Use Cannon for Deployments

.github/workflows/CI.yml

@@ -19,7 +19,7 @@ jobs:
           node-version: ${{ matrix.node }}
       - id: yarn-cache
         run: echo "::set-output name=dir::$(yarn cache dir)"
-      - uses: actions/cache@v4
+      - uses: actions/cache@v2
         with:
           path: ${{ steps.yarn-cache.outputs.dir }}
           key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }}

.github/workflows/cannon.yml

@@ -0,0 +1,38 @@
+name: Cannon Build
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  build-cannon:
+    strategy:
+      matrix:
+        node-version: [14.x]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v1
+        with:
+          node-version: ${{ matrix.node }}
+      - id: yarn-cache
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        with:
+          path: ${{ steps.yarn-cache.outputs.dir }}
+          key: ${{ matrix.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ matrix.os }}-yarn-
+      - run: yarn --frozen-lockfile
+      - run: yarn build
+      - run: yarn hardhat cannon build cannonfile.toml
+      - run: yarn record-cannon
+      - name: Verify no unexpected changes from record-cannon
+        run: |
+          if ! git diff --quiet; then
+            echo "Error: Please run `yarn record-cannon` to sync the repository state with the published cannon package"
+            git diff
+            exit 1
+          fi

README.md

@@ -54,65 +54,52 @@ In order to get a detailed trace of a settlement to identify how much gas is bei
 yarn bench:trace
 ```
 
-## Deployment
+## Building a Cannon Package for Deployment
 
-Contracts deployment (including contract verification) is run automatically with GitHub Actions. The deployment process is triggered manually.
-Maintainers of this repository can deploy a new version of the contract in the "Actions" tab, "Deploy GPv2 contracts", "Run workflow". The target branch can be selected before running.
-A successful workflow results in a new PR asking to merge the deployment artifacts into the main branch.
+This project uses [Cannon](https://usecannon.com/) to generate a deployable artifact for the contracts in this repository. The deployment on live networks does not occur on this repository.
 
-Contracts can also be deployed and verified manually as follows.
+To learn more or browse artifacts for the actual deployed contracts, see [`cow-deployments` repository](https://github.com/cowprotocol/cow-deployments) or [`cow-omnibus` on Cannon Explorer](https://usecannon.com/packages/cow-omnibus).
 
-### Deploying Contracts
+### Building the Cannon Package
 
-Choose the network and gas price in wei for the deployment.
-After replacing these values, run:
+To build a new Cannon package for the GPv2 Settlement contracts:
 
 ```sh
-NETWORK='rinkeby'
-GAS_PRICE_WEI='1000000000'
-yarn deploy --network $NETWORK --gasprice $GAS_PRICE_WEI
+yarn hardhat cannon:build
 ```
 
-New files containing details of this deployment will be created in the `deployment` folder.
-These files should be committed to this repository.
+This will:
+- Recompile the Solidity contracts as needed
+- Generate a deployment manifest including the solidity input json, default settings, ABIs, as well as predicted deployment addresses.
+- Store the deployment artifacts in the `cannon-deploys/` directory
 
-### Verify Deployed Contracts
+### Building with Custom Settings
 
-#### Etherscan
-
-For verifying all deployed contracts:
+To build with custom owner or manager addresses, you can pass variables:
 
 ```sh
-export ETHERSCAN_API_KEY=<Your Key>
-yarn verify:etherscan --network $NETWORK
+yarn hardhat cannon:build owner=0xYourOwnerAddress manager=0xYourManagerAddress
 ```
 
-Single contracts can be verified as well, but the constructor arguments must be explicitly given to the command.
-A common example is the vault relayer contract, which is not automatically verified with the command above since it is only deployed indirectly during initialization. This contract can be manually verified with:
+The contracts use deterministic deployment (CREATE2) with the salt "Mattresses in Berlin!" to ensure the same addresses across all networks.
 
-```sh
-npx hardhat verify --network $NETWORK 0xC92E8bdf79f0507f65a392b0ab4667716BFE0110 0xBA12222222228d8Ba445958a75a0704d566BF2C8
-```
+### Publishing the Cannon Package
 
-The first address is the vault relayer address, the second is the deployment input (usually, the Balancer vault).
+Upon release, the cannon package for this repository should be published, and the deployment artifacts should be recorded on this repository.
 
-#### Tenderly
+To publish the cannon package, using a wallet that has permission to publish on behalf of the `cow-settlement` package on the Cannon Registry, execute the publish command:
 
-For verifying all deployed contracts:
-
-```sh
-yarn verify:tenderly --network $NETWORK
+```
+yarn cannon publish cow-settlement:<version> --chain-id 13370
 ```
 
-For a single contract, named `GPv2Contract` and located at address `0xFeDbc87123caF3925145e1bD1Be844c03b36722f` in the example:
+To record the release artifacts to this repository, run:
 
-```sh
-npx hardhat tenderly:verify --network $NETWORK GPv2Contract=0xFeDbc87123caF3925145e1bD1Be844c03b36722f
+```
+yarn record-cannon
 ```
 
-## Deployed Contract Addresses
-
-This package additionally contains a `networks.json` file at the root with the address of each deployed contract as well the hash of the Ethereum transaction used to create the contract.
+Commit the result.
 
 ## Test coverage [![Coverage Status](https://coveralls.io/repos/github/gnosis/gp-v2-contracts/badge.svg?branch=main)](https://coveralls.io/github/gnosis/gp-v2-contracts?branch=main)