Harden deployment env flows and surface external blockers
This commit is contained in:
defiQUG
@@ -11,7 +11,20 @@
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
DEPLOYER="${DEPLOYER_ADDRESS:-0x4A666F96fC8764181194447A7dFdb7d471b301C8}"
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
cd "$PROJECT_ROOT"
|
||||
|
||||
if [[ -f "$PROJECT_ROOT/scripts/lib/load-project-env.sh" ]]; then
|
||||
# shellcheck disable=SC1090
|
||||
source "$PROJECT_ROOT/scripts/lib/load-project-env.sh" >/dev/null 2>&1 || true
|
||||
fi
|
||||
|
||||
DEPLOYER="${DEPLOYER_ADDRESS:-}"
|
||||
if [[ -z "$DEPLOYER" && -n "${PRIVATE_KEY:-}" ]]; then
|
||||
DEPLOYER="$(cast wallet address "$PRIVATE_KEY" 2>/dev/null || true)"
|
||||
fi
|
||||
DEPLOYER="${DEPLOYER:-0x4A666F96fC8764181194447A7dFdb7d471b301C8}"
|
||||
CHAIN138_PUBLIC_RPC_DEFAULT="https://rpc-http-pub.d-bis.org"
|
||||
RPC="${RPC_URL_138:-${CHAIN138_PUBLIC_RPC_URL:-$CHAIN138_PUBLIC_RPC_DEFAULT}}"
|
||||
|
||||
|
||||
@@ -135,8 +135,10 @@ def deployer_address(env: dict[str, str], override: str | None) -> str:
|
||||
v = (os.environ.get(k) or "").strip()
|
||||
if v:
|
||||
return v
|
||||
pk = env.get("PRIVATE_KEY", "") or (os.environ.get("PRIVATE_KEY") or "").strip()
|
||||
if pk:
|
||||
for key in ("PRIVATE_KEY", "DEPLOYER_PRIVATE_KEY"):
|
||||
pk = (os.environ.get(key) or env.get(key) or "").strip()
|
||||
if not pk or "${" in pk:
|
||||
continue
|
||||
r = subprocess.run(
|
||||
["cast", "wallet", "address", pk],
|
||||
capture_output=True,
|
||||
@@ -145,7 +147,7 @@ def deployer_address(env: dict[str, str], override: str | None) -> str:
|
||||
)
|
||||
if r.returncode == 0 and r.stdout.strip():
|
||||
return r.stdout.strip()
|
||||
return (env.get("DEPLOYER_ADDRESS") or "").strip()
|
||||
return (env.get("DEPLOYER_ADDRESS") or env.get("DEPLOYER") or "").strip()
|
||||
|
||||
|
||||
def parse_uint(s: str) -> int:
|
||||
|
||||
@@ -18,12 +18,12 @@ PUBLIC_ETHEREUM_RPC="${ETHEREUM_MAINNET_PUBLIC_RPC:-https://ethereum-rpc.publicn
|
||||
PUBLIC_CRONOS_RPC="${CRONOS_MAINNET_PUBLIC_RPC:-https://evm.cronos.org}"
|
||||
PUBLIC_ARBITRUM_RPC="${ARBITRUM_MAINNET_PUBLIC_RPC:-https://arbitrum-one-rpc.publicnode.com}"
|
||||
|
||||
DEPLOYER=""
|
||||
if [[ -n "${PRIVATE_KEY:-}" ]]; then
|
||||
DEPLOYER="${DEPLOYER_ADDRESS:-}"
|
||||
if [[ -z "$DEPLOYER" && -n "${PRIVATE_KEY:-}" ]]; then
|
||||
DEPLOYER=$(cast wallet address "$PRIVATE_KEY" 2>/dev/null || true)
|
||||
fi
|
||||
[[ -z "$DEPLOYER" ]] && {
|
||||
echo "Could not derive deployer address. Set PRIVATE_KEY in ${PROJECT_ROOT}/.env, smom-dbis-138/.env, or ~/.secure-secrets/private-keys.env" >&2
|
||||
echo "Could not derive deployer address. Set PRIVATE_KEY or DEPLOYER_ADDRESS in repo .env, smom-dbis-138/.env, or ~/.secure-secrets/private-keys.env" >&2
|
||||
exit 1
|
||||
}
|
||||
echo "Deployer address: $DEPLOYER"
|
||||
|
||||
@@ -40,10 +40,15 @@ fi
|
||||
set -a
|
||||
source "$SMOM/.env"
|
||||
set +a
|
||||
if [[ -f "$SMOM/scripts/lib/deployment/dotenv.sh" ]]; then
|
||||
# shellcheck disable=SC1090
|
||||
source "$SMOM/scripts/lib/deployment/dotenv.sh"
|
||||
load_deployment_env --repo-root "$PROJECT_ROOT"
|
||||
fi
|
||||
|
||||
# 2) RPC: Core (2101) only — no Public fallback for deployments
|
||||
RPC="${RPC_URL_138:-http://192.168.11.211:8545}"
|
||||
[[ -z "${PRIVATE_KEY:-}" ]] && echo "PRIVATE_KEY not set in $SMOM/.env. Abort." >&2 && exit 1
|
||||
require_private_key_env "Set PRIVATE_KEY in $SMOM/.env, repo .env, or ~/.secure-secrets/private-keys.env." || exit 1
|
||||
# Chain 138 gas: min 1 gwei; use GAS_PRICE from .env or default
|
||||
GAS_PRICE="${GAS_PRICE_138:-${GAS_PRICE:-1000000000}}"
|
||||
|
||||
@@ -73,7 +78,7 @@ else
|
||||
fi
|
||||
|
||||
# 4) Always check deployer nonce (pending) and set NEXT_NONCE for scripts
|
||||
DEPLOYER=$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null) || { echo "cast wallet address failed. Check PRIVATE_KEY in .env." >&2; exit 1; }
|
||||
DEPLOYER="$(derive_deployer_address)" || { echo "Could not derive deployer address from PRIVATE_KEY." >&2; exit 1; }
|
||||
NONCE_PENDING=$(cast nonce "$DEPLOYER" --rpc-url "$RPC" --block pending 2>/dev/null) || true
|
||||
NONCE_LATEST=$(cast nonce "$DEPLOYER" --rpc-url "$RPC" --block latest 2>/dev/null) || true
|
||||
# Normalize: empty or non-numeric -> use latest, then 0; ensure decimal for export
|
||||
|
||||
@@ -10,11 +10,17 @@ PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
||||
SMOM="${PROJECT_ROOT}/smom-dbis-138"
|
||||
NONCE="${1:-13370}"
|
||||
|
||||
[[ -f "${SMOM}/.env" ]] && set -a && source "${SMOM}/.env" 2>/dev/null && set +a
|
||||
if [[ -f "${SMOM}/scripts/lib/deployment/dotenv.sh" ]]; then
|
||||
# shellcheck disable=SC1090
|
||||
source "${SMOM}/scripts/lib/deployment/dotenv.sh"
|
||||
load_deployment_env --repo-root "$PROJECT_ROOT"
|
||||
elif [[ -f "${SMOM}/.env" ]]; then
|
||||
set -a && source "${SMOM}/.env" 2>/dev/null && set +a
|
||||
fi
|
||||
RPC="${RPC_URL_138:-${RPC_URL_138_PUBLIC:-http://192.168.11.221:8545}}"
|
||||
[[ -z "${PRIVATE_KEY:-}" ]] && echo "PRIVATE_KEY not set." >&2 && exit 1
|
||||
[[ "${PRIVATE_KEY#0x}" == "$PRIVATE_KEY" ]] && export PRIVATE_KEY="0x$PRIVATE_KEY"
|
||||
ADMIN="${MIRROR_ADMIN:-$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null)}"
|
||||
require_private_key_env "Set PRIVATE_KEY in smom-dbis-138/.env, repo .env, or ~/.secure-secrets/private-keys.env." || exit 1
|
||||
ADMIN="${MIRROR_ADMIN:-$(derive_deployer_address 2>/dev/null || true)}"
|
||||
[[ -n "$ADMIN" ]] || { echo "ERROR: Could not derive deployer address from PRIVATE_KEY." >&2; exit 1; }
|
||||
|
||||
echo "Deploying TransactionMirror (nonce=$NONCE) to $RPC"
|
||||
cd "$SMOM"
|
||||
|
||||
@@ -17,6 +17,11 @@ for a in "$@"; do [[ "$a" == "--dry-run" ]] && DRY_RUN=true && break; done
|
||||
|
||||
[[ -f "${SCRIPT_DIR}/../lib/load-project-env.sh" ]] && source "${SCRIPT_DIR}/../lib/load-project-env.sh" 2>/dev/null || true
|
||||
[[ -f "${SMOM}/.env" ]] && set -a && source "${SMOM}/.env" 2>/dev/null && set +a || true
|
||||
if [[ -f "${SMOM}/scripts/lib/deployment/dotenv.sh" ]]; then
|
||||
# shellcheck disable=SC1090
|
||||
source "${SMOM}/scripts/lib/deployment/dotenv.sh"
|
||||
load_deployment_env --repo-root "$PROJECT_ROOT"
|
||||
fi
|
||||
|
||||
# RPC_URL_138 or RPC_URL (alias)
|
||||
RPC="${RPC_URL_138:-${RPC_URL:-http://192.168.11.211:8545}}"
|
||||
@@ -24,13 +29,8 @@ export RPC_URL_138="$RPC"
|
||||
export ETH_RPC_URL="$RPC"
|
||||
GAS_PRICE="${GAS_PRICE:-1000000000}"
|
||||
|
||||
if ! $DRY_RUN && [[ -z "${PRIVATE_KEY:-}" ]]; then
|
||||
echo "ERROR: PRIVATE_KEY not set. Set in smom-dbis-138/.env"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ "${PRIVATE_KEY#0x}" == "$PRIVATE_KEY" ]]; then
|
||||
export PRIVATE_KEY="0x$PRIVATE_KEY"
|
||||
if ! $DRY_RUN; then
|
||||
require_private_key_env "Set PRIVATE_KEY in smom-dbis-138/.env, repo .env, or ~/.secure-secrets/private-keys.env." || exit 1
|
||||
fi
|
||||
export PRIVATE_KEY # Ensure subshells/forge inherit it
|
||||
|
||||
@@ -38,7 +38,11 @@ export PRIVATE_KEY # Ensure subshells/forge inherit it
|
||||
if [[ -n "${MIRROR_ADMIN:-}" ]]; then
|
||||
ADMIN="$MIRROR_ADMIN"
|
||||
else
|
||||
if $DRY_RUN; then ADMIN="<DEPLOYER_ADDRESS>"; else ADMIN=$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null) || { echo "ERROR: cast not found or PRIVATE_KEY invalid"; exit 1; }; fi
|
||||
if $DRY_RUN; then
|
||||
ADMIN="<DEPLOYER_ADDRESS>"
|
||||
else
|
||||
ADMIN="$(derive_deployer_address)" || { echo "ERROR: Could not derive deployer address from PRIVATE_KEY." >&2; exit 1; }
|
||||
fi
|
||||
fi
|
||||
|
||||
if $DRY_RUN; then
|
||||
|
||||
@@ -35,16 +35,19 @@ else
|
||||
fi
|
||||
|
||||
# 3) Load env for RPC and nonce checks (no secrets printed)
|
||||
[[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ]] && source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
||||
set -a
|
||||
source "$SMOM/.env"
|
||||
set +a
|
||||
if [[ -f "$SMOM/scripts/lib/deployment/dotenv.sh" ]]; then
|
||||
# shellcheck disable=SC1090
|
||||
source "$SMOM/scripts/lib/deployment/dotenv.sh"
|
||||
load_deployment_env --repo-root "$PROJECT_ROOT"
|
||||
else
|
||||
[[ -f "${PROJECT_ROOT}/config/ip-addresses.conf" ]] && source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
||||
set -a
|
||||
source "$SMOM/.env"
|
||||
set +a
|
||||
fi
|
||||
|
||||
RPC="${RPC_URL_138:-http://192.168.11.211:8545}"
|
||||
if [[ -z "${PRIVATE_KEY:-}" ]]; then
|
||||
echo "FAIL: PRIVATE_KEY not set in $SMOM/.env." >&2
|
||||
exit 1
|
||||
fi
|
||||
require_private_key_env "Set PRIVATE_KEY in $SMOM/.env, repo .env, or ~/.secure-secrets/private-keys.env." || exit 1
|
||||
|
||||
# 4) RPC: must be Core (chainId 138 = 0x8a)
|
||||
echo ""
|
||||
@@ -62,7 +65,7 @@ fi
|
||||
echo "OK RPC (Core): $RPC (chainId 138)."
|
||||
|
||||
# 5) Nonce: warn if pending > latest (stuck txs)
|
||||
DEPLOYER=$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null) || { echo "FAIL: cast wallet address failed. Check PRIVATE_KEY in .env." >&2; exit 1; }
|
||||
DEPLOYER="$(derive_deployer_address)" || { echo "FAIL: Could not derive deployer address from PRIVATE_KEY." >&2; exit 1; }
|
||||
NONCE_PENDING=$(cast nonce "$DEPLOYER" --rpc-url "$RPC" --block pending 2>/dev/null) || true
|
||||
NONCE_LATEST=$(cast nonce "$DEPLOYER" --rpc-url "$RPC" --block latest 2>/dev/null) || true
|
||||
# Normalize to decimal (cast may return hex 0xN or decimal N)
|
||||
|
||||
Reference in New Issue
Block a user