Automate ICO deployment with comprehensive CI/CD pipeline and multi-network support

.github/workflows/ci-cd.yml

@@ -1,5 +1,4 @@
-name: CI/CD Pipeline
-
+name: ICO Deployment CI/CD Pipeline
 on:
   push:
     branches:
@@ -8,6 +7,17 @@ on:
     branches:
       - main
   workflow_dispatch: # Allows you to manually trigger the workflow
+    inputs:
+      network:
+        description: 'Network to deploy to'
+        required: true
+        default: 'sepolia'
+        type: choice
+        options:
+        - sepolia
+        - mainnet
+        - polygon
+        - bsc
 
 jobs:
   build:
@@ -16,58 +26,223 @@ jobs:
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Node.js
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 18
+        cache: 'npm'
 
     - name: Install dependencies
-      run: npm install
+      run: npm ci
 
     - name: Compile contracts
       run: npx hardhat compile
 
+    - name: Cache build artifacts
+      uses: actions/cache@v3
+      with:
+        path: |
+          artifacts
+          cache
+        key: ${{ runner.os }}-hardhat-${{ hashFiles('contracts/**/*.sol') }}
+
   test:
     name: Run Tests
     runs-on: ubuntu-latest
-    needs: build # Ensures tests run after build stage
+    needs: build
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Node.js
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 18
+        cache: 'npm'
 
     - name: Install dependencies
-      run: npm install
+      run: npm ci
+
+    - name: Restore build cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          artifacts
+          cache
+        key: ${{ runner.os }}-hardhat-${{ hashFiles('contracts/**/*.sol') }}
 
     - name: Run tests
-      run: npx hardhat test
+      run: npm test
+
+    - name: Generate test report
+      run: |
+        npx hardhat test --reporter json > test-report.json || true
+
+    - name: Upload test results
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: test-results
+        path: test-report.json
 
-  deploy:
-    name: Deploy Contracts
+  security-check:
+    name: Security Analysis
     runs-on: ubuntu-latest
-    needs: test # Ensures deployment runs after tests pass
+    needs: build
+    continue-on-error: true
 
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Node.js
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@v4
       with:
         node-version: 18
+        cache: 'npm'
 
     - name: Install dependencies
-      run: npm install
+      run: npm ci
 
-    - name: Deploy contracts
-      run: npx hardhat run scripts/deploy.js --network mainnet
+    - name: Run npm audit
+      run: npm audit --audit-level moderate || true
+
+  deploy-testnet:
+    name: Deploy to Testnet
+    runs-on: ubuntu-latest
+    needs: [test, security-check]
+    if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+    environment: testnet
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 18
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Restore build cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          artifacts
+          cache
+        key: ${{ runner.os }}-hardhat-${{ hashFiles('contracts/**/*.sol') }}
+
+    - name: Deploy to Sepolia Testnet
+      run: npx hardhat run scripts/deploy-with-info.js --network sepolia
       env:
         PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
-        INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+        INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+        SEPOLIA_RPC_URL: ${{ secrets.SEPOLIA_RPC_URL }}
+        OWNER_ADDRESS: ${{ secrets.OWNER_ADDRESS }}
+
+    - name: Upload deployment artifacts
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: sepolia-deployment-${{ github.run_number }}
+        path: deployments/sepolia-*.json
+
+  deploy-mainnet:
+    name: Deploy to Mainnet
+    runs-on: ubuntu-latest
+    needs: [deploy-testnet]
+    if: github.event_name == 'workflow_dispatch' && github.event.inputs.network == 'mainnet'
+    environment: production
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 18
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Restore build cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          artifacts
+          cache
+        key: ${{ runner.os }}-hardhat-${{ hashFiles('contracts/**/*.sol') }}
+
+    - name: Deploy to Mainnet
+      run: npx hardhat run scripts/deploy-with-info.js --network mainnet
+      env:
+        PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+        INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+        MAINNET_RPC_URL: ${{ secrets.MAINNET_RPC_URL }}
+        ETHERSCAN_API_KEY: ${{ secrets.ETHERSCAN_API_KEY }}
+        OWNER_ADDRESS: ${{ secrets.OWNER_ADDRESS }}
+
+    - name: Upload deployment artifacts
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: mainnet-deployment-${{ github.run_number }}
+        path: deployments/mainnet-*.json
+
+    - name: Verify contracts on Etherscan
+      run: |
+        echo "Attempting to verify contracts on Etherscan..."
+        # The verification commands are provided in the deployment output
+        # Manual verification may be required for complex constructor parameters
+
+  deploy-alternative-networks:
+    name: Deploy to Alternative Networks
+    runs-on: ubuntu-latest
+    needs: [test, security-check]
+    if: github.event_name == 'workflow_dispatch' && (github.event.inputs.network == 'polygon' || github.event.inputs.network == 'bsc')
+    environment: alternative-networks
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: 18
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Restore build cache
+      uses: actions/cache@v3
+      with:
+        path: |
+          artifacts
+          cache
+        key: ${{ runner.os }}-hardhat-${{ hashFiles('contracts/**/*.sol') }}
+
+    - name: Deploy to Network
+      run: npx hardhat run scripts/deploy-with-info.js --network ${{ github.event.inputs.network }}
+      env:
+        PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
+        INFURA_API_KEY: ${{ secrets.INFURA_API_KEY }}
+        POLYGON_RPC_URL: ${{ secrets.POLYGON_RPC_URL }}
+        BSC_RPC_URL: ${{ secrets.BSC_RPC_URL }}
+        OWNER_ADDRESS: ${{ secrets.OWNER_ADDRESS }}
+
+    - name: Upload deployment artifacts
+      uses: actions/upload-artifact@v3
+      if: always()
+      with:
+        name: ${{ github.event.inputs.network }}-deployment-${{ github.run_number }}
+        path: deployments/${{ github.event.inputs.network }}-*.json

.gitignore

@@ -23,6 +23,11 @@ yarn-error.log*
 cache/
 artifacts/
 
+# Deployment information
+deployments/
+*.env
+.env.*
+
 # Project files, i.e. `.project`, `.actionScriptProperties` and `.flexProperties`
 # should NOT be excluded as they contain compiler settings and other important
 # information for Eclipse / Flash Builder.