scripts/run-all-remaining-tasks.sh

#!/usr/bin/env bash
# Run all remaining operator/infra tasks. Set env flags to execute; otherwise prints commands.
# Usage:
#   ./scripts/run-all-remaining-tasks.sh                    # print what to run
#   RUN_W02=1 AMOUNT=0.01 ./scripts/run-all-remaining-tasks.sh   # run sendCrossChain (needs PRIVATE_KEY in .env)
#   RUN_SECURITY=1 ./scripts/run-all-remaining-tasks.sh      # run W1-1 and W1-2 --apply (needs Proxmox/SSH)
#   RUN_VALIDATOR_KEYS=1 ./scripts/run-all-remaining-tasks.sh    # run secure-validator-keys (on validator host)

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
cd "$PROJECT_ROOT"

[[ -f .env ]] && source .env 2>/dev/null || true
[[ -f smom-dbis-138/.env ]] && source smom-dbis-138/.env 2>/dev/null || true

echo "=== Remaining tasks runner ==="
echo ""

# W0-2: sendCrossChain (requires PRIVATE_KEY, LINK)
if [[ "${RUN_W02:-0}" = "1" && -n "${AMOUNT:-}" ]]; then
  echo "W0-2: Running sendCrossChain $AMOUNT..."
  bash scripts/bridge/run-send-cross-chain.sh "$AMOUNT" "${RECIPIENT:-}" && echo "  Done." || echo "  Failed (check PRIVATE_KEY, LINK)."
else
  echo "W0-2: bash scripts/bridge/run-send-cross-chain.sh <amount> [recipient]  (set RUN_W02=1 AMOUNT=<amt> to run)"
fi
echo ""

# W1-1, W1-2: Security (run from Proxmox or host with SSH to Proxmox)
if [[ "${RUN_SECURITY:-0}" = "1" ]]; then
  echo "W1-1: SSH key auth --apply..."
  bash scripts/security/setup-ssh-key-auth.sh --apply || true
  echo "W1-2: Firewall 8006 --apply..."
  bash scripts/security/firewall-proxmox-8006.sh --apply "${ADMIN_CIDR:-192.168.11.0/24}" || true
else
  echo "W1-1: bash scripts/security/setup-ssh-key-auth.sh [--dry-run|--apply]  (RUN_SECURITY=1 to apply)"
  echo "W1-2: bash scripts/security/firewall-proxmox-8006.sh [--dry-run|--apply] [CIDR]"
fi
echo ""

# W1-19: Validator keys (run on each Proxmox host that runs validators)
if [[ "${RUN_VALIDATOR_KEYS:-0}" = "1" ]]; then
  echo "W1-19: Securing validator keys..."
  bash scripts/secure-validator-keys.sh || true
else
  echo "W1-19: bash scripts/secure-validator-keys.sh  (on validator host; RUN_VALIDATOR_KEYS=1 to run)"
fi
echo ""

# W2-2 through W3-2, CR-1, API, Paymaster (runbooks / manual)
echo "--- Runbook / manual ---"
echo "W2-2: Publish Grafana via Cloudflare Access; configure Alertmanager routes (config/monitoring/alertmanager.yml)"
echo "W2-3: docs/02-architecture/NETWORK_ARCHITECTURE.md §3-5; UDM Pro VLANs + Proxmox VLAN-aware bridge"
echo "W2-4: bash scripts/ccip/ccip-deploy-checklist.sh; docs/07-ccip/CCIP_DEPLOYMENT_SPEC.md (Ops/Admin 5400-5401, NAT pools)"
echo "W2-5: bash scripts/deployment/phase4-sovereign-tenants.sh [--show-steps|--dry-run]; OPERATIONAL_RUNBOOKS § Phase 4"
echo "W2-7: DBIS/Hyperledger runbooks; docs/03-deployment/MISSING_CONTAINERS_LIST.md"
echo "W3-1: CCIP Fleet (5410-5425, 5440-5455, 5470-5476) per CCIP_DEPLOYMENT_SPEC"
echo "W3-2: Phase 4 tenant isolation (firewall/ACL per runbook)"
echo "CR-1: docs/07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md; smom-dbis-138/scripts/deployment/complete-config-ready-chains.sh"
echo "API: reports/API_KEYS_REQUIRED.md → obtain keys → set in .env"
echo "Paymaster (optional): cd smom-dbis-138 && forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url \$RPC_URL_138 --broadcast"
echo ""
echo "=== Done ==="
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`#!/usr/bin/env bash`
			`# Run all remaining operator/infra tasks. Set env flags to execute; otherwise prints commands.`
			`# Usage:`
			`# ./scripts/run-all-remaining-tasks.sh # print what to run`
			`# RUN_W02=1 AMOUNT=0.01 ./scripts/run-all-remaining-tasks.sh # run sendCrossChain (needs PRIVATE_KEY in .env)`
			`# RUN_SECURITY=1 ./scripts/run-all-remaining-tasks.sh # run W1-1 and W1-2 --apply (needs Proxmox/SSH)`
			`# RUN_VALIDATOR_KEYS=1 ./scripts/run-all-remaining-tasks.sh # run secure-validator-keys (on validator host)`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`
			`cd "$PROJECT_ROOT"`

			`[[ -f .env ]] && source .env 2>/dev/null \|\| true`
			`[[ -f smom-dbis-138/.env ]] && source smom-dbis-138/.env 2>/dev/null \|\| true`

			`echo "=== Remaining tasks runner ==="`
			`echo ""`

			`# W0-2: sendCrossChain (requires PRIVATE_KEY, LINK)`
			`if [[ "${RUN_W02:-0}" = "1" && -n "${AMOUNT:-}" ]]; then`
			`echo "W0-2: Running sendCrossChain $AMOUNT..."`
			`bash scripts/bridge/run-send-cross-chain.sh "$AMOUNT" "${RECIPIENT:-}" && echo " Done." \|\| echo " Failed (check PRIVATE_KEY, LINK)."`
			`else`
			`echo "W0-2: bash scripts/bridge/run-send-cross-chain.sh <amount> [recipient] (set RUN_W02=1 AMOUNT=<amt> to run)"`
			`fi`
			`echo ""`

			`# W1-1, W1-2: Security (run from Proxmox or host with SSH to Proxmox)`
			`if [[ "${RUN_SECURITY:-0}" = "1" ]]; then`
			`echo "W1-1: SSH key auth --apply..."`
			`bash scripts/security/setup-ssh-key-auth.sh --apply \|\| true`
			`echo "W1-2: Firewall 8006 --apply..."`
			`bash scripts/security/firewall-proxmox-8006.sh --apply "${ADMIN_CIDR:-192.168.11.0/24}" \|\| true`
			`else`
			`echo "W1-1: bash scripts/security/setup-ssh-key-auth.sh [--dry-run\|--apply] (RUN_SECURITY=1 to apply)"`
			`echo "W1-2: bash scripts/security/firewall-proxmox-8006.sh [--dry-run\|--apply] [CIDR]"`
			`fi`
			`echo ""`

			`# W1-19: Validator keys (run on each Proxmox host that runs validators)`
			`if [[ "${RUN_VALIDATOR_KEYS:-0}" = "1" ]]; then`
			`echo "W1-19: Securing validator keys..."`
			`bash scripts/secure-validator-keys.sh \|\| true`
			`else`
			`echo "W1-19: bash scripts/secure-validator-keys.sh (on validator host; RUN_VALIDATOR_KEYS=1 to run)"`
			`fi`
			`echo ""`

			`# W2-2 through W3-2, CR-1, API, Paymaster (runbooks / manual)`
			`echo "--- Runbook / manual ---"`
			`echo "W2-2: Publish Grafana via Cloudflare Access; configure Alertmanager routes (config/monitoring/alertmanager.yml)"`
			`echo "W2-3: docs/02-architecture/NETWORK_ARCHITECTURE.md §3-5; UDM Pro VLANs + Proxmox VLAN-aware bridge"`
			`echo "W2-4: bash scripts/ccip/ccip-deploy-checklist.sh; docs/07-ccip/CCIP_DEPLOYMENT_SPEC.md (Ops/Admin 5400-5401, NAT pools)"`
			`echo "W2-5: bash scripts/deployment/phase4-sovereign-tenants.sh [--show-steps\|--dry-run]; OPERATIONAL_RUNBOOKS § Phase 4"`
			`echo "W2-7: DBIS/Hyperledger runbooks; docs/03-deployment/MISSING_CONTAINERS_LIST.md"`
			`echo "W3-1: CCIP Fleet (5410-5425, 5440-5455, 5470-5476) per CCIP_DEPLOYMENT_SPEC"`
			`echo "W3-2: Phase 4 tenant isolation (firewall/ACL per runbook)"`
			`echo "CR-1: docs/07-ccip/CONFIG_READY_CHAINS_COMPLETION_RUNBOOK.md; smom-dbis-138/scripts/deployment/complete-config-ready-chains.sh"`
			`echo "API: reports/API_KEYS_REQUIRED.md → obtain keys → set in .env"`
			`echo "Paymaster (optional): cd smom-dbis-138 && forge script script/smart-accounts/DeployPaymaster.s.sol --rpc-url \$RPC_URL_138 --broadcast"`
			`echo ""`
			`echo "=== Done ==="`