This template provides a minimal setup for a React application that can be deployed as a static site to Walrus. It includes a pre-configured GitHub Action workflow that automates the deployment process.
To use this template, simply clone the repository and follow the steps below to configure your deployment credentials.
To allow the GitHub Action to deploy your Walrus Site, it needs to be able to sign transactions on your behalf. This requires securely providing it with your private key and the corresponding public address.
This guide will show you how to:
- Export a private key from your Sui Wallet or CLI.
- Correctly format the key and add it as a
SUI_KEYSTOREsecret in your GitHub repository. - Add the matching public address as a
SUI_ADDRESSvariable in your GitHub repository.
Before you start, you must have the sui binary installed. If you haven't installed it yet, please follow the official Sui installation guide.
Best Practice: It's recommended to use a dedicated Sui address for each GitHub workflow rather than reusing addresses across different projects or purposes. This provides better security isolation and helps avoid gas-coin equivocation issues that can occur when multiple workflows try to use the same gas coins concurrently.
To export a private key using the command line:
-
Generate a new key by running the following command in your terminal:
sui keytool generate ed25519 # Or secp256k1 or secp256r1This command creates a file in your current directory named
<SUI_ADDRESS>.key(e.g.,0x123...abc.key). The filename is your new Sui Address. -
The content of this file is the private key in the
base64WithFlagformat. This is the value you need for theSUI_KEYSTOREsecret.
You now have both the address (from the filename) for the SUI_ADDRESS variable and the key (from the file's content) for the SUI_KEYSTORE secret.
Note on existing keys: If you wish to use a key you already own, you can find it in the
~/.sui/sui_config/sui.keystorefile. This file contains a JSON array of all your keys. To find the address for a specific key, you would need to use thesui keytool unpack "<the base64 key from sui.keystore>"command.
Before the GitHub Action can deploy your site, the address you generated needs to be funded with both SUI tokens (for network gas fees) and WAL tokens (for storing your site's data).
-
Acquire SUI Tokens: You can acquire SUI tokens using NEAR Intents. This service allows you to connect your desired chain's wallet to purchase SUI tokens directly. Follow the instructions on their website to connect your desired wallet and specify the amount of SUI you wish to purchase and the Sui address to send them to.
-
Acquire WAL Tokens: Once your Sui address is funded with SUI, you can swap some of it for WAL tokens on a decentralized exchange (DEX) on the Sui network. A popular option is Cetus Protocol. You will need to connect your Sui wallet to the DEX, find the SUI/WAL trading pair, and execute the swap.
Now, let's add the key and address to your GitHub repository.
-
Navigate to your GitHub repository in a web browser.
-
Click on the Settings tab (located in the top navigation bar of your repository).
-
In the left sidebar, click Secrets and variables, then select Actions.
-
You'll see two tabs: Secrets and Variables. Start with the Secrets tab.
-
Click the New repository secret button.
-
Name the secret
SUI_KEYSTORE. -
In the Value field, paste the Base64 Key with Flag you copied earlier. It must be formatted as a JSON array containing a single string:
["AXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"] -
Click Add secret to save it.
Warning: Make sure to format the keystore as a JSON array with a single string element, not just the raw key value. Include the square brackets and quotes exactly as shown above.
-
Next, switch to the Variables tab and click New repository variable.
-
Name the variable
SUI_ADDRESS. -
In the Value field, paste the Sui address that corresponds to your private key (for example:
0x123abc...def789). -
Click Add variable to save it.
Security reminder: Never share your private key or commit it to version control. GitHub secrets are encrypted and only accessible to your workflows, but always verify you're adding secrets correctly.
For more information about managing secrets and variables in GitHub Actions, check the official GitHub documentation.
The deployment is handled by the .github/workflows/deploy-walrus.yml workflow. You can trigger it manually from the "Actions" tab in your GitHub repository.