Feature/add slsa and mvr info (#128)

This PR introduces SLSA (Supply-chain Levels for Software Artifacts)
compliance and MVR (Move Verification Registry) provenance for verified
package publishing. It also updates the Sui compiler version and refines
CI workflows.

### Key Changes
- **SLSA & MVR Provenance**:
- Added a new GitHub workflow `.github/workflows/publish_package.yml`
that utilizes the `sui-mvr-provenance` action for secure, verified
deployments with SLSA Level 3 compliance.
- Introduced `packages/deeptrade-core/mvr.config.json` to configure
registry metadata (name, description, contact info, etc.) for the MVR.
- **Sui Version Upgrade**:
- Bumped the Sui version from `1.56.2` to `1.62.1` across CI
configurations (`move_test.yml`) and the project lockfile.
- **CI/CD Enhancements**:
- Optimized triggers in `.github/workflows/move_test.yml` to
specifically target relevant Move and workflow file changes.
- **Contract Configuration**:
- Reset the `deeptrade_core` address to `0x0` in `Move.toml`, following
deployment best practices for upgrades and new builds.
- **Dependency & Environment Updates**:
- Updated `Move.lock` with the new compiler version and latest framework
revisions.
- Removed legacy environment-specific deployment IDs from `Move.lock` to
ensure a clean build state.
- **Documentation**: Removed the redundant
`packages/deeptrade-core/README.md` to consolidate documentation within
the repository root.

Author: avernikoz

.github/workflows/publish_package.yml

@@ -0,0 +1,23 @@
+name: Publish MVR Verified Package
+
+on:
+    # Trigger on manual button click
+    workflow_dispatch:
+
+permissions:
+    contents: write
+    id-token: write
+    actions: read
+
+jobs:
+    publish:
+        # Sui MVR Provenance action (fork from https://github.com/zktx-io/sui-mvr-provenance)
+        uses: DeeptradeProtocol/sui-mvr-provenance/.github/workflows/deploy_with_slsa3.yml@37b7f20283ad2a9a039d012722be5ebe4b4bbac2
+        with:
+            # Path to the folder containing your Move.toml
+            working-directory: packages/deeptrade-core
+            # Sui version to use for the build
+            sui-version: "1.62.1"
+        secrets:
+            # Pass your deployer key into the action's expected secret name
+            ED25519_PRIVATE_KEY: ${{ secrets.DEPLOYER_KEY }}

packages/deeptrade-core/Move.lock

@@ -2,7 +2,7 @@
 
 [move]
 version = 3
-manifest_digest = "EC7C6207D6B902886ACC53FAE5243A118AAC1FC3BCF2B34B26A921E54A97E69B"
+manifest_digest = "69931A1480BE3DF484F425E055C6C764F7512F1B0D6FF5EBFE31A5313B1021A4"
 deps_digest = "CAFAD8A7CF51067FB4358215BECB86BD100DD64E57C2AC8A7AE7D74B688F5965"
 dependencies = [
   { id = "Bridge", name = "Bridge" },
@@ -16,7 +16,7 @@ dependencies = [
 
 [[move.package]]
 id = "Bridge"
-source = { git = "https://github.com/MystenLabs/sui.git", rev = "664b05b3b047c5bb03979d093660176176ea6175", subdir = "crates/sui-framework/packages/bridge" }
+source = { git = "https://github.com/MystenLabs/sui.git", rev = "4e8b6eda7d6411d80c62f39ac8a4f028e8d174c4", subdir = "crates/sui-framework/packages/bridge" }
 
 dependencies = [
   { id = "MoveStdlib", name = "MoveStdlib" },
@@ -26,7 +26,7 @@ dependencies = [
 
 [[move.package]]
 id = "MoveStdlib"
-source = { git = "https://github.com/MystenLabs/sui.git", rev = "664b05b3b047c5bb03979d093660176176ea6175", subdir = "crates/sui-framework/packages/move-stdlib" }
+source = { git = "https://github.com/MystenLabs/sui.git", rev = "4e8b6eda7d6411d80c62f39ac8a4f028e8d174c4", subdir = "crates/sui-framework/packages/move-stdlib" }
 
 [[move.package]]
 id = "Pyth"
@@ -39,15 +39,15 @@ dependencies = [
 
 [[move.package]]
 id = "Sui"
-source = { git = "https://github.com/MystenLabs/sui.git", rev = "664b05b3b047c5bb03979d093660176176ea6175", subdir = "crates/sui-framework/packages/sui-framework" }
+source = { git = "https://github.com/MystenLabs/sui.git", rev = "4e8b6eda7d6411d80c62f39ac8a4f028e8d174c4", subdir = "crates/sui-framework/packages/sui-framework" }
 
 dependencies = [
   { id = "MoveStdlib", name = "MoveStdlib" },
 ]
 
 [[move.package]]
 id = "SuiSystem"
-source = { git = "https://github.com/MystenLabs/sui.git", rev = "664b05b3b047c5bb03979d093660176176ea6175", subdir = "crates/sui-framework/packages/sui-system" }
+source = { git = "https://github.com/MystenLabs/sui.git", rev = "4e8b6eda7d6411d80c62f39ac8a4f028e8d174c4", subdir = "crates/sui-framework/packages/sui-system" }
 
 dependencies = [
   { id = "MoveStdlib", name = "MoveStdlib" },
@@ -91,14 +91,10 @@ dependencies = [
 ]
 
 [move.toolchain-version]
-compiler-version = "1.56.2"
+compiler-version = "1.62.1"
 edition = "2024.beta"
 flavor = "sui"
 
 [env]
 
 [env.mainnet]
-chain-id = "35834a8a"
-original-published-id = "0x232b6dccf004919ce5deb1a7ee3d0e9f1c71170c9402ec1918aa212754baadb3"
-latest-published-id = "0x232b6dccf004919ce5deb1a7ee3d0e9f1c71170c9402ec1918aa212754baadb3"
-published-version = "1"

packages/deeptrade-core/Move.toml

@@ -19,4 +19,4 @@ multisig = { git = "https://github.com/DeeptradeProtocol/multisig-move.git", sub
 [addresses]
 # Workaround for Sui compiler bug (#22194) causing namespace conflicts with dependencies.
 # This address must be set to `0x0` for deployment or upgrades. See `docs/dev-notes.md`.
-deeptrade_core = "0x232b6dccf004919ce5deb1a7ee3d0e9f1c71170c9402ec1918aa212754baadb3"
+deeptrade_core = "0x0"

packages/deeptrade-core/README.md

@@ -0,0 +1,13 @@
+{
+    "network": "mainnet",
+    "owner": "0xed7e0efee7084f2eec7212586d7eb5a94233a45fb13368d05f9641e8ab8d9d52",
+    "app_name": "@deeptrade/deeptrade-core",
+    "app_desc": "This package is a comprehensive on-chain trading protocol suite built to enhance and secure liquidity operations on the Sui network's DeepBook order book.",
+    "upgrade_cap": null,
+    "app_cap": null,
+    "pkg_info": null,
+    "icon_url": "https://deeptrade.io/web-app-manifest-512x512.png",
+    "homepage_url": "https://deeptrade.io",
+    "documentation_url": "https://github.com/deeptradeProtocol/deeptrade-core",
+    "contact": "contact@deeptrade.io"
+}