Add TACo commitment checks and alerts when topping up or de-authing #2210
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Token Dashboard / CI | |
on: | |
schedule: | |
- cron: "0 0 * * *" | |
push: | |
branches: | |
- main | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: "Environment (network) for workflow execution, e.g. `sepolia`" | |
required: false | |
upstream_builds: | |
description: "Upstream builds" | |
required: false | |
upstream_ref: | |
description: "Git reference to checkout (e.g. branch name)" | |
required: false | |
default: "main" | |
jobs: | |
format: | |
name: Check code format | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
cache: "yarn" | |
# This step forces Git to download dependencies using `https://` protocol, | |
# even if `yarn.json` refers to some package via `git://`. Using `git://` | |
# is no longer supported by GH. One of the dashboard dependencies by | |
# default uses `git://` and we needed to manually remove it every time | |
# it re-appeared in the lock file. Now even if it does re-appear, the | |
# `yarn install --frozen-lockfile` will not fail. | |
- name: Configure git to don't use unauthenticated protocol | |
run: git config --global url."https://".insteadOf git:// | |
- name: Install dependencies | |
run: yarn install --ignore-scripts --frozen-lockfile | |
- name: Run token-dashboard post-install script | |
run: yarn run postinstall | |
- name: Check formatting | |
run: yarn format | |
build-and-test: | |
name: Build and test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
cache: "yarn" | |
# We need this step because the `@keep-network/tbtc` which we update in | |
# next step has a dependency to `@summa-tx/[email protected]` package, which | |
# downloads one of its sub-dependencies via unathenticated `git://` | |
# protocol. That protocol is no longer supported. Thanks to this step | |
# `https://` is used instead of `git://`. | |
- name: Configure git to don't use unauthenticated protocol | |
run: git config --global url."https://".insteadOf git:// | |
- name: Resolve latest contracts | |
run: | | |
yarn upgrade \ | |
@threshold-network/solidity-contracts \ | |
@keep-network/keep-core \ | |
@keep-network/keep-ecdsa \ | |
@keep-network/tbtc \ | |
@keep-network/random-beacon --ignore-scripts | |
- name: Run postinstall script | |
# `yarn upgrade` doesn't trigger the `postinstall` script. | |
run: yarn run postinstall | |
- name: Build | |
run: yarn build | |
env: | |
PUBLIC_URL: /${{ github.head_ref }} | |
CHAIN_ID: 11155111 | |
ETH_HOSTNAME_HTTP: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
ETH_HOSTNAME_WS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }} | |
NODE_OPTIONS: --max_old_space_size=4096 | |
ELECTRUM_PROTOCOL: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }} | |
ELECTRUM_HOST: ${{ secrets.TESTNET_ELECTRUMX_HOST }} | |
ELECTRUM_PORT: ${{ secrets.TESTNET_ELECTRUMX_PORT }} | |
WALLET_CONNECT_PROJECT_ID: ${{ secrets.WALLET_CONNECT_PROJECT_ID }} | |
# FIXME: Tests are missing, will this step be needed? | |
# - name: Test | |
# run: yarn test | |
# This job will be triggered for PR updates. It will build the dashboard | |
# using `dapp-development-sepolia`-taggeed packages which contain contracts | |
# with values modified to help with the testing of dashboard. The code will be | |
# published to | |
# https://preview.dashboard.test.threshold.network/${{ github.head_ref }}/index.html | |
# and link to the deployment will be posted as a comment in the PR. | |
build-and-deploy-testnet-preview: | |
name: Deploy preview to testnet | |
needs: build-and-test | |
if: github.event_name == 'pull_request' | |
uses: ./.github/workflows/reusable-build-and-publish.yml | |
with: | |
environment: sepolia | |
useUpstreamBuilds: false | |
# We use `dapp-development-sepolia`-taggeed packages with modified | |
# contracts. They contain modifications that help with the testing of | |
# dashboard features. | |
dependentPackagesTag: dapp-development-sepolia | |
gcpBucketName: preview.dashboard.test.threshold.network | |
gcpBucketPath: ${{ github.head_ref }} | |
preview: true | |
secrets: | |
ethUrlHttp: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
ethUrlWS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }} | |
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }} | |
electrumProtocol: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }} | |
electrumHost: ${{ secrets.TESTNET_ELECTRUMX_HOST }} | |
electrumPort: ${{ secrets.TESTNET_ELECTRUMX_PORT }} | |
sentryDsn: ${{ secrets.TESTNET_SENTRY_DSN }} | |
walletConnectProjectId: ${{ secrets.WALLET_CONNECT_PROJECT_ID }} | |
# This job will be triggered via the `workflow_dispatch` event, as part of the | |
# CI flow, which gets triggered manually after changes in the contracts, | |
# client code, etc. As after such changes the manual rotation of the client | |
# pods is needed, we configure the job to use the protected `testnet` | |
# environment. Thanks to this, the job won't start until somebody approves it | |
# in GH Actions. | |
# The code will be published to https://dashboard.test.threshold.network/index.html. | |
build-and-deploy-testnet-on-dispatch: | |
name: Deploy to testnet | |
needs: build-and-test | |
if: | | |
github.event_name == 'workflow_dispatch' | |
&& github.ref == 'refs/heads/main' | |
uses: ./.github/workflows/reusable-build-and-publish.yml | |
with: | |
requireApproval: true | |
environment: sepolia | |
useUpstreamBuilds: true | |
upstreamBuilds: ${{ github.event.inputs.upstream_builds }} | |
gcpBucketName: dashboard.test.threshold.network | |
preview: false | |
secrets: | |
ethUrlHttp: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
ethUrlWS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }} | |
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }} | |
electrumProtocol: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }} | |
electrumHost: ${{ secrets.TESTNET_ELECTRUMX_HOST }} | |
electrumPort: ${{ secrets.TESTNET_ELECTRUMX_PORT }} | |
sentryDsn: ${{ secrets.TESTNET_SENTRY_DSN }} | |
walletConnectProjectId: ${{ secrets.WALLET_CONNECT_PROJECT_ID }} | |
# This job will be triggered after merges of PRs to the `main` branch. As the | |
# triggering is not related to the changes in the contracts / client code, we | |
# don't need to rotate the pods and hence don't need to wait with the | |
# execution of workflow for the manual approval. | |
# The code will be published to https://dashboard.test.threshold.network/index.html. | |
build-and-deploy-testnet-on-push: | |
name: Deploy to testnet | |
needs: build-and-test | |
if: github.event_name == 'push' | |
uses: ./.github/workflows/reusable-build-and-publish.yml | |
with: | |
environment: sepolia | |
useUpstreamBuilds: false | |
dependentPackagesTag: sepolia | |
gcpBucketName: dashboard.test.threshold.network | |
preview: false | |
secrets: | |
ethUrlHttp: ${{ secrets.SEPOLIA_ETH_HOSTNAME_HTTP }} | |
ethUrlWS: ${{ secrets.SEPOLIA_ETH_HOSTNAME_WS }} | |
gcpServiceKey: ${{ secrets.KEEP_TEST_CI_UPLOAD_DAPP_JSON_KEY_BASE64 }} | |
electrumProtocol: ${{ secrets.TESTNET_ELECTRUMX_PROTOCOL }} | |
electrumHost: ${{ secrets.TESTNET_ELECTRUMX_HOST }} | |
electrumPort: ${{ secrets.TESTNET_ELECTRUMX_PORT }} | |
sentryDsn: ${{ secrets.TESTNET_SENTRY_DSN }} | |
walletConnectProjectId: ${{ secrets.WALLET_CONNECT_PROJECT_ID }} |