Transfer Ownership #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Transfer Ownership | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| network: | |
| description: 'Network' | |
| required: true | |
| type: choice | |
| options: | |
| - arbitrumSepolia | |
| - arbitrum | |
| default: 'arbitrumSepolia' | |
| dry-run: | |
| description: 'Dry Run (fork test only, no actual transfer)' | |
| required: true | |
| type: boolean | |
| default: true | |
| jobs: | |
| pre-transfer: | |
| uses: ./.github/workflows/main.yml | |
| transfer-ownership: | |
| needs: pre-transfer | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.network }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Determine new owner address | |
| id: owner | |
| run: | | |
| # Get new owner from GitHub variable | |
| NEW_OWNER="${{ vars.NEW_OWNER }}" | |
| # Validate that we have an address | |
| if [ -z "$NEW_OWNER" ]; then | |
| echo "Error: NEW_OWNER variable not set in GitHub." | |
| echo "Please set the NEW_OWNER variable in Settings → Secrets and variables → Actions → Variables" | |
| exit 1 | |
| fi | |
| # Validate address format | |
| if ! [[ "$NEW_OWNER" =~ ^0x[a-fA-F0-9]{40}$ ]]; then | |
| echo "Error: Invalid Ethereum address format: $NEW_OWNER" | |
| echo "Expected 0x followed by 40 hexadecimal characters." | |
| exit 1 | |
| fi | |
| echo "new_owner=$NEW_OWNER" >> $GITHUB_OUTPUT | |
| echo "New owner address: $NEW_OWNER" | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Nodejs | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' # Cache dependencies | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: Build | |
| run: npm run build | |
| - name: Run fork test (dry run) | |
| if: inputs.dry-run == true | |
| env: | |
| # Note: it is required to define both private key env variables when calling Hardhat. | |
| DEPLOYER_PRIVATE_KEY: ${{ secrets.DEPLOYER_PRIVATE_KEY }} | |
| ADMIN_PRIVATE_KEY: ${{ secrets.ADMIN_PRIVATE_KEY }} | |
| NEW_OWNER: ${{ steps.owner.outputs.new_owner }} | |
| run: | | |
| echo "Running ownership transfer in fork test mode (dry run)..." | |
| echo "Network: ${{ inputs.network }}" | |
| echo "New Owner: ${{ steps.owner.outputs.new_owner }}" | |
| if [ "${{ inputs.network }}" == "arbitrumSepolia" ]; then | |
| export ARBITRUM_SEPOLIA_FORK=true | |
| elif [ "${{ inputs.network }}" == "arbitrum" ]; then | |
| export ARBITRUM_FORK=true | |
| fi | |
| # Start the fork in the background | |
| npx hardhat node --no-deploy > /dev/null 2>&1 & | |
| HARDHAT_PID=$! | |
| echo "Hardhat node started with PID $HARDHAT_PID" | |
| # Wait for the node to be ready | |
| sleep 10 | |
| # Run the transfer script on localhost (fork) | |
| npx hardhat run scripts/transfer-ownership.ts --network localhost | |
| # Kill the Hardhat node | |
| kill $HARDHAT_PID || true | |
| - name: Execute ownership transfer on live network | |
| if: inputs.dry-run == false | |
| env: | |
| # Note: it is required to define both private key env variables when calling Hardhat. | |
| DEPLOYER_PRIVATE_KEY: ${{ secrets.DEPLOYER_PRIVATE_KEY }} | |
| ADMIN_PRIVATE_KEY: ${{ secrets.ADMIN_PRIVATE_KEY }} | |
| RPC_URL: ${{ secrets.RPC_URL }} | |
| NEW_OWNER: ${{ steps.owner.outputs.new_owner }} | |
| run: | | |
| echo "⚠️ WARNING: Executing LIVE ownership transfer!" | |
| echo "Network: ${{ inputs.network }}" | |
| echo "New Owner: ${{ steps.owner.outputs.new_owner }}" | |
| echo "This action is IRREVERSIBLE. Proceeding in 5 seconds..." | |
| sleep 5 | |
| npx hardhat run scripts/transfer-ownership.ts --network ${{ inputs.network }} | |
| - name: Summary | |
| if: always() | |
| run: | | |
| echo "## Ownership Transfer Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Network**: ${{ inputs.network }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **New Owner**: \`${{ steps.owner.outputs.new_owner }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Mode**: ${{ inputs.dry-run == true && 'Dry Run (Fork Test)' || '🔴 LIVE EXECUTION' }}" >> $GITHUB_STEP_SUMMARY | |
| echo "- **Status**: ${{ job.status }}" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| if [ "${{ inputs.dry-run }}" == "false" ]; then | |
| echo "### ⚠️ IMPORTANT" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "Ownership has been transferred on **LIVE** network. Verify the new owner:" >> $GITHUB_STEP_SUMMARY | |
| echo "- Diamond Proxy" >> $GITHUB_STEP_SUMMARY | |
| echo "- App Registry" >> $GITHUB_STEP_SUMMARY | |
| echo "- Dataset Registry" >> $GITHUB_STEP_SUMMARY | |
| echo "- Workerpool Registry" >> $GITHUB_STEP_SUMMARY | |
| fi |