GitGuardian fix #24
Closed
GitGuardian fix #24
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.17.1...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Previously breaking MacOS builds. See hyperledger/indy-vdr#260 Signed-off-by: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt>
Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4. - [Release notes](https://github.com/webpack/webpack-dev-middleware/releases) - [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md) - [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4) --- updated-dependencies: - dependency-name: webpack-dev-middleware dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [web3-utils](https://github.com/ChainSafe/web3.js) from 4.0.6 to 4.2.1. - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](https://github.com/ChainSafe/web3.js/commits/v4.2.1) --- updated-dependencies: - dependency-name: web3-utils dependency-type: direct:production ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [web3-utils](https://github.com/ChainSafe/web3.js) from 4.0.3 to 4.2.1. - [Release notes](https://github.com/ChainSafe/web3.js/releases) - [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md) - [Commits](web3/web3.js@v4.0.3...v4.2.1) --- updated-dependencies: - dependency-name: web3-utils dependency-type: direct:production ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. This had to be done because of security vulnerabilities in the old version. 2. Originally the robots have attempted to send a pull request with the same change but it somehow went haywire and upgraded dozens of other versions in dozens of other packcages not the intended one... 3. So this was manually created to address that bug in GitHub's dependabot. 4. The original commit message did not mention which vulnerabilities are being fixed by it and I also cannot remember the specific ones but the older versions of web3 were definitely being affected and therefore it is known to be a good idea what the bot has proposed even though it couldn't explain itself. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
…onnector
- Iroha connector is broken for some time and it's SDK does't seem to be
actively supported anymore (in regards of bug or security fixes).
Closes: hyperledger-cacti#3159
Part of: hyperledger-cacti#3155
Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
1. When we removed the RustC compiler class and the backing container, we also deleted the test cases referencing that code, but we forgot to remove the test case inclusion from the TAP config. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The old way to use docker compose was through the standalone binary `docker-compose` 2. This was working for a while but now the auto-upgrades that we cannot seem to avoid have caught up with us and broke ci.sh in the GitHub action runners because the standalone binary is no longer available at all and therefore the migration must happen. 3. Point 2 is just a theory but one that is considered to be very likely correct. 4. It is to be seen if we'll have any other downstream issues such as the tests failing in other ways due to this underlying docker change. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. Prior to this change the polling function that waits for transactions to be confirmed was running in while loop without any delay, meaning that the code that fetches the latest block is executing thousands of times each second (or however fast the CPU in the machine/network connection are). 2. Now there is a second delay between each execution of the loop so that we are not hammering the node of the ledger we are connected to. 3. This also has the added benefit of the test cases using this method using much less CPU power. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The older versions of the AIO image are rusty (flaky to boot) and so to increase the stability of the example application I considered it prudent to upgrade to the latest and greatest (non-breaking) all-in-one image that we have. 2. There might be other branches out there in development where the same change is already pending, if this is the case then apologies, but I just had to get this done right away because it had a direct dependency from another pull request where I was upgrading web3 packages and I had to have the example application up and running in order to verify that other pull requests not messing anything up, so here we are. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt>
1. Previously we just winged it with a bash script downloading another bash script to unzip the actionlint binaries. 2. From now on we'll use the GitHub action from the marketplace which has a lot of configuration options exposed in a convenient way such as what type of warnings to ignore, what version of actionlint to install, etc. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The API server supports gRPC endpoints, but plugins are not yet able to register their own gRPC services to be exposed the same way that was already possible for HTTP endpoints to be registered dynamically. This was due to an oversight when the original contribution was made by Peter (who was the person making the oversight - good job Peter) 2. The functionality works largely the same as it does for the HTTP endpoints but it does so for gRPC services (which is the equivalent of endpoints in gRPC terminology, so service === endpoint in this context.) 3. There are new methods added to the public API surface of the API server package which can be used to construct gRPC credential and server objects using the instance of the library that is used by the API server. This is necessary because the validation logic built into grpc-js fails for these mentioned objects if the creds or the server was constructed with a different instance of the library than the one used by the API server. 4. Different instance in this context means just that the exact same version of the library was imported from a different path for example there could be the node_modules directory of the besu connector and also the node_modules directory of the API server. 5. Because of the problem outlined above, the only way we can have functioning test cases is if the API server exposes its own instance of grpc-js. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Define the types and type guard needed for the API server to be able to recognize plugins that have implemented a ConnectRPC interface for their operations. Also, these types will be used by the plugins themselves to mark the implementations as valid for ConnectRPC usage. ConnectRPC is very similar to gRPC but has some nice features in addition to it such as the HTTP 2 and HTTP 1.1 proxying through express and fastify HTTP server instances. For further details see this link: https://connectrpc.com/ Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.3...v5.28.4) --- updated-dependencies: - dependency-name: undici dependency-type: direct:production ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Primary Changes ---------------- 1. Modified the Dockerfile to use the updated versions of the packages being used 2. Modified the supervisord.conf to use the correct path because it has changed after updating the versions Fixes hyperledger-cacti#2062 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
* refactored plugin bungee, using strategy design pattern * current version has strategy both for fabric and besu networks * includes a few tests to demonstrate basic functionality * added README with package documentation * added bungee tests to Cactus CI Co-authored-by: eduv09 <eduardovasques10@tecnico.ulisboa.pt> Co-authored-by: André Augusto <andre.augusto@tecnico.ulisboa.pt> Co-authored-by: Rafael Belchior <rafael.belchior@tecnico.ulisboa.pt> Signed-off-by: eduv09 <eduardovasques10@tecnico.ulisboa.pt>
1. It appears to be some kind of race condition in the series of jq command we use to update the package.json file with resolution overrides. 2. The supporting information for the above theory is that the image build would fail at different jq invocations on sub-sequent build tries that had no changes between them. 3. Sponge is designed for the use-case of in-place file editing and therefore `tee` is the likely culprit but we don't have a full explanation to the why quite yet. 4. It is also not known how this issue manifested after the latest set of fixes were tested and verified back when the pull request was made: https://github.com/hyperledger/cacti/pull/3059/commits 5. The current code builds successfully with or without the NPM_PKG_VERSION override. One of the commands we used to test that it works was this: ```sh DOCKER_BUILDKIT=1 docker build \ --build-arg="NPM_PKG_VERSION=2.0.0-2945-supply-chain-app-build-failed.241+b2c306ea0" \ --file ./examples/cactus-example-supply-chain-backend/Dockerfile \ . \ --tag scaeb ``` Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. This is enabling plugins to expose their operations via ConnectRPC services which is very similar to gRPC but it comes with a few extra bells and whistles that can come in very handy. 2. There is an upcoming pull request that makes it so that the keychain memory plugin implements and registers its services via this newly added hook of the API server. The importance of this is that test coverage for the code in this commit resides on another branch, meaning that even though there are no new test cases on this branch, the feature has been extensively tested and there is test-automation in place to continue verifying it as well. 3. The main difference between the hook methods are that for CRPC the API server expects an array of service definition+implementation pairs instead of just a single one. This was a design decision forced by the issues with implementing separate services in a single class: The compiler was hard to appease in a way that kept the code clean. gRPC did not suffer from this and therefore the registration methods defined for that only return a single gRPC service defintion+implementation pair which can combine any number of .proto services. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 6.11.1. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v6.11.1) --- updated-dependencies: - dependency-name: undici dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The idea here is to re-use the common basic tasks of configuring an express instance similar to how the API server does it but without having the chicken-egg problem of circular dependencies between the API server and the plugins. 2. More detailed discussion can be seen in this other pull request in the comments: https://github.com/hyperledger/cacti/pull/3169 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- delete solid.js version - rename package - fix type erros - bump vite from 5.0.12 to 5.0.13 in /packages/cacti-ledger-browser-react Closes: hyperledger-cacti#3156 Signed-off-by: Tomasz Awramski <tomasz.awramski@fujitsu.com>
1. This leverages the newly introduced methods in core-api that the API server is using to probe if a plugin has ConnectRPC support or not. 2. There is support for both HTTP 1.1 and HTTP 2. The caveat here is that HTTP 2 is not supported by ExpressJS so we pulled in Fastify to handle those type of requests and that means that HTTP 2 ConnectRPC traffic has to go through a different port compared to the HTTP 1.1 ConnectRPC traffic. 3. The lesson here is that we probably need to migrate away from ExpressJS longer term because it does not (and from the looks of it will not ever) support HTTP 2 which is probably going to be a bit of technical debt/ limiting factor in architectural decisions going forward for both Cacti maintainers and Cacti users. 4. A new code generator has been introduced by this commit as well which is @buf/build - the tool where ConnectRPC originates from. The scripts are structured in such a way that this should be seamlessly integrated into the existing `codegen` root level script and therefore also the CI. 5. There is test coverage for both HTTP 1.1 and HTTP 2 traffic in the file at ```sh packages/cactus-test-plugin-keychain-memory/src/test/typescript/integration/ test-keychain-memory-crpc-api-server.test.ts ``` 6. The test case referenced above is also the example on how to use the ConnectRPC client (very similar to the HTTP client we already had before) Depends on hyperledger-cacti#3183 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2. - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.18.2...4.19.2) --- updated-dependencies: - dependency-name: express dependency-type: direct:development ... Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- Use latest supabase and container base versions. - Use skopeo to freeze images, fetch the containers in separate build phase. - Add anonymous volume definitions in dockerfile to speedup default runtime. Closes hyperledger-cacti#3099 Signed-off-by: Michal Bajer <michal.bajer@fujitsu.com>
1. The test seem to have been broken from the moment of the introduction of the HSTS header assertions. 2. The HSTS headers should be managed on the API server level instead of individual endpoints. 3. I'll create a follow-up issue for working on this in a more generic way that gets HSTS headers in place across the board and also in a way that these are configurable for scenarios when the users don't want them. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Primary Changes --------------- 1. Fix errors found by Actionlint on multiple yaml files 2. Temporarily removed test_weaver*.yaml, weaver_deploy*.yml, weaver/ directory in ActionLint fixes: hyperledger-cacti#2651 Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
…s-go
* Added a script to manually change go package names inside fabric-protos
to fabric-protos-go-apiv2 (for future migration apiv2).
* Added more unit and build tests covering all go modules
* Added tools/go-mod-tidy.sh script to fix go.mod by running go mod tidy
Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
1. The Besu connector now can be reached via the gRPC interface. 2. The same operations are exposed as via HTTP+SocketIO 3. gRPC supports bi-directional streaming so the block watching is also supported and test coverage verifies that it works. 4. To see an example of how to use the gRPC client of the Besu connector read the source code of the test case that provides the verification that the functionality works: ``` packages/cactus-test-plugin-ledger-connector-besu/src/test/typescript/ integration/grpc-services/connector-besu-grpc-services.test.ts ``` Depends on hyperledger-cacti#3173 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger-cacti#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
- Add a Stellar Connector plugin following the same pattern as the **Besu Connector plugin**. - Add a deploy contract endpoint to the Stellar Connector plugin. **Initialization remarks:** Supports a network configuration object to define all integration services that seamlessly integrate with the Stellar test ledger within the Cacti test tooling. **Deploy remarks:** The deploy process supports both the compiled smart contract WASM as well as the on-chain WASM hash as inputs. This follows the smart contract deployment design on Soroban (Stellar's smart contract platform). Refer to the Stellar documentation at: https://developers.stellar.org/docs/learn/fundamentals/stellar-data-structures/contracts for further detail on this process. More details can be found in the `README.md` file under the connector root directory. Signed-off-by: Fabricius Zatti <fazzatti@gmail.com>
The problem seems to have been that the yarn cache restore operation was somehow reverted to the old way of doing it which at this point have been deprecated and broken by upgrades performed by GitHub in the meantime. I've updated the job definition yaml to declare the cache restore operation the same way all the other jobs are doing it so that it doesn't crash while attempting to restore the yarn dependency cache prior to a build+test job. The logs of the failing job looked like this which provided the clue to what the issue might be: ```sh 2024-05-29T18:14:26.2450767Z Current runner version: '2.316.1' 2024-05-29T18:14:26.2479056Z ##[group]Operating System 2024-05-29T18:14:26.2479698Z Ubuntu 2024-05-29T18:14:26.2480035Z 22.04.4 2024-05-29T18:14:26.2480413Z LTS 2024-05-29T18:14:26.2480746Z ##[endgroup] 2024-05-29T18:14:26.2481115Z ##[group]Runner Image 2024-05-29T18:14:26.2481603Z Image: ubuntu-22.04 2024-05-29T18:14:26.2482000Z Version: 20240526.1.0 2024-05-29T18:14:26.2482983Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240526.1/images/ubuntu/Ubuntu2204-Readme.md 2024-05-29T18:14:26.2484443Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240526.1 2024-05-29T18:14:26.2485292Z ##[endgroup] 2024-05-29T18:14:26.2485726Z ##[group]Runner Image Provisioner 2024-05-29T18:14:26.2486244Z 2.0.369.1 2024-05-29T18:14:26.2486581Z ##[endgroup] 2024-05-29T18:14:26.2488876Z ##[group]GITHUB_TOKEN Permissions 2024-05-29T18:14:26.2490642Z Actions: write 2024-05-29T18:14:26.2491263Z Attestations: write 2024-05-29T18:14:26.2491851Z Checks: write 2024-05-29T18:14:26.2492296Z Contents: write 2024-05-29T18:14:26.2492725Z Deployments: write 2024-05-29T18:14:26.2493115Z Discussions: write 2024-05-29T18:14:26.2493536Z Issues: write 2024-05-29T18:14:26.2493922Z Metadata: read 2024-05-29T18:14:26.2494321Z Packages: write 2024-05-29T18:14:26.2494693Z Pages: write 2024-05-29T18:14:26.2495100Z PullRequests: write 2024-05-29T18:14:26.2495540Z RepositoryProjects: write 2024-05-29T18:14:26.2495985Z SecurityEvents: write 2024-05-29T18:14:26.2496416Z Statuses: write 2024-05-29T18:14:26.2496808Z ##[endgroup] 2024-05-29T18:14:26.2499861Z Secret source: Actions 2024-05-29T18:14:26.2500527Z Prepare workflow directory 2024-05-29T18:14:26.3236714Z Prepare all required actions 2024-05-29T18:14:26.3395737Z Getting action download info 2024-05-29T18:14:26.4669232Z Download action repository 'actions/setup-node@v4.0.2' (SHA:60edb5dd545a775178f52524783378180af0d1f8) 2024-05-29T18:14:26.6354890Z Download action repository 'actions/checkout@v4.1.1' (SHA:b4ffde65f46336ab88eb53be808477a3936bae11) 2024-05-29T18:14:26.6738751Z Download action repository 'actions/cache@v4.0.1' (SHA:ab5e6d0c87105b4c9c2047343972218f562e4319) 2024-05-29T18:14:26.9454684Z Complete job name: ctp-ledger-connector-ethereum 2024-05-29T18:14:27.0407144Z ##[group]Run actions/setup-node@v4.0.2 2024-05-29T18:14:27.0407904Z with: 2024-05-29T18:14:27.0408249Z node-version: v18.18.2 2024-05-29T18:14:27.0408727Z always-auth: false 2024-05-29T18:14:27.0409242Z check-latest: false 2024-05-29T18:14:27.0409864Z token: *** 2024-05-29T18:14:27.0410223Z env: 2024-05-29T18:14:27.0410660Z NODEJS_VERSION: v18.18.2 2024-05-29T18:14:27.0411118Z RUN_TRIVY_SCAN: true 2024-05-29T18:14:27.0411536Z FULL_BUILD_DISABLED: true 2024-05-29T18:14:27.0412814Z JEST_TEST_PATTERN: packages/cactus-test-plugin-ledger-connector-ethereum/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts 2024-05-29T18:14:27.0414083Z JEST_TEST_RUNNER_DISABLED: false 2024-05-29T18:14:27.0414578Z TAPE_TEST_RUNNER_DISABLED: true 2024-05-29T18:14:27.0415149Z ##[endgroup] 2024-05-29T18:14:27.3394142Z Attempting to download v18.18.2... 2024-05-29T18:14:27.6146256Z Acquiring 18.18.2 - x64 from https://github.com/actions/node-versions/releases/download/18.18.2-6796085386/node-18.18.2-linux-x64.tar.gz 2024-05-29T18:14:28.0584476Z Extracting ... 2024-05-29T18:14:28.0729917Z [command]/usr/bin/tar xz --strip 1 --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/7f62dcc4-2eea-4134-9996-51fb41a608d7 -f /home/runner/work/_temp/18a8f5ad-d701-4682-a0a6-ddfeccff98bc 2024-05-29T18:14:29.0694653Z Adding to the cache ... 2024-05-29T18:14:30.6693206Z ##[group]Environment details 2024-05-29T18:14:30.9336497Z node: v18.18.2 2024-05-29T18:14:30.9337120Z npm: 9.8.1 2024-05-29T18:14:30.9337787Z yarn: 1.22.22 2024-05-29T18:14:30.9339206Z ##[endgroup] 2024-05-29T18:14:30.9702266Z ##[group]Run actions/checkout@v4.1.1 2024-05-29T18:14:30.9702711Z with: 2024-05-29T18:14:30.9703208Z repository: hyperledger/cacti 2024-05-29T18:14:30.9704074Z token: *** 2024-05-29T18:14:30.9704384Z ssh-strict: true 2024-05-29T18:14:30.9704846Z persist-credentials: true 2024-05-29T18:14:30.9705243Z clean: true 2024-05-29T18:14:30.9705551Z sparse-checkout-cone-mode: true 2024-05-29T18:14:30.9706019Z fetch-depth: 1 2024-05-29T18:14:30.9706366Z fetch-tags: false 2024-05-29T18:14:30.9706670Z show-progress: true 2024-05-29T18:14:30.9707093Z lfs: false 2024-05-29T18:14:30.9707406Z submodules: false 2024-05-29T18:14:30.9707712Z set-safe-directory: true 2024-05-29T18:14:30.9708223Z env: 2024-05-29T18:14:30.9708526Z NODEJS_VERSION: v18.18.2 2024-05-29T18:14:30.9708865Z RUN_TRIVY_SCAN: true 2024-05-29T18:14:30.9709297Z FULL_BUILD_DISABLED: true 2024-05-29T18:14:30.9710676Z JEST_TEST_PATTERN: packages/cactus-test-plugin-ledger-connector-ethereum/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts 2024-05-29T18:14:30.9711734Z JEST_TEST_RUNNER_DISABLED: false 2024-05-29T18:14:30.9712303Z TAPE_TEST_RUNNER_DISABLED: true 2024-05-29T18:14:30.9712669Z ##[endgroup] 2024-05-29T18:14:31.0490368Z Syncing repository: hyperledger/cacti 2024-05-29T18:14:31.0491730Z ##[group]Getting Git version info 2024-05-29T18:14:31.0492806Z Working directory is '/home/runner/work/cacti/cacti' 2024-05-29T18:14:31.0510179Z [command]/usr/bin/git version 2024-05-29T18:14:31.0595744Z git version 2.45.1 2024-05-29T18:14:31.0624616Z ##[endgroup] 2024-05-29T18:14:31.0647005Z Temporarily overriding HOME='/home/runner/work/_temp/65f40793-e9dd-45f7-aa48-3edabe0b5e12' before making global git config changes 2024-05-29T18:14:31.0648980Z Adding repository directory to the temporary git global config as a safe directory 2024-05-29T18:14:31.0650804Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/cacti/cacti 2024-05-29T18:14:31.0683363Z Deleting the contents of '/home/runner/work/cacti/cacti' 2024-05-29T18:14:31.0689073Z ##[group]Initializing the repository 2024-05-29T18:14:31.0692659Z [command]/usr/bin/git init /home/runner/work/cacti/cacti 2024-05-29T18:14:31.0791277Z hint: Using 'master' as the name for the initial branch. This default branch name 2024-05-29T18:14:31.0792241Z hint: is subject to change. To configure the initial branch name to use in all 2024-05-29T18:14:31.0793062Z hint: of your new repositories, which will suppress this warning, call: 2024-05-29T18:14:31.0793748Z hint: 2024-05-29T18:14:31.0794276Z hint: git config --global init.defaultBranch <name> 2024-05-29T18:14:31.0794773Z hint: 2024-05-29T18:14:31.0795453Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and 2024-05-29T18:14:31.0796493Z hint: 'development'. The just-created branch can be renamed via this command: 2024-05-29T18:14:31.0797495Z hint: 2024-05-29T18:14:31.0798046Z hint: git branch -m <name> 2024-05-29T18:14:31.0798683Z Initialized empty Git repository in /home/runner/work/cacti/cacti/.git/ 2024-05-29T18:14:31.0801234Z [command]/usr/bin/git remote add origin https://github.com/hyperledger/cacti 2024-05-29T18:14:31.0838315Z ##[endgroup] 2024-05-29T18:14:31.0839010Z ##[group]Disabling automatic garbage collection 2024-05-29T18:14:31.0842207Z [command]/usr/bin/git config --local gc.auto 0 2024-05-29T18:14:31.0872228Z ##[endgroup] 2024-05-29T18:14:31.0873045Z ##[group]Setting up auth 2024-05-29T18:14:31.0878799Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-05-29T18:14:31.0909618Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-05-29T18:14:31.1265073Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-05-29T18:14:31.1294718Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-05-29T18:14:31.1537668Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic *** 2024-05-29T18:14:31.1581241Z ##[endgroup] 2024-05-29T18:14:31.1582433Z ##[group]Fetching the repository 2024-05-29T18:14:31.1593800Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +81da3334d8e638f85e398dd228bcef836a278230:refs/remotes/origin/main 2024-05-29T18:14:32.1369829Z From https://github.com/hyperledger/cacti 2024-05-29T18:14:32.1371859Z * [new ref] 81da333 -> origin/main 2024-05-29T18:14:32.1395818Z ##[endgroup] 2024-05-29T18:14:32.1396843Z ##[group]Determining the checkout info 2024-05-29T18:14:32.1398690Z ##[endgroup] 2024-05-29T18:14:32.1399672Z ##[group]Checking out the ref 2024-05-29T18:14:32.1404086Z [command]/usr/bin/git checkout --progress --force -B main refs/remotes/origin/main 2024-05-29T18:14:32.7594778Z Switched to a new branch 'main' 2024-05-29T18:14:32.7595819Z branch 'main' set up to track 'origin/main'. 2024-05-29T18:14:32.7624017Z ##[endgroup] 2024-05-29T18:14:32.7660832Z [command]/usr/bin/git log -1 --format='%H' 2024-05-29T18:14:32.7686058Z '81da3334d8e638f85e398dd228bcef836a278230' 2024-05-29T18:14:32.7843915Z ##[group]Run echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT" 2024-05-29T18:14:32.7844624Z �[36;1mecho "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"�[0m 2024-05-29T18:14:32.7923507Z shell: /usr/bin/bash -e {0} 2024-05-29T18:14:32.7923979Z env: 2024-05-29T18:14:32.7924456Z NODEJS_VERSION: v18.18.2 2024-05-29T18:14:32.7924917Z RUN_TRIVY_SCAN: true 2024-05-29T18:14:32.7925306Z FULL_BUILD_DISABLED: true 2024-05-29T18:14:32.7926271Z JEST_TEST_PATTERN: packages/cactus-test-plugin-ledger-connector-ethereum/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts 2024-05-29T18:14:32.7927223Z JEST_TEST_RUNNER_DISABLED: false 2024-05-29T18:14:32.7927770Z TAPE_TEST_RUNNER_DISABLED: true 2024-05-29T18:14:32.7928191Z ##[endgroup] 2024-05-29T18:14:33.2096065Z ##[error]Unable to process file command 'output' successfully. 2024-05-29T18:14:33.2104770Z ##[error]Invalid format ' 0. yarn cache clean [--mirror] [--all]' 2024-05-29T18:14:33.2263637Z Post job cleanup. 2024-05-29T18:14:33.3035435Z [command]/usr/bin/git version 2024-05-29T18:14:33.3079712Z git version 2.45.1 2024-05-29T18:14:33.3124388Z Temporarily overriding HOME='/home/runner/work/_temp/9b8e00bb-c36a-4d67-abcb-cfafdf02bd77' before making global git config changes 2024-05-29T18:14:33.3126367Z Adding repository directory to the temporary git global config as a safe directory 2024-05-29T18:14:33.3129712Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/cacti/cacti 2024-05-29T18:14:33.3168293Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-05-29T18:14:33.3203708Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-05-29T18:14:33.3479541Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-05-29T18:14:33.3501845Z http.https://github.com/.extraheader 2024-05-29T18:14:33.3514783Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-05-29T18:14:33.3547533Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-05-29T18:14:33.4044749Z Cleaning up orphan processes ``` Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The package.json file of the cmd-api-server package now runs the codegen related scripts sequentially (e.g. using `run-s` instead of `run-p` of `npm-run-all`). This lowers the probability that the download of the openapi-generator .jar file is too late to finish and a crash occurs due to the .jar file not being present on the file-system when it is called upon. 2. Also adding a hand-built `nwget` alternative because it was hanging the process after finishing the download (I've only seen this reproduced locally, but neveretheless it was frustrating) Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. The ConnectRPC port defaults to 6000 in the API server so for test cases where multiple
instances of the API server are created and started, we need to specify the ports
explicitly in the API server config so that they don't clash with each other casusing the
test to fail.
2. The fix here was to simply bind to port 0 for all the ConnectRPC listeners which
eliminated the possibility of a clash and the test is passing once again.
3. I also snuck in a quality of life improvement for contributors: the API server will no
longer log the entire details of the fastify server that is being used for CRPC thereby
reducing the verbosity of the logs by a wide margin.
Crash logs that revealed the bug in the test case:
```sh
024-05-31T20:14:00.9554919Z [2024-05-31T20:14:00.953Z] ERROR (api-server):
Failed to start ApiServer Error: listen EADDRINUSE: address already in use 127.0.0.1:6000
2024-05-31T20:14:00.95Z at Http2Server.setupListenHandle [as _listen2] (node:net:1817:16)
2024-05-31T20:14:00.95Z at listenInCluster (node:net:1865:12)
2024-05-31T20:14:00.95Z at doListen (node:net:2014:7)
2024-05-31T20:14:00.95Z at processTicksAndRejections (node:internal/process/task_queues:83:21)
2024-05-31T20:14:00.95Z at runNextTicks (node:internal/process/task_queues:64:3)
2024-05-31T20:14:00.95Z at processImmediate (node:internal/timers:447:9) {
2024-05-31T20:14:00.95Z code: 'EADDRINUSE',
2024-05-31T20:14:00.95Z errno: -98,
2024-05-31T20:14:00.95Z syscall: 'listen',
2024-05-31T20:14:00.95Z address: '127.0.0.1',
2024-05-31T20:14:00.95Z port: 6000
2024-05-31T20:14:00.95Z }
```
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
The changes made to this commit were performed by running `yarn up -R web3-utils` in the root directory of the project which upgraded all the transitive web3-utils dependency versions. Finally the root package.json's web3-utils declaration had to be manually bumped as well. Tags - Runtime dependency - Patch available Weaknesses - WeaknessCWE-1321 CVE ID - CVE-2024-21505 GHSA ID - GHSA-2g4c-8fpm-c46v The security advisory: https://github.com/hyperledger/cacti/security/dependabot/987 Related pull request that was an attempt by the robots to fix the issue (without success) https://github.com/hyperledger/cacti/pull/3264 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
This makes the tooling code a more [DRY](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) and is a pre-requisite of some follow-up changes that are about to get proposed in a separate pull request by Peter that are specific to vendoring the openapi.json spec files. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
This plugin allows to resolve some CVEs more surgically that are found in indirect dependencies which are difficult to upgrade without triggering a large change needed and potential migrations, breaking changes to the public APIs of packages. The reason why the above problem happens is because `yarn up` and `yarn up -R` are blunt instruments when it comes to managing a monorepo such as ours: They do their upgrade all-or-nothing, e.g. you can't upgrade a single dependency in a single monorepo package, you must upgrade the dependency project-wide with the mentioned tools, but sometimes we need to perform the upgrade just in a single monorepo package. For example to the above, about 20 packages use web3 but only about 5 of those are using v4.x versions of web3. A new CVE came out covering v4.1.x and so I needed to upgrade web3 only in those packages where web3 was already above v4.0.0 and leave the older ones alone (surgical upgrades). To accomplish this I've found no way to do it with stock yarn CLI commands, but someone who had the exact same problem had written a plugin for solving it. The original issue reported to yarn with the same problem we are having: yarnpkg/berry#2591 The repository where the plugin resides that we are adding in this commit in order to remediate the problem of lack of surgical (per-package) upgrades: https://github.com/eyolas/yarn-plugin-interractive-filter The original CVE that I was investigating as I stumbled upon the solution: - https://github.com/hyperledger/cacti/pull/3264 - https://github.com/hyperledger/cacti/security/dependabot/987 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: VRamakrishna <vramakr2@in.ibm.com>
1. Also sneaking in a fix for a DCI-Lint failure that was introduced recently when we added a new Yarn plugin which then stored its install URL in the .yarnrc.yml file and it uses the old git default main branch name and does not support the new one so we had to exclude the config file from linting. 2. Also ensured that the ConnectRPC ports are bound to zero in all tests where the API server is being used. This will prevent port conflicts randomly popping up across the test suite in the future. 3. Also removed a few test cases from the taprc file because they were already migrated to Jest and therefore tap should not run them as they fail with the Jest syntax. 4. Also fixing the lack of etherscan API key environment variable in the HTLC coordinator tests. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
BREAKING CHANGE: The Open API specification that has the enums for ledger versions will no longer have an option for Fabric v1.x This means that in the core-api package the LedgerType enum has changes which means that code that depends on that enum value will need to be updated. Fabric v1.x has had unmaintained dependencies associated with it such as the native grpc package that stopped receiving security updates years ago and therefore it's dangerous to have around. There are also some issues with Fabric v1.x that make the AIO image flaky which also makes the relevant tests flaky due to which we couldn't run the v1.x Fabric tests on the CI for a while now anyway. In order to reduce the CI resource usage and our own maintenance burden I suggest that we get rid of the Fabric v1.x support meaning that we can eliminate the AIO image build and some code complexity from the test ledger code as well. In addition some old fixtures can be removed that the tests were using. Overall a net-positive as deleting code without losing functionality (that we care about) is always a plus. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
**IMPORTANT:** From now on, if you are changing the OpenAPI specification of any given package within Cacti, please make sure to edit the template file instead of editing the openapi.json specific file directly because changes in the openapi.json file will be overwritten by the codegen script the next time you run it. This slight alteration in the development flow is the least intrusive solution I could find to resolving our issues with the release automation. This change enables us to have our openapi.json files work without having remote and URL references in them (which was a blocker issue for release automation). 1. The openapi.json files that we used to have are now called openapi.tpl.json where the tpl stands for template. Their content is equivalent to what openapi.json files used to have prior to this commit. 2. These template specs are fed into the bundler tool which then spits out the files which then are saved as openapi.json files. The big change is that these bundled versions are no longer containing any remote nor URL references, only local ones. 3. This means that we still get project-wide re-use of schema types from packages such as cactus-core-api, but we no longer suffer from the additional complexities of having to deal with remote and URL references. 4. The scirpt that performs the bundling is callable separately by executing this command ```sh yarn tools:bundle-open-api-tpl-files ``` 5. The `yarn tools:bundle-open-api-tpl-files` is also embedded as a warmup step of the larger `codegen` script so there is no need usually to call the bundling script separately. 6. The heavylifting in terms of bundling is done by the tooling script that can be found here: `tools/bundle-open-api-tpl-files.ts`. On a high level what it does is loop through existing `openapi.tpl.json` files throughout the project and then renders their bundled version next to it as `openapi.json` which then can be used by all of our tools as a self contained version of the template file which *does* still have the remote and URL references in it. More information on what URL and remote references are can be read here on the official OpenAPI website: https://swagger.io/docs/specification/using-ref/ Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
On a high level this is a find & replace operation where the occurrences of the first bullet point were replaced with the second bullet point: * `"$ref": "https://raw.githubusercontent.com/hyperledger/cactus/v2.0.0-alpha.2` * `"$ref": "../../../../..` The firs bullet point above is called a URL reference while the second one is called a REMOTE references (remote as in a different spec file on the file-system). 1. With this change, we unlock the release process being able to issue code that is working on the latest OpenAPI specifications that we are cross-referencing from one package to another. 2. Previously you had to manually update the references in about a hundred and fifty locations to make sure that the versions are bumped but after this change this happens automatically as the newly introduced bundling process and the usage of the REMOTE references instead of URL references. 3. The problem so far with the release process was that with the URL references we dependended on the existence of a pushed git tag for a successful release build. But we cannot git push the tag before having performed a successful release build, so this was a chicken-egg problem that had to be somehow untangled from its circular dependency hell and this change is what makes it happen by no longer depending on the git tags having been pushed to the upstream repository. Related to, but does not yet fix: https://github.com/hyperledger/cacti/issues/2175 Depends on hyperledger-cacti#3288 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. We don't have a Dockerfile anymore to define the image of the dev container instead the build's input is the `devcontainer.json` file which can be built using the `@devcontainers/cli` npm package instead of the usual `docker build` command on the terminal. 2. The ci.yaml job building the image was already doing the build this way but we must've forgotten to update the publish job as well. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. This alleviates the problem that we are installing by default the "latest" from npm which at present has a missing dependency problem. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
1. After this change the steps within the release management documentation should work without issues. 2. Currently the process is (was) broken due to our reliance on URL references within the OpenAPI specifications which created a chicken-egg problem with the release tag issuance and the building of the source code to be released. This change depends on the other pull requests that are refactoring the cross-package OpenAPI specification references: Depends on hyperledger-cacti#3288 Depends on hyperledger-cacti#3315 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
There's still about a hundred test cases to be migrated so I'm combining a few at a time in the pull requests to reduce the CI resource consumption. They are fairly boilerplate changes that usually follow the exact same pattern so it's fairly easy to review with that in mind (hopefully) despite the slightly larger size. Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com> Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
Signed-off-by: Rajat Sharma <rajat16.sharma@ril.com>
Signed-off-by: suvajit-sarkar <suvajit.sarkar@accenture.com>
--- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/protobuf dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
- to extend cert expiry to 10 years
- re-generate expired fabric testnet certs
- update readme for re-generation to add missing steps
Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
Signed-off-by: Sandeep Nishad <sandeep.nishad1@ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Requirements
upstream/mainbranch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.-sflag when usinggit commitcommand. You may refer to this link for more information.Character Limit
A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.