From d6ce1384fb1aa3601fa918b770b5664e248e41c2 Mon Sep 17 00:00:00 2001
From: Daniel Simon <daniel.attila.simon@gmail.com>
Date: Fri, 12 Apr 2024 11:38:47 +0700
Subject: [PATCH 1/5] ci: add some debug info to contract deployment job

---
 .github/workflows/testnet-deployment.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/testnet-deployment.yml b/.github/workflows/testnet-deployment.yml
index 5837a035..07b5555a 100644
--- a/.github/workflows/testnet-deployment.yml
+++ b/.github/workflows/testnet-deployment.yml
@@ -27,7 +27,6 @@ concurrency:
 jobs:
   deploy-contracts:
     name: Deploy contracts
-    if: false # Disable contracts deployment for now
     runs-on: ubuntu-latest
     steps:
       - name: Git checkout
@@ -55,6 +54,10 @@ jobs:
         with:
           version: nightly
 
+      - name: Dump Foundry config for debugging
+        working-directory: ./contracts
+        run: forge config --json
+
       - name: Run deployment tool
         working-directory: ./contracts
         run: ./deploy liquity-testnet --verify

From f33761b083081c682f7402be5d2dafa5c8d2674b Mon Sep 17 00:00:00 2001
From: Daniel Simon <daniel.attila.simon@gmail.com>
Date: Fri, 12 Apr 2024 11:41:21 +0700
Subject: [PATCH 2/5] ci: fix workflow not being triggered on yml changes

---
 .github/workflows/testnet-deployment.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/testnet-deployment.yml b/.github/workflows/testnet-deployment.yml
index 07b5555a..06366877 100644
--- a/.github/workflows/testnet-deployment.yml
+++ b/.github/workflows/testnet-deployment.yml
@@ -8,12 +8,12 @@ on:
   push:
     branches: [main]
     paths:
-      - ".github/workflows/deploy-testnet.yml"
+      - ".github/workflows/testnet-deployment.yml"
       - "contracts/**"
       - "frontend/**"
   pull_request:
     paths:
-      - ".github/workflows/deploy-testnet.yml"
+      - ".github/workflows/testnet-deployment.yml"
       - "contracts/**"
 
 env:

From 9ae4912528f04e8385a50abe255164b5cad8e6c1 Mon Sep 17 00:00:00 2001
From: Daniel Simon <daniel.attila.simon@gmail.com>
Date: Fri, 12 Apr 2024 11:43:23 +0700
Subject: [PATCH 3/5] ci: fix failing pnpm install

---
 .github/workflows/testnet-deployment.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/testnet-deployment.yml b/.github/workflows/testnet-deployment.yml
index 06366877..1fd9369b 100644
--- a/.github/workflows/testnet-deployment.yml
+++ b/.github/workflows/testnet-deployment.yml
@@ -48,6 +48,7 @@ jobs:
 
       - name: Install dependencies
         run: pnpm install
+        working-directory: ./contracts
 
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1

From 4eddda572df9b66756fab2b32f42a1e76dffd714 Mon Sep 17 00:00:00 2001
From: Daniel Simon <daniel.attila.simon@gmail.com>
Date: Fri, 12 Apr 2024 12:00:40 +0700
Subject: [PATCH 4/5] ci: plug leak of Github secret

---
 contracts/utils/deploy-cli.ts                      | 6 +++++-
 contracts/utils/deployment-artifacts-to-app-env.ts | 3 ++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/contracts/utils/deploy-cli.ts b/contracts/utils/deploy-cli.ts
index a7db6e93..f8818327 100644
--- a/contracts/utils/deploy-cli.ts
+++ b/contracts/utils/deploy-cli.ts
@@ -156,9 +156,13 @@ Deploying Liquity contracts with the following settings:
     `broadcast/DeployLiquity2.s.sol/${options.chainId}/run-latest.json`,
   );
 
+  // XXX hotfix: we were leaking Github secrets in "deployer"
+  // TODO: check if "deployer" is a private key, and calculate its address and use it instead?
+  const { deployer, ...safeOptions } = options;
+
   // write env file
   await fs.writeJson("deployment-context-latest.json", {
-    options,
+    options: safeOptions,
     deployedContracts: Object.fromEntries(deployedContracts),
   });
 
diff --git a/contracts/utils/deployment-artifacts-to-app-env.ts b/contracts/utils/deployment-artifacts-to-app-env.ts
index e57ee709..526f3f0d 100644
--- a/contracts/utils/deployment-artifacts-to-app-env.ts
+++ b/contracts/utils/deployment-artifacts-to-app-env.ts
@@ -17,7 +17,8 @@ const ZAddress = z.string().regex(/^0x[0-9a-fA-F]{40}$/);
 const ZDeploymentContext = z.object({
   options: z.object({
     chainId: z.number(),
-    deployer: z.string(), // can be an address or a private key
+    // XXX hotfix: we were leaking Github secrets in "deployer"
+    // deployer: z.string(), // can be an address or a private key
     help: z.boolean(),
     openDemoTroves: z.boolean(),
     rpcUrl: z.string(),

From 6a299b1a88965449e7c412247089545375fba092 Mon Sep 17 00:00:00 2001
From: Daniel Simon <daniel.attila.simon@gmail.com>
Date: Fri, 12 Apr 2024 12:08:31 +0700
Subject: [PATCH 5/5] ci: remove unneeded debug info

---
 .github/workflows/testnet-deployment.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/testnet-deployment.yml b/.github/workflows/testnet-deployment.yml
index 1fd9369b..eb1a7adb 100644
--- a/.github/workflows/testnet-deployment.yml
+++ b/.github/workflows/testnet-deployment.yml
@@ -55,10 +55,6 @@ jobs:
         with:
           version: nightly
 
-      - name: Dump Foundry config for debugging
-        working-directory: ./contracts
-        run: forge config --json
-
       - name: Run deployment tool
         working-directory: ./contracts
         run: ./deploy liquity-testnet --verify