boundless-contract/.github/workflows/contract-deploy.yml at develop · boundlessfi/boundless-contract · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Contract Deployment

on:
  push:
    branches:
      - main
      - develop
    paths:
      - 'contracts/**'
      - '.github/workflows/contract-deploy.yml'
  workflow_dispatch:
    inputs:
      network:
        description: 'Network to deploy to (testnet/mainnet)'
        required: true
        default: 'testnet'
        type: choice
        options:
          - testnet
          - mainnet
      account:
        description: 'Account to deploy from'
        required: true
        default: 'alice'
        type: string
  workflow_call:
    secrets:
      STELLAR_SECRET_KEY:
        required: true
      SOROBAN_SECRET_KEY:
        required: true
      CONTRACT_ID:
        required: false

permissions:
  contents: read
  actions: read
  id-token: write

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Rust and Stellar
        uses: ./.github/actions/setup-rust-stellar

      - name: Verify secrets
        run: |
          echo "Verifying secrets..."
          if [ -n "${{ secrets.STELLAR_SECRET_KEY }}" ]; then
            # Show first and last 4 characters of the secret key
            SECRET_KEY="${{ secrets.STELLAR_SECRET_KEY }}"
            FIRST_CHARS=${SECRET_KEY:0:4}
            LAST_CHARS=${SECRET_KEY: -4}
            echo "STELLAR_SECRET_KEY is set (length: ${#SECRET_KEY})"
            echo "First 4 chars: $FIRST_CHARS"
            echo "Last 4 chars: $LAST_CHARS"
          else
            echo "STELLAR_SECRET_KEY is not set!"
          fi

          if [ -n "${{ secrets.SOROBAN_SECRET_KEY }}" ]; then
            # Show first and last 4 characters of the secret key
            SECRET_KEY="${{ secrets.SOROBAN_SECRET_KEY }}"
            FIRST_CHARS=${SECRET_KEY:0:4}
            LAST_CHARS=${SECRET_KEY: -4}
            echo "SOROBAN_SECRET_KEY is set (length: ${#SECRET_KEY})"
            echo "First 4 chars: $FIRST_CHARS"
            echo "Last 4 chars: $LAST_CHARS"
          else
            echo "SOROBAN_SECRET_KEY is not set!"
          fi

          if [ -n "${{ secrets.CONTRACT_ID }}" ]; then
            # Show first and last 4 characters of the contract ID
            CONTRACT_ID="${{ secrets.CONTRACT_ID }}"
            FIRST_CHARS=${CONTRACT_ID:0:4}
            LAST_CHARS=${CONTRACT_ID: -4}
            echo "CONTRACT_ID is set (length: ${#CONTRACT_ID})"
            echo "First 4 chars: $FIRST_CHARS"
            echo "Last 4 chars: $LAST_CHARS"
          else
            echo "CONTRACT_ID is not set (this is normal for first deployment)"
          fi

      - name: Deploy/Upgrade contract
        env:
          STELLAR_NETWORK: ${{ github.event.inputs.network || 'testnet' }}
          STELLAR_ACCOUNT: ${{ github.event.inputs.account || 'alice' }}
          STELLAR_SECRET_KEY: ${{ secrets.STELLAR_SECRET_KEY }}
          SOROBAN_SECRET_KEY: ${{ secrets.SOROBAN_SECRET_KEY }}
          CONTRACT_ID: ${{ secrets.CONTRACT_ID }}
        run: |
          echo "Deploying/Upgrading contract on $STELLAR_NETWORK using account $STELLAR_SECRET_KEY"

          # Make the script executable
          chmod +x ./deploy_and_upgrade.sh

          # Create .stellar directory if it doesn't exist
          mkdir -p .stellar

          # If CONTRACT_ID secret is available, save it to the file
          if [ -n "$CONTRACT_ID" ]; then
            echo "Using contract ID from GitHub secrets"
            echo $CONTRACT_ID > .stellar/contract_id_${STELLAR_NETWORK}.txt
          fi

          # Log the command that will be executed (without the actual secret)
          echo "Executing: ./deploy_and_upgrade.sh deploy $STELLAR_NETWORK [SECRET_KEY]"

          # Run the deploy and upgrade script with upgrade command by default
          ./deploy_and_upgrade.sh upgrade $STELLAR_NETWORK $STELLAR_SECRET_KEY

          # Check if the contract ID file was created
          if [ -f .stellar/contract_id_${STELLAR_NETWORK}.txt ]; then
            NEW_CONTRACT_ID=$(cat .stellar/contract_id_${STELLAR_NETWORK}.txt)
            echo "Contract ID from file: $NEW_CONTRACT_ID"
            echo "CONTRACT_ID=$NEW_CONTRACT_ID" >> $GITHUB_ENV
          else
            echo "Contract ID file not found. Deployment may have failed."
            exit 1
          fi

      - name: Notify on success
        if: success()
        run: |
          echo "Contract deployment/upgrade completed successfully!"
          echo "Contract ID: $CONTRACT_ID"
          echo "Network: $STELLAR_NETWORK"
          echo ""
          echo "IMPORTANT: Please update the CONTRACT_ID secret in your GitHub repository settings with the value above."
          echo "You can do this by going to: Settings > Secrets and variables > Actions > New repository secret"
          echo "Name: CONTRACT_ID"
          echo "Value: $CONTRACT_ID"