From 15fc371b65d40d8e27ea10135e0c54d2e415e75b Mon Sep 17 00:00:00 2001
From: spypsy <spypsy@outlook.com>
Date: Fri, 23 May 2025 15:17:52 +0000
Subject: [PATCH 1/3] fix: generate secret name for sepolia accs mnemonic if
 not provided

---
 .github/workflows/fund-sepolia-accounts.yml |  1 +
 .github/workflows/network-deploy.yml        | 12 ++++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/fund-sepolia-accounts.yml b/.github/workflows/fund-sepolia-accounts.yml
index 806a6c5e237b..f98fa30c949e 100644
--- a/.github/workflows/fund-sepolia-accounts.yml
+++ b/.github/workflows/fund-sepolia-accounts.yml
@@ -101,3 +101,4 @@ jobs:
           echo "Saving mnemonic to GCP"
           echo "::add-mask::${{ steps.fund-accounts.outputs.mnemonic }}"
           gcloud secrets versions add latest --secret=${{ inputs.sepolia_accounts_mnemonic_secret_name }} --data-file="$MNEMONIC_FILE"
+          echo "Saved mnemonic to GCP secret ${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
diff --git a/.github/workflows/network-deploy.yml b/.github/workflows/network-deploy.yml
index fc9be41bc444..115b8133dac8 100644
--- a/.github/workflows/network-deploy.yml
+++ b/.github/workflows/network-deploy.yml
@@ -91,10 +91,9 @@ on:
         type: string
         default: "false"
       sepolia_accounts_mnemonic_secret_name:
-        description: The name of the secret which holds the sepolia accounts mnemonic (required for sepolia deployment)
+        description: The name of the secret which holds the sepolia accounts mnemonic (if not provided, will use '{namespace}-accounts-mnemonic').
         required: false
         type: string
-        default: sepolia-accounts-mnemonic
 
 jobs:
   fund_sepolia_accounts:
@@ -102,7 +101,7 @@ jobs:
     uses: ./.github/workflows/fund-sepolia-accounts.yml
     with:
       values_file: ${{ inputs.values_file }}
-      sepolia_accounts_mnemonic_secret_name: ${{ inputs.sepolia_accounts_mnemonic_secret_name }}
+      sepolia_accounts_mnemonic_secret_name: ${{ inputs.sepolia_accounts_mnemonic_secret_name || format('{0}-accounts-mnemonic', inputs.namespace) }}
       ref: ${{ inputs.ref || github.ref || 'master' }}
     secrets:
       GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}
@@ -243,7 +242,12 @@ jobs:
         working-directory: ./spartan/terraform/deploy-release
         run: |
           if ${{ inputs.sepolia_deployment == 'true' }}; then
-            L1_DEPLOYMENT_MNEMONIC=$(gcloud secrets versions access latest --secret=${{ inputs.sepolia_accounts_mnemonic_secret_name }})
+            if [ -z "${{ inputs.sepolia_accounts_mnemonic_secret_name }}" ]; then
+              SECRET_NAME="${{ env.NAMESPACE }}-accounts-mnemonic "
+            else
+              SECRET_NAME="${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
+            fi
+            L1_DEPLOYMENT_MNEMONIC=$(gcloud secrets versions access latest --secret=$SECRET_NAME)
             terraform plan \
               -var="RELEASE_NAME=${{ env.NAMESPACE }}" \
               -var="VALUES_FILE=${{ env.VALUES_FILE }}" \

From f3e481f3b12a7892b89cec74132765ff92616ab7 Mon Sep 17 00:00:00 2001
From: spypsy <spypsy@outlook.com>
Date: Fri, 23 May 2025 15:22:37 +0000
Subject: [PATCH 2/3] fix final step

---
 .github/workflows/fund-sepolia-accounts.yml | 2 +-
 .github/workflows/network-deploy.yml        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/fund-sepolia-accounts.yml b/.github/workflows/fund-sepolia-accounts.yml
index f98fa30c949e..be99c35969da 100644
--- a/.github/workflows/fund-sepolia-accounts.yml
+++ b/.github/workflows/fund-sepolia-accounts.yml
@@ -91,7 +91,6 @@ jobs:
           echo "Funding accounts..."
           $REPO/spartan/scripts/prepare_sepolia_accounts.sh ${{ inputs.values_file }} 30 "$MNEMONIC_FILE"
           mnemonic=$(cat "$MNEMONIC_FILE")
-          rm "$MNEMONIC_FILE"
           echo "::add-mask::$mnemonic"
           echo "mnemonic=$mnemonic" >> "$GITHUB_OUTPUT"
 
@@ -102,3 +101,4 @@ jobs:
           echo "::add-mask::${{ steps.fund-accounts.outputs.mnemonic }}"
           gcloud secrets versions add latest --secret=${{ inputs.sepolia_accounts_mnemonic_secret_name }} --data-file="$MNEMONIC_FILE"
           echo "Saved mnemonic to GCP secret ${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
+          rm "$MNEMONIC_FILE"
diff --git a/.github/workflows/network-deploy.yml b/.github/workflows/network-deploy.yml
index 115b8133dac8..d6605e679cc9 100644
--- a/.github/workflows/network-deploy.yml
+++ b/.github/workflows/network-deploy.yml
@@ -243,7 +243,7 @@ jobs:
         run: |
           if ${{ inputs.sepolia_deployment == 'true' }}; then
             if [ -z "${{ inputs.sepolia_accounts_mnemonic_secret_name }}" ]; then
-              SECRET_NAME="${{ env.NAMESPACE }}-accounts-mnemonic "
+              SECRET_NAME="${{ env.NAMESPACE }}-accounts-mnemonic"
             else
               SECRET_NAME="${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
             fi

From 530c723799fdc226539f4e4390649833b6037491 Mon Sep 17 00:00:00 2001
From: spypsy <spypsy@outlook.com>
Date: Fri, 23 May 2025 15:31:32 +0000
Subject: [PATCH 3/3] fix secrets access

---
 .github/workflows/fund-sepolia-accounts.yml | 9 +++++++--
 .github/workflows/network-deploy.yml        | 5 +++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/fund-sepolia-accounts.yml b/.github/workflows/fund-sepolia-accounts.yml
index be99c35969da..a77e296913b0 100644
--- a/.github/workflows/fund-sepolia-accounts.yml
+++ b/.github/workflows/fund-sepolia-accounts.yml
@@ -91,6 +91,7 @@ jobs:
           echo "Funding accounts..."
           $REPO/spartan/scripts/prepare_sepolia_accounts.sh ${{ inputs.values_file }} 30 "$MNEMONIC_FILE"
           mnemonic=$(cat "$MNEMONIC_FILE")
+          rm "$MNEMONIC_FILE"
           echo "::add-mask::$mnemonic"
           echo "mnemonic=$mnemonic" >> "$GITHUB_OUTPUT"
 
@@ -99,6 +100,10 @@ jobs:
         run: |
           echo "Saving mnemonic to GCP"
           echo "::add-mask::${{ steps.fund-accounts.outputs.mnemonic }}"
-          gcloud secrets versions add latest --secret=${{ inputs.sepolia_accounts_mnemonic_secret_name }} --data-file="$MNEMONIC_FILE"
+          echo "Creating new secret ${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
+          gcloud secrets create ${{ inputs.sepolia_accounts_mnemonic_secret_name }}
+          TMP_FILE=$(mktemp)
+          echo "${{ steps.fund-accounts.outputs.mnemonic }}" > "$TMP_FILE"
+          gcloud secrets versions add ${{ inputs.sepolia_accounts_mnemonic_secret_name }} --data-file="$TMP_FILE"
+          rm "$TMP_FILE"
           echo "Saved mnemonic to GCP secret ${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
-          rm "$MNEMONIC_FILE"
diff --git a/.github/workflows/network-deploy.yml b/.github/workflows/network-deploy.yml
index d6605e679cc9..cd72b314115b 100644
--- a/.github/workflows/network-deploy.yml
+++ b/.github/workflows/network-deploy.yml
@@ -211,6 +211,11 @@ jobs:
         continue-on-error: true
         run: |
           if ${{ inputs.sepolia_deployment == 'true' }}; then
+            if [ -z "${{ inputs.sepolia_accounts_mnemonic_secret_name }}" ]; then
+              SECRET_NAME="${{ env.NAMESPACE }}-accounts-mnemonic"
+            else
+              SECRET_NAME="${{ inputs.sepolia_accounts_mnemonic_secret_name }}"
+            fi
             L1_DEPLOYMENT_MNEMONIC=$(gcloud secrets versions access latest --secret=${{ inputs.sepolia_accounts_mnemonic_secret_name }})
             terraform destroy -auto-approve \
               -var="RELEASE_NAME=${{ env.NAMESPACE }}" \