Merge branch 'main' into feature/sdk/add-callbackk-machanism

Author: PierreJeanjacquot

.drone.yml

@@ -0,0 +1,11 @@
+name: check-conventional-commits
+
+on: [pull_request]
+
+jobs:
+  check-conventional-commits:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check Commit Conventions
+        uses: webiny/[email protected]

.github/workflows/conventional-commit-check-commits.yml

@@ -0,0 +1,14 @@
+name: check-conventional-commit-pr-title
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - reopened
+
+jobs:
+  lint-pr-title:
+    permissions:
+      pull-requests: read
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]

.github/workflows/conventional-commit-check-pr-title.yml

@@ -0,0 +1,68 @@
+name: web3mail-dapp-ci
+
+on:
+  pull_request:
+    paths:
+      - 'dapp/**'
+
+concurrency:
+  group: ${{ github.ref }}-dapp-ci
+  cancel-in-progress: true
+
+env:
+  WORKING_DIRECTORY: ./dapp
+
+jobs:
+  check-code:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.19.0'
+          cache: 'npm'
+          cache-dependency-path: dapp/package-lock.json
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Check format (prettier)
+        run: npm run check-format
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        environment: ['bellecour-dev', 'arbitrum-sepolia-dev']
+    environment: ${{ matrix.environment }}
+    defaults:
+      run:
+        working-directory: ${{ env.WORKING_DIRECTORY }}
+    env:
+      MJ_APIKEY_PUBLIC: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
+      MJ_APIKEY_PRIVATE: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
+      MJ_SENDER: ${{ secrets.MAILJET_SENDER }}
+      MAILGUN_APIKEY: ${{ secrets.MAILGUN_APIKEY }}
+      WEB3MAIL_WHITELISTED_APPS: ${{ vars.WEB3MAIL_WHITELISTED_APPS }}
+      POCO_SUBGRAPH_URL: ${{ vars.POCO_SUBGRAPH_URL }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.19.0'
+          cache: 'npm'
+          cache-dependency-path: dapp/package-lock.json
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Test with coverage
+        run: npm run ctest

.github/workflows/dapp-ci.yml

@@ -0,0 +1,164 @@
+name: deploy-dapp
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Deployment environment'
+        required: true
+        type: choice
+        options:
+          # dev environments
+          - bellecour-dev
+          - arbitrum-sepolia-dev
+          # prod environments (requires a tag starting with dapp-v)
+          - bellecour-prod
+          - arbitrum-sepolia-prod
+          - arbitrum-mainnet-prod
+
+jobs:
+  extract-tag:
+    runs-on: ubuntu-latest
+    outputs:
+      clean_tag: ${{ steps.tag.outputs.clean_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        # if input environment ends with -prod
+        #   ref should be a tag beginning with dapp-v if not exit error
+        #   use unique clean-tag: <tag>-<timestamp>
+        # else
+        #   use rolling clean-tag: dev
+      - name: Check and extract tag
+        id: tag
+        run: |
+          if [[ "${{ github.event.inputs.environment }}" == *-prod ]]; then
+            if [[ "${GITHUB_REF}" != refs/tags/dapp-v* ]]; then
+              echo "Error: The ref must be a tag starting with 'dapp-v' for production deployments."
+              exit 1
+            fi
+            TAG=${GITHUB_REF#refs/tags/dapp-v}-$(date +%s)
+            echo "clean_tag=${TAG}" | tee -a $GITHUB_OUTPUT
+          else
+            echo "clean_tag=dev" | tee -a $GITHUB_OUTPUT
+          fi
+
+  docker-publish:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    needs: [extract-tag]
+    with:
+      image-name: 'iexechub/web3mail-dapp'
+      registry: 'docker.io'
+      dockerfile: 'dapp/Dockerfile'
+      context: 'dapp'
+      security-scan: true
+      security-report: 'sarif'
+      hadolint: true
+      push: true
+      image-tag: ${{ needs.extract-tag.outputs.clean_tag }}
+    secrets:
+      username: ${{ secrets.DOCKERHUB_USERNAME }}
+      password: ${{ secrets.DOCKERHUB_PAT }}
+
+  sconify:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    needs: [docker-publish, extract-tag]
+    with:
+      image-name: 'iexechub/web3mail-dapp'
+      image-tag: ${{ needs.extract-tag.outputs.clean_tag }}
+      sconify-debug: false
+      sconify-prod: true
+      docker-registry: docker.io
+      sconify-version: '5.9.0-v15'
+      binary: /usr/local/bin/node
+      command: node
+      host-path: |
+        /etc/hosts
+        /etc/resolv.conf
+      binary-fs: true
+      fs-dir: /app
+      heap: 7G
+      dlopen: 1
+      mprotect: 1
+    secrets:
+      docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      docker-password: ${{ secrets.DOCKERHUB_PAT }}
+      scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
+      scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
+      scone-signing-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
+
+  deploy-dapp:
+    needs: [extract-tag, sconify]
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.19.0'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm ci
+          cd node_modules/whitelist-smart-contract
+          npm install --save-dev ts-node
+          cd ../../deployment-dapp
+          npm ci
+
+      - name: Deploy dapp contract
+        env:
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_APP_OWNER_PRIVATEKEY }}
+          DOCKER_IMAGE_TAG: ${{ needs.sconify.outputs.prod-image-tag }}
+          CHECKSUM: ${{  needs.sconify.outputs.prod-checksum }}
+          FINGERPRINT: ${{ needs.sconify.outputs.prod-mrenclave }}
+          RPC_URL: ${{ secrets.RPC_URL }}
+        run: |
+          cd deployment-dapp
+          npm run deploy-dapp
+
+      - name: Push dapp secret
+        env:
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_APP_OWNER_PRIVATEKEY }}
+          MJ_APIKEY_PUBLIC: ${{ secrets.MAILJET_APIKEY_PUBLIC }}
+          MJ_APIKEY_PRIVATE: ${{ secrets.MAILJET_APIKEY_PRIVATE }}
+          MJ_SENDER: ${{ secrets.MAILJET_SENDER }}
+          MAILGUN_APIKEY: ${{ secrets.MAILGUN_APIKEY }}
+          WEB3MAIL_WHITELISTED_APPS: ${{ vars.WEB3MAIL_WHITELISTED_APPS }}
+          POCO_SUBGRAPH_URL: ${{ vars.POCO_SUBGRAPH_URL }}
+          RPC_URL: ${{ secrets.RPC_URL }}
+        run: |
+          cd deployment-dapp
+          npm run push-dapp-secret
+
+      - name: Publish free sell order
+        env:
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_APP_OWNER_PRIVATEKEY }}
+          PRICE: ${{ vars.SELL_ORDER_PRICE }}
+          VOLUME: ${{ vars.SELL_ORDER_VOLUME }}
+          RPC_URL: ${{ secrets.RPC_URL }}
+        run: |
+          cd deployment-dapp
+          npm run publish-sell-order
+
+      - name: Add resource to whitelist
+        env:
+          CONTRACT_ADDRESS: ${{ vars.WEB3MAIL_WHITELIST_CONTRACT_ADDRESS }}
+          PRIVATE_KEY: ${{ secrets.WEB3MAIL_APP_OWNER_PRIVATEKEY }}
+          RPC_URL: ${{ secrets.RPC_URL }}
+        run: |
+          cd node_modules/whitelist-smart-contract
+          export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address)
+          npm run addResourceToWhitelist -- --network ${{ vars.WHITELIST_NETWORK_NAME }}
+
+      - name: Configure ENS
+        if: ${{ vars.DAPP_ENS_NAME }}
+        env:
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_APP_OWNER_PRIVATEKEY }}
+          DAPP_ENS_NAME: ${{ vars.DAPP_ENS_NAME }}
+        run: |
+          cd deployment-dapp
+          npm run configure-ens

.github/workflows/dapp-deploy.yml

@@ -0,0 +1,35 @@
+name: deployment-dapp-ci
+on:
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'deployment-dapp/**'
+
+concurrency:
+  group: ${{ github.ref }}-deployment-dapp-ci
+  cancel-in-progress: true
+
+jobs:
+  check-code:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./deployment-dapp
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.19.0'
+          cache: 'npm'
+          cache-dependency-path: deployment-dapp/package-lock.json
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Check formatting
+        run: npm run check-format

.github/workflows/deployment-dapp-ci.yml

@@ -0,0 +1,16 @@
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+name: release-please
+
+jobs:
+  release-please:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    secrets: inherit

.github/workflows/release-please.yml

@@ -0,0 +1,35 @@
+name: reusable-npm-publish
+
+on:
+  workflow_call:
+    inputs:
+      dry-run:
+        description: 'Run in dry-run mode (the package will not be published)'
+        default: false
+        type: boolean
+      version:
+        description: 'Version to publish (leave empty to use package.json version)'
+        default: ''
+        type: string
+      tag:
+        description: 'npm publish tag (e.g., latest, nightly)'
+        default: ''
+        type: string
+    secrets:
+      npm-token:
+        description: 'NPM auth token (required unless `dry-run: true`)'
+        required: false
+
+jobs:
+  npm-publish:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    with:
+      install-command: npm ci
+      build-command: npm run build
+      dry-run: ${{ inputs.dry-run }}
+      tag: ${{ inputs.tag }}
+      version: ${{ inputs.version }}
+      environment: ${{ (inputs.dry-run && '') || inputs.tag }}
+      provenance: ${{ !inputs.dry-run }}
+    secrets:
+      npm-token: ${{ secrets.npm-token }}