cosmwasm - separate deploy code per chain

.github/workflows/build.yml

@@ -213,6 +213,14 @@ jobs:
           node-version: "16"
       - run: cd terra && make test
   terra-2:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: "16"
+      - run: cd cosmwasm/deployment/terra2 && make test
+  cosmwasm:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v2

Dockerfile.const

@@ -17,7 +17,7 @@ COPY clients/js/package.json clients/js/package-lock.json ./
 # mount the buildkit cache on npm's cache dir, install dependencies
 
 # Commenting out npm cache due to heisenbug with github build machines
-# RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm 
+# RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm
 
 RUN npm ci
 
@@ -41,7 +41,7 @@ FROM scratch AS const-export
 COPY --from=const-build /scripts/.env.0x ethereum/.env
 COPY --from=const-build /scripts/.env.hex solana/.env
 COPY --from=const-build /scripts/.env.hex terra/tools/.env
-COPY --from=const-build /scripts/.env.hex cosmwasm/tools/.env
+COPY --from=const-build /scripts/.env.hex cosmwasm/deployment/terra2/tools/.env
 COPY --from=const-build /scripts/.env.hex algorand/.env
 COPY --from=const-build /scripts/.env.hex near/.env
 COPY --from=const-build /scripts/.env.hex aptos/.env

Tiltfile

@@ -612,17 +612,25 @@ if terra_classic:
         trigger_mode = trigger_mode,
     )
 
+if terra2 or wormchain:
+    docker_build(
+        ref = "cosmwasm_artifacts",
+        context = ".",
+        dockerfile = "./cosmwasm/Dockerfile",
+        target = "artifacts",
+    )
+
 if terra2:
     docker_build(
         ref = "terra2-image",
-        context = "./cosmwasm/devnet",
-        dockerfile = "cosmwasm/devnet/Dockerfile",
+        context = "./cosmwasm/deployment/terra2/devnet",
+        dockerfile = "./cosmwasm/deployment/terra2/devnet/Dockerfile",
     )
 
     docker_build(
-        ref = "terra2-contracts",
-        context = ".",
-        dockerfile = "./cosmwasm/Dockerfile",
+        ref = "terra2-deploy",
+        context = "./cosmwasm/deployment/terra2",
+        dockerfile = "./cosmwasm/Dockerfile.deploy",
     )
 
     k8s_yaml_with_ns("devnet/terra2-devnet.yaml")

cosmwasm/.gitignore

@@ -1,3 +1,2 @@
-LocalTerra
 artifacts
 !artifacts/cw20_base.wasm

cosmwasm/Dockerfile

@@ -8,6 +8,7 @@ COPY cosmwasm/Cargo.lock /code/
 COPY cosmwasm/Cargo.toml /code/
 COPY cosmwasm/contracts /code/contracts
 COPY cosmwasm/packages /code/packages
+COPY cosmwasm/artifacts /code/artifacts
 COPY sdk/rust /sdk/rust
 
 # Support additional root CAs
@@ -19,26 +20,3 @@ RUN --mount=type=cache,target=/code/target,id=cosmwasm_target --mount=type=cache
 
 FROM scratch as artifacts
 COPY --from=builder /code/artifacts /
-
-# Contract deployment stage
-FROM node:16-buster-slim@sha256:93c9fc3550f5f7d159f282027228e90e3a7f8bf38544758024f005e82607f546
-
-# Support additional root CAs
-COPY README.md cert.pem* /certs/
-# Node
-ENV NODE_EXTRA_CA_CERTS=/certs/cert.pem
-ENV NODE_OPTIONS=--use-openssl-ca
-# npm
-RUN if [ -e /certs/cert.pem ]; then npm config set cafile /certs/cert.pem; fi
-
-RUN apt update && apt install netcat curl jq -y
-
-WORKDIR /app/tools
-
-COPY --from=artifacts / /app/artifacts
-COPY ./cosmwasm/artifacts/cw20_base.wasm /app/artifacts/
-
-COPY ./cosmwasm/tools/package.json ./cosmwasm/tools/package-lock.json /app/tools/
-RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
-    npm ci
-COPY ./cosmwasm/tools /app/tools

cosmwasm/Dockerfile.deploy

@@ -0,0 +1,28 @@
+# This is a multi-stage docker file:
+#  1. The first stage contains the built contracts (wasm files)
+#  2. The second creates a node.js environment to deploy the contracts to devnet
+
+#  local cosmwasm image, built by tilt
+FROM cosmwasm_artifacts AS artifacts
+
+# Contract deployment stage
+FROM node:16-buster-slim@sha256:93c9fc3550f5f7d159f282027228e90e3a7f8bf38544758024f005e82607f546
+
+# Support additional root CAs
+COPY cert.pem* /certs/
+# Node
+ENV NODE_EXTRA_CA_CERTS=/certs/cert.pem
+ENV NODE_OPTIONS=--use-openssl-ca
+# npm
+RUN if [ -e /certs/cert.pem ]; then npm config set cafile /certs/cert.pem; fi
+
+RUN apt update && apt install netcat curl jq -y
+
+WORKDIR /app/tools
+
+COPY --from=artifacts / /app/artifacts
+
+COPY ./tools/package.json ./tools/package-lock.json /app/tools/
+RUN --mount=type=cache,uid=1000,gid=1000,target=/home/node/.npm \
+    npm ci
+COPY ./tools /app/tools

cosmwasm/Makefile

@@ -1,8 +1,4 @@
-bridge_SOURCE=wormhole
-token_bridge_SOURCE=token_bridge_terra
-
 SOURCE_FILES=$(shell find . -name "*.rs" -or -name "*.lock" -or -name "*.toml" | grep -v target)
-
 PACKAGES=$(shell find . -name "Cargo.toml" | grep -E 'packages|contracts' | xargs cat | grep "name *=" | cut -d' ' -f3 | sed s/\"//g | sed s/-/_/g)
 WASMS=$(patsubst %, artifacts/%.wasm, $(PACKAGES))
 
@@ -12,67 +8,19 @@ WASMS=$(patsubst %, artifacts/%.wasm, $(PACKAGES))
 ## Build contracts.
 artifacts: artifacts/checksums.txt
 
-VALID_mainnet=1
-VALID_testnet=1
-VALID_devnet=1
-.PHONY: check-network
-check-network:
-ifndef VALID_$(NETWORK)
-	$(error Invalid or missing NETWORK. Please call with `$(MAKE) $(MAKECMDGOALS) NETWORK=[mainnet | testnet | devnet]`)
-endif
-
 $(WASMS) artifacts/checksums.txt: $(SOURCE_FILES)
 	DOCKER_BUILDKIT=1 docker build --target artifacts -o artifacts -f ./Dockerfile ../
 
-payer-$(NETWORK).json:
-	$(error Missing private key in payer-$(NETWORK).json)
-
-.PHONY: deploy/bridge
-## Deploy core bridge
-deploy/bridge: bridge-code-id-$(NETWORK).txt
-
-.PHONY: deploy/token_bridge
-## Deploy token bridge
-deploy/token_bridge: token_bridge-code-id-$(NETWORK).txt
-
-%-code-id-$(NETWORK).txt: check-network tools/node_modules payer-$(NETWORK).json artifacts
-	@echo "Deploying artifacts/$($*_SOURCE).wasm on $(NETWORK)"
-	@node tools/deploy_single.js \
-		--network $(NETWORK) \
-		--artifact artifacts/$($*_SOURCE).wasm \
-		--mnemonic "$$(cat payer-$(NETWORK).json)" \
-		| grep -i "code id" | sed s/[^0-9]//g \
-		> $@
-	@echo "Deployed at code id $$(cat $@) (stored in $@)"
-
 tools/node_modules: tools/package-lock.json
 	cd tools && npm ci
 
-LocalTerra:
-	git clone --depth 1 https://www.github.com/terra-money/LocalTerra
-
-test/node_modules: test/package-lock.json
-	cd test && npm ci
-
-.PHONY: unit-test
-## Run unit tests
-unit-test:
-	cargo test -p wormhole-bridge-terra-2
-	cargo test -p token-bridge-terra-2
-	cargo test -p cw20-wrapped-2
-
 .PHONY: test
-## Run unit and integration tests
-test: artifacts test/node_modules LocalTerra
-	@if pgrep terrad; then echo "Error: terrad already running. Stop it before running tests"; exit 1; fi
-	cd LocalTerra && docker-compose up --detach
-	sleep 5
-	cd test && npm run test || (cd ../LocalTerra && docker-compose down && exit 1)
-	cd LocalTerra && docker-compose down
+## Run unit tests
+test:
+	cargo test --workspace --locked
+
 
 .PHONY: clean
 clean:
 	rm -f $(WASMS)
 	rm -f artifacts/checksums.txt
-	rm -rf tools/node_modules
-	rm -rf test/node_modules

cosmwasm/README.md

@@ -1,136 +1,22 @@
-# Terra Wormhole Contract Deployment
+# Cosmwasm Wormhole Contracts
 
-This readme describes the steps for building, verifying, and deploying Terra smart contracts for Wormhole.
-
-**WARNING**: *This process is only Linux host compatible at this time.*
-
-## Verify Tilt
-
-Before building Terra contracts, ensure that the specific commit you will be
-building from passes in tilt. This that ensures basic functionality of the
-Terra smart contracts that you are about to build and deploy.
+**NOTE**: _This process is only Linux host compatible at this time._
 
 ## Build Contracts
 
-The following command can be used to build Terra contracts via Docker.
-
-Build Target Options: [`mainnet`|`testnet`|`devnet`|
-
-These network names correspond to the naming convention used by wormhole
-elsewhere. This means that `mainnet` corresponds to Terra `mainnet`,
-`testnet` corresponds to Terra `testnet`, and `devnet` is `localterra`.
+The following command can be used to build optimized cosmwasm contracts via Docker.
 
 ```console
-wormhole/terra $ make artifacts
+wormhole/cosmwasm $ make artifacts
 ```
 
-Upon completion, the compiled bytecode for the Terra contracts will be placed
+Upon completion, the compiled bytecode for cosmwasm contracts will be placed
 into the `artifacts` directory.
 
-## Verify Checksums 
-
-Now that you have built the Terra contracts, you should ask a peer to build
-using the same process and compare the equivalent checksums.txt files to make
-sure the contract bytecode(s) are deterministic.
-
-```console
-wormhole/terra $ cat artifacts/checksums.txt
-```
-
-Once you have verified the Terra contracts are deterministic with a peer, you can now move to the deploy step.
-
 ## Run tests
 
-**Disclaimer: Currently the only test that exists is for the token bridge's transfer.**
-
-You can run the integration test suite on the artifacts you built.
+You can run the cargo unit tests.
 
 ```console
-wormhole/terra $ make test
-```
-
-This command deploys your artifacts and performs various interactions with your
-contracts in a LocalTerra node. Any new functionality (including expected errors)
-to the contracts should be added to this test suite.
-
-## Deploy Contracts
-
-Now that you have built and verified checksums, you can now deploy one or more relevant contracts to the Terra blockchain.
-
-Deploy Target Options: [`mainnet`|`testnet`|`devnet`]
-
-You will need to define a `payer-DEPLOY_TARGET.json` for the relevant deploy
-target (eg. `payer-testnet.json`).  This will contain the relevant wallet
-private key that you will be using to deploy the contracts.
-
-```console
-wormhole/terra $ make deploy/bridge
-wormhole/terra $ make deploy/token_bridge
-wormhole/terra $ make deploy/nft_bridge
-```
-
-For each deployed contract, you will get a code id for that relevant
-contract for the deployment, make note of these so you can use them in
-the next step for on-chain verification.
-
-## Verify On-Chain
-
-Now that you have deployed one or more contracts on-chain, you can verify the
-onchain bytecode and make sure it matches the same checksums you identified
-above.
-
-For each contract you wish to verify on-chain, you will need the following elements:
-
-- Path to the contracts bytecode (eg. `artifacts-testnet/token_bridge.wasm`)
-- Terra code id for the relevant contract (eg. `59614`)
-- A network to verify on (`mainnet`, `testnet`, or `devnet`)
-
-Below is how to verify all three contracts:
-
-```console
-wormhole/terra $ ./verify artifacts/wormhole.wasm NEW_BRIDGE_CODE_ID
-wormhole/terra $ ./verify artifacts/token_bridge.wasm NEW_TOKEN_BRIDGE_CODE_ID
-wormhole/terra $ ./verify artifacts/nft_bridge.wasm NEW_NFT_BRIDGE_CODE_ID
-```
-Example: `./verify artifacts/token_bridge.wasm 59614`
-
-For each contract, you should expect a `Successfully verified` output message.
-If all contracts can be successfully verified, you can engage in Wormhole
-protocol governance to obtain an authorized VAA for the contract upgrade(s).
-
-A verification failure should never happen, and is a sign of some error in the
-deployment process.  Do not proceed with governance until you can verify the
-on-chain bytecode with the locally compiled bytecode.
-
-
-## Governance
-
-### Mainnet
-
-Upgrades on mainnet have to go through governance. Once the code is deployed in
-the previous step, an unsigned governance VAA can be generated
-
-```sh
-./generate_governance -m token_bridge -c 59614 > token-bridge-upgrade-59614.prototxt
-```
-
-This will write to the `token-bridge-upgrade-59614.prototxt` file, which can
-now be shared with the guardians to vote on.
-
-Once the guardians have reached quorum, the VAA may be submitted from any
-funded wallet: TODO - make this easier and more unified
-
-``` sh
-node main.js terra execute_governance_vaa <signed VAA (hex)> --rpc "https://lcd.terra.dev" --chain_id "columbus-5" --mnemonic "..." --token_bridge "terra10nmmwe8r3g99a9newtqa7a75xfgs2e8z87r2sf"
-```
-
-### Testnet
-
-For the contracts on testnet, the deployer wallet retains the upgrade
-authority, so these don't have to go through governance.
-
-For example, to migrate the token bridge to 59614, run in `tools/`:
-
-``` sh
-node migrate_testnet.js --code_id 59614 --contract terra1pseddrv0yfsn76u4zxrjmtf45kdlmalswdv39a --mnemonic "..."
+wormhole/cosmwasm $ cargo test --workspace --locked
 ```

cosmwasm/contracts/README.md

@@ -1,3 +0,0 @@
-# Terra Wormhole Contracts
-
-The Wormhole Terra integration is developed and maintained by Everstake / @ysavchenko.

cosmwasm/deployment/terra2/.dockerignore

@@ -0,0 +1,3 @@
+target
+tools/node_modules
+tools/dist

cosmwasm/deployment/terra2/.gitignore

@@ -0,0 +1,4 @@
+LocalTerra
+artifacts
+!artifacts/cw20_base.wasm
+tools/devnet-consts.json

cosmwasm/deployment/terra2/Makefile

@@ -0,0 +1,58 @@
+bridge_SOURCE=wormhole
+token_bridge_SOURCE=token_bridge_terra
+
+
+-include ../Makefile.help
+
+.PHONY: artifacts
+## Build contracts and copy to terra2
+artifacts:
+	cd ../.. && $(MAKE) artifacts
+	cp -r ../../artifacts .
+
+
+payer-$(NETWORK).json:
+	$(error Missing private key in payer-$(NETWORK).json)
+
+.PHONY: deploy/bridge
+## Deploy core bridge
+deploy/bridge: bridge-code-id-$(NETWORK).txt
+
+.PHONY: deploy/token_bridge
+## Deploy token bridge
+deploy/token_bridge: token_bridge-code-id-$(NETWORK).txt
+
+%-code-id-$(NETWORK).txt: check-network tools/node_modules payer-$(NETWORK).json artifacts
+	@echo "Deploying artifacts/$($*_SOURCE).wasm on $(NETWORK)"
+	@node tools/deploy_single.js \
+		--network $(NETWORK) \
+		--artifact artifacts/$($*_SOURCE).wasm \
+		--mnemonic "$$(cat payer-$(NETWORK).json)" \
+		| grep -i "code id" | sed s/[^0-9]//g \
+		> $@
+	@echo "Deployed at code id $$(cat $@) (stored in $@)"
+
+tools/node_modules: tools/package-lock.json
+	cd tools && npm ci
+
+LocalTerra:
+	git clone --depth 1 https://www.github.com/terra-money/LocalTerra
+
+test/node_modules: test/package-lock.json
+	cd test && npm ci
+
+
+.PHONY: test
+## Run unit and integration tests
+test: artifacts test/node_modules LocalTerra
+	@if pgrep terrad; then echo "Error: terrad already running. Stop it before running tests"; exit 1; fi
+	cd LocalTerra && docker-compose up --detach
+	sleep 5
+	cd test && npm run test || (cd ../LocalTerra && docker-compose down && exit 1)
+	cd LocalTerra && docker-compose down
+
+.PHONY: clean
+clean:
+	rm -rf artifacts
+	rm -rf tools/node_modules
+	rm -rf test/node_modules

cosmwasm/deployment/terra2/README.md

@@ -0,0 +1,136 @@
+# Terra2 Wormhole Contract Deployment
+
+This readme describes the steps for building, verifying, and deploying Terra2 smart contracts for Wormhole.
+
+**WARNING**: _This process is only Linux host compatible at this time._
+
+## Verify Tilt
+
+Before building Terra contracts, ensure that the specific commit you will be
+building from passes in tilt. This that ensures basic functionality of the
+Terra smart contracts that you are about to build and deploy.
+
+## Build Contracts
+
+The following command can be used to build Terra2 contracts via Docker.
+
+Build Target Options: [`mainnet`|`testnet`|`devnet`|
+
+These network names correspond to the naming convention used by wormhole
+elsewhere. This means that `mainnet` corresponds to Terra `mainnet`,
+`testnet` corresponds to Terra `testnet`, and `devnet` is `localterra`.
+
+```console
+make artifacts
+```
+
+Upon completion, the compiled bytecode for the Terra contracts will be placed
+into the `artifacts` directory.
+
+## Verify Checksums
+
+Now that you have built the Terra contracts, you should ask a peer to build
+using the same process and compare the equivalent checksums.txt files to make
+sure the contract bytecode(s) are deterministic.
+
+```console
+cat artifacts/checksums.txt
+```
+
+Once you have verified the Terra contracts are deterministic with a peer, you can now move to the deploy step.
+
+## Run tests
+
+**Disclaimer: Currently the only test that exists is for the token bridge's transfer.**
+
+You can run the integration test suite on the artifacts you built.
+
+```console
+make test
+```
+
+This command deploys your artifacts and performs various interactions with your
+contracts in a LocalTerra node. Any new functionality (including expected errors)
+to the contracts should be added to this test suite.
+
+## Deploy Contracts
+
+Now that you have built and verified checksums, you can now deploy one or more relevant contracts to the Terra blockchain.
+
+Deploy Target Options: [`mainnet`|`testnet`|`devnet`]
+
+You will need to define a `payer-DEPLOY_TARGET.json` for the relevant deploy
+target (eg. `payer-testnet.json`). This will contain the relevant wallet
+private key that you will be using to deploy the contracts.
+
+```console
+make deploy/bridge
+make deploy/token_bridge
+make deploy/nft_bridge
+```
+
+For each deployed contract, you will get a code id for that relevant
+contract for the deployment, make note of these so you can use them in
+the next step for on-chain verification.
+
+## Verify On-Chain
+
+Now that you have deployed one or more contracts on-chain, you can verify the
+onchain bytecode and make sure it matches the same checksums you identified
+above.
+
+For each contract you wish to verify on-chain, you will need the following elements:
+
+- Path to the contracts bytecode (eg. `artifacts-testnet/token_bridge.wasm`)
+- Terra code id for the relevant contract (eg. `59614`)
+- A network to verify on (`mainnet`, `testnet`, or `devnet`)
+
+Below is how to verify all three contracts:
+
+```console
+./verify artifacts/wormhole.wasm NEW_BRIDGE_CODE_ID
+./verify artifacts/token_bridge.wasm NEW_TOKEN_BRIDGE_CODE_ID
+./verify artifacts/nft_bridge.wasm NEW_NFT_BRIDGE_CODE_ID
+```
+
+Example: `./verify artifacts/token_bridge.wasm 59614`
+
+For each contract, you should expect a `Successfully verified` output message.
+If all contracts can be successfully verified, you can engage in Wormhole
+protocol governance to obtain an authorized VAA for the contract upgrade(s).
+
+A verification failure should never happen, and is a sign of some error in the
+deployment process. Do not proceed with governance until you can verify the
+on-chain bytecode with the locally compiled bytecode.
+
+## Governance
+
+### Mainnet
+
+Upgrades on mainnet have to go through governance. Once the code is deployed in
+the previous step, an unsigned governance VAA can be generated
+
+```sh
+./generate_governance -m token_bridge -c 59614 > token-bridge-upgrade-59614.prototxt
+```
+
+This will write to the `token-bridge-upgrade-59614.prototxt` file, which can
+now be shared with the guardians to vote on.
+
+Once the guardians have reached quorum, the VAA may be submitted from any
+funded wallet: TODO - make this easier and more unified
+
+```sh
+node main.js terra execute_governance_vaa <signed VAA (hex)> --rpc "https://lcd.terra.dev" --chain_id "columbus-5" --mnemonic "..." --token_bridge "terra10nmmwe8r3g99a9newtqa7a75xfgs2e8z87r2sf"
+```
+
+### Testnet
+
+For the contracts on testnet, the deployer wallet retains the upgrade
+authority, so these don't have to go through governance.
+
+For example, to migrate the token bridge to 59614, run in `tools/`:
+
+```sh
+node migrate_testnet.js --code_id 59614 --contract terra1pseddrv0yfsn76u4zxrjmtf45kdlmalswdv39a --mnemonic "..."
+```

cosmwasm/deployment/terra2/test/README.md

@@ -2,18 +2,18 @@
 
 ## Running Local Terra Node
 
-In order to run these tests, you need to have a local Terra node running. These tests are meant to be run using [LocalTerra](https://github.com/terra-money/LocalTerra). This requires [Docker Compose](https://docs.docker.com/compose/install/) to run. You can also run _terrad_ with the same set up Tilt uses (see configuration [here](../../devnet/terra-devnet.yaml)).
+In order to run these tests, you need to have a local Terra node running. These tests are meant to be run using [LocalTerra](https://github.com/terra-money/LocalTerra). This requires [Docker Compose](https://docs.docker.com/compose/install/) to run. You can also run _terrad_ with the same set up Tilt uses (see configuration [here](/devnet/terra2-devnet.yaml)).
 
 ## Build
 
-In the [terra root directory](../), run the following:
+In the [terra2 root directory](/cosmwasm/deployment/terra2/), run the following:
 ```sh
 make artifacts
 ```
 
 ## Run the Test Suite
 
-The easy way would be to navigate to the [terra root directory](../), run the following:
+The easy way would be to navigate to the [terra2 root directory](/cosmwasm/deployment/terra2/), run the following:
 ```sh
 make test
 ```
@@ -28,6 +28,6 @@ And run in this directory:
 npm run test
 ```
 
-These tests are built using Jest and is meant to be structured very similarly to the [ethereum unit tests](../../ethereum), which requires running a local node via ganache before _truffle_ can run any of the testing scripts in the [test directory](../../ethereum/test).
+These tests are built using Jest and is meant to be structured very similarly to the [ethereum unit tests](../../../ethereum), which requires running a local node via ganache before _truffle_ can run any of the testing scripts in the [test directory](../../../ethereum/test).
 
 **Currently the only test that exists is for the token bridge's transfer and transfer with payload.**

cosmwasm/deployment/terra2/tools/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@wormhole-foundation/tools-cosmwasm",
+  "name": "@wormhole-foundation/tools-terra2",
   "version": "0.0.1",
   "description": "",
   "main": "deploy.js",
@@ -12,7 +12,6 @@
   "dependencies": {
     "@cosmjs/encoding": "^0.26.2",
     "@terra-money/terra.js": "^3.1.3",
-    "@xpla/xpla.js": "^0.2.1",
     "dotenv": "^16.0.0",
     "ethers": "^5.4.4",
     "yargs": "^17.0.1"

cosmwasm/deployment/xpla/.gitignore

@@ -0,0 +1,2 @@
+artifacts
+!artifacts/cw20_base.wasm

cosmwasm/deployment/xpla/Makefile

@@ -0,0 +1,15 @@
+-include ../Makefile.help
+
+.PHONY: artifacts
+## Build contracts and copy to xpla
+artifacts:
+	cd ../.. && $(MAKE) artifacts
+	cp -r ../../artifacts .
+
+tools/node_modules: tools/package-lock.json
+	cd tools && npm ci
+
+.PHONY: clean
+clean:
+	rm -rf artifacts
+	rm -rf tools/node_modules

cosmwasm/deployment/xpla/README.md

@@ -0,0 +1,5 @@
+# XPLA Wormhole Contract Deployment
+
+This readme describes the steps for building, verifying, and deploying XPLA smart contracts for Wormhole.
+
+**WARNING**: _This process is only Linux host compatible at this time._

cosmwasm/deployment/xpla/tools/package-lock.json

@@ -1,16 +1,15 @@
 {
-  "name": "tools",
-  "version": "1.0.0",
+  "name": "@wormhole-foundation/tools-xpla",
+  "version": "0.0.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
-      "name": "tools",
-      "version": "1.0.0",
+      "name": "@wormhole-foundation/tools-xpla",
+      "version": "0.0.1",
       "license": "ISC",
       "dependencies": {
         "@cosmjs/encoding": "^0.26.2",
-        "@terra-money/terra.js": "^3.1.3",
         "@xpla/xpla.js": "^0.2.1",
         "dotenv": "^16.0.0",
         "ethers": "^5.4.4",
@@ -802,41 +801,6 @@
         "protobufjs": "~6.11.2"
       }
     },
-    "node_modules/@terra-money/terra.js": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/@terra-money/terra.js/-/terra.js-3.1.3.tgz",
-      "integrity": "sha512-80HU5WXrqf3hZTo2GRhIycH17A+SkLD6afbu8MynMDGGD/A861F3zVv6NQ/Z7PWQGHxgddZEK/A0UQ2uK/xfHg==",
-      "dependencies": {
-        "@terra-money/legacy.proto": "npm:@terra-money/terra.proto@^0.1.7",
-        "@terra-money/terra.proto": "~2.0.0",
-        "axios": "^0.26.1",
-        "bech32": "^2.0.0",
-        "bip32": "^2.0.6",
-        "bip39": "^3.0.3",
-        "bufferutil": "^4.0.3",
-        "decimal.js": "^10.2.1",
-        "jscrypto": "^1.0.1",
-        "readable-stream": "^3.6.0",
-        "secp256k1": "^4.0.2",
-        "tmp": "^0.2.1",
-        "utf-8-validate": "^5.0.5",
-        "ws": "^7.5.5"
-      },
-      "engines": {
-        "node": ">=14"
-      }
-    },
-    "node_modules/@terra-money/terra.proto": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@terra-money/terra.proto/-/terra.proto-2.0.0.tgz",
-      "integrity": "sha512-ZjyFOFUzrGn8IwzGIgr1OJFcPSsQoz/XAfoSKThJx+OjJA7CLhdcz51+5h7ehNfb+qB9wr7aNME0h24wu9D4SQ==",
-      "dependencies": {
-        "@improbable-eng/grpc-web": "^0.14.1",
-        "google-protobuf": "^3.17.3",
-        "long": "^4.0.0",
-        "protobufjs": "~6.11.2"
-      }
-    },
     "node_modules/@types/bn.js": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/@types/bn.js/-/bn.js-5.1.1.tgz",
@@ -2506,38 +2470,6 @@
         "protobufjs": "~6.11.2"
       }
     },
-    "@terra-money/terra.js": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/@terra-money/terra.js/-/terra.js-3.1.3.tgz",
-      "integrity": "sha512-80HU5WXrqf3hZTo2GRhIycH17A+SkLD6afbu8MynMDGGD/A861F3zVv6NQ/Z7PWQGHxgddZEK/A0UQ2uK/xfHg==",
-      "requires": {
-        "@terra-money/legacy.proto": "npm:@terra-money/terra.proto@^0.1.7",
-        "@terra-money/terra.proto": "~2.0.0",
-        "axios": "^0.26.1",
-        "bech32": "^2.0.0",
-        "bip32": "^2.0.6",
-        "bip39": "^3.0.3",
-        "bufferutil": "^4.0.3",
-        "decimal.js": "^10.2.1",
-        "jscrypto": "^1.0.1",
-        "readable-stream": "^3.6.0",
-        "secp256k1": "^4.0.2",
-        "tmp": "^0.2.1",
-        "utf-8-validate": "^5.0.5",
-        "ws": "^7.5.5"
-      }
-    },
-    "@terra-money/terra.proto": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@terra-money/terra.proto/-/terra.proto-2.0.0.tgz",
-      "integrity": "sha512-ZjyFOFUzrGn8IwzGIgr1OJFcPSsQoz/XAfoSKThJx+OjJA7CLhdcz51+5h7ehNfb+qB9wr7aNME0h24wu9D4SQ==",
-      "requires": {
-        "@improbable-eng/grpc-web": "^0.14.1",
-        "google-protobuf": "^3.17.3",
-        "long": "^4.0.0",
-        "protobufjs": "~6.11.2"
-      }
-    },
     "@types/bn.js": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/@types/bn.js/-/bn.js-5.1.1.tgz",

cosmwasm/deployment/xpla/tools/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "@wormhole-foundation/tools-xpla",
+  "version": "0.0.1",
+  "description": "",
+  "main": "deploy_xpla.js",
+  "type": "module",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@cosmjs/encoding": "^0.26.2",
+    "@xpla/xpla.js": "^0.2.1",
+    "dotenv": "^16.0.0",
+    "ethers": "^5.4.4",
+    "yargs": "^17.0.1"
+  }
+}

devnet/terra-devnet.yaml

@@ -119,7 +119,7 @@ spec:
             - name: POSTGRES_DB
               value: fcd
       restartPolicy: Always
-  serviceName: terra-fcd
+  serviceName: terra-postgres
 ---
 apiVersion: apps/v1
 kind: StatefulSet
@@ -199,7 +199,7 @@ spec:
             - name: TYPEORM_DATABASE
               value: fcd
             - name: TYPEORM_SYNCHRONIZE
-              value: "true"
+              value: "false"
             - name: TYPEORM_LOGGING
               value: "false"
             - name: TYPEORM_ENTITIES

devnet/terra2-devnet.yaml

@@ -72,8 +72,8 @@ spec:
             httpGet:
               port: 26657
           resources: {}
-        - name: terra2-contracts
-          image: terra2-contracts
+        - name: terra2-deploy
+          image: terra2-deploy
           command:
             - /bin/sh
             - -c
@@ -199,7 +199,7 @@ spec:
             - name: TYPEORM_DATABASE
               value: fcd
             - name: TYPEORM_SYNCHRONIZE
-              value: "true"
+              value: "false"
             - name: TYPEORM_LOGGING
               value: "false"
             - name: TYPEORM_ENTITIES

scripts/check-docker-pin.sh

@@ -10,9 +10,10 @@
 #   - We ignore sha256 because it suggests that the image dep is pinned
 #   - We ignore scratch because it's literally the docker base image
 #   - We ignore solana AS (builder|ci_tests) because it's a relative reference to another FROM call
+#   - We ignore cosmwasm_artifacts AS artifacts because it's a local reference only, is built in tilt
 #   - We ignore base AS (ignite-go-build|ignite-vue-build) because the base image is already pinned in wormchain/Dockerfile.proto
 #
-git ls-files | grep "Dockerfile*" | xargs grep -s "FROM" | egrep -v 'sha256|scratch|solana|aptos|base AS (application|base|builder|ci_tests|tests|ignite-go-build|ignite-vue-build)'
+git ls-files | grep "Dockerfile*" | xargs grep -s "FROM" | egrep -v 'sha256|scratch|solana|aptos|base|cosmwasm_artifacts AS (application|base|builder|ci_tests|tests|artifacts|ignite-go-build|ignite-vue-build)'
 if [ $? -eq 0 ]; then
    echo "[!] Unpinned docker files" >&2
    exit 1

scripts/guardian-set-init.sh

@@ -206,7 +206,15 @@ if [[ -d ./ethereum ]]; then
 fi
 
 # copy the hex envFile to each of the non-EVM chains
-for envDest in ./solana/.env ./terra/tools/.env ./cosmwasm/tools/.env ./algorand/.env ./near/.env; do
+paths=(
+    ./algorand/.env
+    ./near/.env
+    ./solana/.env
+    ./terra/tools/.env
+    ./cosmwasm/deployment/terra2/tools/.env
+)
+
+for envDest in "${paths[@]}"; do
     dirname=$(dirname $envDest)
     if [[ -d "$dirname" ]]; then
         echo "copying $envFile to $envDest"

terra/Dockerfile

@@ -1,7 +1,6 @@
 # This is a multi-stage docker file:
 #  1. The first stage builds the contracts
 #  2. The second is an empty image with only the wasm files (useful for exporting)
-#  3. The third creates a node.js environment to deploy the contracts to devnet
 FROM cosmwasm/workspace-optimizer:0.12.6@sha256:e6565a5e87c830ef3e8775a9035006b38ad0aaf0a96319158c802457b1dd1d08 AS builder
 COPY Cargo.lock /code/
 COPY Cargo.toml /code/