Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GitGuardian fix #24

Closed
wants to merge 94 commits into from
Closed

GitGuardian fix #24

wants to merge 94 commits into from

Conversation

sandeepnRES
Copy link
Owner

Pull Request Requirements

  • Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
  • Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
  • Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

  • Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
  • Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

dependabot bot and others added 30 commits March 28, 2024 09:36
Bumps [express](https://github.com/expressjs/express) from 4.17.1 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.17.1...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
    Previously breaking MacOS builds. See hyperledger/indy-vdr#260

Signed-off-by: Rafael Belchior <[email protected]>
Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.3 to 5.3.4.
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.3...v5.3.4)

---
updated-dependencies:
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [web3-utils](https://github.com/ChainSafe/web3.js) from 4.0.6 to 4.2.1.
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](https://github.com/ChainSafe/web3.js/commits/v4.2.1)

---
updated-dependencies:
- dependency-name: web3-utils
  dependency-type: direct:production
...

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Bumps [web3-utils](https://github.com/ChainSafe/web3.js) from 4.0.3 to 4.2.1.
- [Release notes](https://github.com/ChainSafe/web3.js/releases)
- [Changelog](https://github.com/web3/web3.js/blob/4.x/CHANGELOG.md)
- [Commits](web3/web3.js@v4.0.3...v4.2.1)

---
updated-dependencies:
- dependency-name: web3-utils
  dependency-type: direct:production
...

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
1. This had to be done because of security vulnerabilities in the old version.
2. Originally the robots have attempted to send a pull request with the
same change but it somehow went haywire and upgraded dozens of other
versions in dozens of other packcages not the intended one...
3. So this was manually created to address that bug in GitHub's
dependabot.
4. The original commit message did not mention which vulnerabilities
are  being fixed by it and I also cannot remember the specific ones but
the older versions of web3 were definitely being affected and therefore
it is known to be a good idea what the bot has proposed even though it
couldn't explain itself.

Signed-off-by: Peter Somogyvari <[email protected]>
…onnector

- Iroha connector is broken for some time and it's SDK does't seem to be
    actively supported anymore (in regards of bug or security fixes).

Closes: hyperledger-cacti#3159
Part of: hyperledger-cacti#3155

Signed-off-by: Michal Bajer <[email protected]>
1. When we removed the RustC compiler class and the backing container,
we also deleted the test cases referencing that code, but we forgot to
remove the test case inclusion from the TAP config.

Signed-off-by: Peter Somogyvari <[email protected]>
1. The old way to use docker compose was through the standalone binary
`docker-compose`
2. This was working for a while but now the auto-upgrades that we cannot
seem to avoid have caught up with us and broke ci.sh in the GitHub action
runners because the standalone binary is no longer available at all and
therefore the migration must happen.
3. Point 2 is just a theory but one that is considered to be very likely
correct.
4. It is to be seen if we'll have any other downstream issues such as the
tests failing in other ways due to this underlying docker change.

Signed-off-by: Peter Somogyvari <[email protected]>
1. Prior to this change the polling function that waits for transactions
to be confirmed was running in  while loop without any delay, meaning that
the code that fetches the latest block is executing thousands of times
each second (or however fast the CPU in the machine/network connection are).
2. Now there is a second delay between each execution of the loop so that
we are not hammering the node of the ledger we are connected to.
3. This also has the added benefit of the test cases using this method
using much less CPU power.

Signed-off-by: Peter Somogyvari <[email protected]>
1. The older versions of the AIO image are rusty (flaky to boot) and so
to increase the stability of the example application I considered it
prudent to upgrade to the latest and greatest (non-breaking) all-in-one
image that we have.
2. There might be other branches out there in development where the same
change is already pending, if this is the case then apologies, but I just
had to get this done right away because it had a direct dependency from
another pull request where I was upgrading web3 packages and I had to
have the example application up and running in order to verify that other
pull requests not messing anything up, so here we are.

Signed-off-by: Peter Somogyvari <[email protected]>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
1. Previously we just winged it with a bash script downloading another
bash script to unzip the actionlint binaries.
2. From now on we'll use the GitHub action from the marketplace which
has a lot of configuration options exposed in a convenient way such as
what type of warnings to ignore, what version of actionlint to install,
etc.

Signed-off-by: Peter Somogyvari <[email protected]>
1. The API server supports gRPC endpoints, but plugins are not yet able
to register their own gRPC services to be exposed the same way that was
already possible for HTTP endpoints to be registered dynamically. This
was due to an oversight when the original contribution was made by Peter
(who was the person making the oversight - good job Peter)
2. The functionality works largely the same as it does for the HTTP
endpoints but it does so for gRPC services (which is the equivalent of
endpoints in gRPC terminology, so service === endpoint in this context.)
3. There are new methods added to the public API surface of the API server
package which can be used to construct gRPC credential and server objects
using the instance of the library that is used by the API server.
This is necessary because the validation logic built into grpc-js fails
for these mentioned objects if the creds or the server was constructed
with a different instance of the library than the one used by the API
server.
4. Different instance in this context means just that the exact same
version of the library was imported from a different path for example
there could be the node_modules directory of the besu connector and also
the node_modules directory of the API server.
5. Because of the problem outlined above, the only way we can have functioning
test cases is if the API server exposes its own instance of grpc-js.

Signed-off-by: Peter Somogyvari <[email protected]>
Define the types and type guard needed for the API server to be able to
recognize plugins that have implemented a ConnectRPC interface for their
operations.

Also, these types will be used by the plugins themselves to mark the
implementations as valid for ConnectRPC usage.

ConnectRPC is very similar to gRPC but has some nice features in addition
to it such as the HTTP 2 and HTTP 1.1 proxying through express and
fastify HTTP server instances.

For further details see this link:
https://connectrpc.com/

Signed-off-by: Peter Somogyvari <[email protected]>
Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.3...v5.28.4)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: direct:production
...

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
Primary Changes
----------------
1. Modified the Dockerfile to use the updated versions
   of the packages being used
2. Modified the supervisord.conf to use the correct path
   because it has changed after updating the versions

Fixes hyperledger-cacti#2062

Signed-off-by: aldousalvarez <[email protected]>
* refactored plugin bungee, using strategy design pattern
* current version has strategy both for fabric and besu networks
* includes a few tests to demonstrate basic functionality
* added README with package documentation
* added bungee tests to Cactus CI

Co-authored-by: eduv09 <[email protected]>
Co-authored-by: André Augusto <[email protected]>
Co-authored-by: Rafael Belchior <[email protected]>

Signed-off-by: eduv09 <[email protected]>
1. It appears to be some kind of race condition in the series of jq
command we use to update the package.json file with resolution overrides.
2. The supporting information for the above theory is that the image build
would fail at different jq invocations on sub-sequent build tries that had
no changes between them.
3. Sponge is designed for the use-case of in-place file editing and therefore
`tee` is the likely culprit but we don't have a full explanation to the why
quite yet.
4. It is also not known how this issue manifested after the latest set of
fixes were tested and verified back when the pull request was made:
https://github.com/hyperledger/cacti/pull/3059/commits
5. The current code builds successfully with or without the NPM_PKG_VERSION
override. One of the commands we used to test that it works was this:
```sh
DOCKER_BUILDKIT=1 docker build \
    --build-arg="NPM_PKG_VERSION=2.0.0-2945-supply-chain-app-build-failed.241+b2c306ea0" \
    --file ./examples/cactus-example-supply-chain-backend/Dockerfile \
    . \
    --tag scaeb
```

Signed-off-by: Peter Somogyvari <[email protected]>
1. This is enabling plugins to expose their operations via ConnectRPC
services which is very similar to gRPC but it comes with a few extra
bells and whistles that can come in very handy.
2. There is an upcoming pull request that makes it so that the keychain
memory plugin implements and registers its services via this newly added
hook of the API server. The importance of this is that test coverage for
the code in this commit resides on another branch, meaning that even though
there are no new test cases on this branch, the feature has been extensively
tested and there is test-automation in place to continue verifying it
as well.
3. The main difference between the hook methods are that for CRPC the
API server expects an array of service definition+implementation pairs
instead of just a single one. This was a design decision forced by the
issues with implementing separate services in a single class: The compiler
was hard to appease in a way that kept the code clean. gRPC did not suffer
from this and therefore the registration methods defined for that only
return a single gRPC service defintion+implementation pair which can combine
any number of .proto services.

Signed-off-by: Peter Somogyvari <[email protected]>
Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 6.11.1.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v6.11.1)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
1. The idea here is to re-use the common basic tasks of configuring an
express instance similar to how the API server does it but without having
the chicken-egg problem of circular dependencies between the API server
and the plugins.
2. More detailed discussion can be seen in this other pull request in
the comments: hyperledger-cacti#3169

Signed-off-by: Peter Somogyvari <[email protected]>
- delete solid.js version
- rename package
- fix type erros
- bump vite from 5.0.12 to 5.0.13 in /packages/cacti-ledger-browser-react

Closes: hyperledger-cacti#3156

Signed-off-by: Tomasz Awramski <[email protected]>
1. This leverages the newly introduced methods in core-api that the API
server is using to probe if a plugin has ConnectRPC support or not.
2. There is support for both HTTP 1.1 and HTTP 2. The caveat here is that
HTTP 2 is not supported by ExpressJS so we pulled in Fastify to handle
those type of requests and that means that HTTP 2 ConnectRPC traffic has
to go through a different port compared to the HTTP 1.1 ConnectRPC traffic.
3. The lesson here is that we probably need to migrate away from ExpressJS
longer term because it does not (and from the looks of it will not ever)
support HTTP 2 which is probably going to be a bit of technical debt/
limiting factor in architectural decisions going forward for both Cacti
maintainers and Cacti users.
4. A new code generator has been introduced by this commit as well which
is @buf/build - the tool where ConnectRPC originates from. The scripts are
structured in such a way that this should be seamlessly integrated into the
existing `codegen` root level script and therefore also the CI.
5. There is test coverage for both HTTP 1.1 and HTTP 2 traffic in the file at
```sh
packages/cactus-test-plugin-keychain-memory/src/test/typescript/integration/
test-keychain-memory-crpc-api-server.test.ts
```
6. The test case referenced above is also the example on how to use the
ConnectRPC client (very similar to the HTTP client we already had before)

Depends on hyperledger-cacti#3183

Signed-off-by: Peter Somogyvari <[email protected]>
Bumps [express](https://github.com/expressjs/express) from 4.18.2 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.18.2...4.19.2)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:development
...

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
outSH and others added 29 commits May 23, 2024 03:44
- Use latest supabase and container base versions.
- Use skopeo to freeze images, fetch the containers in separate build phase.
- Add anonymous volume definitions in dockerfile to speedup default runtime.

Closes hyperledger-cacti#3099

Signed-off-by: Michal Bajer <[email protected]>
1. The test seem to have been broken from the moment of the introduction
of the HSTS header assertions.
2. The HSTS headers should be managed on the API server level instead of
individual endpoints.
3. I'll create a follow-up issue for working on this in a more generic
way that gets HSTS headers in place across the board and also in a way
that these are configurable for scenarios when the users don't want them.

Signed-off-by: Peter Somogyvari <[email protected]>
Primary Changes
---------------

1. Fix errors found by Actionlint on multiple yaml files
2. Temporarily removed test_weaver*.yaml, weaver_deploy*.yml, weaver/ directory
in ActionLint

fixes: hyperledger-cacti#2651

Signed-off-by: ruzell22 <[email protected]>
…s-go

    * Added a script to manually change go package names inside fabric-protos
      to fabric-protos-go-apiv2 (for future migration apiv2).
    * Added more unit and build tests covering all go modules
    * Added tools/go-mod-tidy.sh script to fix go.mod by running go mod tidy

Signed-off-by: Sandeep Nishad <[email protected]>
1. The Besu connector now can be reached via the gRPC interface.
2. The same operations are exposed as via HTTP+SocketIO
3. gRPC supports bi-directional streaming so the block watching is also
supported and test coverage verifies that it works.
4. To see an example of how to use the gRPC client of the Besu connector
read the source code of the test case that provides the verification that
the functionality works:
```
packages/cactus-test-plugin-ledger-connector-besu/src/test/typescript/
integration/grpc-services/connector-besu-grpc-services.test.ts
```

Depends on hyperledger-cacti#3173

Signed-off-by: Peter Somogyvari <[email protected]>
Primary Changes:
	Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package

Fixes: hyperledger-cacti#2862

Signed-off-by: zondervancalvez <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
- Add a Stellar Connector plugin following the same pattern as the **Besu Connector plugin**.
- Add a deploy contract endpoint to the Stellar Connector plugin.

**Initialization remarks:**
Supports a network configuration object to define all integration services that seamlessly
integrate with the Stellar test ledger within the Cacti test tooling.

**Deploy remarks:**
The deploy process supports both the compiled smart contract WASM as well as the on-chain WASM
hash as inputs. This follows the smart contract deployment design on Soroban
(Stellar's smart contract platform). Refer to the Stellar documentation at:
https://developers.stellar.org/docs/learn/fundamentals/stellar-data-structures/contracts
for further detail on this process.

More details can be found in the `README.md` file under the connector root directory.

Signed-off-by: Fabricius Zatti <[email protected]>
The problem seems to have been that the yarn cache restore operation
was somehow reverted to the old way of doing it which at this point
have been deprecated and broken by upgrades performed by GitHub in the
meantime.

I've updated the job definition yaml to declare the cache restore operation
the same way all the other jobs are doing it so that it doesn't crash while
attempting to restore the yarn dependency cache prior to a build+test job.

The logs of the failing job looked like this which provided the clue to
what the issue might be:

```sh
2024-05-29T18:14:26.2450767Z Current runner version: '2.316.1'
2024-05-29T18:14:26.2479056Z ##[group]Operating System
2024-05-29T18:14:26.2479698Z Ubuntu
2024-05-29T18:14:26.2480035Z 22.04.4
2024-05-29T18:14:26.2480413Z LTS
2024-05-29T18:14:26.2480746Z ##[endgroup]
2024-05-29T18:14:26.2481115Z ##[group]Runner Image
2024-05-29T18:14:26.2481603Z Image: ubuntu-22.04
2024-05-29T18:14:26.2482000Z Version: 20240526.1.0
2024-05-29T18:14:26.2482983Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20240526.1/images/ubuntu/Ubuntu2204-Readme.md
2024-05-29T18:14:26.2484443Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240526.1
2024-05-29T18:14:26.2485292Z ##[endgroup]
2024-05-29T18:14:26.2485726Z ##[group]Runner Image Provisioner
2024-05-29T18:14:26.2486244Z 2.0.369.1
2024-05-29T18:14:26.2486581Z ##[endgroup]
2024-05-29T18:14:26.2488876Z ##[group]GITHUB_TOKEN Permissions
2024-05-29T18:14:26.2490642Z Actions: write
2024-05-29T18:14:26.2491263Z Attestations: write
2024-05-29T18:14:26.2491851Z Checks: write
2024-05-29T18:14:26.2492296Z Contents: write
2024-05-29T18:14:26.2492725Z Deployments: write
2024-05-29T18:14:26.2493115Z Discussions: write
2024-05-29T18:14:26.2493536Z Issues: write
2024-05-29T18:14:26.2493922Z Metadata: read
2024-05-29T18:14:26.2494321Z Packages: write
2024-05-29T18:14:26.2494693Z Pages: write
2024-05-29T18:14:26.2495100Z PullRequests: write
2024-05-29T18:14:26.2495540Z RepositoryProjects: write
2024-05-29T18:14:26.2495985Z SecurityEvents: write
2024-05-29T18:14:26.2496416Z Statuses: write
2024-05-29T18:14:26.2496808Z ##[endgroup]
2024-05-29T18:14:26.2499861Z Secret source: Actions
2024-05-29T18:14:26.2500527Z Prepare workflow directory
2024-05-29T18:14:26.3236714Z Prepare all required actions
2024-05-29T18:14:26.3395737Z Getting action download info
2024-05-29T18:14:26.4669232Z Download action repository 'actions/[email protected]' (SHA:60edb5dd545a775178f52524783378180af0d1f8)
2024-05-29T18:14:26.6354890Z Download action repository 'actions/[email protected]' (SHA:b4ffde65f46336ab88eb53be808477a3936bae11)
2024-05-29T18:14:26.6738751Z Download action repository 'actions/[email protected]' (SHA:ab5e6d0c87105b4c9c2047343972218f562e4319)
2024-05-29T18:14:26.9454684Z Complete job name: ctp-ledger-connector-ethereum
2024-05-29T18:14:27.0407144Z ##[group]Run actions/[email protected]
2024-05-29T18:14:27.0407904Z with:
2024-05-29T18:14:27.0408249Z   node-version: v18.18.2
2024-05-29T18:14:27.0408727Z   always-auth: false
2024-05-29T18:14:27.0409242Z   check-latest: false
2024-05-29T18:14:27.0409864Z   token: ***
2024-05-29T18:14:27.0410223Z env:
2024-05-29T18:14:27.0410660Z   NODEJS_VERSION: v18.18.2
2024-05-29T18:14:27.0411118Z   RUN_TRIVY_SCAN: true
2024-05-29T18:14:27.0411536Z   FULL_BUILD_DISABLED: true
2024-05-29T18:14:27.0412814Z   JEST_TEST_PATTERN: packages/cactus-test-plugin-ledger-connector-ethereum/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
2024-05-29T18:14:27.0414083Z   JEST_TEST_RUNNER_DISABLED: false
2024-05-29T18:14:27.0414578Z   TAPE_TEST_RUNNER_DISABLED: true
2024-05-29T18:14:27.0415149Z ##[endgroup]
2024-05-29T18:14:27.3394142Z Attempting to download v18.18.2...
2024-05-29T18:14:27.6146256Z Acquiring 18.18.2 - x64 from https://github.com/actions/node-versions/releases/download/18.18.2-6796085386/node-18.18.2-linux-x64.tar.gz
2024-05-29T18:14:28.0584476Z Extracting ...
2024-05-29T18:14:28.0729917Z [command]/usr/bin/tar xz --strip 1 --warning=no-unknown-keyword --overwrite -C /home/runner/work/_temp/7f62dcc4-2eea-4134-9996-51fb41a608d7 -f /home/runner/work/_temp/18a8f5ad-d701-4682-a0a6-ddfeccff98bc
2024-05-29T18:14:29.0694653Z Adding to the cache ...
2024-05-29T18:14:30.6693206Z ##[group]Environment details
2024-05-29T18:14:30.9336497Z node: v18.18.2
2024-05-29T18:14:30.9337120Z npm: 9.8.1
2024-05-29T18:14:30.9337787Z yarn: 1.22.22
2024-05-29T18:14:30.9339206Z ##[endgroup]
2024-05-29T18:14:30.9702266Z ##[group]Run actions/[email protected]
2024-05-29T18:14:30.9702711Z with:
2024-05-29T18:14:30.9703208Z   repository: hyperledger/cacti
2024-05-29T18:14:30.9704074Z   token: ***
2024-05-29T18:14:30.9704384Z   ssh-strict: true
2024-05-29T18:14:30.9704846Z   persist-credentials: true
2024-05-29T18:14:30.9705243Z   clean: true
2024-05-29T18:14:30.9705551Z   sparse-checkout-cone-mode: true
2024-05-29T18:14:30.9706019Z   fetch-depth: 1
2024-05-29T18:14:30.9706366Z   fetch-tags: false
2024-05-29T18:14:30.9706670Z   show-progress: true
2024-05-29T18:14:30.9707093Z   lfs: false
2024-05-29T18:14:30.9707406Z   submodules: false
2024-05-29T18:14:30.9707712Z   set-safe-directory: true
2024-05-29T18:14:30.9708223Z env:
2024-05-29T18:14:30.9708526Z   NODEJS_VERSION: v18.18.2
2024-05-29T18:14:30.9708865Z   RUN_TRIVY_SCAN: true
2024-05-29T18:14:30.9709297Z   FULL_BUILD_DISABLED: true
2024-05-29T18:14:30.9710676Z   JEST_TEST_PATTERN: packages/cactus-test-plugin-ledger-connector-ethereum/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
2024-05-29T18:14:30.9711734Z   JEST_TEST_RUNNER_DISABLED: false
2024-05-29T18:14:30.9712303Z   TAPE_TEST_RUNNER_DISABLED: true
2024-05-29T18:14:30.9712669Z ##[endgroup]
2024-05-29T18:14:31.0490368Z Syncing repository: hyperledger/cacti
2024-05-29T18:14:31.0491730Z ##[group]Getting Git version info
2024-05-29T18:14:31.0492806Z Working directory is '/home/runner/work/cacti/cacti'
2024-05-29T18:14:31.0510179Z [command]/usr/bin/git version
2024-05-29T18:14:31.0595744Z git version 2.45.1
2024-05-29T18:14:31.0624616Z ##[endgroup]
2024-05-29T18:14:31.0647005Z Temporarily overriding HOME='/home/runner/work/_temp/65f40793-e9dd-45f7-aa48-3edabe0b5e12' before making global git config changes
2024-05-29T18:14:31.0648980Z Adding repository directory to the temporary git global config as a safe directory
2024-05-29T18:14:31.0650804Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/cacti/cacti
2024-05-29T18:14:31.0683363Z Deleting the contents of '/home/runner/work/cacti/cacti'
2024-05-29T18:14:31.0689073Z ##[group]Initializing the repository
2024-05-29T18:14:31.0692659Z [command]/usr/bin/git init /home/runner/work/cacti/cacti
2024-05-29T18:14:31.0791277Z hint: Using 'master' as the name for the initial branch. This default branch name
2024-05-29T18:14:31.0792241Z hint: is subject to change. To configure the initial branch name to use in all
2024-05-29T18:14:31.0793062Z hint: of your new repositories, which will suppress this warning, call:
2024-05-29T18:14:31.0793748Z hint:
2024-05-29T18:14:31.0794276Z hint: 	git config --global init.defaultBranch <name>
2024-05-29T18:14:31.0794773Z hint:
2024-05-29T18:14:31.0795453Z hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
2024-05-29T18:14:31.0796493Z hint: 'development'. The just-created branch can be renamed via this command:
2024-05-29T18:14:31.0797495Z hint:
2024-05-29T18:14:31.0798046Z hint: 	git branch -m <name>
2024-05-29T18:14:31.0798683Z Initialized empty Git repository in /home/runner/work/cacti/cacti/.git/
2024-05-29T18:14:31.0801234Z [command]/usr/bin/git remote add origin https://github.com/hyperledger/cacti
2024-05-29T18:14:31.0838315Z ##[endgroup]
2024-05-29T18:14:31.0839010Z ##[group]Disabling automatic garbage collection
2024-05-29T18:14:31.0842207Z [command]/usr/bin/git config --local gc.auto 0
2024-05-29T18:14:31.0872228Z ##[endgroup]
2024-05-29T18:14:31.0873045Z ##[group]Setting up auth
2024-05-29T18:14:31.0878799Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-05-29T18:14:31.0909618Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-05-29T18:14:31.1265073Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-05-29T18:14:31.1294718Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-05-29T18:14:31.1537668Z [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
2024-05-29T18:14:31.1581241Z ##[endgroup]
2024-05-29T18:14:31.1582433Z ##[group]Fetching the repository
2024-05-29T18:14:31.1593800Z [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +81da3334d8e638f85e398dd228bcef836a278230:refs/remotes/origin/main
2024-05-29T18:14:32.1369829Z From https://github.com/hyperledger/cacti
2024-05-29T18:14:32.1371859Z  * [new ref]         81da333 -> origin/main
2024-05-29T18:14:32.1395818Z ##[endgroup]
2024-05-29T18:14:32.1396843Z ##[group]Determining the checkout info
2024-05-29T18:14:32.1398690Z ##[endgroup]
2024-05-29T18:14:32.1399672Z ##[group]Checking out the ref
2024-05-29T18:14:32.1404086Z [command]/usr/bin/git checkout --progress --force -B main refs/remotes/origin/main
2024-05-29T18:14:32.7594778Z Switched to a new branch 'main'
2024-05-29T18:14:32.7595819Z branch 'main' set up to track 'origin/main'.
2024-05-29T18:14:32.7624017Z ##[endgroup]
2024-05-29T18:14:32.7660832Z [command]/usr/bin/git log -1 --format='%H'
2024-05-29T18:14:32.7686058Z '81da3334d8e638f85e398dd228bcef836a278230'
2024-05-29T18:14:32.7843915Z ##[group]Run echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"
2024-05-29T18:14:32.7844624Z �[36;1mecho "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"�[0m
2024-05-29T18:14:32.7923507Z shell: /usr/bin/bash -e {0}
2024-05-29T18:14:32.7923979Z env:
2024-05-29T18:14:32.7924456Z   NODEJS_VERSION: v18.18.2
2024-05-29T18:14:32.7924917Z   RUN_TRIVY_SCAN: true
2024-05-29T18:14:32.7925306Z   FULL_BUILD_DISABLED: true
2024-05-29T18:14:32.7926271Z   JEST_TEST_PATTERN: packages/cactus-test-plugin-ledger-connector-ethereum/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts
2024-05-29T18:14:32.7927223Z   JEST_TEST_RUNNER_DISABLED: false
2024-05-29T18:14:32.7927770Z   TAPE_TEST_RUNNER_DISABLED: true
2024-05-29T18:14:32.7928191Z ##[endgroup]
2024-05-29T18:14:33.2096065Z ##[error]Unable to process file command 'output' successfully.
2024-05-29T18:14:33.2104770Z ##[error]Invalid format '  0. yarn cache clean [--mirror] [--all]'
2024-05-29T18:14:33.2263637Z Post job cleanup.
2024-05-29T18:14:33.3035435Z [command]/usr/bin/git version
2024-05-29T18:14:33.3079712Z git version 2.45.1
2024-05-29T18:14:33.3124388Z Temporarily overriding HOME='/home/runner/work/_temp/9b8e00bb-c36a-4d67-abcb-cfafdf02bd77' before making global git config changes
2024-05-29T18:14:33.3126367Z Adding repository directory to the temporary git global config as a safe directory
2024-05-29T18:14:33.3129712Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/cacti/cacti
2024-05-29T18:14:33.3168293Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-05-29T18:14:33.3203708Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-05-29T18:14:33.3479541Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-05-29T18:14:33.3501845Z http.https://github.com/.extraheader
2024-05-29T18:14:33.3514783Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-05-29T18:14:33.3547533Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-05-29T18:14:33.4044749Z Cleaning up orphan processes
```

Signed-off-by: Peter Somogyvari <[email protected]>
1. The package.json file of the cmd-api-server package now runs the codegen related scripts
sequentially (e.g. using `run-s` instead of `run-p` of `npm-run-all`). This lowers the probability
that the download of the openapi-generator .jar file is too late to finish and a crash occurs due
to the .jar file not being present on the file-system when it is called upon.
2. Also adding a hand-built `nwget` alternative because it was hanging the process after finishing
the download (I've only seen this reproduced locally, but neveretheless it was frustrating)

Signed-off-by: Peter Somogyvari <[email protected]>
1. The ConnectRPC port defaults to 6000 in the API server so for test cases where multiple
instances of the API server are created and started, we need to specify the ports
explicitly in the API server config so that they don't clash with each other casusing the
test to fail.
2. The fix here was to simply bind to port 0 for all the ConnectRPC listeners which
eliminated the possibility of a clash and the test is passing once again.
3. I also snuck in a quality of life improvement for contributors: the API server will no
longer log the entire details of the fastify server that is being used for CRPC thereby
reducing the verbosity of the logs by a wide margin.

Crash logs that revealed the bug in the test case:

```sh
024-05-31T20:14:00.9554919Z [2024-05-31T20:14:00.953Z] ERROR (api-server):
Failed to start ApiServer Error: listen EADDRINUSE: address already in use 127.0.0.1:6000
2024-05-31T20:14:00.95Z     at Http2Server.setupListenHandle [as _listen2] (node:net:1817:16)
2024-05-31T20:14:00.95Z     at listenInCluster (node:net:1865:12)
2024-05-31T20:14:00.95Z     at doListen (node:net:2014:7)
2024-05-31T20:14:00.95Z     at processTicksAndRejections (node:internal/process/task_queues:83:21)
2024-05-31T20:14:00.95Z     at runNextTicks (node:internal/process/task_queues:64:3)
2024-05-31T20:14:00.95Z     at processImmediate (node:internal/timers:447:9) {
2024-05-31T20:14:00.95Z   code: 'EADDRINUSE',
2024-05-31T20:14:00.95Z   errno: -98,
2024-05-31T20:14:00.95Z   syscall: 'listen',
2024-05-31T20:14:00.95Z   address: '127.0.0.1',
2024-05-31T20:14:00.95Z   port: 6000
2024-05-31T20:14:00.95Z }
```

Signed-off-by: Peter Somogyvari <[email protected]>
The changes made to this commit were performed by running `yarn up -R web3-utils`
in the root directory of the project which upgraded all the transitive web3-utils
dependency versions. Finally the root package.json's web3-utils declaration had
to be manually bumped as well.

Tags
- Runtime dependency
- Patch available
Weaknesses
- WeaknessCWE-1321
CVE ID
- CVE-2024-21505
GHSA ID
- GHSA-2g4c-8fpm-c46v

The security advisory:
https://github.com/hyperledger/cacti/security/dependabot/987

Related pull request that was an attempt by the robots to fix the issue (without success)
hyperledger-cacti#3264

Signed-off-by: Peter Somogyvari <[email protected]>
This makes the tooling code a more [DRY](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself)
and is a pre-requisite of some follow-up changes that are about to get proposed
in a separate pull request by Peter that are specific to vendoring the openapi.json spec files.

Signed-off-by: Peter Somogyvari <[email protected]>
This plugin allows to resolve some CVEs more surgically that are found in indirect
dependencies which are difficult to upgrade without triggering a large change
needed and potential migrations, breaking changes to the public APIs of packages.

The reason why the above problem happens is because `yarn up` and `yarn up -R`
are blunt instruments when it comes to managing a monorepo such as ours:
They do their upgrade all-or-nothing, e.g. you can't upgrade a single dependency
in a single monorepo package, you must upgrade the dependency project-wide
with the mentioned tools, but sometimes we need to perform the upgrade just in a
single monorepo package.

For example to the above, about 20 packages use web3 but only about 5 of those
are using v4.x versions of web3. A new CVE came out covering v4.1.x and so
I needed to upgrade web3 only in those packages where web3 was already above
v4.0.0 and leave the older ones alone (surgical upgrades).

To accomplish this I've found no way to do it with stock yarn CLI commands, but
someone who had the exact same problem had written a plugin for solving it.

The original issue reported to yarn with the same problem we are having:
yarnpkg/berry#2591

The repository where the plugin resides that we are adding in this commit in
order to remediate the problem of lack of surgical (per-package) upgrades:
https://github.com/eyolas/yarn-plugin-interractive-filter

The original CVE that I was investigating as I stumbled upon the solution:
- hyperledger-cacti#3264
- https://github.com/hyperledger/cacti/security/dependabot/987

Signed-off-by: Peter Somogyvari <[email protected]>
1. Also sneaking in a fix for a DCI-Lint failure that was introduced recently
when we added a new Yarn plugin which then stored its install URL in the
.yarnrc.yml file and it uses the old git default main branch name and does
not support the new one so we had to exclude the config file from linting.
2. Also ensured that the ConnectRPC ports are bound to zero in all tests where the API
server is being used. This will prevent port conflicts randomly popping up across the
test suite in the future.
3. Also removed a few test cases from the taprc file because they were already migrated to
Jest and therefore tap should not run them as they fail with the Jest syntax.
4. Also fixing the lack of etherscan API key environment variable in the HTLC coordinator tests.

Signed-off-by: Peter Somogyvari <[email protected]>
BREAKING CHANGE: The Open API specification that has the enums for
ledger versions will no longer have an option for Fabric v1.x
This means that in the core-api package the LedgerType enum has changes
which means that code that depends on that enum value will need to be
updated.

Fabric v1.x has had unmaintained dependencies associated with it such as
the native grpc package that stopped receiving security updates years ago
and therefore it's dangerous to have around.

There are also some issues with Fabric v1.x that make the AIO image flaky
which also makes the relevant tests flaky due to which we couldn't run
the v1.x Fabric tests on the CI for a while now anyway.

In order to reduce the CI resource usage and our own maintenance burden
I suggest that we get rid of the Fabric v1.x support meaning that we can
eliminate the AIO image build and some code complexity from the test ledger
code as well.

In addition some old fixtures can be removed that the tests were using.
Overall a net-positive as deleting code without losing functionality (that
we care about) is always a plus.

Signed-off-by: Peter Somogyvari <[email protected]>
**IMPORTANT:** From now on, if you are changing the OpenAPI specification of any given
package within Cacti, please make sure to edit the template file instead of editing the
openapi.json specific file directly because changes in the openapi.json file will be
overwritten by the codegen script the next time you run it.
This slight alteration in the development flow is the least intrusive solution I could find
to resolving our issues with the release automation.

This change enables us to have our openapi.json files work without having remote and URL
references in them (which was a blocker issue for release automation).

1. The openapi.json files that we used to have are now called openapi.tpl.json where the
tpl stands for template. Their content is equivalent to what openapi.json files used to
have prior to this commit.
2. These template specs are fed into the bundler tool which then spits out the files which
then are saved as openapi.json files. The big change is that these bundled versions are
no longer containing any remote nor URL references, only local ones.
3. This means that we still get project-wide re-use of schema types from packages such as
cactus-core-api, but we no longer suffer from the additional complexities of having to deal
with remote and URL references.
4. The scirpt that performs the bundling is callable separately by executing this command
```sh
yarn tools:bundle-open-api-tpl-files
```
5. The `yarn tools:bundle-open-api-tpl-files` is also embedded as a warmup step of the
larger `codegen` script so there is no need usually to call the bundling script separately.
6. The heavylifting in terms of bundling is done by the tooling script that can be found
here: `tools/bundle-open-api-tpl-files.ts`. On a high level what it does is loop through
existing `openapi.tpl.json` files throughout the project and then renders their bundled
version next to it as `openapi.json` which then can be used by all of our tools as a self
contained version of the template file which *does* still have the remote and URL references
in it.

More information on what URL and remote references are can be read here on the official
OpenAPI website: https://swagger.io/docs/specification/using-ref/

Signed-off-by: Peter Somogyvari <[email protected]>
On a high level this is a find & replace operation where the occurrences of the
first bullet point were replaced with the second bullet point:
* `"$ref": "https://raw.githubusercontent.com/hyperledger/cactus/v2.0.0-alpha.2`
* `"$ref": "../../../../..`

The firs bullet point above is called a URL reference while the second one is
called a REMOTE references (remote as in a different spec file on the file-system).

1. With this change, we unlock the release process being able to issue code that
is working on the latest OpenAPI specifications that we are cross-referencing
from one package to another.
2. Previously you had to manually update the references in about a hundred
and fifty locations to make sure that the versions are bumped but after this
change this happens automatically as the newly introduced bundling process
and the usage of the REMOTE references instead of URL references.
3. The problem so far with the release process was that with the URL references
we dependended on the existence of a pushed git tag for a successful release build.
But we cannot git push the tag before having performed a successful release build,
so this was a chicken-egg problem that had to be somehow untangled from its
circular dependency hell and this change is what makes it happen by no longer
depending on the git tags having been pushed to the upstream repository.

Related to, but does not yet fix: hyperledger-cacti#2175

Depends on hyperledger-cacti#3288

Signed-off-by: Peter Somogyvari <[email protected]>
1. We don't have a Dockerfile anymore to define the image of the dev container
instead the build's input is the `devcontainer.json` file which can be built
using the `@devcontainers/cli` npm package instead of the usual `docker build`
command on the terminal.
2. The ci.yaml job building the image was already doing the build this way but
we must've forgotten to update the publish job as well.

Signed-off-by: Peter Somogyvari <[email protected]>
1. This alleviates the problem that we are installing by default the
"latest" from npm which at present has a missing dependency problem.

Signed-off-by: Peter Somogyvari <[email protected]>
1. After this change the steps within the release management documentation should
work without issues.
2. Currently the process is (was) broken due to our reliance on URL references
within the OpenAPI specifications which created a chicken-egg problem with the
release tag issuance and the building of the source code to be released.

This change depends on the other pull requests that are refactoring the cross-package
OpenAPI specification references:

Depends on hyperledger-cacti#3288
Depends on hyperledger-cacti#3315

Signed-off-by: Peter Somogyvari <[email protected]>
There's still about a hundred test cases to be migrated so I'm combining a
few at a time in the pull requests to reduce the CI resource consumption.

They are fairly boilerplate changes that usually follow the exact same
pattern so it's fairly easy to review with that in mind (hopefully) despite
the slightly larger size.

Signed-off-by: Peter Somogyvari <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
Signed-off-by: Sandeep Nishad <[email protected]>
---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <[email protected]>
    - to extend cert expiry to 10 years
    - re-generate expired fabric testnet certs
    - update readme for re-generation to add missing steps

Signed-off-by: Sandeep Nishad <[email protected]>
Signed-off-by: Sandeep Nishad <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.