Add Move deploy actions (#1641)

eike-hass · web-flow · commit f9de65f932c3 · 2025-04-22T17:44:06.000+02:00
diff --git a/.github/actions/iota-rebase-sandbox/load-keytool/action.yml b/.github/actions/iota-rebase-sandbox/load-keytool/action.yml
@@ -0,0 +1,37 @@
+name: 'load-keytool'
+description: 'Load Keytool'
+inputs:
+  network:
+    description: 'Network to configure'
+    required: true
+  pk:
+    description: 'Private key to load into Keytool'
+    required: true
+  bak-pk:
+    description: 'Backup Private key to load into Keytool'
+    required: true
+  faucet:
+    description: "Whether to faucet"
+    required: true
+    
+runs:
+  using: "composite"
+  steps:
+    - name: Load PK into Keytool
+      shell: bash
+      run: |
+        iota keytool import $(iota keytool convert ${inputs.pk} --json | jq -r '.bech32WithFlag') ed25519 --alias deploy-key
+        iota client switch --env ${inputs.network}
+        iota client switch --address deploy-key
+
+        # test backup key
+        iota keytool import $(iota keytool convert ${inputs.bak-pk} --json | jq -r '.bech32WithFlag') ed25519 --alias backup-key
+        iota keytool list --json | jq -r '.[] | select(.alias=="deploy-key")'
+        iota keytool list --json | jq -r '.[] | select(.alias=="backup-key")'
+
+        if [ ${inputs.faucet} == "true" ]; then
+          iota client faucet
+          # wait up tp 5min for Gas to be available
+          timeout 5m bash -c "until (( $(iota client gas --json | jq -r '.[].nanosBalance') > 0)); do sleep 10; done"
+        fi
+
diff --git a/.github/actions/iota-rebase-sandbox/setup/action.yml b/.github/actions/iota-rebase-sandbox/setup/action.yml
@@ -14,6 +14,10 @@ inputs:
     description: "IOTA version to pull from GitHub releases, recognizes well known networks (mainnet, testnet, devnet), defaults to 'testnet'"
     required: false
     default: ""
+  start-sandbox:
+    description: "Wether to start the sandbox or just install"
+    required: false
+    default: "true"
 
 runs:
   using: composite
@@ -84,6 +88,7 @@ runs:
     - name: Start the Network
       shell: bash
       working-directory: iota
+      if: ${{ inputs.start-sandbox == 'true' }}
       run: |
         # Clear previous configuration
         rm -rf ~/.iota || true 
diff --git a/.github/workflows/deploy-move-package.yml b/.github/workflows/deploy-move-package.yml
@@ -0,0 +1,88 @@
+name: Deploy Move package
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Name of branch to checkout'
+        required: true
+      network:
+        description: 'Network to deploy to'
+        required: true
+      faucet:
+        description: 'Whether to faucet'
+        required: true
+      script-path:
+        description: 'Script to tun'
+        required: true
+      dry-run:
+        description: 'Run in dry-run mode'
+        type: boolean
+        required: false
+        default: true
+
+jobs:
+  deploy-move-package:
+    environment: release
+    name: Deploy Move package and create PR to bump references.
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Check out the repo
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.inputs.branch }}
+
+    - name: Start iota sandbox
+      uses: './.github/actions/iota-rebase-sandbox/setup'
+      with:
+        platform: 'linux'
+        iota-version: ${{ github.event.inputs.network }}
+        start-sandbox: false
+
+    - name: Setup Keytool
+      uses: './.github/actions/iota-rebase-sandbox/load-keytool'
+      with:
+        network: ${{ github.event.inputs.network }}
+        pk: ${{secrets.TRUST_FRAMEWORK_PRODUCTS_PRIVATE_KEY}}
+        bak_pk: ${{secrets.TRUST_FRAMEWORK_PRODUCTS_PRIVATE_KEY_BACKUP}} #only for testing, TODO: remove
+        faucet: ${{ github.event.inputs.faucet }}
+
+    - name: Import GPG key
+      id: import-gpg
+      uses: crazy-max/ghaction-import-gpg@cb4264d3319acaa2bea23d51ef67f80b4f775013
+      with:
+        gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+        passphrase: ${{ secrets.GPG_PASSPHRASE }}
+        git_user_signingkey: true
+        git_commit_gpgsign: true
+        git_tag_gpgsign: true
+
+    - name: Run script
+      if: ${{ github.event.inputs.dry-run == 'false' }}
+      run: |
+        source ${{ github.event.inputs.script-path}}
+
+    - name: Commit changes
+      if: ${{ github.event.inputs.dry-run == 'false' }}
+      run: |
+        git add .
+        if [[ $(git diff --stat --staged) == '' ]]; then
+          echo 'repository unmodified'
+          exit 1
+        fi
+        git commit -m "bump version"
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@67df31e08a133c6a77008b89689677067fef169e
+      if: ${{ github.event.inputs.dry-run == 'false' }}
+      with:
+        committer: GitHub <noreply@github.com>
+        author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+        branch: chore/deploy-${{ github.event.inputs.network }} 
+        delete-branch: true
+        title: 'Deploy ${{ github.event.inputs.network }}'
+        body: |
+          This PR contains changes running ${{ github.event.inputs.script-path }} on branch:${{ github.event.inputs.branch }} and network:${{ github.event.inputs.network }}
+        labels: |
+          No changelog
