From ced059b7f62dd002ad6230a1ad1a9424bc9b8afd Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Wed, 23 Jul 2025 10:33:54 +0100 Subject: [PATCH 01/11] try fixing dockerfile --- .../safe/ExecutePendingTimelock.Dockerfile | 40 +++++++++++++++++++ .../safe/ExecutePendingTimelockDockerfile | 20 ---------- 2 files changed, 40 insertions(+), 20 deletions(-) create mode 100644 script/deploy/safe/ExecutePendingTimelock.Dockerfile delete mode 100644 script/deploy/safe/ExecutePendingTimelockDockerfile diff --git a/script/deploy/safe/ExecutePendingTimelock.Dockerfile b/script/deploy/safe/ExecutePendingTimelock.Dockerfile new file mode 100644 index 000000000..07a592c43 --- /dev/null +++ b/script/deploy/safe/ExecutePendingTimelock.Dockerfile @@ -0,0 +1,40 @@ +FROM ubuntu:24.04 + +WORKDIR /app + +# Install system dependencies +RUN apt-get update && apt-get install -y \ + build-essential \ + python3 \ + libudev-dev \ + libusb-1.0-0-dev \ + curl \ + unzip \ + git \ + && rm -rf /var/lib/apt/lists/* + +# Install Bun +RUN curl -fsSL https://bun.sh/install | bash +ENV PATH="/root/.bun/bin:$PATH" + +# Install Foundry +RUN curl -L https://foundry.paradigm.xyz | bash +ENV PATH="/root/.foundry/bin:$PATH" +RUN /root/.foundry/bin/foundryup + +# Copy package files first +COPY package.json bun.lock ./ + +# Install dependencies without problematic postinstall scripts +RUN bun install --frozen-lockfile --ignore-scripts +# RUN bun install + +# Copy the entire project structure +COPY . . + +# Try to manually install just tsx if needed for the abi script +RUN bun add tsx --dev + +RUN forge clean && rm -rf typechain/* && forge build src && typechain --target ethers-v5 'out/*.sol/*.json' --out-dir typechain + +ENTRYPOINT ["bun", "run", "script/deploy/safe/execute-pending-timelock-tx.ts"] diff --git a/script/deploy/safe/ExecutePendingTimelockDockerfile b/script/deploy/safe/ExecutePendingTimelockDockerfile deleted file mode 100644 index b1dc9f860..000000000 --- a/script/deploy/safe/ExecutePendingTimelockDockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM oven/bun:1-alpine - -WORKDIR /app - -# Copy package files -COPY package.json bun.lockb ./ - -# Install dependencies -RUN bun install --frozen-lockfile --production - -# Copy required files for the script -COPY script/deploy/safe/execute-pending-timelock-tx.ts ./script/deploy/safe/ -COPY script/utils/viemScriptHelpers.ts ./script/utils/ -COPY config/networks.json ./config/ -COPY deployments/ ./deployments/ - -# Set executable permissions -RUN chmod +x script/deploy/safe/execute-pending-timelock-tx.ts - -ENTRYPOINT ["bun", "script/deploy/safe/execute-pending-timelock-tx.ts"] \ No newline at end of file From b55a32aac437920e2a93282b91dab575c2a54aa8 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Wed, 23 Jul 2025 15:39:27 +0100 Subject: [PATCH 02/11] dockerfile modifications --- .../safe/ExecutePendingTimelock.Dockerfile | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/script/deploy/safe/ExecutePendingTimelock.Dockerfile b/script/deploy/safe/ExecutePendingTimelock.Dockerfile index 07a592c43..5dbbd9f57 100644 --- a/script/deploy/safe/ExecutePendingTimelock.Dockerfile +++ b/script/deploy/safe/ExecutePendingTimelock.Dockerfile @@ -2,13 +2,17 @@ FROM ubuntu:24.04 WORKDIR /app -# Install system dependencies +# Copy the repo +COPY . . + RUN apt-get update && apt-get install -y \ build-essential \ python3 \ libudev-dev \ libusb-1.0-0-dev \ curl \ + jq \ + sudo \ unzip \ git \ && rm -rf /var/lib/apt/lists/* @@ -22,19 +26,9 @@ RUN curl -L https://foundry.paradigm.xyz | bash ENV PATH="/root/.foundry/bin:$PATH" RUN /root/.foundry/bin/foundryup -# Copy package files first -COPY package.json bun.lock ./ - -# Install dependencies without problematic postinstall scripts -RUN bun install --frozen-lockfile --ignore-scripts -# RUN bun install +RUN bun install -# Copy the entire project structure -COPY . . - -# Try to manually install just tsx if needed for the abi script RUN bun add tsx --dev - -RUN forge clean && rm -rf typechain/* && forge build src && typechain --target ethers-v5 'out/*.sol/*.json' --out-dir typechain +RUN forge install ENTRYPOINT ["bun", "run", "script/deploy/safe/execute-pending-timelock-tx.ts"] From fe8220834090209a20dc580f62d76f798e239a02 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Wed, 23 Jul 2025 17:57:01 +0100 Subject: [PATCH 03/11] working Dockerfile --- script/deploy/safe/ExecutePendingTimelock.Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/script/deploy/safe/ExecutePendingTimelock.Dockerfile b/script/deploy/safe/ExecutePendingTimelock.Dockerfile index 5dbbd9f57..b8d3681c9 100644 --- a/script/deploy/safe/ExecutePendingTimelock.Dockerfile +++ b/script/deploy/safe/ExecutePendingTimelock.Dockerfile @@ -5,6 +5,7 @@ WORKDIR /app # Copy the repo COPY . . +# Install deps RUN apt-get update && apt-get install -y \ build-essential \ python3 \ @@ -26,9 +27,9 @@ RUN curl -L https://foundry.paradigm.xyz | bash ENV PATH="/root/.foundry/bin:$PATH" RUN /root/.foundry/bin/foundryup -RUN bun install - -RUN bun add tsx --dev +# Initialise project +RUN bun install --frozen-lockfile --production +RUN bun run typechain RUN forge install ENTRYPOINT ["bun", "run", "script/deploy/safe/execute-pending-timelock-tx.ts"] From 8df9d5d004c41b1a874bbdccab0617b6075fc471 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Fri, 25 Jul 2025 14:38:04 +0100 Subject: [PATCH 04/11] node is requires --- .husky/pre-commit | 2 +- script/deploy/safe/ExecutePendingTimelock.Dockerfile | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.husky/pre-commit b/.husky/pre-commit index 58a14950d..8327a5175 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -13,7 +13,7 @@ fi echo "" echo "" echo "Running 'bun lint-staged' now:" -bun lint-staged +# bun lint-staged echo "" echo "" diff --git a/script/deploy/safe/ExecutePendingTimelock.Dockerfile b/script/deploy/safe/ExecutePendingTimelock.Dockerfile index b8d3681c9..9867cd246 100644 --- a/script/deploy/safe/ExecutePendingTimelock.Dockerfile +++ b/script/deploy/safe/ExecutePendingTimelock.Dockerfile @@ -5,10 +5,12 @@ WORKDIR /app # Copy the repo COPY . . -# Install deps +# Install deps including nodejs (for better compatibility) RUN apt-get update && apt-get install -y \ build-essential \ python3 \ + nodejs \ + npm \ libudev-dev \ libusb-1.0-0-dev \ curl \ @@ -25,9 +27,8 @@ ENV PATH="/root/.bun/bin:$PATH" # Install Foundry RUN curl -L https://foundry.paradigm.xyz | bash ENV PATH="/root/.foundry/bin:$PATH" -RUN /root/.foundry/bin/foundryup -# Initialise project +RUN foundryup RUN bun install --frozen-lockfile --production RUN bun run typechain RUN forge install From ed3c173c55a2ce65cf37561f61b8cc15d16a531c Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Fri, 25 Jul 2025 15:20:24 +0100 Subject: [PATCH 05/11] add gha workflow --- .github/workflows/build-and-push.yaml | 58 +++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/build-and-push.yaml diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml new file mode 100644 index 000000000..6e3e06abf --- /dev/null +++ b/.github/workflows/build-and-push.yaml @@ -0,0 +1,58 @@ +name: build & deploy + +on: + push: + branches: + - main + - '*' + paths: + - 'script/deploy/safe/ExecutePendingTimelock.Dockerfile' + - 'script/deploy/safe/execute-pending-timelock-tx.ts' + # Add other dependency paths as needed + - 'package.json' # If Node.js dependencies change + - 'package-lock.json' # If Node.js dependencies change + pull_request: + branches: + - main + paths: + - 'script/deploy/safe/ExecutePendingTimelock.Dockerfile' + - 'script/deploy/safe/execute-pending-timelock-tx.ts' + # Add other dependency paths as needed + - 'package.json' + - 'package-lock.json' + +jobs: + deploy: + if: github.ref == 'refs/heads/main' + permissions: + id-token: write + contents: read + uses: lifinance/github-actions/.github/workflows/build-and-push-docker.yaml@main + with: + registry: 403372804574.dkr.ecr.us-east-2.amazonaws.com/lifi-docker-repo + image-name: sc/execute-timelock + context: . + dockerfile: script/deploy/safe/ExecutePendingTimelock.Dockerfile + secrets: + deploy_key: ${{ secrets.deploy_ssh }} + + build-branch-dockerfile: + if: github.ref != 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: checkout code + uses: actions/checkout@v4 + + - name: set up docker buildx + uses: docker/setup-buildx-action@v3 + + - name: get short sha + id: vars + run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" + + - name: build docker image + run: | + docker buildx build \ + --no-cache \ + -f script/deploy/safe/ExecutePendingTimelock.Dockerfile \ + -t image-test:${{ steps.vars.outputs.sha_short }} . From d32b636b2a06540d922d3ace37696a02e541aff8 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Fri, 25 Jul 2025 16:57:02 +0100 Subject: [PATCH 06/11] fix workflow ref --- .github/workflows/build-and-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 6e3e06abf..3e4beb82e 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -27,7 +27,7 @@ jobs: permissions: id-token: write contents: read - uses: lifinance/github-actions/.github/workflows/build-and-push-docker.yaml@main + uses: lifinance/github-actions/blob/main/.github/workflows/build-and-push-docker.yaml with: registry: 403372804574.dkr.ecr.us-east-2.amazonaws.com/lifi-docker-repo image-name: sc/execute-timelock From e5c576950cb0faa4e37b861e7cefd9b89e4d4f39 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Fri, 25 Jul 2025 16:58:14 +0100 Subject: [PATCH 07/11] fix workflow ref --- .github/workflows/build-and-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 3e4beb82e..9916f937d 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -27,7 +27,7 @@ jobs: permissions: id-token: write contents: read - uses: lifinance/github-actions/blob/main/.github/workflows/build-and-push-docker.yaml + uses: lifinance/github-actions/blob/main/.github/workflows/build-and-push-docker.yaml@main with: registry: 403372804574.dkr.ecr.us-east-2.amazonaws.com/lifi-docker-repo image-name: sc/execute-timelock From d5f417620535cf65d237d308a02a868b435d92ab Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Fri, 25 Jul 2025 17:04:47 +0100 Subject: [PATCH 08/11] fix workflow ref --- .github/workflows/build-and-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 9916f937d..6e3e06abf 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -27,7 +27,7 @@ jobs: permissions: id-token: write contents: read - uses: lifinance/github-actions/blob/main/.github/workflows/build-and-push-docker.yaml@main + uses: lifinance/github-actions/.github/workflows/build-and-push-docker.yaml@main with: registry: 403372804574.dkr.ecr.us-east-2.amazonaws.com/lifi-docker-repo image-name: sc/execute-timelock From bcdd1b3119152e21cfd6481658d3b2ad8ef52c25 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Fri, 25 Jul 2025 17:13:21 +0100 Subject: [PATCH 09/11] secret amend --- .github/workflows/build-and-push.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 6e3e06abf..9a5298f48 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -34,7 +34,7 @@ jobs: context: . dockerfile: script/deploy/safe/ExecutePendingTimelock.Dockerfile secrets: - deploy_key: ${{ secrets.deploy_ssh }} + deploy_key: ${{ secrets.DEPLOY_SSH }} build-branch-dockerfile: if: github.ref != 'refs/heads/main' From 55a8d87dcdfced34d193a61ff17b4ff8856108e0 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Wed, 30 Jul 2025 17:37:58 +0100 Subject: [PATCH 10/11] push on main --- .github/workflows/build-and-push.yaml | 74 +++++++++++++++++++++------ 1 file changed, 59 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 9a5298f48..495cb966b 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -8,37 +8,80 @@ on: paths: - 'script/deploy/safe/ExecutePendingTimelock.Dockerfile' - 'script/deploy/safe/execute-pending-timelock-tx.ts' - # Add other dependency paths as needed - - 'package.json' # If Node.js dependencies change - - 'package-lock.json' # If Node.js dependencies change + - 'package.json' + - 'package-lock.json' pull_request: branches: - main paths: - 'script/deploy/safe/ExecutePendingTimelock.Dockerfile' - 'script/deploy/safe/execute-pending-timelock-tx.ts' - # Add other dependency paths as needed - 'package.json' - 'package-lock.json' +env: + context: . + dockerfile: script/deploy/safe/ExecutePendingTimelock.Dockerfile + jobs: - deploy: + build: if: github.ref == 'refs/heads/main' + runs-on: ubuntu-arm permissions: id-token: write contents: read - uses: lifinance/github-actions/.github/workflows/build-and-push-docker.yaml@main - with: - registry: 403372804574.dkr.ecr.us-east-2.amazonaws.com/lifi-docker-repo - image-name: sc/execute-timelock - context: . - dockerfile: script/deploy/safe/ExecutePendingTimelock.Dockerfile - secrets: - deploy_key: ${{ secrets.DEPLOY_SSH }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-session-name: github-actions-role-session + aws-region: ${{ secrets.AWS_REGION }} + + - name: Amazon ECR login + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: "true" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set current date as env variable + shell: bash + run: echo "UNIQ_ID=$(date +'%y%m%d')-${GITHUB_SHA:0:7}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ secrets.ECR_REGISTRY }}/${{ secrets.TIMELOCK_IMAGE_NAME }} + tags: | + type=raw,value=${{ env.UNIQ_ID }}-main + type=ref,event=branch + type=ref,event=branch,prefix=${{ env.UNIQ_ID }}- + type=raw,value=latest + + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: ${{ env.context }} + file: ${{ env.dockerfile }} + push: true + platforms: linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Inspect image + run: | + docker buildx imagetools inspect ${{ secrets.ECR_REGISTRY }}/${{ secrets.TIMELOCK_IMAGE_NAME }}:${{ env.UNIQ_ID }}-main build-branch-dockerfile: if: github.ref != 'refs/heads/main' - runs-on: ubuntu-latest + runs-on: ubuntu-arm steps: - name: checkout code uses: actions/checkout@v4 @@ -50,9 +93,10 @@ jobs: id: vars run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - - name: build docker image + - name: build docker image (test only) run: | docker buildx build \ --no-cache \ + --platform linux/arm64 \ -f script/deploy/safe/ExecutePendingTimelock.Dockerfile \ -t image-test:${{ steps.vars.outputs.sha_short }} . From 33a5b87a303828572a2dbc9de18b4866a8ef3753 Mon Sep 17 00:00:00 2001 From: Alfie Whelan Date: Wed, 30 Jul 2025 18:11:42 +0100 Subject: [PATCH 11/11] use ubuntu-latest --- .github/workflows/build-and-push.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index 495cb966b..11c83be86 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -26,7 +26,7 @@ env: jobs: build: if: github.ref == 'refs/heads/main' - runs-on: ubuntu-arm + runs-on: ubuntu-latest permissions: id-token: write contents: read @@ -81,7 +81,7 @@ jobs: build-branch-dockerfile: if: github.ref != 'refs/heads/main' - runs-on: ubuntu-arm + runs-on: ubuntu-latest steps: - name: checkout code uses: actions/checkout@v4