ci: add dapp deployment workflows and PR test workflows

Author: abbesBenayache

.github/workflows/dapp-deploy.yml

@@ -0,0 +1,221 @@
+name: Deploy Dapp to Dev and Prod
+
+on:
+  push:
+    tags:
+      - 'web3mail-dapp-v*'
+
+jobs:
+  get-version:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Set publish version
+        id: set-publish-version
+        run: |
+          GIT_TAG="${{ github.ref_name }}"
+          VERSION=$(echo "$GIT_TAG" | sed 's/web3mail-dapp-v//')
+          echo "VERSION=${VERSION}" | tee -a $GITHUB_OUTPUT
+          echo "GIT_TAG=${GIT_TAG}" | tee -a $GITHUB_OUTPUT
+    outputs:
+      version: ${{ steps.set-publish-version.outputs.VERSION }}
+
+  # Single sconification job for both environments
+  sconify:
+    uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    with:
+      image-name: product/web3mail-dapp
+      image-tag: ${{ github.ref_name }}
+      sconify-debug: false
+      sconify-prod: true
+      docker-registry: docker.io
+      sconify-version: '5.7.5-v12'
+      binary: /usr/local/bin/node
+      command: node /app/src/app.js
+      host-path: |
+        /etc/hosts
+        /etc/resolv.conf
+      binary-fs: true
+      fs-dir: /app
+      heap: 1G
+      dlopen: 1
+      mprotect: 1
+      docker-username: ${{ vars.DOCKERHUB_USERNAME }}
+      scontain-username: ${{ vars.SCONTAIN_REGISTRY_USERNAME }}
+    secrets:
+      docker-password: ${{ secrets.DOCKERHUB_PAT }}
+      scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }}
+      scone-signing-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }}
+
+  # Deploy to Dev Environment
+  deploy-dapp-dev:
+    runs-on: ubuntu-latest
+    needs: sconify
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm ci
+          cd node_modules/whitelist-smart-contract
+          npm install --save-dev ts-node
+          cd ../../deployment-dapp
+          npm ci
+
+      - name: Create scone fingerprint file (dev)
+        run: |
+          MRENCLAVE="${{ needs.sconify.outputs.prod-mrenclave }}"
+          echo "$MRENCLAVE" > deployment-dapp/.scone-fingerprint
+
+      - name: Deploy dapp contract (dev)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-dev
+          WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
+          DOCKER_IMAGE_CHECKSUM_DEV: ${{ needs.sconify.outputs.prod-checksum }}
+        run: |
+          cd deployment-dapp
+          npm run deploy-dapp
+
+      - name: Push dapp secret (dev)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-dev
+          WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
+          MJ_APIKEY_PUBLIC: ${{ secrets.MJ_APIKEY_PUBLIC }}
+          MJ_APIKEY_PRIVATE: ${{ secrets.MJ_APIKEY_PRIVATE }}
+          MJ_SENDER: ${{ secrets.MJ_SENDER }}
+          MAILGUN_APIKEY: ${{ secrets.MAILGUN_APIKEY }}
+          WEB3MAIL_WHITELISTED_APPS_DEV: ${{ secrets.WEB3MAIL_WHITELISTED_APPS_DEV }}
+        run: |
+          cd deployment-dapp
+          npm run push-dapp-secret
+
+      - name: Publish free sell order (dev)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-dev
+          WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
+          PRICE: '0'
+          VOLUME: '1000000000'
+        run: |
+          cd deployment-dapp
+          npm run publish-sell-order
+
+      - name: Add resource to whitelist (dev)
+        env:
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
+          CONTRACT_ADDRESS: ${{ secrets.WEB3MAIL_WHITELIST_DEV_ADDRESS }}
+        run: |
+          cd node_modules/whitelist-smart-contract
+          export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
+
+      - name: Configure ENS (dev)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-dev
+          WALLET_PRIVATE_KEY_DEV: ${{ secrets.WEB3MAIL_DAPP_OWNER_DEV_PRIVATEKEY }}
+        run: |
+          cd deployment-dapp
+          npm run configure-ens
+
+      - name: Upload deployment artifacts (dev)
+        uses: actions/upload-artifact@v4
+        with:
+          name: deployment-artifacts-dev
+          path: |
+            deployment-dapp/.app-address
+            deployment-dapp/.scone-fingerprint
+
+  # Deploy to Prod Environment
+  deploy-dapp-prod:
+    runs-on: ubuntu-latest
+    needs: sconify
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: |
+          npm ci
+          cd node_modules/whitelist-smart-contract
+          npm install --save-dev ts-node
+          cd ../../deployment-dapp
+          npm ci
+
+      - name: Create scone fingerprint file (prod)
+        run: |
+          MRENCLAVE="${{ needs.sconify.outputs.prod-mrenclave }}"
+          echo "$MRENCLAVE" > deployment-dapp/.scone-fingerprint
+
+      - name: Deploy dapp contract (prod)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-prod
+          WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
+          DOCKER_IMAGE_CHECKSUM_PROD: ${{ needs.sconify.outputs.prod-checksum }}
+        run: |
+          cd deployment-dapp
+          npm run deploy-dapp
+
+      - name: Push dapp secret (prod)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-prod
+          WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
+          MJ_APIKEY_PUBLIC: ${{ secrets.MJ_APIKEY_PUBLIC }}
+          MJ_APIKEY_PRIVATE: ${{ secrets.MJ_APIKEY_PRIVATE }}
+          MJ_SENDER: ${{ secrets.MJ_SENDER }}
+          MAILGUN_APIKEY: ${{ secrets.MAILGUN_APIKEY }}
+          WEB3MAIL_WHITELISTED_APPS_PROD: ${{ secrets.WEB3MAIL_WHITELISTED_APPS_PROD }}
+        run: |
+          cd deployment-dapp
+          npm run push-dapp-secret
+
+      - name: Publish free sell order (prod)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-prod
+          WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
+          PRICE: '0'
+          VOLUME: '1000000000'
+        run: |
+          cd deployment-dapp
+          npm run publish-sell-order
+
+      - name: Add resource to whitelist (prod)
+        env:
+          WALLET_PRIVATE_KEY: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
+          CONTRACT_ADDRESS: ${{ secrets.WEB3MAIL_WHITELIST_PROD_ADDRESS }}
+        run: |
+          cd node_modules/whitelist-smart-contract
+          export ADDRESS_TO_ADD=$(cat ../../deployment-dapp/.app-address) && npm run addResourceToWhitelist
+
+      - name: Configure ENS (prod)
+        env:
+          DEPLOY_ENVIRONMENT: dapp-prod
+          WALLET_PRIVATE_KEY_PROD: ${{ secrets.WEB3MAIL_DAPP_OWNER_PROD_PRIVATEKEY }}
+        run: |
+          cd deployment-dapp
+          npm run configure-ens
+
+      - name: Upload deployment artifacts (prod)
+        uses: actions/upload-artifact@v4
+        with:
+          name: deployment-artifacts-prod
+          path: |
+            deployment-dapp/.app-address
+            deployment-dapp/.scone-fingerprint