From ba0391736125cc7bf1b01e9edaf9a1400effd31d Mon Sep 17 00:00:00 2001
From: M0000 <155108158+123123nope@users.noreply.github.com>
Date: Sun, 12 Jan 2025 04:40:43 +0200
Subject: [PATCH 1/2] Add TUF-on-CI online signing

Fixes #26

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/lombard-finance/evm-smart-contracts/issues/26?shareId=XXXX-XXXX-XXXX-XXXX).
---
 .github/workflows/checks.yml | 36 ++++++++++++++++++++++++++++++++++++
 package.json                 |  6 ++++--
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index 7311453..bdfb93d 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -38,3 +38,39 @@ jobs:
 
             - name: Check formatting
               run: yarn format:check
+
+    tuf_on_ci_signing:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v3
+
+            - name: Set up Node.js
+              uses: actions/setup-node@v3
+              with:
+                  node-version: '18.17.0'
+
+            - name: Cache node modules
+              uses: actions/cache@v3
+              env:
+                  cache-name: cache-node-modules
+              with:
+                  path: ~/.npm
+                  key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+                  restore-keys: |
+                      ${{ runner.os }}-build-${{ env.cache-name }}-
+                      ${{ runner.os }}-build-
+                      ${{ runner.os }}-
+
+            - name: Install dependencies
+              run: yarn install --frozen-lockfile
+
+            - name: Initialize TUF
+              run: tuf init --repository /tmp/tuf-repo
+
+            - name: Sign artifacts
+              run: yarn tuf-sign
+
+            - name: Verify signatures
+              run: tuf verify --repository /tmp/tuf-repo --artifact path/to/artifact
diff --git a/package.json b/package.json
index f2915b5..7d76f53 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,8 @@
   "scripts": {
     "format": "prettier --write './**/*.{sol,ts,js}'",
     "format:check": "prettier --check './**/*.{sol,ts,js}'",
-    "test": "hardhat test"
+    "test": "hardhat test",
+    "tuf-sign": "tuf sign --repository /tmp/tuf-repo --artifact path/to/artifact"
   },
   "devDependencies": {
     "@chainlink/contracts-ccip": "^1.5.0",
@@ -48,7 +49,8 @@
     "ts-node": ">=8.0.0",
     "typechain": "^8.3.0",
     "typescript": ">=4.5.0",
-    "web3": "^1.10.0"
+    "web3": "^1.10.0",
+    "@theupdateframework/tuf-cli": "^1.0.0"
   },
   "resolutions": {
     "@openzeppelin/contracts": "^5.0.2"

From f141fb3b485f52cff95a13f99a9ecbaa8a82812f Mon Sep 17 00:00:00 2001
From: M0000 <155108158+123123nope@users.noreply.github.com>
Date: Fri, 24 Jan 2025 05:02:05 +0200
Subject: [PATCH 2/2]