Skip to content

Add TACo commitment checks and alerts when topping up or de-authing #2210

Add TACo commitment checks and alerts when topping up or de-authing

Add TACo commitment checks and alerts when topping up or de-authing #2210

Workflow file for this run

name: Token Dashboard / CI
on:
schedule:
- cron: "0 0 * * *"
push:
branches:
- main
pull_request:
workflow_dispatch:
inputs:
environment:
description: "Environment (network) for workflow execution, e.g. `sepolia`"
required: false
upstream_builds:
description: "Upstream builds"
required: false
upstream_ref:
description: "Git reference to checkout (e.g. branch name)"
required: false
default: "main"
jobs:
format:
name: Check code format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "18"
cache: "yarn"
# This step forces Git to download dependencies using `https://` protocol,
# even if `yarn.json` refers to some package via `git://`. Using `git://`
# is no longer supported by GH. One of the dashboard dependencies by
# default uses `git://` and we needed to manually remove it every time
# it re-appeared in the lock file. Now even if it does re-appear, the
# `yarn install --frozen-lockfile` will not fail.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Install dependencies
run: yarn install --ignore-scripts --frozen-lockfile
- name: Run token-dashboard post-install script
run: yarn run postinstall
- name: Check formatting
run: yarn format
build-and-test:
name: Build and test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: "18"
cache: "yarn"
# We need this step because the `@keep-network/tbtc` which we update in
# next step has a dependency to `@summa-tx/[email protected]` package, which
# downloads one of its sub-dependencies via unathenticated `git://`
# protocol. That protocol is no longer supported. Thanks to this step
# `https://` is used instead of `git://`.
- name: Configure git to don't use unauthenticated protocol
run: git config --global url."https://".insteadOf git://
- name: Resolve latest contracts
run: |
yarn upgrade \
@threshold-network/solidity-contracts \
@keep-network/keep-core \
@keep-network/keep-ecdsa \
@keep-network/tbtc \
@keep-network/random-beacon --ignore-scripts
- name: Run postinstall script
# `yarn upgrade` doesn't trigger the `postinstall` script.
run: yarn run postinstall
- name: Build
run: yarn build
env:
PUBLIC_URL: /${{ github.head_ref }}
CHAIN_ID: 11155111
ETH_HOSTNAME_HTTP: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
ETH_HOSTNAME_WS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }}
NODE_OPTIONS: --max_old_space_size=4096
ELECTRUM_PROTOCOL: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }}
ELECTRUM_HOST: ${{ secrets.TESTNET_ELECTRUMX_HOST }}
ELECTRUM_PORT: ${{ secrets.TESTNET_ELECTRUMX_PORT }}
WALLET_CONNECT_PROJECT_ID: ${{ secrets.WALLET_CONNECT_PROJECT_ID }}
# FIXME: Tests are missing, will this step be needed?
# - name: Test
# run: yarn test
# This job will be triggered for PR updates. It will build the dashboard
# using `dapp-development-sepolia`-taggeed packages which contain contracts
# with values modified to help with the testing of dashboard. The code will be
# published to
# https://preview.dashboard.test.threshold.network/${{ github.head_ref }}/index.html
# and link to the deployment will be posted as a comment in the PR.
build-and-deploy-testnet-preview:
name: Deploy preview to testnet
needs: build-and-test
if: github.event_name == 'pull_request'
uses: ./.github/workflows/reusable-build-and-publish.yml
with:
environment: sepolia
useUpstreamBuilds: false
# We use `dapp-development-sepolia`-taggeed packages with modified
# contracts. They contain modifications that help with the testing of
# dashboard features.
dependentPackagesTag: dapp-development-sepolia
gcpBucketName: preview.dashboard.test.threshold.network
gcpBucketPath: ${{ github.head_ref }}
preview: true
secrets:
ethUrlHttp: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
ethUrlWS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }}
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
electrumProtocol: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }}
electrumHost: ${{ secrets.TESTNET_ELECTRUMX_HOST }}
electrumPort: ${{ secrets.TESTNET_ELECTRUMX_PORT }}
sentryDsn: ${{ secrets.TESTNET_SENTRY_DSN }}
walletConnectProjectId: ${{ secrets.WALLET_CONNECT_PROJECT_ID }}
# This job will be triggered via the `workflow_dispatch` event, as part of the
# CI flow, which gets triggered manually after changes in the contracts,
# client code, etc. As after such changes the manual rotation of the client
# pods is needed, we configure the job to use the protected `testnet`
# environment. Thanks to this, the job won't start until somebody approves it
# in GH Actions.
# The code will be published to https://dashboard.test.threshold.network/index.html.
build-and-deploy-testnet-on-dispatch:
name: Deploy to testnet
needs: build-and-test
if: |
github.event_name == 'workflow_dispatch'
&& github.ref == 'refs/heads/main'
uses: ./.github/workflows/reusable-build-and-publish.yml
with:
requireApproval: true
environment: sepolia
useUpstreamBuilds: true
upstreamBuilds: ${{ github.event.inputs.upstream_builds }}
gcpBucketName: dashboard.test.threshold.network
preview: false
secrets:
ethUrlHttp: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
ethUrlWS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }}
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
electrumProtocol: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }}
electrumHost: ${{ secrets.TESTNET_ELECTRUMX_HOST }}
electrumPort: ${{ secrets.TESTNET_ELECTRUMX_PORT }}
sentryDsn: ${{ secrets.TESTNET_SENTRY_DSN }}
walletConnectProjectId: ${{ secrets.WALLET_CONNECT_PROJECT_ID }}
# This job will be triggered after merges of PRs to the `main` branch. As the
# triggering is not related to the changes in the contracts / client code, we
# don't need to rotate the pods and hence don't need to wait with the
# execution of workflow for the manual approval.
# The code will be published to https://dashboard.test.threshold.network/index.html.
build-and-deploy-testnet-on-push:
name: Deploy to testnet
needs: build-and-test
if: github.event_name == 'push'
uses: ./.github/workflows/reusable-build-and-publish.yml
with:
environment: sepolia
useUpstreamBuilds: false
dependentPackagesTag: sepolia
gcpBucketName: dashboard.test.threshold.network
preview: false
secrets:
ethUrlHttp: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }}
ethUrlWS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }}
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }}
electrumProtocol: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }}
electrumHost: ${{ secrets.TESTNET_ELECTRUMX_HOST }}
electrumPort: ${{ secrets.TESTNET_ELECTRUMX_PORT }}
sentryDsn: ${{ secrets.TESTNET_SENTRY_DSN }}
walletConnectProjectId: ${{ secrets.WALLET_CONNECT_PROJECT_ID }}