bulletin-deploy 0.4.1

package/src/pool.js

@@ -0,0 +1,165 @@
+import { sr25519CreateDerive } from "@polkadot-labs/hdkd";
+import { DEV_PHRASE, entropyToMiniSecret, mnemonicToEntropy } from "@polkadot-labs/hdkd-helpers";
+import { createClient, Enum } from "polkadot-api";
+import { getPolkadotSigner } from "polkadot-api/signer";
+import { getWsProvider } from "polkadot-api/ws-provider";
+import { withPolkadotSdkCompat } from "polkadot-api/polkadot-sdk-compat";
+import { Keyring } from "@polkadot/keyring";
+import { cryptoWaitReady } from "@polkadot/util-crypto";
+
+const DEPLOY_PATH_PREFIX = "//deploy";
+const TOPUP_TRANSACTIONS = 1000;
+const TOPUP_BYTES = 100_000_000n; // 100MB
+const TOPUP_THRESHOLD_TXS = 50n;
+const TOPUP_THRESHOLD_BYTES = 50_000_000n; // 50MB
+
+export function derivePoolAccounts(poolSize = 10, mnemonic = DEV_PHRASE) {
+  const entropy = mnemonicToEntropy(mnemonic);
+  const miniSecret = entropyToMiniSecret(entropy);
+  const derive = sr25519CreateDerive(miniSecret);
+  const keyring = new Keyring({ type: "sr25519" });
+
+  const accounts = [];
+  for (let i = 0; i < poolSize; i++) {
+    const path = `${DEPLOY_PATH_PREFIX}/${i}`;
+    const keyPair = derive(path);
+    const signer = getPolkadotSigner(keyPair.publicKey, "Sr25519", keyPair.sign);
+    const address = keyring.encodeAddress(keyPair.publicKey);
+    accounts.push({ index: i, path, publicKey: keyPair.publicKey, signer, address });
+  }
+  return accounts;
+}
+
+const MIN_TRANSACTIONS = 30n;
+const MIN_BYTES = 20_000_000n; // 20MB
+
+export function selectAccount(authorizations) {
+  const eligible = authorizations.filter(
+    a => a.transactions > MIN_TRANSACTIONS && a.bytes > MIN_BYTES
+  );
+  if (eligible.length === 0) return null;
+  return eligible.reduce((best, a) => a.transactions > best.transactions ? a : best);
+}
+
+export async function fetchPoolAuthorizations(api, accounts) {
+  const results = await Promise.all(
+    accounts.map(async (account) => {
+      try {
+        const auth = await api.query.TransactionStorage.Authorizations.getValue(
+          Enum("Account", account.address)
+        );
+        return {
+          ...account,
+          transactions: auth ? BigInt(auth.extent.transactions) : 0n,
+          bytes: auth ? auth.extent.bytes : 0n,
+        };
+      } catch {
+        return { ...account, transactions: 0n, bytes: 0n };
+      }
+    })
+  );
+  return results;
+}
+
+export async function ensureAuthorized(api, poolAccount, bulletinRpc) {
+  const auth = await api.query.TransactionStorage.Authorizations.getValue(
+    Enum("Account", poolAccount.address)
+  );
+  const txsRemaining = auth ? BigInt(auth.extent.transactions) : 0n;
+  const bytesRemaining = auth ? auth.extent.bytes : 0n;
+
+  if (txsRemaining >= TOPUP_THRESHOLD_TXS && bytesRemaining >= TOPUP_THRESHOLD_BYTES) {
+    return;
+  }
+
+  console.log(`   Auto-authorizing pool account ${poolAccount.index} (${poolAccount.address.slice(0, 8)}...)...`);
+
+  // Separate client to avoid congesting the caller's WebSocket with Alice's tx
+  const aliceClient = createClient(withPolkadotSdkCompat(getWsProvider(bulletinRpc)));
+  const aliceApi = aliceClient.getUnsafeApi();
+
+  try {
+    const keyring = new Keyring({ type: "sr25519" });
+    const alice = keyring.addFromUri("//Alice");
+
+    const aliceAccount = await aliceApi.query.System.Account.getValue(alice.address);
+    const aliceBalance = BigInt(aliceAccount.data.free);
+    if (aliceBalance < 10_000_000_000n) {
+      throw new Error(`Alice has insufficient balance on Bulletin for authorization tx fees. Current: ${(Number(aliceBalance) / 1e12).toFixed(4)} PAS`);
+    }
+
+    const aliceSigner = getPolkadotSigner(alice.publicKey, "Sr25519", (data) => alice.sign(data));
+
+    const tx = aliceApi.tx.TransactionStorage.authorize_account({
+      who: poolAccount.address,
+      transactions: TOPUP_TRANSACTIONS,
+      bytes: TOPUP_BYTES,
+    });
+
+    const result = await tx.signAndSubmit(aliceSigner);
+    if (!result.ok) throw new Error("authorize_account dispatch error");
+
+    console.log(`   Authorized: ${TOPUP_TRANSACTIONS} txs, ${TOPUP_BYTES / 1_000_000n}MB`);
+  } finally {
+    aliceClient.destroy();
+  }
+}
+
+export async function bootstrapPool(bulletinRpc, poolSize = 10, mnemonic) {
+  console.log(`Bootstrapping ${poolSize} pool accounts on ${bulletinRpc}...\n`);
+
+  await cryptoWaitReady();
+  const accounts = derivePoolAccounts(poolSize, mnemonic);
+
+  const client = createClient(withPolkadotSdkCompat(getWsProvider(bulletinRpc)));
+  const api = client.getUnsafeApi();
+
+  const keyring = new Keyring({ type: "sr25519" });
+  const alice = keyring.addFromUri("//Alice");
+  const aliceSigner = getPolkadotSigner(alice.publicKey, "Sr25519", (data) => alice.sign(data));
+
+  const aliceAccount = await api.query.System.Account.getValue(alice.address);
+  const aliceBalance = BigInt(aliceAccount.data.free);
+  console.log(`Alice balance: ${(Number(aliceBalance) / 1e12).toFixed(4)} PAS\n`);
+
+  for (const account of accounts) {
+    console.log(`Account ${account.index}: ${account.address}`);
+
+    try {
+      const tx = api.tx.TransactionStorage.authorize_account({
+        who: account.address,
+        transactions: TOPUP_TRANSACTIONS,
+        bytes: TOPUP_BYTES,
+      });
+      const result = await tx.signAndSubmit(aliceSigner);
+      if (!result.ok) throw new Error("dispatch failed");
+      console.log(`  Authorized: ${TOPUP_TRANSACTIONS} txs, ${Number(TOPUP_BYTES) / 1_000_000}MB`);
+    } catch (e) {
+      console.log(`  Authorization failed: ${e.message?.slice(0, 80)}`);
+    }
+
+    try {
+      const transfer = api.tx.Balances.transfer_allow_death({
+        dest: Enum("Id", account.address),
+        value: 100_000_000_000n, // 0.1 PAS
+      });
+      const result = await transfer.signAndSubmit(aliceSigner);
+      if (!result.ok) throw new Error("dispatch failed");
+      console.log(`  Transferred 0.1 PAS`);
+    } catch (e) {
+      console.log(`  Transfer failed: ${e.message?.slice(0, 80)}`);
+    }
+
+    console.log("");
+  }
+
+  console.log("=".repeat(60));
+  console.log("Pool Summary");
+  console.log("=".repeat(60));
+  const auths = await fetchPoolAuthorizations(api, accounts);
+  for (const a of auths) {
+    console.log(`  ${a.index}: ${a.address} | txs: ${a.transactions} | bytes: ${Number(a.bytes) / 1_000_000}MB`);
+  }
+
+  client.destroy();
+}

package/src/telemetry.js

@@ -0,0 +1,73 @@
+// Sentry telemetry. Enabled by default (DSN is write-only, safe to embed).
+// Set BULLETIN_DEPLOY_TELEMETRY=0 to disable.
+
+import { execSync } from "node:child_process";
+
+const DEFAULT_DSN = "https://e021c025d79c4c3ade2862a11f13c40b@o4509440811401216.ingest.de.sentry.io/4511093597405264";
+const DISABLED = process.env.BULLETIN_DEPLOY_TELEMETRY === "0";
+
+let Sentry = null;
+
+if (!DISABLED) {
+  try {
+    Sentry = await import("@sentry/node");
+  } catch {
+    // @sentry/node not installed — telemetry disabled
+  }
+}
+
+export function initTelemetry() {
+  if (!Sentry) return;
+  Sentry.init({
+    dsn: process.env.SENTRY_DSN || DEFAULT_DSN,
+    tracesSampleRate: 1.0,
+    environment: process.env.CI ? "ci" : "local",
+  });
+}
+
+function tryGitRemote() {
+  try {
+    return execSync("git remote get-url origin", { encoding: "utf-8" }).trim().replace(/.*github\.com[:/]/, "").replace(/\.git$/, "");
+  } catch { return "unknown"; }
+}
+
+function tryGitBranch() {
+  try {
+    return execSync("git rev-parse --abbrev-ref HEAD", { encoding: "utf-8" }).trim();
+  } catch { return "unknown"; }
+}
+
+function getDeployAttributes() {
+  return {
+    "deploy.repo": process.env.GITHUB_REPOSITORY || tryGitRemote(),
+    "deploy.branch": process.env.GITHUB_HEAD_REF || process.env.GITHUB_REF_NAME || tryGitBranch(),
+    "deploy.source": process.env.CI ? "ci" : "local",
+    "deploy.pr": process.env.GITHUB_PR_NUMBER || undefined,
+  };
+}
+
+export async function withSpan(op, description, attributes, fn) {
+  if (!Sentry) return fn();
+  return Sentry.startSpan({ op, name: description, attributes }, fn);
+}
+
+export async function withDeploySpan(domain, fn) {
+  if (!Sentry) return fn();
+  const attrs = { ...getDeployAttributes(), "deploy.domain": domain };
+  try {
+    return await Sentry.startSpan({ op: "deploy", name: `deploy ${domain}`, attributes: attrs }, fn);
+  } finally {
+    await Sentry.flush(5000);
+  }
+}
+
+export function setDeployAttribute(key, value) {
+  if (!Sentry) return;
+  const span = Sentry.getActiveSpan();
+  if (span) span.setAttribute(key, value);
+}
+
+export async function flush() {
+  if (!Sentry) return;
+  await Sentry.flush(5000);
+}

package/test/pool.test.js

@@ -0,0 +1,67 @@
+import { describe, it } from "node:test";
+import assert from "node:assert";
+import { derivePoolAccounts, selectAccount } from "../src/pool.js";
+
+describe("derivePoolAccounts", () => {
+  it("derives the expected number of unique accounts", () => {
+    const accounts = derivePoolAccounts(5);
+    assert.strictEqual(accounts.length, 5);
+    const addresses = new Set(accounts.map(a => a.address));
+    assert.strictEqual(addresses.size, 5, "all addresses should be unique");
+  });
+
+  it("produces deterministic results", () => {
+    const a = derivePoolAccounts(3);
+    const b = derivePoolAccounts(3);
+    assert.deepStrictEqual(
+      a.map(x => x.address),
+      b.map(x => x.address)
+    );
+  });
+
+  it("does not include Alice address", () => {
+    const accounts = derivePoolAccounts(10);
+    const alice = "5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY";
+    for (const a of accounts) {
+      assert.notStrictEqual(a.address, alice);
+    }
+  });
+});
+
+describe("selectAccount", () => {
+  it("selects the account with the most remaining transactions", () => {
+    const mockAuthorizations = [
+      { index: 0, address: "addr0", transactions: 10n, bytes: 50_000_000n },
+      { index: 1, address: "addr1", transactions: 500n, bytes: 90_000_000n },
+      { index: 2, address: "addr2", transactions: 200n, bytes: 30_000_000n },
+    ];
+    const selected = selectAccount(mockAuthorizations);
+    assert.strictEqual(selected.index, 1);
+  });
+
+  it("filters out accounts below transaction threshold", () => {
+    const mockAuthorizations = [
+      { index: 0, address: "addr0", transactions: 5n, bytes: 50_000_000n },
+      { index: 1, address: "addr1", transactions: 100n, bytes: 90_000_000n },
+    ];
+    const selected = selectAccount(mockAuthorizations);
+    assert.strictEqual(selected.index, 1);
+  });
+
+  it("filters out accounts below bytes threshold", () => {
+    const mockAuthorizations = [
+      { index: 0, address: "addr0", transactions: 500n, bytes: 10_000_000n },
+      { index: 1, address: "addr1", transactions: 100n, bytes: 90_000_000n },
+    ];
+    const selected = selectAccount(mockAuthorizations);
+    assert.strictEqual(selected.index, 1);
+  });
+
+  it("returns null when all accounts are exhausted", () => {
+    const mockAuthorizations = [
+      { index: 0, address: "addr0", transactions: 5n, bytes: 1_000_000n },
+    ];
+    const selected = selectAccount(mockAuthorizations);
+    assert.strictEqual(selected, null);
+  });
+});

package/test/test.js

@@ -0,0 +1,114 @@
+import { test, describe } from "node:test";
+import assert from "node:assert/strict";
+import { createCID, encodeContenthash } from "../src/deploy.js";
+import { validateDomainLabel, fetchNonce, TX_TIMEOUT_MS } from "../src/dotns.js";
+
+// ---------------------------------------------------------------------------
+// 1. createCID
+// ---------------------------------------------------------------------------
+describe("createCID", () => {
+  test("produces a valid CIDv1 for known input", () => {
+    const data = new TextEncoder().encode("hello world");
+    const cid = createCID(data);
+    // toString() should return a base32-encoded CIDv1 string (starts with 'b')
+    const cidStr = cid.toString();
+    assert.ok(cidStr.length > 0, "CID string should not be empty");
+    assert.ok(typeof cidStr === "string");
+  });
+
+  test("version is 1", () => {
+    const data = new TextEncoder().encode("hello world");
+    const cid = createCID(data);
+    assert.strictEqual(cid.version, 1);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 2. encodeContenthash
+// ---------------------------------------------------------------------------
+describe("encodeContenthash", () => {
+  test("output starts with 'e301' (IPFS prefix)", () => {
+    const data = new TextEncoder().encode("hello world");
+    const cid = createCID(data);
+    const hex = encodeContenthash(cid.toString());
+    assert.ok(hex.startsWith("e301"), `Expected hex to start with 'e301', got: ${hex.slice(0, 8)}`);
+  });
+
+  test("roundtrip: encode a CID then decode the first bytes", () => {
+    const data = new TextEncoder().encode("roundtrip test");
+    const cid = createCID(data);
+    const hex = encodeContenthash(cid.toString());
+    // First byte 0xe3 = IPFS namespace, second byte 0x01 = CIDv1 marker
+    const bytes = Buffer.from(hex, "hex");
+    assert.strictEqual(bytes[0], 0xe3, "First byte should be 0xe3 (IPFS namespace)");
+    assert.strictEqual(bytes[1], 0x01, "Second byte should be 0x01 (CIDv1 marker)");
+    // The remaining bytes should be the CID bytes
+    const cidBytesFromHex = bytes.slice(2);
+    const cidBytes = Buffer.from(cid.bytes);
+    assert.deepStrictEqual(cidBytesFromHex, cidBytes, "CID bytes after prefix should match original CID bytes");
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 3. validateDomainLabel
+// ---------------------------------------------------------------------------
+describe("validateDomainLabel", () => {
+  test("accepts valid label: 'my-domain'", () => {
+    assert.doesNotThrow(() => validateDomainLabel("my-domain"));
+  });
+
+  test("accepts valid label: 'test12'", () => {
+    assert.doesNotThrow(() => validateDomainLabel("test12"));
+  });
+
+  test("accepts valid label: 'abc'", () => {
+    assert.doesNotThrow(() => validateDomainLabel("abc"));
+  });
+
+  test("rejects too-short labels (less than 3 chars)", () => {
+    assert.throws(() => validateDomainLabel("ab"), /min 3 chars/);
+    assert.throws(() => validateDomainLabel("a"), /min 3 chars/);
+    assert.throws(() => validateDomainLabel(""), /min 3 chars/);
+  });
+
+  test("rejects labels starting with hyphen", () => {
+    assert.throws(() => validateDomainLabel("-abc"), /cannot start or end with hyphen/);
+  });
+
+  test("rejects labels ending with hyphen", () => {
+    assert.throws(() => validateDomainLabel("abc-"), /cannot start or end with hyphen/);
+  });
+
+  test("rejects labels with more than 2 trailing digits", () => {
+    assert.throws(() => validateDomainLabel("abc123"), /max 2 trailing digits/);
+    assert.throws(() => validateDomainLabel("test1234"), /max 2 trailing digits/);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// 4. fetchNonce timeout
+// ---------------------------------------------------------------------------
+describe("fetchNonce", () => {
+  test(
+    "rejects after timeout for an unreachable endpoint",
+    { timeout: 15_000 },
+    async () => {
+      await assert.rejects(
+        () => fetchNonce("ws://192.0.2.1:9944", "5GrwvaEF5zXb26Fz9rcQpDWS57CtERHpNehXCPcNoHGKutQY"),
+        (err) => {
+          assert.ok(err instanceof Error, "Should reject with an Error");
+          return true;
+        }
+      );
+    }
+  );
+});
+
+// ---------------------------------------------------------------------------
+// 5. TX_TIMEOUT_MS
+// ---------------------------------------------------------------------------
+describe("TX_TIMEOUT_MS", () => {
+  test("is exported and equals 90000", () => {
+    assert.strictEqual(TX_TIMEOUT_MS, 90_000);
+  });
+});

package/workflows/deploy-on-pr.yml

@@ -0,0 +1,82 @@
+# Copy this file to your repo's .github/workflows/ directory.
+# Customize the Build step and build output path for your framework.
+
+name: Deploy to Polkadot Triangle
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  workflow_dispatch:
+    inputs:
+      skip-cache:
+        description: 'Force redeploy (skip cache)'
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+  pull-requests: write
+
+concurrency:
+  group: deploy-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+
+      # ----------------------------------------------------------------
+      # Customize this step for your framework:
+      #   Next.js:  npx next build
+      #   Vite:     npx vite build
+      #   Plain:    skip this step (deploy from repo root or a subdirectory)
+      # ----------------------------------------------------------------
+      - name: Build
+        run: npm run build
+
+      - name: Setup IPFS
+        uses: ipfs/download-ipfs-distribution-action@v1
+        with:
+          name: kubo
+          version: v0.33.0
+      - run: ipfs init
+
+      - name: Install deploy tool
+        run: npm install -g github:paritytech/bulletin-deploy
+
+      - name: Deploy
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 15
+          max_attempts: 3
+          retry_wait_seconds: 30
+          command: |
+            # Domain: <repo-name>-<branch>00.dot
+            DOMAIN="${{ github.event.repository.name }}-${{ github.head_ref || github.ref_name }}00.dot"
+            bulletin-deploy './dist' "$DOMAIN"
+        env:
+          MNEMONIC: ${{ secrets.DOTNS_MNEMONIC }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          NODE_OPTIONS: '--max-old-space-size=8192'
+
+      - name: Comment on PR
+        if: github.event.pull_request
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const domain = '${{ github.event.repository.name }}-${{ github.head_ref }}00';
+            const runUrl = `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`;
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: `**${domain}.dot** · [logs](${runUrl})\n\nhttps://${domain}.dot.li`
+            });