Update truffle init artifacts
#5320
Conversation
sukanyaparashar
requested review from
cds-amal,
eggplantzzz,
cliffoo,
emilyJLin95,
gnidan,
lsqproduction and
haltman-at
There was a problem hiding this comment.
Thanks @sukanyaparashar for taking this on! I've left a few comments. Note that issue#5268 also mentioned changing the comment on line 35 in truffle-config.js (from port 9545 to 8545)
| @@ -0,0 +1 @@ | |||
| .env | |||
There was a problem hiding this comment.
Let's have a newline at the end.
| * If you want to use .env for keeping your secret variables, you'll need to install 'dotenv' | ||
| * (npm install dotenv). To get started with, add .env file in the root directory and declare | ||
| * your Infura MNEMONIC and PROJECT_ID variables. | ||
| * .gitignore is already added with this project with .env in it. | ||
| */ | ||
|
|
||
| // require('dotenv').config(); | ||
| // const HDWalletProvider = require('@truffle/hdwallet-provider'); | ||
| // | ||
| // const fs = require('fs'); | ||
| // const mnemonic = fs.readFileSync(".secret").toString().trim(); | ||
|
|
||
| // const mnemonic = process.env.MNEMONIC; | ||
| // const projectId = process.env.PROJECT_ID; |
There was a problem hiding this comment.
Since the default we give users is reading from process.env, that means we want users to use dotenv right? So I would phrase this as:
It is recommended to store your secret variables in a .env file (which you should include in .gitignore). In your project root, run npm i dotenv , create .env and declare your MNEMONIC and infura PROJECT_ID variables inside.
There was a problem hiding this comment.
Also destructure maybe? const { MNEMONIC, PROJECT_ID } = process.env;
There was a problem hiding this comment.
Your suggestions make sense to me. I will change the comments. Thanks @cliffoo.
| // goerli: { | ||
| // provider: () => new HDWalletProvider(mnemonic, `https://goerli.infura.io/v3/${projectId}`), | ||
| // network_id: 5, // Goerli's id | ||
| // gas: 5500000, // Goerli has a lower block limit than mainnet |
There was a problem hiding this comment.
Does the comment about gas hold true for Goerli?
There was a problem hiding this comment.
I'm not sure if it does and maybe this is not very helpful in here. What do you think? Should we just get rid of this gas line altogether?
There was a problem hiding this comment.
I couldn't find any suitable documentation for this gas line. I guess we can just get rid of this for now.
There was a problem hiding this comment.
@gnidan @haltman-at Do you guys have any insight on where this gas comment is from? Should it be kept / changed now that it's goerli?
| @@ -94,7 +99,7 @@ module.exports = { | |||
| // evmVersion: "byzantium" | |||
| // } | |||
| } | |||
| }, | |||
| } | |||
There was a problem hiding this comment.
prettier again :(
There was a problem hiding this comment.
Same, please don't use --no-verify flag on commits.
There was a problem hiding this comment.
So what should you do when committing non-JS files or in situations like this where you don't want prettier to update things? I think in this case using that flag should be fine. Do you disagree or have a different solution?
There was a problem hiding this comment.
We were discussing that if we can somehow exclude some files from using prettier. I have raised an issue for this #5360. For now, lets use --no-verify for this PR. And find a way to resolve this prettier issue later.
Thanks for the review @cliffoo. In regards to the point of changing the port from On the other hand, when Any thoughts on what should be the ideal default values for the |
|
@sukanyaparashar Yea I think the |
I guess a better name will be |
|
Sounds fine by me 👍 It's nice that it maps to the variable name in code. |
Thanks for your approval @eggplantzzz. Yeah! I need to fix few comments and wait for @cliffoo's approval as well. |
sukanyaparashar
force-pushed
the
update-truffle-init
branch
from
1dce489
to
c4bd079
Compare
There was a problem hiding this comment.
Thanks @sukanyaparashar! This is great. I'm just being picky about a few things, feel free to (not) make changes as you see fit. LGTM!
|
|
||
| module.exports = { | ||
| /** | ||
| * Networks define how you connect to your ethereum client and let you set the | ||
| * defaults web3 uses to send transactions. If you don't specify one truffle | ||
| * will spin up a development blockchain for you on port 9545 when you | ||
| * will spin up a managed Ganache instance for you on port 9545 when you |
| solc: { | ||
| version: "0.8.15", // Fetch exact version from solc-bin (default: truffle's version) | ||
| version: "0.8.15", // Fetch exact version from solc-bin (default: truffle's version) |
| // require('dotenv').config(); | ||
| // const HDWalletProvider = require('@truffle/hdwallet-provider'); | ||
| // | ||
| // const fs = require('fs'); | ||
| // const mnemonic = fs.readFileSync(".secret").toString().trim(); | ||
|
|
||
| // const { MNEMONIC, PROJECT_ID } = process.env; |
There was a problem hiding this comment.
Maybe the require dotenv line should be adjacent to the destructure line, and separated from the hdwallet-provider line? Like so:
require dotenv
destructure
hdwallet-provider
There was a problem hiding this comment.
Yes, we can do this to make dotenv usage clearer. I will change this. Thanks for pointing that out @cliffoo.
Thanks for the approval @cliffoo. I am making few more changes to the |
There was a problem hiding this comment.
Nice one @sukanyaparashar! Definitely a plus to mention dashboard and various trade-offs. My comments are merely suggestions, please proceed with whatever you think is clear and informative 👍
| * PLEASE NOTE 🗒️: This is an insecure workflow! It is possible through human error to leak | ||
| * your mnemonic on Github. |
There was a problem hiding this comment.
I wouldn't sell hdwallet-provider as insecure haha. Maybe it's okay to end it off here? Since it's mentioned above that you shouldn't commit .env
There was a problem hiding this comment.
I, kind of agree with you @cliffoo. We may not want to directly say hdwallet-provider as "insecure". We have already mentioned to add .env in .gitignore.
| * Are you concerned about the security 🤔? Use this approach to get rid of this hassle 🤦♀️: | ||
| * | ||
| * A more secure 🔒 workflow is to use truffle dashboard which leverages | ||
| * Metamask for signing your transactions and does not require you to reveal your mnemonic to Truffle. |
There was a problem hiding this comment.
The first sentence isn't so clear about what the security and this hassle are. Perhaps this section can be more succinct? Something like:
Are you concerned about security? Truffle dashboard lets you review transactions in detail, and leverages MetaMask for signing so there's no need to copy-paste your mnemonic.
Of course you can insert emojis to your heart's content 🦄
| @@ -73,7 +87,7 @@ module.exports = { | |||
| // | |||
| // Useful for private networks | |||
| // private: { | |||
| // provider: () => new HDWalletProvider(mnemonic, `https://network.io`), | |||
| // provider: () => new HDWalletProvider(MNEMONIC, `https://network.io`), | |||
| * | ||
| * A more secure 🔒 workflow is to use truffle dashboard which leverages | ||
| * Metamask for signing your transactions and does not require you to reveal your mnemonic to Truffle. | ||
| * Are you concerned about the security 🤔? Truffle dashboard lets you review transactions in detail, |
There was a problem hiding this comment.
Final pick, can you remove the in this? All good on my side after this ;)
There was a problem hiding this comment.
Oh Okay! Cool! :)
| * Deployment with Truffle Dashboard | ||
| * --------------------------------- | ||
| * | ||
| * Are you concerned about the security 🤔? Truffle dashboard lets you review transactions in detail, |
There was a problem hiding this comment.
| * Are you concerned about the security 🤔? Truffle dashboard lets you review transactions in detail, | |
| * Are you concerned about the security 🤔? Truffle Dashboard lets you review transactions in detail, |
| * | ||
| * Are you concerned about the security 🤔? Truffle dashboard lets you review transactions in detail, | ||
| * and leverages MetaMask for signing, so there's no need to copy-paste your mnemonic. | ||
| * Please see this link for more details 🔎: https://trufflesuite.com/docs/truffle/getting-started/using-the-truffle-dashboard/ |
There was a problem hiding this comment.
Could you please make sure that all comments fit under 80 characters per line? (My comment here applies generally; this line is just the one that stood out as longest)
Thanks for the quick review, @gnidan. I will make the suggested changes. :) |
There was a problem hiding this comment.
Thanks for raising security awareness here @sukanyaparashar! Looks good to me.
| @@ -11,25 +11,31 @@ | |||
| * Hands-off deployment with Infura | |||
| * -------------------------------- | |||
| * | |||
| * Is your application complex and requires lots of transactions to deploy? | |||
| * Is your application complex and require lots of transactions to deploy? | |||
There was a problem hiding this comment.
Y'know, figuring out whether this should be singular or plural would be a lot easier if this question was correct grammar in the first place... proper grammar here would be "Is your application complex and does it require..." but that sounds so wordy...
Maybe this should be "Do you have a complex application that requires lots of transactions to deploy?" or something that doesn't require combining clauses with an "and".
There was a problem hiding this comment.
Sorry for the poor grammar in the initial wording I wrote for this!
There was a problem hiding this comment.
Do you have a complex application that requires lots of transactions to deploy?
I like it
ISSUE
Update
truffle initartifacts. See #5268.SOLUTION
This PR follows the below mentioned steps to update
truffle initartifacts -Migrations.solfromcontracts.1_initial_migration.jsfrommigrations.truffle-config.jsincluding the following -.secretto.env.mnemonicandInfura project idfrom.env.9545, but the development environment config is8545. What should be the ideal behaviour? I guess, the comment needs to be changed and usemanaged Ganache instanceinstead ofdevelopment blockchain..gitignorewith.envin it.