safe-modules-deployments/.github/workflows/update-registry.yml at main · protofire/safe-modules-deployments · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
name: Update Modules Registry

on:
  workflow_dispatch:
    inputs:
      chain_id:
        description: 'Chain ID where modules were deployed'
        required: true
        type: string
      module_type:
        description: 'Module type'
        required: true
        type: choice
        options:
          - allowance
          - social-recovery
      version:
        description: 'Module version (allowance: 0.1.1, social-recovery: 0.1.0)'
        required: true
        type: choice
        options:
          - '0.1.0'
          - '0.1.1'
      contract_address:
        description: 'Deployed contract address (0x...)'
        required: true
        type: string

# Prevent concurrent runs that could cause conflicts
concurrency:
  group: update-registry-${{ github.event.inputs.chain_id }}
  cancel-in-progress: false

jobs:
  update-registry:
    name: Update Module Registry
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: write
      pull-requests: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20.x
          cache: pnpm

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Validate inputs
        env:
          CHAIN_ID: ${{ github.event.inputs.chain_id }}
          MODULE_TYPE: ${{ github.event.inputs.module_type }}
          VERSION: ${{ github.event.inputs.version }}
          CONTRACT_ADDRESS: ${{ github.event.inputs.contract_address }}
        run: |
          # Validate chain_id is numeric only
          if ! [[ "$CHAIN_ID" =~ ^[0-9]+$ ]]; then
            echo "::error::Invalid chain_id format: must contain only digits"
            exit 1
          fi

          # Validate address format (0x + 40 hex characters)
          if ! [[ "$CONTRACT_ADDRESS" =~ ^0x[a-fA-F0-9]{40}$ ]]; then
            echo "::error::Invalid contract_address format: must be 0x followed by 40 hexadecimal characters"
            exit 1
          fi

          # Validate version format (X.Y.Z)
          if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            echo "::error::Invalid version format: must be in X.Y.Z format"
            exit 1
          fi

      - name: Update registry
        id: update
        env:
          CHAIN_ID: ${{ github.event.inputs.chain_id }}
          MODULE_TYPE: ${{ github.event.inputs.module_type }}
          VERSION: ${{ github.event.inputs.version }}
          CONTRACT_ADDRESS: ${{ github.event.inputs.contract_address }}
        run: |
          pnpm update-registry \
            --chain-id "${CHAIN_ID}" \
            --module "${MODULE_TYPE}" \
            --version "${VERSION}" \
            --address "${CONTRACT_ADDRESS}"

      - name: Create Pull Request
        if: steps.update.outputs.has_changes == 'true'
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CHAIN_ID: ${{ github.event.inputs.chain_id }}
          MODULE_TYPE: ${{ github.event.inputs.module_type }}
          VERSION: ${{ github.event.inputs.version }}
          CONTRACT_ADDRESS: ${{ github.event.inputs.contract_address }}
          ASSET_PATH: ${{ steps.update.outputs.asset_path }}
        run: |
          # Configure git
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"

          # Create branch name pattern for searching
          BASE_BRANCH_NAME="add-chain-${CHAIN_ID}-${MODULE_TYPE}-v${VERSION}"

          # Check if there's already an open PR for this chain/module/version combination
          EXISTING_BRANCHES=$(git ls-remote --heads origin "refs/heads/${BASE_BRANCH_NAME}*" | awk '{print $2}' | sed 's|refs/heads/||')

          if [ -n "$EXISTING_BRANCHES" ]; then
            echo "Found existing branch(es) for this chain/module/version combination."

            # Check each branch for open PRs
            for branch in $EXISTING_BRANCHES; do
              if gh pr list --head "$branch" --state open --json number,url --jq '.[0].number' 2>/dev/null | grep -q '^[0-9]'; then
                PR_INFO=$(gh pr list --head "$branch" --state open --json number,url --jq '.[0] | "#\(.number) - \(.url)"')
                echo "::notice::Open PR already exists for this deployment: $PR_INFO"
                echo "Skipping as changes are already proposed."
                exit 0
              fi
            done

            echo "Existing branches found but no open PRs. Proceeding with new branch."
          fi

          # Always use timestamp to prevent race conditions with parallel runs
          BRANCH_NAME="${BASE_BRANCH_NAME}-$(date +%s)"

          # Create and switch to new branch
          git checkout -b "$BRANCH_NAME"

          # Commit changes
          git add "$ASSET_PATH"
          git commit -m "feat: add chain $CHAIN_ID to $MODULE_TYPE module v$VERSION

          - Chain ID: $CHAIN_ID
          - Module: $MODULE_TYPE
          - Version: $VERSION
          - Address: $CONTRACT_ADDRESS

          Automated update from deployment-scripts workflow."

          # Push branch
          git push origin "$BRANCH_NAME"

          # Create PR
          PR_TITLE="feat: Add chain $CHAIN_ID to $MODULE_TYPE module v$VERSION"
          PR_BODY="## Module Registry Update

          This PR adds a new chain deployment to the Safe Modules registry.

          ### Deployment Details

          | Property | Value |
          |----------|-------|
          | **Chain ID** | \`$CHAIN_ID\` |
          | **Module** | $MODULE_TYPE |
          | **Version** | $VERSION |
          | **Address** | \`$CONTRACT_ADDRESS\` |

          ### Modified Files

          - \`$ASSET_PATH\`

          ---

          > 🤖 This PR was automatically created by the deployment-scripts workflow."

          # Create PR and capture any errors
          if ! PR_OUTPUT=$(gh pr create \
            --title "$PR_TITLE" \
            --body "$PR_BODY" \
            --base main \
            --head "$BRANCH_NAME" \
            --label "automated" 2>&1); then
            echo "::error::Failed to create PR: $PR_OUTPUT"
            exit 1
          fi
          echo "::notice::Successfully created PR for chain $CHAIN_ID"

      - name: Summary
        if: always()
        run: |
          echo "## 📦 Module Registry Update Result" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY

          if [ "${{ steps.update.outputs.has_changes }}" == "true" ]; then
            echo "✅ **Changes detected** - PR created to add this deployment to the registry." >> $GITHUB_STEP_SUMMARY
          elif [ "${{ steps.update.outputs.action }}" == "unchanged" ]; then
            echo "ℹ️ **No changes needed** - chain already registered with same address." >> $GITHUB_STEP_SUMMARY
          else
            echo "⚠️ **Update completed** - check logs for details." >> $GITHUB_STEP_SUMMARY
          fi