Skip to content

Allow captcha config to be set on an IP and user basis #2770

Allow captcha config to be set on an IP and user basis

Allow captcha config to be set on an IP and user basis #2770

Workflow file for this run

# Build and publish the provider image
name: provider_image
on:
pull_request:
branches: [main, dev, staging, release/*]
types:
- opened # when a PR is opened
- synchronize # when a PR is pushed to
- reopened # when a PR is reopened
- ready_for_review # when a PR is marked as ready for review (e.g. taken off draft mode)
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
GITHUB_TOKEN: ${{ secrets.PROSOPONATOR_PAT }}
GH_TOKEN: ${{ secrets.PROSOPONATOR_PAT }}
CARGO_TERM_COLOR: always
NODE_OPTIONS: "--max-old-space-size=4096"
defaults:
run:
shell: bash
jobs:
check:
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false
steps:
- name: Print contexts
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
ENV_CONTEXT: ${{ toJson(env) }}
VARS_CONTEXT: ${{ toJson(vars) }}
JOB_CONTEXT: ${{ toJson(job) }}
STEPS_CONTEXT: ${{ toJson(steps) }}
RUNNER_CONTEXT: ${{ toJson(runner) }}
SECRETS_CONTEXT: ${{ toJson(secrets) }}
STRATEGY_CONTEXT: ${{ toJson(strategy) }}
MATRIX_CONTEXT: ${{ toJson(matrix) }}
NEEDS_CONTEXT: ${{ toJson(needs) }}
INPUTS_CONTEXT: ${{ toJson(inputs) }}
run: |
echo "******************************"
echo "github:" "$GITHUB_CONTEXT"
echo "******************************"
echo "env:" "$ENV_CONTEXT"
echo "******************************"
echo "vars:" "$VARS_CONTEXT"
echo "******************************"
echo "job:" "$JOB_CONTEXT"
echo "******************************"
echo "steps:" "$STEPS_CONTEXT"
echo "******************************"
echo "runner:" "$RUNNER_CONTEXT"
echo "******************************"
echo "secrets:" "$SECRETS_CONTEXT"
echo "******************************"
echo "strategy:" "$STRATEGY_CONTEXT"
echo "******************************"
echo "matrix:" "$MATRIX_CONTEXT"
echo "******************************"
echo "needs:" "$NEEDS_CONTEXT"
echo "******************************"
echo "inputs:" "$INPUTS_CONTEXT"
echo "******************************"
- uses: actions/checkout@v4
with:
submodules: "recursive"
- run: mkdir -p ~/.npm
- run: mkdir -p ~/.cache/Cypress
- name: Restore npm cache
if: ${{ runner.environment != 'self-hosted' }} # don't restore cache on self-hosted runners, network speed not good enough
uses: actions/cache/restore@v4
with:
# must restore all cache dirs, and they must exist ahead of this!
path: |
~/.npm
~/.cache/Cypress
# note that restoring a cache in github is a pain. The trailing '-' matches any string after the '-', therefore 'abc-' would match a cache named 'abc-1234' or 'abc-5678', etc.
# the problem is 'abc-' will not match a cache named 'abc'! So if you're using wildcard cache name selectors like this, you need a field that changes as the suffix to become the wildcard
# here we're setting the key to an unused cache key so it falls back to the wildcard selector in `restore-keys`
key: some-unused-cache-key
restore-keys: |
npm-${{ runner.os }}-${{ runner.arch }}-
- uses: actions/setup-node@v4
with:
node-version-file: 'package.json'
- run: npm i -g "npm@$(jq -r .engines.npm < package.json)"
- run: npm ci
# build the packages
- name: Build packages
run: |
npm run -w @prosopo/scripts build
# build the cli production bundle
- name: Build cli production bundle
run: |
set -euxo pipefail # stop on errors, print commands, fail on pipe fails
cp ./dev/scripts/env.production ./packages/cli/.env.production
cp ./dev/scripts/env.production ./.env.production
# copy the development PROVIDER_MNEMONIC from ./dev/scripts/env.development to .env.production
echo $(grep -PoIe "PROSOPO_PROVIDER_MNEMONIC.*" ./dev/scripts/env.development) > .env.production
NODE_ENV="production" npm run -w @prosopo/cli bundle
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# We cannot create the images in a single step because the output of buildx is not compatible with
# `docker load`. https://stackoverflow.com/a/72952846/1178971
# create the provider image for AMD64
- name: Build the Provider Container
id: build_docker_provider_amd64
continue-on-error: false
uses: docker/build-push-action@v5
with:
context: ${{github.workspace}}
file: ${{github.workspace}}/docker/images/provider.dockerfile
platforms: linux/amd64
push: false
tags: prosopo/provider:dev
outputs: type=docker,dest=provider-amd64.tar
# load the AMD64 image
- name: Load the Provider Container
run: docker load -i provider-amd64.tar
# Generate a mnemonic for the provider image
- name: Generate mnemonic and add to env file
run: |
PROSOPO_ROOT_DIR=$(pwd) NODE_ENV="production" node dev/scripts/dist/scripts/generateMnemonic.js --env
# Check that the version command works when running the bundle in the provider image
- name: Check provider bundle runs
run: |
set -euxo pipefail # stop on errors, print commands, fail on pipe fails
CONTAINER="$(docker run -d -v "./.env.production:/usr/src/app/.env.production" prosopo/provider:dev /bin/sh -c 'NODE_ENV=production npx provider version')"
sleep 20s
docker logs "$CONTAINER" >& provider.log
cat provider.log
grep -oE "Version: \\\\\".*\\\\\"" provider.log || (cat provider.log && exit 1)
- name: Build the provider-mock package
id: build_provider_mock_package
run: |
echo "Building the provider-mock package..."
npm run -w @prosopo/provider-mock build
- name: Get the latest released version of npm packages
id: npm_released
run: |
set -euxo pipefail # stop on errors, print commands, fail on pipe fails
RELEASED_VERSION="$(npm view @prosopo/util | grep latest | cut -f2 -d ' ')"
VERSION="$(jq -r .engines.npm < package.json)"
if [[ "$RELEASED_VERSION" != "$VERSION" ]]; then
# shellcheck disable=SC2086
echo "npm_released=false" >> $GITHUB_ENV
elif [[ "$RELEASED_VERSION" == "$VERSION" ]]; then
# shellcheck disable=SC2086
echo "npm_released=true" >> $GITHUB_ENV
else
echo "cannot determine if npm_released"
exit 1
fi
# create the provider mock image for AMD64
- name: Build the Provider Mock Container
if: steps.npm_released.outputs.npm_released == 'true'
id: build_docker_provider_mock_amd64
continue-on-error: false
uses: docker/build-push-action@v5
with:
context: ${{github.workspace}}
file: ${{github.workspace}}/docker/images/provider.mock.dockerfile
platforms: linux/amd64
push: false
tags: prosopo/provider-mock:dev
outputs: type=docker,dest=provider-mock-amd64.tar
# load the provider-mock AMD64 image
- name: Load the Provider Container
if: steps.npm_released.outputs.npm_released == 'true'
run: docker load -i provider-mock-amd64.tar
# Check that the version command works when running the bundle in the provider image
- name: Check provider mock container runs
if: steps.npm_released.outputs.npm_released == 'true'
run: |
CONTAINER="$(docker run -d -p 9229:9229 prosopo/provider-mock:dev)"
sleep 10s
docker logs "$CONTAINER" >& provider-mock.log
cat provider-mock.log
RESPONSE=$(curl --location 'http://localhost:9229/v1/prosopo/provider/image/dapp/verify' --header 'Content-Type: application/json' --data '{"token": "0x0000c03543346872666a7739446a585a547a56334d777a727241723950314d4a685372765747577169316553757955706e684dc03547727776614546357a58623236467a397263517044575335374374455248704e6568584350634e6f48474b75745159010000000000", "dappUserSignature":"0x8656e1566313c6b707c41cdf333789b138509c1202a245f42d7d6652878c54030a8d660e04580bb565d5738c6578f5e69a066ecf8847856da3ba83dfd5701a8f"}' | jq --raw-output '.status')
if [ "$RESPONSE" = "User verified" ]; then exit 0; else exit 1; fi