Lesson 37: CI/CD for Forta Bots (Automating Tests, Deployment, and Post-Deployment Monitoring)

Aug 16, 2025

Welcome to the final meditation of your Forta Administrator training journey.

By now you have walked the path:

From your first detection bot
To DeFi exploits and flash loan detection
Through monitoring strategies
And finally, building a complete Forta security stack

Now, we take your bots into the real world.
Lesson 37 is our final exercise: deploying bots to testnets or mainnet, automating CI/CD, and learning how to handle post-deployment operations.

What This Final Lesson Means

Imagine you have been training guard monks inside the temple walls (your local simulations).

They know how to ring the bell if a threat appears
They have practiced on dummy scenarios
But they have never walked the real streets

This final lesson is when you open the gates:

Deploy the monks to Ethereum mainnet and testnets
Arm them with CI/CD pipelines for reliability
Teach them to report back through Forta Explorer and your alerting system

Step 1 – Confirm Bot is Ready Locally

Before you deploy:

Run local simulation tests

npx forta-agent run

Confirm your bot emits Finding { … } objects for test events

2. Run the simulation script (e.g., test/simulateTx.js)
- This ensures alert logic works in an isolated environment
3. Run your unit tests

npm test

Green checkmarks here mean safe to deploy

Step 2 – Deploy Your Bot to Forta Network

Login to Forta CLI

forta login

* Connect your wallet in the browser popup

* This wallet will own your bot

Push your bot to the network

npx forta-agent push

Expected CLI output:

✔ Agent successfully uploaded 
Agent ID: 0xYourBotIDHere 
IPFS Package: QmYourIPFSPackageHere

Copy the Agent ID
- This is your Bot’s unique identity on the Forta network
- You will use it to monitor your bot in Forta Explorer

Step 3 – Verify Your Bot on Forta Explorer

Go to https://explorer.forta.network
Paste your Agent ID into the search bar
Verify:
- Status: Pending Scan Node Adoption --> then Active
- Your bot is now watching the chain in real-time

Step 4 – Deploy to a Testnet First (Optional but Recommended)

If your bot detects high-value transactions or security-critical events, deploy to a testnet first:

Update forta.config.json:

{
  "jsonRpcUrl": "https://polygon-mumbai.infura.io/v3/YOUR_KEY",
  "chainId": 80001
}

Deploy the bot with:

npx forta-agent push

Trigger test alerts using:
- Forked Hardhat network
- Test flash loan / transfer contracts
- Simulation scripts on real testnet transactions

Step 5 – Post-Deployment Operations

Deployment is not the end. Here’s how you maintain and monitor your bot like a professional Forta Administrator:

Track alerts on Forta Explorer
- Use Alert ID filters to watch for new detections
Forward alerts to internal channels
- Integrate with Discord, Slack, PagerDuty, or Splunk
- Example webhook integration:

forta-agent run --webhook https://my-alert-endpoint.com

Monitor performance
- Use Forta Dashboard or Prometheus/Grafana to track:
  - Scan node uptime
  - Gas usage
  - Alert counts
Use CI/CD for updates
- Your GitHub Actions workflow automatically:
  1. Installs dependencies
  2. Runs tests on every push
  3. Ensures only passing code is deployed

Example project

testnet-deployments-CI-CD

Key Concepts Recap

Final Deployment:
- Local simulations --> Testnet --> Mainnet
CI/CD Pipelines:
- Automate testing, ensure stable deployments
Post-Deployment Monitoring:
- Use Forta Explorer, alert routing, and dashboards to maintain a healthy bot
Security Mindset:
- A bot is only useful if it’s reliable in production, not just in theory

This is the final step of your Forta journey:
Your bots are no longer students inside the monastery.
They are sentinels on the blockchain streets, reporting threats in real time.

🙏 Until the next meditation,
The Blockchain Security Monk