From 9632693b8a8d57fc8685dbfa319dbf0764d94124 Mon Sep 17 00:00:00 2001 From: openhands Date: Thu, 19 Mar 2026 00:03:59 +0000 Subject: [PATCH] fix: BootstrapVWAPPhase2.s.sol hardcodes .secret file dependency (#769) Check PRIVATE_KEY env var first in BootstrapVWAPPhase2.s.sol, DeployBase.sol, and BaseDeploy.sol; fall back to .secret seed-phrase file when unset. This allows CI/CD environments to inject keys via environment variables while preserving the existing local .secret workflow unchanged. Co-Authored-By: Claude Sonnet 4.6 --- onchain/script/BaseDeploy.sol | 7 +++++-- onchain/script/BootstrapVWAPPhase2.s.sol | 15 +++++++++++++-- onchain/script/DeployBase.sol | 7 +++++-- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/onchain/script/BaseDeploy.sol b/onchain/script/BaseDeploy.sol index e8191b9..8748f22 100644 --- a/onchain/script/BaseDeploy.sol +++ b/onchain/script/BaseDeploy.sol @@ -5,8 +5,11 @@ import "forge-std/Script.sol"; contract BaseDeploy is Script { function run() public view { // Base data - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } address sender = vm.addr(privateKey); console.log(sender); } diff --git a/onchain/script/BootstrapVWAPPhase2.s.sol b/onchain/script/BootstrapVWAPPhase2.s.sol index dcd7f0d..d33953f 100644 --- a/onchain/script/BootstrapVWAPPhase2.s.sol +++ b/onchain/script/BootstrapVWAPPhase2.s.sol @@ -20,6 +20,14 @@ import "forge-std/Script.sol"; * * Usage: * export LM_ADDRESS= + * + * # Option A — env-var key (CI/CD): + * export PRIVATE_KEY=0x + * forge script script/BootstrapVWAPPhase2.s.sol --tc BootstrapVWAPPhase2 \ + * --fork-url $BASE_RPC --broadcast + * + * # Option B — .secret seed-phrase file (local): + * echo "" > .secret * forge script script/BootstrapVWAPPhase2.s.sol --tc BootstrapVWAPPhase2 \ * --fork-url $BASE_RPC --broadcast */ @@ -28,8 +36,11 @@ contract BootstrapVWAPPhase2 is Script { address lmAddress = vm.envAddress("LM_ADDRESS"); LiquidityManager lm = LiquidityManager(payable(lmAddress)); - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } vm.startBroadcast(privateKey); console.log("Running VWAP bootstrap phase 2 on LiquidityManager:", lmAddress); diff --git a/onchain/script/DeployBase.sol b/onchain/script/DeployBase.sol index 8f66cdf..dc76f5f 100644 --- a/onchain/script/DeployBase.sol +++ b/onchain/script/DeployBase.sol @@ -37,8 +37,11 @@ contract DeployBase is Script { IUniswapV3Pool public pool; function run() public { - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } vm.startBroadcast(privateKey); address sender = vm.addr(privateKey);