify.outputs.prod-image-tag }}
123100
CHECKSUM: ${{ needs.sconify.outputs.prod-checksum }}
124101
FINGERPRINT: ${{ needs.sconify.outputs.prod-mrenclave }}
@@ -129,37 +106,36 @@ jobs:
129106
130107
- name: Push dapp secret
131108
env:
132-
WALLET_PRIVATE_KEY: ${{ secrets.wallet_private_key }}
133-
MJ_APIKEY_PUBLIC: ${{ secrets.mj_apikey_public }}
134-
MJ_APIKEY_PRIVATE: ${{ secrets.mj_apikey_private }}
135-
MJ_SENDER: ${{ secrets.mj_sender }}
109+
WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
110+
MJ_APIKEY_PUBLIC: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
111+
MJ_APIKEY_PRIVATE: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
112+
MJ_SENDER: ${{ secrets.MAILJET_SENDER }}
136113
MAILGUN_APIKEY: ${{ secrets.MAILGUN_APIKEY }}
137-
WEB3MAIL_WHITELISTED_APPS: ${{ secrets.whitelisted_apps }}
114+
WEB3MAIL_WHITELISTED_APPS: ${{ secrets.WEB3MAIL_WHITELISTED_APPS }}
138115
run: |
139116
cd deployment-dapp
140117
npm run push-dapp-secret
141118
142119
- name: Publish free sell order
143120
env:
144-
WALLET_PRIVATE_KEY: ${{ inputs.wallet_private_key }}
145-
PRICE: ${{ inputs.price }}
146-
VOLUME: ${{ inputs.volume }}
121+
WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
122+
PRICE: ${{ inputs.price || vars.SELL_ORDER_PRICE }}
123+
VOLUME: ${{ inputs.volume || vars.SELL_ORDER_VOLUME }}
147124
run: |
148125
cd deployment-dapp
149126
npm run publish-sell-order
150127
151128
- name: Add resource to whitelist
152129
env:
153-
CONTRACT_ADDRESS: ${{ secrets.whitelist_address }}
130+
CONTRACT_ADDRESS: ${{ secrets.WEB3MAIL_WHITELIST_CONTRACT_ADDRESS }}
154131
run: |
155132
cd node_modules/whitelist-smart-contract
156133
export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
157134
158135
- name: Configure ENS
159-
160136
if: ${{ vars.DAPP_ENS_NAME }}
161137
env:
162-
WALLET_PRIVATE_KEY: ${{ secrets.wallet_private_key }}
138+
WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_PRIVATEKEY }}
163139
DAPP_ENS_NAME: ${{ vars.DAPP_ENS_NAME }}
164140
run: |
165141
cd deployment-dapp

0 commit comments

Comments
 (0)