diff --git a/onchain/script/BaseDeploy.sol b/onchain/script/BaseDeploy.sol index e8191b9..9779dfb 100644 --- a/onchain/script/BaseDeploy.sol +++ b/onchain/script/BaseDeploy.sol @@ -3,10 +3,14 @@ pragma solidity ^0.8.19; import "forge-std/Script.sol"; contract BaseDeploy is Script { - function run() public view { + function run() public { // Base data - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + // PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key). + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } address sender = vm.addr(privateKey); console.log(sender); } diff --git a/onchain/script/BootstrapVWAPPhase2.s.sol b/onchain/script/BootstrapVWAPPhase2.s.sol index dcd7f0d..566cdd2 100644 --- a/onchain/script/BootstrapVWAPPhase2.s.sol +++ b/onchain/script/BootstrapVWAPPhase2.s.sol @@ -20,6 +20,14 @@ import "forge-std/Script.sol"; * * Usage: * export LM_ADDRESS= + * + * # Option A — env-var key (CI/CD): + * export PRIVATE_KEY=0x + * forge script script/BootstrapVWAPPhase2.s.sol --tc BootstrapVWAPPhase2 \ + * --fork-url $BASE_RPC --broadcast + * + * # Option B — .secret seed-phrase file (local): + * echo "" > .secret * forge script script/BootstrapVWAPPhase2.s.sol --tc BootstrapVWAPPhase2 \ * --fork-url $BASE_RPC --broadcast */ @@ -28,8 +36,12 @@ contract BootstrapVWAPPhase2 is Script { address lmAddress = vm.envAddress("LM_ADDRESS"); LiquidityManager lm = LiquidityManager(payable(lmAddress)); - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + // PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key). + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } vm.startBroadcast(privateKey); console.log("Running VWAP bootstrap phase 2 on LiquidityManager:", lmAddress); diff --git a/onchain/script/DeployBase.sol b/onchain/script/DeployBase.sol index 8f66cdf..3078d45 100644 --- a/onchain/script/DeployBase.sol +++ b/onchain/script/DeployBase.sol @@ -37,8 +37,12 @@ contract DeployBase is Script { IUniswapV3Pool public pool; function run() public { - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + // PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key). + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } vm.startBroadcast(privateKey); address sender = vm.addr(privateKey); diff --git a/onchain/script/UpgradeOptimizer.sol b/onchain/script/UpgradeOptimizer.sol index fc09284..39fe192 100644 --- a/onchain/script/UpgradeOptimizer.sol +++ b/onchain/script/UpgradeOptimizer.sol @@ -12,6 +12,10 @@ import "forge-std/Script.sol"; * OPTIMIZER_PROXY=0x... forge script script/UpgradeOptimizer.sol \ * --rpc-url --broadcast * + * Key injection (checked in order): + * 1. PRIVATE_KEY env var (hex private key — for CI/CD) + * 2. .secret file (BIP-39 seed phrase — for local use) + * * The caller must be the proxy admin (the address that called initialize()). */ contract UpgradeOptimizer is Script { @@ -19,8 +23,12 @@ contract UpgradeOptimizer is Script { address proxyAddress = vm.envAddress("OPTIMIZER_PROXY"); require(proxyAddress != address(0), "OPTIMIZER_PROXY env var required"); - string memory seedPhrase = vm.readFile(".secret"); - uint256 privateKey = vm.deriveKey(seedPhrase, 0); + // PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key). + uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); + if (privateKey == 0) { + string memory seedPhrase = vm.readFile(".secret"); + privateKey = vm.deriveKey(seedPhrase, 0); + } vm.startBroadcast(privateKey); address sender = vm.addr(privateKey);