chore: changelog updated

Author: Aviksaikat

CHANGELOG.md

@@ -8,6 +8,10 @@ All notable changes to this project will be documented in this file.
 
 - Added option to pass credentials as dict object
 
+### ⚙️ Miscellaneous Tasks
+
+- Changelog updated
+
 ## [0.0.2] - 2025-01-02
 
 ### 🚀 Features

README.md

@@ -368,6 +368,114 @@ except Exception as e:
     print(f"Transaction error: {e}")
 ```
 
+## 🚀 CI/CD Pipeline Integration
+
+### 🔄 Using in GitHub Actions or Other CI/CD Pipelines
+
+For CI/CD environments where you can't use traditional environment variables or service account files, you can pass the credentials directly as a JSON string:
+
+```python
+from web3_google_hsm.accounts.gcp_kms_account import GCPKmsAccount
+from web3_google_hsm.config import BaseConfig
+import json
+
+# Create config from environment variables
+config = BaseConfig(
+    project_id="your-project-id",
+    location_id="your-location",
+    key_ring_id="your-keyring",
+    key_id="your-key-id"
+)
+
+# Load credentials from CI/CD secret
+credentials = json.loads(os.environ["GCP_ADC_CREDENTIALS_STRING"])
+
+# Initialize account with both config and credentials
+account = GCPKmsAccount(config=config, credentials=credentials)
+
+# or Let the class read the values from env variables
+account = GCPKmsAccount(credentials=credentials)
+
+```
+
+### 🔒 GitHub Actions Example
+
+```yaml
+name: Deploy with HSM Signing
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: pip install web3-google-hsm
+
+      - name: Sign and Deploy
+        env:
+          GOOGLE_CLOUD_PROJECT: ${{ secrets.GCP_PROJECT_ID }}
+          GOOGLE_CLOUD_REGION: ${{ secrets.GCP_REGION }}
+          KEY_RING: ${{ secrets.GCP_KEYRING }}
+          KEY_NAME: ${{ secrets.GCP_KEY_NAME }}
+          GCP_ADC_CREDENTIALS_STRING: ${{ secrets.GCP_ADC_CREDENTIALS_STRING }}
+        run: |
+          python your_deployment_script.py
+```
+
+### 📝 Example Deployment Script
+```python
+import os
+import json
+from web3_google_hsm.accounts.gcp_kms_account import GCPKmsAccount
+from web3_google_hsm.config import BaseConfig
+from web3_google_hsm.types.ethereum_types import Transaction
+
+def deploy_contract():
+    # Initialize with both config and credentials
+    config = BaseConfig.from_env()  # Uses environment variables
+    credentials = json.loads(os.environ["GCP_ADC_CREDENTIALS_STRING"])
+
+    account = GCPKmsAccount(config=config, credentials=credentials)
+
+    # Your deployment logic here
+    print(f"Deploying from address: {account.address}")
+
+    # Example transaction
+    tx = Transaction(
+        nonce=0,
+        gas_price=2000000000,
+        gas_limit=1000000,
+        to="0x...",
+        value=0,
+        data="0x...",
+        chain_id=1
+    )
+
+    signed_tx = account.sign_transaction(tx)
+    # Send transaction...
+
+if __name__ == "__main__":
+    deploy_contract()
+```
+
+### 🔑 Required Secrets for CI/CD
+
+Set these secrets in your CI/CD environment:
+
+- `GCP_PROJECT_ID`: Your Google Cloud project ID
+- `GCP_REGION`: The region where your KMS resources are located
+- `GCP_KEYRING`: The name of your KMS key ring
+- `GCP_KEY_NAME`: The name of your KMS key
+- `GCP_ADC_CREDENTIALS_STRING`: Your service account credentials JSON as a string
+
+
+
 
 ---
 

tests/integration/accounts/test_gcp_credentials.py

@@ -12,8 +12,8 @@
     "GOOGLE_CLOUD_REGION": os.getenv("GOOGLE_CLOUD_REGION"),
     "KEY_RING": os.getenv("KEY_RING"),
     "KEY_NAME": os.getenv("KEY_NAME"),
-    "GCP_CREDENTIALS_STRING": os.getenv("GCP_CREDENTIALS_STRING"),
-    "GCP_CREDENTIALS_STRING": os.getenv("GCP_CREDENTIALS_STRING"),
+    "GCP_ADC_CREDENTIALS_STRING": os.getenv("GCP_ADC_CREDENTIALS_STRING"),
+    "GCP_ADC_CREDENTIALS_STRING": os.getenv("GCP_ADC_CREDENTIALS_STRING"),
 }
 
 # Skip all tests if any required env var is missing
@@ -25,8 +25,8 @@
 
 def test_account_initialization_with_both():
     """Test initializing account with both config and credentials."""
-    # Load credentials from GCP_CREDENTIALS_STRING env var
-    credentials = json.loads(os.environ["GCP_CREDENTIALS_STRING"])
+    # Load credentials from GCP_ADC_CREDENTIALS_STRING env var
+    credentials = json.loads(os.environ["GCP_ADC_CREDENTIALS_STRING"])
 
     # Create config from environment
     config = BaseConfig.from_env()
@@ -73,7 +73,7 @@ def test_fail_account_initialization_with_only_config(monkeypatch):
         "KEY_RING",
         "KEY_NAME",
         "GOOGLE_APPLICATION_CREDENTIALS",
-        "GCP_CREDENTIALS_STRING"
+        "GCP_ADC_CREDENTIALS_STRING"
     ]
 
     for env_var in env_vars_to_clear:
@@ -94,15 +94,15 @@ def test_fail_account_initialization_with_only_credentials(monkeypatch):
 
     for env_var in env_vars_to_clear:
         monkeypatch.delenv(env_var, raising=False)
-    credentials = json.loads(os.environ["GCP_CREDENTIALS_STRING"])
+    credentials = json.loads(os.environ["GCP_ADC_CREDENTIALS_STRING"])
 
     with pytest.raises(ValidationError):
         GCPKmsAccount(credentials=credentials)
 
 def test_key_path_matches_config(monkeypatch):
     """Test that the key path matches the config values."""
     # Load both config and credentials
-    credentials = json.loads(os.environ["GCP_CREDENTIALS_STRING"])
+    credentials = json.loads(os.environ["GCP_ADC_CREDENTIALS_STRING"])
 
     config = BaseConfig.from_env()
     account = GCPKmsAccount(config=config, credentials=credentials)

tests/unit/test_cli.py

@@ -131,7 +131,7 @@ def test_fail_generate_missing_required_args(self, runner: CliRunner, monkeypatc
             "KEY_RING",
             "KEY_NAME",
             "GOOGLE_APPLICATION_CREDENTIALS",
-            "GCP_CREDENTIALS_STRING"
+            "GCP_ADC_CREDENTIALS_STRING"
         ]
 
         for env_var in env_vars_to_clear: