smart-contracts/
├── contracts/      # Solidity source files
├── scripts/        # Deployment & migration scripts
├── test/           # Mocha/Chai test cases
├── hardhat.config.js
└── package.json

npm install
npx hardhat compile
npx hardhat test

1. Lint & Compile

2. Test & Coverage

3. Security Scan (e.g., MythX, Slither)

4. Publish to Etherscan via API key

• Trigger: Push to main or PR

• Jobs:

  1. Validate Bicep templates

  2. Deploy to Dev/Sandbox

  3. Promote to Prod

• Trigger: PR merge or tag

• Jobs:

  1. Setup Node environment

  2. Compile contracts

  3. Run tests & coverage

  4. Deploy to Testnet

In GitHub Actions, define these repository secrets:

• AZURE_CLIENT_ID

• AZURE_OIDC_CLIENT_ID

• AZURE_SUBSCRIPTION_ID

• AZURE_TENANT_ID

• AZURE_BILLING_ACCOUNT_ID

• AZURE_BILLING_PROFILE_ID

• AZURE_INVOICE_SECTION_ID

• CONNECTIVITY_SUBSCRIPTION_ID

• IDENTITY_SUBSCRIPTION_ID

• LANDINGZONE_A2_SUBSCRIPTION_ID

• LANDINGZONE_P1_SUBSCRIPTION_ID

• MANAGEMENT_SUBSCRIPTION_ID

• SSH_PUBLIC_KEY

• ETHERSCAN_API_KEY

• NETWORK_URL

• PRIVATE_KEY

• Bicep Build Failure: Ensure Bicep CLI ≥ v0.10

• Permission Denied: Verify service principal scopes

• VM Provision Timeout: Increase artifact install timeout

• Hardhat Timeout: Adjust Mocha timeout in config

• Run az deployment what-if for infra previews

• Add console.log() in scripts for visibility

• Inspect GitHub Actions logs in the Actions tab