feat(solidity-devops): gas pricing, verification and deployment utils

[ChiTimesChi]

Description

PR to add a bit of everything since the last release:

• Added --auto-gas-1559 and --auto-gas-legacy that override the default Forge gas pricing with fresh values fetched from the RPC node
  • For legacy txs, the value returned by eth_gasPrice is used
  • For 1559 txs we fetch latest base fee and priority fee, then using:
    • 2*base_fee + priority_fee for max gas price
    • priority_fee for max priority fee
• Simplified the script templates, having ffi turned on is no longer a requirement. Complex stuff such as extracting contract ABI has been moved to post-run routine.
• Added standalone utils:
  • yarn fvc uses forge to verify a previously deployed contract.
  • yarn sd saves a deployment artifact for a previously deployed contract.
  • yarn vp verifies a deployed proxy (currently only required for Etherscan explorers)
• More docs and examples:
  • Added an example of deployment script with different workflows, and its produced deployment artifact.
  • Expanded README.md

Summary by CodeRabbit

• New Features

  • Implemented a script for verifying smart contract deployments on a blockchain using Forge.
  • Added a function to retrieve base fee and gas price using cast commands.
  • Introduced gas pricing options for different chain types.
  • Provided functions for initiating proxy verification on Etherscan and checking verification request status.
  • Developed a script to verify a deployed contract on Etherscan by initiating and checking verification status.

• Documentation

  • Updated README with detailed setup instructions, usage guidelines, and configuration file information.

• Refactor

  • Simplified deployment artifact writing logic by merging functions.
  • Enhanced error logging and security by redacting sensitive keys in logs.
  • Improved utility functions for better maintenance and code clarity.

• Bug Fixes

  • Adjusted smart contract deployment and verification scripts to fix previous limitations and enhance usability.

[coderabbitai]

Walkthrough

The recent updates to the solidity-devops package bring significant enhancements for Ethereum development operations. These changes focus on integrating the Sepolia Testnet, refining contract deployment and verification processes. Key improvements include streamlined deployment saving, updated gas pricing strategies for various chains, and enhanced verification scripts for contracts and proxies. These updates aim to simplify development workflows and bolster support for Ethereum's dynamic ecosystem.

Changes

File Path	Change Summary
.../.env.example, .../deployments/eth_sepolia/...	Added Sepolia Testnet config in .env.example, introduced chain ID for Sepolia Testnet, defined BasicContract with deployment details.
.../README.md	Detailed setup instructions, config guides, and usage guidelines for scripts, deployments, and verifications.
.../devops.json, foundry.toml	Updated gas price configurations and testnet settings for multiple chains incl. eth_sepolia.
js/forgeScriptRun.js, js/saveDeployment.js	Streamlined deployment saving process, improved artifact management.
js/forgeVerifyContract.js, js/verifyProxy.js	Scripts for verifying smart contract deployments and proxy verification on blockchain.
js/utils/...	Enhanced utility functions incl. gas price retrieval, deployment saving, contract verification, improved logging with sensitive info redaction.
src/...	Simplified logic in deployment artifact writing and saving, merged functions for efficiency.

🐰✨
In the land of code and ether,
Where smart contracts come to play,
A rabbit hopped with updates neat,
To make devs' work light as day.

With Sepolia's testnet bright,
And gas prices smartly picked,
This rabbit danced through the night,
Leaving code that's slick and slicked.
🌟🐾

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 46.92720%. Comparing base (a2b8391) to head (f24fb3b).
Report is 7 commits behind head on master.

Additional details and impacted files

@@                 Coverage Diff                 @@
##              master       #2439         +/-   ##
===================================================
+ Coverage   46.91894%   46.92720%   +0.00825%     
===================================================
  Files            400         383         -17     
  Lines          30655       29273       -1382     
  Branches          83          83                 
===================================================
- Hits           14383       13737        -646     
+ Misses         14737       14073        -664     
+ Partials        1535        1463         -72     

Flag	Coverage Δ
cctp-relayer	?
packages	90.52734% <ø> (ø)
promexporter	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 22

Review Status

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 1ad45a3 and 83aa569.

Files selected for processing (21)

• packages/solidity-devops/.env.example (1 hunks)
• packages/solidity-devops/README.md (1 hunks)
• packages/solidity-devops/deployments/eth_sepolia/.chainId (1 hunks)
• packages/solidity-devops/deployments/eth_sepolia/BasicContract.json (1 hunks)
• packages/solidity-devops/devops.json (1 hunks)
• packages/solidity-devops/foundry.toml (2 hunks)
• packages/solidity-devops/js/forgeScriptRun.js (2 hunks)
• packages/solidity-devops/js/forgeVerifyContract.js (1 hunks)
• packages/solidity-devops/js/saveDeployment.js (1 hunks)
• packages/solidity-devops/js/utils/cast.js (2 hunks)
• packages/solidity-devops/js/utils/chain.js (4 hunks)
• packages/solidity-devops/js/utils/deployments.js (5 hunks)
• packages/solidity-devops/js/utils/etherscan.js (1 hunks)
• packages/solidity-devops/js/utils/logger.js (1 hunks)
• packages/solidity-devops/js/utils/utils.js (2 hunks)
• packages/solidity-devops/js/verifyProxy.js (1 hunks)
• packages/solidity-devops/package.json (1 hunks)
• packages/solidity-devops/script/DeployBasicContract.s.sol (1 hunks)
• packages/solidity-devops/src/deploy/DeploymentSaver.sol (4 hunks)
• packages/solidity-devops/src/writer/ChainAwareWriter.sol (1 hunks)
• packages/solidity-devops/src/writer/DataWriter.sol (2 hunks)

Files skipped from review due to trivial changes (1)

• packages/solidity-devops/deployments/eth_sepolia/.chainId

Additional comments not posted (25)

packages/solidity-devops/js/saveDeployment.js (1)

10-19: Consider adding error handling for external calls and validating input arguments to ensure robustness and prevent potential failures during execution.

packages/solidity-devops/js/utils/logger.js (1)

23-27: Ensure the regex pattern in redactKeys accurately targets only the intended sensitive keys to avoid redacting non-sensitive information.

Verification successful

---

The regex pattern in redactKeys accurately targets and redacts values following options that end with -key, as demonstrated by the script output. This confirms that the function works as intended for enhancing security by redacting sensitive information in command logs.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Example command that might contain sensitive keys
example_command="deploy --api-key 12345 --other-key 67890"
# Apply redactKeys function logic
echo "$example_command" | sed -E 's/(--\S+-key) (\S+)/\1 <REDACTED-VALUE>/g'

Length of output: 226

packages/solidity-devops/deployments/eth_sepolia/BasicContract.json (1)

1-34: Ensure that no sensitive information is included in the deployment JSON files committed to public repositories.

packages/solidity-devops/devops.json (1)

3-20: Verify the effectiveness of the --auto-gas-1559 configuration across the specified chains to ensure optimal gas pricing strategies are applied.

packages/solidity-devops/foundry.toml (1)

25-34: Confirm that the removal of the ffi flag does not negatively impact any existing functionality that previously relied on ffi.

packages/solidity-devops/js/utils/cast.js (1)

7-14: Add error handling for the external cast commands in getChainGasPricingRPC to ensure robustness in case of command failure or unexpected output.

packages/solidity-devops/src/writer/ChainAwareWriter.sol (1)

15-17: Ensure that the merged writeDeploymentArtifact function correctly handles both cases of deployment artifacts, with and without ABI, as intended.

packages/solidity-devops/package.json (1)

37-40: Verify that the new binary commands (fvc, sd, vp) are correctly mapped to their respective scripts and that the scripts are executable.

Verification successful

---

The verification process has confirmed that the new binary commands (fvc, sd, vp) are correctly mapped to their respective scripts in the package.json file, as indicated by the presence of the corresponding entries. Additionally, the script files (forgeVerifyContract.js, saveDeployment.js, verifyProxy.js) referenced by these commands exist within the repository. This confirms that the commands are properly set up and should be executable as intended.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Example verification for one command
# Replace <COMMAND> with one of the new commands (fvc, sd, vp)
which <COMMAND>

Length of output: 158

---

---

Script:

#!/bin/bash
# Verify the presence of the commands in the package.json file
fd package.json --exec grep '"fvc":' {}
fd package.json --exec grep '"sd":' {}
fd package.json --exec grep '"vp":' {}

# Verify the existence of the script files referenced by the commands
fd forgeVerifyContract.js
fd saveDeployment.js
fd verifyProxy.js

Length of output: 444

packages/solidity-devops/js/forgeScriptRun.js (1)

58-60: Ensure that saveNewDeployment function properly handles errors or exceptions that may occur during the saving process.

packages/solidity-devops/.env.example (1)

46-50: Ensure the ETH_SEPOLIA_VERIFIER_KEY placeholder is clearly marked as a placeholder to be replaced by the user's actual Etherscan API key to avoid confusion.

packages/solidity-devops/js/utils/utils.js (1)

76-83: Validate the use of Atomics.wait for implementing syncSleep. Ensure it's compatible with the environments where this script will run, as Atomics.wait cannot be called on the main thread in some environments (e.g., web browsers).

packages/solidity-devops/src/writer/DataWriter.sol (1)

25-37: Ensure that the removal of the contractName and artifactWithoutABI parameters from writeDeploymentArtifact function aligns with the intended functionality and that all calls to this function have been updated accordingly.

packages/solidity-devops/script/DeployBasicContract.s.sol (1)

19-67: Ensure that the deployment methods (deployAndSave, deployAndSaveAs, and their callbacks) properly handle errors or exceptions that may occur during the deployment process.

packages/solidity-devops/js/utils/chain.js (3)

3-3: Consider renaming getChainGasPricingRPC to more accurately reflect its purpose, such as fetchChainGasPricing.

---

13-14: Ensure the naming convention for constants is consistent across the project. If other constants use uppercase with underscores, these should too.

---

16-18: Verify that the verifier constants (VERIFIER_ETHERSCAN, VERIFIER_BLOCKSCOUT, VERIFIER_SOURCIFY) are used consistently across the project.

Verification successful

---

The verification process has confirmed that the verifier constants (VERIFIER_ETHERSCAN, VERIFIER_BLOCKSCOUT, VERIFIER_SOURCIFY) are used consistently across the project. No hardcoded string values were found, indicating adherence to best practices in using these constants.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Search for inconsistent usage of verifier constants across JavaScript files.
rg --type js 'VERIFIER_(ETHERSCAN|BLOCKSCOUT|SOURCIFY)'

Length of output: 990

---

---

Script:

#!/bin/bash
# Search for hardcoded string values of the verifier constants across JavaScript files.
rg --type js '"etherscan"|"blockscout"|"sourcify"'

Length of output: 52

packages/solidity-devops/src/deploy/DeploymentSaver.sol (1)

114-114: Confirm that merging the functionality of saveDeploymentWithoutABI into saveDeployment does not introduce any regressions or unwanted behavior.

Verification successful

---

The search for any remaining references to saveDeploymentWithoutABI in Solidity files using rg did not produce any output. This indicates that there are no references to saveDeploymentWithoutABI in the codebase, suggesting that the function has been successfully removed or merged without leaving any unintended references. Based on this information, it can be inferred that merging the functionality of saveDeploymentWithoutABI into saveDeployment likely does not introduce any regressions or unwanted behavior related to the direct usage of saveDeploymentWithoutABI.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Search for any remaining references to saveDeploymentWithoutABI.
ast-grep --lang solidity --pattern $'saveDeploymentWithoutABI($_, $_, $_)'

Length of output: 192

---

---

Script:

#!/bin/bash
# Search for any remaining references to saveDeploymentWithoutABI in Solidity files.
rg 'saveDeploymentWithoutABI' --glob '*.sol'

Length of output: 44

packages/solidity-devops/js/utils/deployments.js (2)

71-80: Consider extracting the contract name extraction logic into a utility module if it's used in multiple places across the project.

---

132-137: Verify that getSavedDeployment is used consistently and that its error handling is sufficient for all use cases.

packages/solidity-devops/README.md (6)

17-25: Clarify the installation instructions to include steps for users who might not be familiar with npm or yarn.

---

49-58: Add a note about the importance of keeping the verifier API key secure and not committing it to version control.

---

84-98: Recommend including a link to Foundry's official documentation for users to learn more about the configuration options in foundry.toml.

---

101-111: Encourage the use of comments within deployment and configuration scripts to improve readability and maintainability.

---

112-134: Advise on testing scripts in a controlled environment before broadcasting them to a live network to prevent unintended consequences.

---

149-160: Highlight the importance of verifying deployment artifacts and ensuring they match the on-chain deployment before proceeding with further actions.

[cloudflare-workers-and-pages]

Deploying sanguine-fe with    Cloudflare Pages

Latest commit:	f24fb3b
Status:	🚫  Build failed.

View logs

[coderabbitai]

Actionable comments posted: 1

Review Status

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 83aa569 and 995381b.

Files selected for processing (3)

• packages/solidity-devops/js/forgeVerifyContract.js (1 hunks)
• packages/solidity-devops/js/utils/etherscan.js (1 hunks)
• packages/solidity-devops/js/verifyProxy.js (1 hunks)

Files skipped from review as they are similar to previous changes (2)

• packages/solidity-devops/js/forgeVerifyContract.js
• packages/solidity-devops/js/verifyProxy.js

Additional Context Used

GitHub Check Runs (1)

lint failure (4)

packages/solidity-devops/js/utils/etherscan.js: [warning] 67-67:
Replace Request·with·GUID·${guid}·not·completed·after·${MAX_ATTEMPTS}·attempts.·Consider·checking·the·network·status·or·increasing·the·retry·interval. with ⏎····Request·with·GUID·${guid}·not·completed·after·${MAX_ATTEMPTS}·attempts.·Consider·checking·the·network·status·or·increasing·the·retry·interval.⏎··

[coderabbitai]

Actionable comments posted: 0

Review Status

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between 995381b and a9f4db1.

Files selected for processing (1)

• packages/solidity-devops/js/utils/etherscan.js (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• packages/solidity-devops/js/utils/etherscan.js

[coderabbitai]

Actionable comments posted: 0

Review Status

Configuration used: .coderabbit.yaml

Commits

Files that changed from the base of the PR and between a9f4db1 and f24fb3b.

Files selected for processing (5)

• packages/solidity-devops/js/forgeVerifyContract.js (1 hunks)
• packages/solidity-devops/js/utils/cast.js (2 hunks)
• packages/solidity-devops/js/utils/chain.js (3 hunks)
• packages/solidity-devops/js/utils/etherscan.js (1 hunks)
• packages/solidity-devops/js/verifyProxy.js (1 hunks)

Files skipped from review as they are similar to previous changes (5)

• packages/solidity-devops/js/forgeVerifyContract.js
• packages/solidity-devops/js/utils/cast.js
• packages/solidity-devops/js/utils/chain.js
• packages/solidity-devops/js/utils/etherscan.js
• packages/solidity-devops/js/verifyProxy.js