diff --git a/.github/workflows/01-deploy-dapp-contract.yml b/.github/workflows/01-deploy-dapp-contract.yml new file mode 100644 index 0000000..24b8cca --- /dev/null +++ b/.github/workflows/01-deploy-dapp-contract.yml @@ -0,0 +1,143 @@ +name: 01-deploy-dapp-contract + +on: + workflow_dispatch: + inputs: + environment: + description: 'Deployment environment' + required: true + type: choice + options: + # dev environments + - bellecour-dev + - arbitrum-sepolia-dev + # prod environments (requires a tag starting with dapp-v) + - bellecour-prod + - arbitrum-sepolia-prod + - arbitrum-prod + # Optional inputs for manual override + docker_image_tag: + description: 'Docker image tag (if not provided, will build from scratch)' + required: false + type: string + checksum: + description: 'Docker image checksum (if not provided, will build from scratch)' + required: false + type: string + fingerprint: + description: 'Docker image fingerprint (if not provided, will build from scratch)' + required: false + type: string + +jobs: + extract-tag: + runs-on: ubuntu-latest + outputs: + clean_tag: ${{ steps.tag.outputs.clean_tag }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Check and extract tag + id: tag + run: | + if [[ "${{ github.event.inputs.environment }}" == *-prod ]]; then + if [[ "${GITHUB_REF}" != refs/tags/dapp-v* ]]; then + echo "Error: The ref must be a tag starting with 'dapp-v' for production deployments." + exit 1 + fi + TAG=${GITHUB_REF#refs/tags/dapp-v}-$(date +%s) + echo "clean_tag=${TAG}" | tee -a $GITHUB_OUTPUT + else + echo "clean_tag=dev" | tee -a $GITHUB_OUTPUT + fi + + docker-publish: + if: ${{ !github.event.inputs.docker_image_tag }} + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/docker-build.yml@docker-build-v2.3.1 + needs: [extract-tag] + with: + image-name: 'iexechub/web3telegram-dapp' + registry: 'docker.io' + dockerfile: 'dapp/Dockerfile' + context: 'dapp' + security-scan: true + security-report: 'sarif' + hadolint: true + push: true + image-tag: ${{ needs.extract-tag.outputs.clean_tag }} + secrets: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PAT }} + + sconify: + if: ${{ !github.event.inputs.docker_image_tag }} + uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/sconify.yml@sconify-v2.0.0 + needs: [docker-publish, extract-tag] + with: + image-name: 'iexechub/web3telegram-dapp' + image-tag: ${{ needs.extract-tag.outputs.clean_tag }} + sconify-debug: false + sconify-prod: true + docker-registry: docker.io + sconify-version: ${{ vars.SCONIFY_VERSION }} + binary: /usr/local/bin/node + command: node + host-path: | + /etc/hosts + /etc/resolv.conf + binary-fs: true + fs-dir: /app + heap: 1G + dlopen: 1 + mprotect: 0 + secrets: + docker-username: ${{ secrets.DOCKERHUB_USERNAME }} + docker-password: ${{ secrets.DOCKERHUB_PAT }} + scontain-username: ${{ secrets.SCONTAIN_REGISTRY_USERNAME }} + scontain-password: ${{ secrets.SCONTAIN_REGISTRY_PAT }} + scone-signing-key: ${{ secrets.SCONIFY_SIGNING_PRIVATE_KEY }} + + deploy-dapp: + needs: [extract-tag, sconify] + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + outputs: + app_address: ${{ steps.deploy.outputs.app_address }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.19.0' + cache: 'npm' + + - name: Install dependencies + run: | + npm ci + cd node_modules/whitelist-smart-contract + npm install --save-dev ts-node + cd ../../deployment-dapp + npm ci + + - name: Deploy dapp contract + id: deploy + env: + WALLET_PRIVATE_KEY: ${{ secrets.WEB3TELEGRAM_APP_OWNER_PRIVATEKEY }} + DOCKER_IMAGE_TAG: ${{ github.event.inputs.docker_image_tag || needs.sconify.outputs.prod-image-tag }} + CHECKSUM: ${{ github.event.inputs.checksum || needs.sconify.outputs.prod-checksum }} + FINGERPRINT: ${{ github.event.inputs.fingerprint || needs.sconify.outputs.prod-mrenclave }} + RPC_URL: ${{ secrets.RPC_URL }} + SCONIFY_VERSION: ${{ vars.SCONIFY_VERSION }} + run: | + cd deployment-dapp + npm run deploy-dapp + echo "app_address=$(cat .app-address)" >> $GITHUB_OUTPUT + + - name: Upload app address artifact + uses: actions/upload-artifact@v4 + with: + name: app-address + path: deployment-dapp/.app-address + retention-days: 30 diff --git a/.github/workflows/02-push-dapp-secret.yml b/.github/workflows/02-push-dapp-secret.yml new file mode 100644 index 0000000..23ad9ee --- /dev/null +++ b/.github/workflows/02-push-dapp-secret.yml @@ -0,0 +1,55 @@ +name: 02-push-dapp-secret.yml + +on: + workflow_dispatch: + inputs: + environment: + description: 'Deployment environment' + required: true + type: choice + options: + # dev environments + - bellecour-dev + - arbitrum-sepolia-dev + # prod environments + - bellecour-prod + - arbitrum-sepolia-prod + - arbitrum-prod + app_address: + description: 'App contract address' + required: true + type: string + +jobs: + push-secret: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.19.0' + cache: 'npm' + + - name: Install dependencies + run: | + npm ci + cd deployment-dapp + npm ci + + - name: Create app address file + run: | + echo "${{ inputs.app_address }}" > deployment-dapp/.app-address + echo "Using app address: ${{ inputs.app_address }}" + + - name: Push dapp secret + env: + WALLET_PRIVATE_KEY: ${{ secrets.WEB3TELEGRAM_APP_OWNER_PRIVATEKEY }} + TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }} + RPC_URL: ${{ secrets.RPC_URL }} + run: | + cd deployment-dapp + npm run push-dapp-secret diff --git a/.github/workflows/03-publish-sell-order.yml b/.github/workflows/03-publish-sell-order.yml new file mode 100644 index 0000000..692e3fb --- /dev/null +++ b/.github/workflows/03-publish-sell-order.yml @@ -0,0 +1,64 @@ +name: 03-publish-sell-order.yml + +on: + workflow_dispatch: + inputs: + environment: + description: 'Deployment environment' + required: true + type: choice + options: + # dev environments + - bellecour-dev + - arbitrum-sepolia-dev + # prod environments + - bellecour-prod + - arbitrum-sepolia-prod + - arbitrum-prod + app_address: + description: 'App contract address' + required: true + type: string + price: + description: 'Sell order price' + required: true + type: string + volume: + description: 'Sell order volume' + required: true + type: string + +jobs: + publish-sell-order: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.19.0' + cache: 'npm' + + - name: Install dependencies + run: | + npm ci + cd deployment-dapp + npm ci + + - name: Create app address file + run: | + echo "${{ inputs.app_address }}" > deployment-dapp/.app-address + echo "Using app address: ${{ inputs.app_address }}" + + - name: Publish free sell order + env: + WALLET_PRIVATE_KEY: ${{ secrets.WEB3TELEGRAM_APP_OWNER_PRIVATEKEY }} + PRICE: ${{ inputs.price }} + VOLUME: ${{ inputs.volume }} + RPC_URL: ${{ secrets.RPC_URL }} + run: | + cd deployment-dapp + npm run publish-sell-order diff --git a/.github/workflows/04-add-resource-whitelist.yml b/.github/workflows/04-add-resource-whitelist.yml new file mode 100644 index 0000000..64c334d --- /dev/null +++ b/.github/workflows/04-add-resource-whitelist.yml @@ -0,0 +1,55 @@ +name: 04-add-resource-whitelist.yml + +on: + workflow_dispatch: + inputs: + environment: + description: 'Deployment environment' + required: true + type: choice + options: + # dev environments + - bellecour-dev + - arbitrum-sepolia-dev + # prod environments + - bellecour-prod + - arbitrum-sepolia-prod + - arbitrum-prod + app_address: + description: 'App contract address' + required: true + type: string + whitelist_contract_address: + description: 'Whitelist contract address (optional, uses environment variable by default)' + required: false + type: string + +jobs: + add-to-whitelist: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.19.0' + cache: 'npm' + + - name: Install dependencies + run: | + npm ci + cd node_modules/whitelist-smart-contract + npm install --save-dev ts-node + + - name: Add resource to whitelist + env: + CONTRACT_ADDRESS: ${{ inputs.whitelist_contract_address || vars.WEB3TELEGRAM_WHITELIST_CONTRACT_ADDRESS }} + PRIVATE_KEY: ${{ secrets.WEB3TELEGRAM_APP_OWNER_PRIVATEKEY }} + WHITELIST_NETWORK_NAME: ${{ vars.WHITELIST_NETWORK_NAME }} + run: | + cd node_modules/whitelist-smart-contract + export ADDRESS_TO_ADD=${{ inputs.app_address }} + npm run addResourceToWhitelist -- --network $WHITELIST_NETWORK_NAME diff --git a/.github/workflows/05-configure-ens.yml b/.github/workflows/05-configure-ens.yml new file mode 100644 index 0000000..d9d95a6 --- /dev/null +++ b/.github/workflows/05-configure-ens.yml @@ -0,0 +1,58 @@ +name: 05-configure-ens.yml + +on: + workflow_dispatch: + inputs: + environment: + description: 'Deployment environment' + required: true + type: choice + options: + # dev environments + - bellecour-dev + - arbitrum-sepolia-dev + # prod environments + - bellecour-prod + - arbitrum-sepolia-prod + - arbitrum-prod + app_address: + description: 'App contract address' + required: true + type: string + ens_name: + description: 'ENS name to configure' + required: true + type: string + +jobs: + configure-ens: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.19.0' + cache: 'npm' + + - name: Install dependencies + run: | + npm ci + cd deployment-dapp + npm ci + + - name: Create app address file + run: | + echo "${{ inputs.app_address }}" > deployment-dapp/.app-address + echo "Using app address: ${{ inputs.app_address }}" + + - name: Configure ENS + env: + WALLET_PRIVATE_KEY: ${{ secrets.WEB3TELEGRAM_APP_OWNER_PRIVATEKEY }} + DAPP_ENS_NAME: ${{ inputs.ens_name }} + run: | + cd deployment-dapp + npm run configure-ens diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 0000000..de69af7 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,184 @@ +# GitHub Workflows - Web3Telegram SDK + +Complete documentation of GitHub Actions workflows for the Web3Telegram SDK project. + +## 📋 Overview + +The project uses 3 categories of workflows: + +- **SDK** : CI, build, NPM publication of the SDK +- **DApp** : CI and application deployment +- **Release** : Version management and releases + +## 🚀 SDK Workflows + +### `sdk-ci.yml` + +**SDK CI** - Automatic validation on every PR + +- **Trigger** : Pull Request on `src/`, `tests/`, configs +- **Actions** : Lint, unit tests, TypeScript build +- **Concurrency** : Cancels previous runs + +### `sdk-npm-publish.yml` + +**Manual NPM Publication** - Deploy to NPM + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `tag` (latest/nightly) +- **Restriction** : `main` branch only + +### `sdk-release.yml` + +**Automatic NPM Publication** - Official release + +- **Trigger** : Tag `web3telegram-v*` +- **Action** : Publication with `latest` tag + +### `reusable-sdk-npm.yml` + +**Reusable Workflow** - Template for NPM publication + +- **Type** : `workflow_call` +- **Usage** : Used by `sdk-npm-publish.yml` and `sdk-release.yml` + +## 🏗️ DApp Workflows + +### `dapp-ci.yml` + +**Application CI** - DApp code validation + +- **Trigger** : Pull Request on `dapp/` +- **Actions** : Lint, tests, validation + +### `deployment/deployment-dapp-ci.yml` + +**Deployment CI** - Deployment scripts validation + +- **Trigger** : Pull Request on `deployment-dapp/` +- **Actions** : Lint, TypeScript scripts tests + +## 🚀 Deployment Workflows + +### `dapp-deploy.yml` (Main) + +**Complete Deployment** + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `environment` (bellecour-dev, arbitrum-sepolia-dev, etc.) +- **Process** : + 1. Docker build + Sconify + 2. Contract deployment + 3. Push secrets + 4. Publish sell order + 5. Whitelist + 6. ENS configuration + +### `01-deploy-dapp-contract.yml` + +**Contract Deployment** - Deploy the smart contract + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `environment`, `docker_image_tag`, `checksum`, `fingerprint` +- **Outputs** : `app_address` + +### `02-push-dapp-secret.yml` + +**Push Secrets** - Push secrets to SMS (Secret Management Service) + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `environment`, `app_address` + +### `03-publish-sell-order.yml` + +**Sell Order** - Publish a free sell order + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `environment`, `app_address`, `price`, `volume` + +### `04-add-resource-whitelist.yml` + +**Whitelist** - Add app to a whitelist already deployed on whitelist-smartcontract repo and transfer ownership to web3telegram wallet + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `environment`, `app_address`, `whitelist_contract_address` (optional) + +### `05-configure-ens.yml` + +**ENS Configuration** - Configure ENS name (only on bellecour environment) + +- **Trigger** : `workflow_dispatch` +- **Inputs** : `environment`, `app_address`, `ens_name` + +## 📦 Release Workflows + +### `release.yml` + +**Release Please** - Automatic version management + +- **Trigger** : Push on `main` +- **Action** : Automatic release PR creation + +### `conventional-commits.yml` + +**Commit Validation** - Check conventional commits + +- **Trigger** : Pull Request +- **Action** : Commit format validation + +## 🎯 Usage + +### Complete Deployment + +```bash +gh workflow run dapp-deploy.yml -f environment=bellecour-dev +``` + +### SDK Publication + +```bash +# Manual publication +gh workflow run sdk-npm-publish.yml -f tag=nightly + +# Automatic publication (via tag) +git tag web3telegram-v1.0.0 +git push origin web3telegram-v1.0.0 +``` + +## 🔧 Environments + +| Environment | Network | Usage | +| ----------------------- | ----------------- | --------------- | +| `bellecour-dev` | Bellecour Testnet | Development | +| `arbitrum-sepolia-dev` | Arbitrum Sepolia | Testing | +| `bellecour-prod` | Bellecour Mainnet | Production | +| `arbitrum-sepolia-prod` | Arbitrum Sepolia | Production test | +| `arbitrum-prod` | Arbitrum Mainnet | Production | + +## 📁 Structure + +``` +.github/workflows/ +├── sdk-ci.yml # SDK CI +├── sdk-npm-publish.yml # Manual NPM publication +├── sdk-release.yml # Automatic NPM publication +├── reusable-sdk-npm.yml # NPM template +├── dapp-ci.yml # DApp CI +├── release.yml # Release Please +├── conventional-commits.yml # Commit validation +├── dapp-deploy.yml # Main orchestrator +├── 01-deploy-dapp-contract.yml # Contract deployment +├── 02-push-dapp-secret.yml # Push secrets +├── 03-publish-sell-order.yml # Publish sell order +├── 04-add-resource-whitelist.yml # Whitelist app +├── 05-configure-ens.yml # Configure ENS +└── deployment-dapp-ci.yml # Deployment CI +``` + +## ⚡ Benefits + +- **Modularity** : Each step can be executed independently +- **Recovery** : In case of failure, restart only the concerned step +- **Flexibility** : Reusable and configurable workflows +- **Security** : Automatic validation and separate environments +- **Traceability** : Detailed logs for each step