refactor(ci): refactor dapp-deploy workflow

abbesBenayache · abbesBenayache · commit 9c2e7b2dffaf · 2025-07-15T17:30:36.000+02:00
diff --git a/.github/workflows/dapp-manual-operations.yml b/.github/workflows/dapp-manual-operations.yml
@@ -1,72 +1,84 @@
-name: dapp-manual-operations
+name: Deploy DApp Contract
 
 on:
   workflow_dispatch:
     inputs:
       environment:
-        description: 'Target environment'
+        description: 'Deployment environment'
         required: true
         type: choice
         options:
-          - dev
-          - prod
-      operation:
-        description: 'Operation to perform'
-        required: true
-        type: choice
-        options:
-          - deploy-dapp-contract
-          - push-dapp-secret
-          - publish-sell-order
-          - revoke-sell-order
-          - add-to-whitelist
-          - remove-from-whitelist
-          - configure-ens
-      price:
-        description: 'Price for sell order (xRLC)'
-        required: false
-        default: '0'
-      volume:
-        description: 'Volume for sell order'
-        required: false
-        default: '1000000000'
-      order_hash:
-        description: 'Order hash to revoke'
-        required: false
-      address_to_add:
-        description: 'Address to add to whitelist'
-        required: false
-      address_to_remove:
-        description: 'Address to remove from whitelist'
-        required: false
+          - dapp-dev
+          - dapp-prod
+      sconify-version:
+        description: 'Version of the sconify image to use'
+        type: string
+        default: '5.9.0-v15'
+
+env:
+  DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
 
 jobs:
-  build-tag:
+  build-and-push:
     runs-on: ubuntu-latest
     outputs:
-      image_tag: ${{ steps.set-tag.outputs.image_tag }}
+      image-name: ${{ steps.set-outputs.outputs.image-name }}
+      image-tag: ${{ steps.set-outputs.outputs.image-tag }}
     steps:
-      - name: Set Docker image tag
-        id: set-tag
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PAT }}
+
+      - name: Get dapp version
+        id: version
         run: |
-          if [ "${{ github.event.inputs.environment }}" = "dev" ]; then
-            TAG="dev-${GITHUB_SHA}"
+          VERSION=$(node -p "require('./dapp/package.json').version")
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "dapp-version=$VERSION"
+
+      - name: Set image tag
+        id: image-tag
+        run: |
+          if [ "${{ inputs.environment }}" = "dapp-dev" ]; then
+            echo "image-tag=dev-${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
           else
-            VERSION=$(jq -r .version dapp/package.json)
-            TAG="web3mail-dapp-v${VERSION}"
+            echo "image-tag=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT
           fi
-          echo "image_tag=$TAG" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: ./dapp
+          push: true
+          tags: iexechub/web3mail-dapp:${{ steps.image-tag.outputs.image-tag }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Set outputs
+        id: set-outputs
+        run: |
+          echo "image-name=iexechub/web3mail-dapp" >> $GITHUB_OUTPUT
+          echo "image-tag=${{ steps.image-tag.outputs.image-tag }}" >> $GITHUB_OUTPUT
 
   sconify:
-    needs: build-tag
+    needs: build-and-push
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/sconify.yml@sconify-v2.0.0
     with:
-      image-name: 'iexechub/web3mail-dapp'
-      image-tag: ${{ needs.build-tag.outputs.image_tag }}
+      image-name: ${{ needs.build-and-push.outputs.image-name }}
+      image-tag: ${{ needs.build-and-push.outputs.image-tag }}
       sconify-debug: false
       sconify-prod: true
       docker-registry: docker.io
-      sconify-version: '5.9.0-v15'
+      sconify-version: ${{ inputs.sconify-version }}
       binary: /usr/local/bin/node
       command: node /app/src/app.js
       host-path: |
@@ -78,27 +90,41 @@ jobs:
       dlopen: 1
       mprotect: 1
     secrets:
-      docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
       docker-password: ${{ secrets.DOCKERHUB_PAT }}
-      scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
       scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
       scone-signing-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
+      docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
+      scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }}
+
+  display-sconify-results:
+    runs-on: ubuntu-latest
+    needs: sconify
+    steps:
+      - name: Display Sconify Results
+        run: |
+          echo "## Sconify Results" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          echo "### Production Image" >> $GITHUB_STEP_SUMMARY
+          echo "- **Image Tag**: ${{ needs.sconify.outputs.prod-image-tag }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Checksum**: ${{ needs.sconify.outputs.prod-checksum }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **MrEnclave**: ${{ needs.sconify.outputs.prod-mrenclave }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          echo "### Summary" >> $GITHUB_STEP_SUMMARY
+          echo "Sconification completed successfully!" >> $GITHUB_STEP_SUMMARY
 
-  manual-operation:
+  deploy-dapp:
     runs-on: ubuntu-latest
-    needs: [sconify, build-tag]
-    env:
-      IMAGE_TAG: ${{ needs.build-tag.outputs.image_tag }}
-      DEPLOY_ENVIRONMENT: ${{ github.event.inputs.environment == 'dev' && 'dapp-dev' || 'dapp-prod' }}
-      DOCKER_IMAGE_DEV_TAG: ${{ needs.sconify.outputs.prod-image-tag }}
-      DOCKER_IMAGE_PROD_TAG: ${{ needs.sconify.outputs.prod-image-tag }}
+    needs: [build-and-push, sconify]
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout code
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '18'
+          node-version: '18.19'
           cache: 'npm'
 
       - name: Install dependencies
@@ -115,9 +141,8 @@ jobs:
           echo "$MRENCLAVE" > deployment-dapp/.scone-fingerprint
 
       - name: Deploy dapp contract
-        if: ${{ github.event.inputs.operation == 'deploy-dapp-contract' }}
         env:
-          DEPLOY_ENVIRONMENT: ${{ env.DEPLOY_ENVIRONMENT }}
+          DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
           WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
           WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
           DOCKER_IMAGE_DEV_TAG: ${{ env.DOCKER_IMAGE_DEV_TAG }}
@@ -127,9 +152,8 @@ jobs:
           npm run deploy-dapp
 
       - name: Push dapp secret
-        if: ${{ github.event.inputs.operation == 'push-dapp-secret' }}
         env:
-          DEPLOY_ENVIRONMENT: ${{ env.DEPLOY_ENVIRONMENT }}
+          DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
           WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
           WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
           MJ_APIKEY_PUBLIC: ${{ secrets.MJ_APIKEY_PUBLIC }}
@@ -142,55 +166,48 @@ jobs:
           cd deployment-dapp
           npm run push-dapp-secret
 
-      - name: Publish sell order
-        if: ${{ github.event.inputs.operation == 'publish-sell-order' }}
+      - name: Publish free sell order
         env:
-          DEPLOY_ENVIRONMENT: ${{ env.DEPLOY_ENVIRONMENT }}
+          DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
           WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
           WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
-          PRICE: ${{ github.event.inputs.price }}
-          VOLUME: ${{ github.event.inputs.volume }}
+          PRICE: '0'
+          VOLUME: '1000000000'
         run: |
           cd deployment-dapp
           npm run publish-sell-order
 
-      - name: Revoke sell order
-        if: ${{ github.event.inputs.operation == 'revoke-sell-order' }}
+      - name: Add resource to whitelist (dev)
+        if: inputs.environment == 'dapp-dev'
         env:
-          DEPLOY_ENVIRONMENT: ${{ env.DEPLOY_ENVIRONMENT }}
-          WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
-          WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
-          ORDER_HASH: ${{ github.event.inputs.order_hash }}
-        run: |
-          cd deployment-dapp
-          npm run revoke-sell-order
-
-      - name: Add to whitelist
-        if: ${{ github.event.inputs.operation == 'add-to-whitelist' }}
-        env:
-          WALLET_PRIVATE_KEY: ${{ github.event.inputs.environment == 'dev' && secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY || secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
-          CONTRACT_ADDRESS: ${{ github.event.inputs.environment == 'dev' && secrets.WEB3MAIL_WHITELIST_DEV_ADDRESS || secrets.WEB3MAIL_WHITELIST_PROD_ADDRESS }}
-          ADDRESS_TO_ADD: ${{ github.event.inputs.address_to_add }}
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
+          CONTRACT_ADDRESS: ${{ secrets.WEB3MAIL_WHITELIST_DEV_ADDRESS }}
         run: |
           cd node_modules/whitelist-smart-contract
-          npm run addResourceToWhitelist
+          export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
 
-      - name: Remove from whitelist
-        if: ${{ github.event.inputs.operation == 'remove-from-whitelist' }}
+      - name: Add resource to whitelist (prod)
+        if: inputs.environment == 'dapp-prod'
         env:
-          WALLET_PRIVATE_KEY: ${{ github.event.inputs.environment == 'dev' && secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY || secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
-          CONTRACT_ADDRESS: ${{ github.event.inputs.environment == 'dev' && secrets.WEB3MAIL_WHITELIST_DEV_ADDRESS || secrets.WEB3MAIL_WHITELIST_PROD_ADDRESS }}
-          ADDRESS_TO_REMOVE: ${{ github.event.inputs.address_to_remove }}
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
+          CONTRACT_ADDRESS: ${{ secrets.WEB3MAIL_WHITELIST_PROD_ADDRESS }}
         run: |
           cd node_modules/whitelist-smart-contract
-          npm run removeResourceFromWhitelist
+          export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
 
       - name: Configure ENS
-        if: ${{ github.event.inputs.operation == 'configure-ens' }}
         env:
-          DEPLOY_ENVIRONMENT: ${{ env.DEPLOY_ENVIRONMENT }}
+          DEPLOY_ENVIRONMENT: ${{ inputs.environment }}
           WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
           WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
         run: |
           cd deployment-dapp
           npm run configure-ens
+
+      - name: Upload deployment artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: deployment-artifacts
+          path: |
+            deployment-dapp/.app-address
+            deployment-dapp/.scone-fingerprint
