Develop

.github/workflows/deploy.yml

@@ -0,0 +1,81 @@
+name: Deploy to Cloud (or Production)
+
+# Trigger
+on:
+  push:
+    # This ensures the deployment job only runs after code has been merged
+    # or pushed directly to the main branch.
+    branches:
+      - main
+
+# Define common variables
+env:
+  PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+  SERVICE_NAME: blockfrost-webhook
+  REGION: us-central1
+  IMAGE_NAME: us-central1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/dart-webhooks/blockfrost-secure-webhook:latest
+
+# Jobs
+jobs:
+  # The name of the job
+  deploy:
+    # Set the runner environment (standard choice for Dart/Flutter)
+    runs-on: ubuntu-latest
+
+    # Ensure the dart-validation job ran successfully
+    needs: dart-validation
+
+    # Permissions required for Workload Identity Federation
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+
+    steps:
+      # Checkout the code
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # --- 1. Authenticate with Google Cloud (using WIF) ---
+      - id: 'auth'
+        name: 'Authenticate to Google Cloud'
+        uses: 'google-github-actions/auth@v2'
+        with:
+          # Use your Service Account Email (stored as a secret)
+          workload_identity_provider: projects/${{ secrets.GCP_PROJECT_ID }}/locations/global/workloadIdentityPools/github-pool/providers/github-provider
+          service_account: ${{ secrets.GCP_SA_EMAIL }}
+
+      # --- 2. Configure Docker Access to Artifact Registry ---
+      - name: Configure Docker to use Artifact Registry
+        run: gcloud auth configure-docker ${REGION}-docker.pkg.dev
+
+      # --- 3. Set up Docker Build/Push Environment ---
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # --- 4. Build and Push Docker Image to Artifact Registry ---
+      - name: Build and Push Docker Image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64 # Matches your local command --platform linux/amd64
+          push: true
+          tags: ${{ env.IMAGE_NAME }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # --- 5. Deploy to Cloud Run ---
+      - name: Deploy to Cloud Run
+        uses: google-github-actions/cloud-run-deploy@v2
+        with:
+          service: ${{ env.SERVICE_NAME }}
+          region: ${{ env.REGION }}
+          image: ${{ env.IMAGE_NAME }}
+          # Set specific Cloud Run configuration parameters
+          flags: |
+            --platform managed
+            --allow-unauthenticated
+            --port 8080
+            --set-env-vars BLOCKFROST_TOKEN=${{ secrets.WEBHOOK_AUTH_TOKEN }}
+
+      - name: Deployment Complete
+        run: echo "Deployment of ${{ env.SERVICE_NAME }} complete!"

.github/workflows/dart.yml → .github/workflows/validate.yml

@@ -1,36 +1,39 @@
-name: Dart
+name: Dart Validate Workflow
 
 on:
+  # Triggers on every 'git push' to any branch.
   push:
-    branches: [ "main", "develop" ]
-  pull_request:
-    branches: [ "main" ]
 
+  # Triggers on all Pull Requests targeting any branch.
+  pull_request:
 jobs:
-  build:
+  # The name of the job
+  validate:
+    # Set the runner environment (standard choice for Dart/Flutter)
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      # Note: This workflow uses the latest stable version of the Dart SDK.
-      # You can specify other versions if desired, see documentation here:
-      # https://github.com/dart-lang/setup-dart/blob/main/README.md
-      - uses: dart-lang/setup-dart@v1
+      # Checkout the code
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Set up the Dart environment
+      - name: Setup Dart
+        uses: dart-lang/setup-dart@v1
 
-      - name: Install dependencies
+      # Fetch dependencies (important for deployment/build)
+      - name: Get dependencies
         run: dart pub get
 
-      # Uncomment this step to verify the use of 'dart format' on each commit.
-      # - name: Verify formatting
-      #   run: dart format --output=none --set-exit-if-changed .
+      # Verify the use of 'dart format' on each commit.
+      - name: Verify formatting
+        run: dart format --output=none --set-exit-if-changed .
 
       # Consider passing '--fatal-infos' for slightly stricter analysis.
-      #- name: Analyze project source
-      #  run: dart analyze
+      - name: Analyze project source
+        run: dart analyze
 
-      # Your project will need to have tests in test/ and a dependency on
-      # package:test for this step to succeed. Note that Flutter projects will
-      # want to change this to 'flutter test'.
+      # Run tests
       - name: Run tests
         run: dart test
 

README.md

@@ -135,7 +135,7 @@ gcloud run deploy blockfrost-webhook \
 --region us-central1 \
 --allow-unauthenticated \
 --port 8080 \
---set-env-vars BLOCKFROST_TOKEN='56b2d3af-aaf0-433b-a8f5-ebb031402c2f' \
+--set-env-vars BLOCKFROST_TOKEN='WEBHOOK-AUTH-TOKEN' \
 --project blockfrost-webhook
 ```
 

bin/generate_test_signature.dart

@@ -8,7 +8,8 @@ void main() {
   // current timestamp
   final testTs = DateTime.now().millisecondsSinceEpoch ~/ 1000;
   // The exact JSON payload string you will use in your curl command
-  const String testPayloadString = '{"type": "block", "payload": {"hash": "0a26dd2b2c2cd32e66029215d22cd9f1572e41bd6549c75cf2479fb9b771487a"}}';
+  const String testPayloadString =
+      '{"type": "block", "payload": {"hash": "0a26dd2b2c2cd32e66029215d22cd9f1572e41bd6549c75cf2479fb9b771487a"}}';
 
   // 1. Prepare the signature_payload (timestamp.payload)
   final signaturePayload = '$testTs.$testPayloadString';

lib/src/webhook_processor.dart

@@ -1,3 +1,3 @@
 abstract class WebhookProcessor {
   void process(String requestPayload);
-}
+}