fix: dataProtector core fix ci (#468)

* feat: add core smart contract CI and deploy workflows with environment configuration

* ci: set fetch-depth to 0 for checkout actions in CI workflows

* fix: add missing cache-dependency-path for npm in CI workflow

* fix: add push trigger to smart contract deploy workflow

* fix: remove push trigger from smart contract deploy workflow

* fix: add missing cache-dependency-path for npm in smart contract deploy workflow

* feat: add support for Arbitrum mainnet and API V2 verification format

* fix: rename deploy job to build-and-test in CI workflow

* fix: format code

* fix: add issue reference for Arbitrum mainnet CI support in changelog

* chore: update core-smart-contract-deploy.yml

Co-authored-by: Copilot <[email protected]>

* fix: add environment variables and permissions for deploy job in CI workflow

* fix: add step to save deployment artifacts in CI workflow

* fix: add IS_VERIFICATION_API_V2 variable to .env.template

* fix: remove unused Arbitrum network configurations from Hardhat config

* fix: add environment validation for mainnet deployments in CI workflow

* fix: streamline deployment folder naming and improve deployment ID handling

* fix: ensure newline at end of .env.template for consistency

* fix: make node-version input optional in CI workflow

* fix: improve mainnet deployment validation in CI workflow

* fix: Apply suggestions from code review

Co-authored-by: Zied Guesmi <[email protected]>

* fix: Update .github/workflows/core-smart-contract-ci.yml

Co-authored-by: Zied Guesmi <[email protected]>

---------

Co-authored-by: gfournieriExec <[email protected]>
Co-authored-by: gfournieriExec <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Zied Guesmi <[email protected]>

Author: 4 people

.github/workflows/core-smart-contract-ci.yml

@@ -0,0 +1,72 @@
+name: Core Smart Contract - Default
+
+on:
+  pull_request:
+    branches:
+      - '*'
+    paths:
+      - 'packages/smart-contract/**'
+  workflow_call:
+    inputs:
+      node-version:
+        description: Node.js version to use
+        required: false
+        type: number
+        default: 20
+
+concurrency:
+  group: ${{ github.ref }}-core-smart-contract-ci
+  cancel-in-progress: true
+  
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node-version }}
+          cache: 'npm'
+          cache-dependency-path: 'packages/smart-contract'
+
+      - name: Install dependencies
+        working-directory: packages/smart-contract
+        run: npm ci
+
+      - name: Check Format
+        working-directory: packages/smart-contract
+        run: npm run check-format
+
+      - name: Check Lint
+        working-directory: packages/smart-contract
+        run: npm run lint
+
+      - name: Compile smart contracts
+        working-directory: packages/smart-contract
+        run: npm run compile
+
+      - name: Run Coverage
+        working-directory: packages/smart-contract
+        run: npm run coverage
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+            token: ${{ secrets.CODECOV_TOKEN }}
+            slug: iExecBlockchainComputing/dataprotector-sdk
+
+      - name: Run static analysis with slither
+        uses: crytic/[email protected]
+        with:
+          target: "packages/smart-contract/"
+          slither-args: --checklist --markdown-root ${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/
+          fail-on: none # TODO set this to high or other
+          sarif: results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/core-smart-contract-deploy.yml

@@ -0,0 +1,106 @@
+name: Smart Contract Deploy
+
+on:
+  workflow_dispatch: # Manual trigger
+    inputs:
+      network:
+        description: 'Network'
+        required: true
+        type: choice
+        options:
+          - hardhat
+          - avalancheFujiTestnet
+          - arbitrumSepolia
+          - arbitrum
+          - bellecour
+        default: 'hardhat'
+      environment:
+        description: 'Environment'
+        required: true
+        type: choice
+        options:
+          - dev
+          - prod
+        default: 'dev'
+
+
+jobs:
+  build-and-test:
+    uses: ./.github/workflows/core-smart-contract-ci.yml
+    with:
+      node-version: 20
+
+  deploy:
+    needs: build-and-test
+    runs-on: ubuntu-latest
+    env:
+      CI: true
+    permissions:
+      contents: write # Required to commit deployment files.
+    environment: ${{ inputs.network }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: 'packages/smart-contract'
+
+      - name: Install dependencies
+        working-directory: packages/smart-contract
+        run: npm ci
+
+      - name: Validate deployment environment and prepare variables
+        if: inputs.network != 'hardhat'
+        run: |
+          NETWORK="${{ inputs.network }}"
+          ENVIRONMENT="${{ inputs.environment }}"
+          
+          case "$NETWORK" in
+            arbitrum|bellecour)
+              if [ "$ENVIRONMENT" = "dev" ]; then
+                echo "Error: Cannot deploy to mainnet ($NETWORK) with dev environment"
+                exit 1
+              fi
+              echo "IS_MAINNET=true" >> $GITHUB_ENV
+              ;;
+            *)
+              echo "IS_MAINNET=false" >> $GITHUB_ENV
+              ;;
+          esac
+
+      - name: Deploy contract
+        working-directory: packages/smart-contract
+        env:
+          # For Deployment
+          RPC_URL: ${{ secrets.RPC_URL }}
+          DEPLOYER_PRIVATE_KEY: ${{ secrets.DEPLOYER_PRIVATE_KEY }}
+          DATASET_REGISTRY_ADDRESS: ${{ vars.DATASET_REGISTRY_ADDRESS }}
+          # For Verification
+          EXPLORER_API_KEY: ${{ secrets.EXPLORER_API_KEY }}
+          IS_VERIFICATION_API_V2: ${{ vars.IS_VERIFICATION_API_V2 }}
+        run: |
+          if [ "${{ inputs.network }}" = "hardhat" ]; then
+            npm run deploy -- --network ${{ inputs.network }}
+          else
+            # For testnets, use network-environment; for mainnets, use network only
+            if [ "$IS_MAINNET" = false ]; then
+              DEPLOYMENT_ID="${{ inputs.network }}-${{ inputs.environment }}"
+            else
+              DEPLOYMENT_ID="${{ inputs.network }}"
+            fi
+            npm run deploy -- --network ${{ inputs.network }} --deployment-id "$DEPLOYMENT_ID" --verify
+          fi
+
+      - name: Save deployment artifacts
+        if: inputs.network != 'hardhat'
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: 'chore: save deployment artifacts for ${{ inputs.network }} ${{ inputs.environment }} (${{ github.run_id }})'
+          file_pattern: 'packages/smart-contract/ignition/deployments/*'
+          commit_user_name: 'GitHub Actions Bot'
+          commit_user_email: 'github-actions[bot]@users.noreply.github.com'
+          commit_author: 'GitHub Actions Bot <github-actions[bot]@users.noreply.github.com>'

.github/workflows/deploy-smart-contract.yml

@@ -1,5 +1,5 @@
 # wallet used for transactions
-WALLET_PRIVATE_KEY=
+DEPLOYER_PRIVATE_KEY=
 
 # DatasetRegistry contract address override (deploy script only)
 DATASET_REGISTRY_ADDRESS=
@@ -10,5 +10,8 @@ RPC_URL=
 ## Mnemonic for the network
 MNEMONIC=
 
-## Arbiscan API key to verify contracts
-ARBISCAN_API_KEY=
+## API key to verify contracts
+EXPLORER_API_KEY=
+
+## Whether to use API V2 verification format
+IS_VERIFICATION_API_V2=

packages/smart-contract/.env.template

@@ -0,0 +1 @@
+20

packages/smart-contract/.nvmrc

@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
+- Fix CIs and Support for Arbitrum mainnet (#468)
 - Support for Arbitrum and Avalanche Fuji testnets (#429).
 
 ### Changed

packages/smart-contract/CHANGELOG.md

@@ -6,7 +6,7 @@ const privateKeyRegex = /(^|\b)(0x)?[0-9a-fA-F]{64}(\b|$)/;
 
 const envSchema = z.object({
     // Private key of the wallet used for transactions
-    WALLET_PRIVATE_KEY: z
+    DEPLOYER_PRIVATE_KEY: z
         .string()
         .regex(privateKeyRegex, 'Invalid private key format')
         .optional()
@@ -26,7 +26,17 @@ const envSchema = z.object({
     MNEMONIC: z.string().min(1, 'MNEMONIC cannot be empty').optional().or(z.literal('')),
 
     // Arbiscan API key
-    ARBISCAN_API_KEY: z.string().optional().or(z.literal('')),
+    EXPLORER_API_KEY: z.string().optional().or(z.literal('')),
+
+    // Whether to use API V2 verification format
+    IS_VERIFICATION_API_V2: z
+        .string()
+        .optional()
+        .default('true')
+        .refine((val) => val === 'true' || val === 'false', {
+            message: 'IS_VERIFICATION_API_V2 must be "true" or "false"',
+        })
+        .transform((val) => val === 'true'),
 });
 
 export const env = envSchema.parse(process.env);

packages/smart-contract/config/env.ts

@@ -2,19 +2,7 @@ import '@nomicfoundation/hardhat-toolbox';
 import { HardhatUserConfig } from 'hardhat/config';
 import { env } from './config/env';
 
-const privateKey = env.WALLET_PRIVATE_KEY;
-
-// Avalanche Fuji specific configuration
-const fujiBaseConfig = {
-    blockGasLimit: 8_000_000,
-    chainId: 43113,
-};
-
-// Arbitrum Sepolia specific configuration
-const arbitrumSepoliaBaseConfig = {
-    blockGasLimit: 30_000_000, // Arbitrum has higher block gas limits
-    chainId: 421614,
-};
+const privateKey = env.DEPLOYER_PRIVATE_KEY;
 
 const config: HardhatUserConfig = {
     networks: {
@@ -34,13 +22,21 @@ const config: HardhatUserConfig = {
         avalancheFuji: {
             url: env.RPC_URL || 'https://api.avax-test.network/ext/bc/C/rpc',
             accounts: privateKey ? [privateKey] : [],
-            ...fujiBaseConfig,
+            blockGasLimit: 8_000_000,
+            chainId: 43113,
         },
         // Add Arbitrum Sepolia as a network
         arbitrumSepolia: {
             url: env.RPC_URL || 'https://sepolia-rollup.arbitrum.io/rpc',
             accounts: privateKey ? [privateKey] : [],
-            ...arbitrumSepoliaBaseConfig,
+            blockGasLimit: 30_000_000, // Arbitrum has higher block gas limits
+            chainId: 421614,
+        },
+        arbitrum: {
+            url: env.RPC_URL || 'https://arb1.arbitrum.io/rpc',
+            accounts: privateKey ? [privateKey] : [],
+            blockGasLimit: 30_000_000, // Arbitrum has higher block gas limits
+            chainId: 42161,
         },
         // poco-chain native config
         'dev-native': {
@@ -54,11 +50,12 @@ const config: HardhatUserConfig = {
     },
     //to verify contract on Blockscout
     etherscan: {
-        apiKey: {
-            bellecour: 'nothing', // a non-empty string is needed by the plugin.
-            avalancheFuji: 'nothing', // a non-empty string is needed by the plugin.
-            arbitrumSepolia: env.ARBISCAN_API_KEY || '',
-        },
+        apiKey: env.IS_VERIFICATION_API_V2
+            ? env.EXPLORER_API_KEY
+            : {
+                  bellecour: env.EXPLORER_API_KEY || 'nothing', // a non-empty string is needed by the plugin.
+                  avalancheFuji: env.EXPLORER_API_KEY || 'nothing', // a non-empty string is needed by the plugin.
+              },
         customChains: [
             {
                 network: 'bellecour',