From 747088deb0d00ae99ee65d5a0b48255e722c1c60 Mon Sep 17 00:00:00 2001 From: 0xmuralik Date: Wed, 11 Jan 2023 11:55:14 +0530 Subject: [PATCH 1/8] fix private key command --- tests/sdk_tests/run-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/sdk_tests/run-tests.sh b/tests/sdk_tests/run-tests.sh index f2e99b19..80eb2c4f 100755 --- a/tests/sdk_tests/run-tests.sh +++ b/tests/sdk_tests/run-tests.sh @@ -3,7 +3,7 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then set -x fi # Get the key from laconicd -laconicd_key=$( docker compose exec laconicd echo y | laconicd keys export mykey --unarmored-hex --unsafe ) +laconicd_key=$( docker compose exec laconicd echo y | docker compose exec laconicd laconicd keys export mykey --unarmored-hex --unsafe ) # Set parameters for the test suite cosmos_chain_id=laconic_9000-1 laconicd_rest_endpoint=http://laconicd:1317 From c3138a2615c0c5b1a4d366b4fce46e4cca2fd6e7 Mon Sep 17 00:00:00 2001 From: Zach Date: Wed, 11 Jan 2023 09:11:37 -0500 Subject: [PATCH 2/8] Update README.md --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 2cedaec8..ca818232 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,14 @@ The Source of Proof. Laconic is a next generation data availability & verifiabil make install ``` +## Usage + +To quickly get started with a single node fixture, run: + +```bash +./init.sh +``` + ## Community The following chat channels and forums are a great spot to ask questions about Ethermint: From 5e7a890adbfaaf2dba7663512d4e5513d3e50585 Mon Sep 17 00:00:00 2001 From: Ivan Zubok Date: Wed, 18 Jan 2023 17:19:15 +0000 Subject: [PATCH 3/8] 0.6.0 -> 0.7.0 upgrade guide --- testnet/validator upgrade 0.6.0 - 0.7.0.md | 168 +++++++++++++++++++++ 1 file changed, 168 insertions(+) create mode 100644 testnet/validator upgrade 0.6.0 - 0.7.0.md diff --git a/testnet/validator upgrade 0.6.0 - 0.7.0.md b/testnet/validator upgrade 0.6.0 - 0.7.0.md new file mode 100644 index 00000000..3d83d074 --- /dev/null +++ b/testnet/validator upgrade 0.6.0 - 0.7.0.md @@ -0,0 +1,168 @@ +# Validator Upgrade Guide for laconic_81337-5 Testnet v0.6.0 -> v0.7.0 + +This guide assumes you have followed the instructions to crete a systemd service or docker container validator node v0.6.0 and you perform the upgrade on a machine running v0.6.0 + +It is highly recommended to make the backup of your datadir after you stop v0.6.0 and before you start v0.7.0. Unless you changed your datadir, it should be located in `~/.laconicd` + +## Systemd service +Skip this section if you use docker + +This is very similar to building v0.6.0. We keep v 0.6.0 running until v0.7.0 is built and only after the successful build we should replace 0.6.0 binary with v0.7.0. This is to avoid jailing your validator for long downtime. +The general upgrade plan is the following: + 1. Install Go v1.19 (we used 1.18 for v0.6.0) + 2. Remove old copy of the github repository and build directory + 3. Download the latest laconicd repository and checkout v0.7.0 + 4. Build laconicd binary (but not install in this moment) + 5. Stop laconicd systemd service + 6. Install recently built new version of laconicd + 7. Start laconicd service + +You have ~10 minutes after step 5 to complete steps 6 and 7 before your validator is jailed for downtime. Getting jailed for downtime is not a disaster, however would require manual unjailing. + + +### Install Go 1.19 + +```sh +# Update Ubuntu +sudo apt update +sudo apt upgrade -y + +# Install required software packages +sudo apt install git curl build-essential make jq -y + +# Remove any existing installation of `go` +sudo rm -rf /usr/local/go + +# Install Go version 1.19.5 +curl https://dl.google.com/go/go1.19.5.linux-amd64.tar.gz | sudo tar -C/usr/local -zxvf - + +``` + +Check the version of go installed + +```sh +go version + +# Should return something like: go version go1.19.5 linux/amd64 +``` + +--- + +### Remove old copy of `laconicd` build + +```sh +# Remove the previous build directory +cd ~ +rm -rf laconicd +``` + +--- + +### Download `laconicd` repository +```sh +git clone https://github.com/cerc-io/laconicd.git +cd laconicd + +# Checkout main branch +git fetch --all +git checkout v0.7.0 +``` + +--- + +### Build the new version of `laconicd` + +```sh +# Build laconic (but not install at this moment) +make VERSION=v0.7.0 build +``` + +--- + +### Stop `laconicd` systemd service + +```sh +sudo systemctl stop laconicd +``` + +--- + +### Install new `laconicd` version + +```sh +make VERSION=v0.7.0 install +``` + +Verify your installation + +```sh +laconicd version +``` +This should return `0.7.0` + +--- + +### Start `laconicd` systemd service + +```sh +sudo systemctl start laconicd +``` + +Verify that the node joined the network and produces new blocks + +```sh +journalctl -f -u laconicd +``` + + +--- + +## Docker container + +Upgrade plan: + 1. Stop running v0.6.0 container + 2. Delete v0.6.0 container + 3. Create v0.7.0 container + 4. Start v0.7.0 container + + +### Stop running v0.6.0 container +```sh +docker stop laconic-testnet-5 +``` + +--- + +### Delete v0.6.0 container +```sh +docker rm laconic-testnet-5 +``` + +--- + +### Create v0.7.0 container +```sh +docker create --name laconic-testnet-5 \ +--restart always \ +-v ~/.laconicd:/root/.laconicd \ +-p 26656:26656 \ +-p 127.0.0.1:26657:26657 \ +-p 127.0.0.1:26660:26660 \ +git.vdb.to/cerc-io/laconicd/laconicd:v0.7.0 \ +laconicd start --gql-playground --gql-server --log_level=warn +``` + +--- + +### Start v0.7.0 container +```sh +docker start laconic-testnet-5 +``` + +Verify that the node joined the network and produces new blocks + +```sh +docker logs -f laconic-testnet-5 +``` + +--- From 5af22471a8a2e7405b3edab977344066b455709c Mon Sep 17 00:00:00 2001 From: Ivan Zubok Date: Wed, 18 Jan 2023 18:50:22 +0000 Subject: [PATCH 4/8] review changes --- testnet/validator upgrade 0.6.0 - 0.7.0.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/testnet/validator upgrade 0.6.0 - 0.7.0.md b/testnet/validator upgrade 0.6.0 - 0.7.0.md index 3d83d074..2310ea3a 100644 --- a/testnet/validator upgrade 0.6.0 - 0.7.0.md +++ b/testnet/validator upgrade 0.6.0 - 0.7.0.md @@ -9,7 +9,7 @@ Skip this section if you use docker This is very similar to building v0.6.0. We keep v 0.6.0 running until v0.7.0 is built and only after the successful build we should replace 0.6.0 binary with v0.7.0. This is to avoid jailing your validator for long downtime. The general upgrade plan is the following: - 1. Install Go v1.19 (we used 1.18 for v0.6.0) + 1. Install Go v1.19.5 (we used 1.18 for v0.6.0) 2. Remove old copy of the github repository and build directory 3. Download the latest laconicd repository and checkout v0.7.0 4. Build laconicd binary (but not install in this moment) @@ -17,7 +17,8 @@ The general upgrade plan is the following: 6. Install recently built new version of laconicd 7. Start laconicd service -You have ~10 minutes after step 5 to complete steps 6 and 7 before your validator is jailed for downtime. Getting jailed for downtime is not a disaster, however would require manual unjailing. +>***You have ~10 minutes after step 5 to complete steps 6 and 7 before your validator is jailed for downtime. Getting jailed for downtime is not a disaster, however would require manual unjailing.*** + ### Install Go 1.19 @@ -50,6 +51,8 @@ go version ### Remove old copy of `laconicd` build +>Attention should be paid that the directory mentioned below is `~/laconicd` and NOT `~/.laconicd`. The latter is the data directory containing all your node data and configuration and it must be kept during the upgrade. + ```sh # Remove the previous build directory cd ~ @@ -63,7 +66,7 @@ rm -rf laconicd git clone https://github.com/cerc-io/laconicd.git cd laconicd -# Checkout main branch +# Checkout 0.7.0 branch git fetch --all git checkout v0.7.0 ``` @@ -85,6 +88,12 @@ make VERSION=v0.7.0 build sudo systemctl stop laconicd ``` +>***Make sure the service is stopped*** + +```sh +sudo systemctl status laconicd +``` + --- ### Install new `laconicd` version @@ -125,6 +134,7 @@ Upgrade plan: 3. Create v0.7.0 container 4. Start v0.7.0 container +>***You have ~10 minutes to complete the upgrade procedure before your validator is jailed for downtime. Getting jailed for downtime is not a disaster, however would require manual unjailing.*** ### Stop running v0.6.0 container ```sh From facd64a14b60e5b979ade14d1fcac1d3a66646e9 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 30 Jan 2023 16:59:13 -0500 Subject: [PATCH 5/8] All test stuff (#88) * first pass use tests/sdk-tests/run-tests.sh in github action * - -> _ * diagnostic env step * diagnostic env step * diagnostic env step does not support cwd * checkout not preserved between actions * ./ missing * start built containers * missing unmarshalling of content bytes before encoding and generation of CID * unchecked error complaint from linter * golang linting is really picky * utils/json test for comparing known, but deprecated method to new implementation * try curl (retval 0) instead of wget (retval 8) for 404 that is returned * missing curl for health check * use feature branch for laconic-sdk... UNDO THIS LATER * checkout is done from inside of container, rather than copied in from filesystem. checking out dev branch for now * docker network inspect for diagnostic * docker network inspect for diagnostic missing arg * listen on 0.0.0.0 specfically * trying localhost * try host mode network * host mode breaks name resolution of containers * manual service check in laconicd container for diagnostic * revert ListenAndServe * sleep and docker logs... appears endpoint is not coming up maybe? * disable fail_ci on codecov error... it is unstable * turn codecov back to fail on error true to avoid invisible failure. * Cleanup for whitespace and require.NoError in test * new json util test, turning off codecov fails CI, and gitignore for test artifacts --- .github/workflows/docker-image.yml | 2 +- .github/workflows/test.yml | 26 +++++++++++++++++++++- .gitignore | 1 + Dockerfile | 2 +- tests/sdk_tests/Dockerfile-sdk | 1 + tests/sdk_tests/docker-compose.yml | 2 +- tests/sdk_tests/run-tests.sh | 6 +++++ utils/json.go | 31 +++++++++++++------------- utils/json_test.go | 35 ++++++++++++++++++++++++++++++ 9 files changed, 87 insertions(+), 19 deletions(-) create mode 100644 utils/json_test.go diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 6336fbf4..c1172190 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1,4 +1,4 @@ -name: Publish onn release +name: Publish on release on: release: types: [published] diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2b0188e5..82cb654c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -36,7 +36,7 @@ jobs: - uses: codecov/codecov-action@v3 with: file: ./coverage.txt - fail_ci_if_error: true + fail_ci_if_error: false if: env.GIT_DIFF test-importer: @@ -81,6 +81,30 @@ jobs: make test-rpc if: env.GIT_DIFF + sdk_tests: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Checkout laconic-sdk + uses: actions/checkout@v3 + with: + path: "./laconic-sdk/" + repository: cerc-io/laconic-sdk + fetch-depth: 0 + ref: jest_timeout + - name: Environment + run: ls -tlh && env + - name: build containers scripts + working-directory: tests/sdk_tests + run: ./build-laconicd-container.sh && ./build-sdk-test-container.sh + - name: start containers + working-directory: tests/sdk_tests + run: docker compose up -d + - name: run-tests.sh + working-directory: tests/sdk_tests + run: ./run-tests.sh + + # integration_tests: # runs-on: ubuntu-latest # steps: diff --git a/.gitignore b/.gitignore index eb745f7e..4acd46f9 100644 --- a/.gitignore +++ b/.gitignore @@ -50,6 +50,7 @@ coverage.txt sim_log_file tests/**/tmp/* yarn.lock +x/auction/client/testutil/bidder-bafyre* # Vagrant .vagrant/ diff --git a/Dockerfile b/Dockerfile index 2d33f79f..e6ddee8c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ RUN make build FROM alpine:3.17.0 # Install ca-certificates -RUN apk add --update ca-certificates jq +RUN apk add --update ca-certificates jq curl WORKDIR / # Copy over binaries from the build-env diff --git a/tests/sdk_tests/Dockerfile-sdk b/tests/sdk_tests/Dockerfile-sdk index fd9d6cc9..c1705213 100644 --- a/tests/sdk_tests/Dockerfile-sdk +++ b/tests/sdk_tests/Dockerfile-sdk @@ -47,6 +47,7 @@ WORKDIR /app RUN \ git clone https://github.com/cerc-io/laconic-sdk.git \ && cd laconic-sdk \ + && git checkout jest_timeout \ && yarn install WORKDIR /app/laconic-sdk diff --git a/tests/sdk_tests/docker-compose.yml b/tests/sdk_tests/docker-compose.yml index f260d443..aa886496 100644 --- a/tests/sdk_tests/docker-compose.yml +++ b/tests/sdk_tests/docker-compose.yml @@ -6,7 +6,7 @@ services: volumes: - ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh healthcheck: - test: ["CMD", "wget", "-nv", "-t1", "--spider", "http://localhost:6060"] + test: ["CMD", "curl", "-v", "http://127.0.0.1:6060"] interval: 1s timeout: 5s retries: 30 diff --git a/tests/sdk_tests/run-tests.sh b/tests/sdk_tests/run-tests.sh index 80eb2c4f..a8d6565b 100755 --- a/tests/sdk_tests/run-tests.sh +++ b/tests/sdk_tests/run-tests.sh @@ -9,4 +9,10 @@ cosmos_chain_id=laconic_9000-1 laconicd_rest_endpoint=http://laconicd:1317 laconicd_gql_endpoint=http://laconicd:9473/api # Run tests +docker network inspect sdk_tests_default +sleep 30s +docker logs laconicd +docker compose exec laconicd sh -c "curl http://127.0.0.1:9473/api" +docker compose exec laconicd sh -c "curl http://localhost:9473/api" + docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test" diff --git a/utils/json.go b/utils/json.go index 8adc6a9f..5bb934ba 100644 --- a/utils/json.go +++ b/utils/json.go @@ -8,17 +8,16 @@ import ( "bytes" "errors" - "github.com/ipld/go-ipld-prime/codec/dagcbor" - "github.com/ipld/go-ipld-prime/fluent" - "github.com/ipld/go-ipld-prime/linking" - cidlink "github.com/ipld/go-ipld-prime/linking/cid" - "github.com/ipld/go-ipld-prime/multicodec" - "github.com/ipld/go-ipld-prime/storage/memstore" - canonicalJson "github.com/gibson042/canonicaljson-go" "github.com/ipfs/go-cid" cbor "github.com/ipfs/go-ipld-cbor" + "github.com/ipld/go-ipld-prime/codec/dagcbor" + "github.com/ipld/go-ipld-prime/codec/dagjson" + "github.com/ipld/go-ipld-prime/linking" + cidlink "github.com/ipld/go-ipld-prime/linking/cid" + "github.com/ipld/go-ipld-prime/multicodec" basicnode "github.com/ipld/go-ipld-prime/node/basic" + "github.com/ipld/go-ipld-prime/storage/memstore" mh "github.com/multiformats/go-multihash" ) @@ -68,7 +67,17 @@ func GetAttributeAsString(obj map[string]interface{}, attr string) (string, erro } // CIDFromJSONBytesUsingIpldPrime returns CID (dagcbor) for json (as bytes). +// This is combination of samples for unmarshalling and linking +// see: https://pkg.go.dev/github.com/ipld/go-ipld-prime func CIDFromJSONBytesUsingIpldPrime(content []byte) (string, error) { + np := basicnode.Prototype.Any // Pick a stle for the in-memory data. + nb := np.NewBuilder() // Create a builder. + err := dagjson.Decode(nb, bytes.NewReader(content)) // Hand the builder to decoding -- decoding will fill it in! + if err != nil { + return "", err + } + n := nb.Build() // Call 'Build' to get the resulting Node. (It's immutable!) + lsys := cidlink.DefaultLinkSystem() // We want to store the serialized data somewhere. @@ -87,14 +96,6 @@ func CIDFromJSONBytesUsingIpldPrime(content []byte) (string, error) { MhLength: 32, // sha2-256 hash has a 32-byte sum. }} - // And we need some data to link to! Here's a quick piece of example data: - n, err := fluent.Build(basicnode.Prototype.Any, func(na fluent.NodeAssembler) { - na.AssignBytes(content) - }) - if err != nil { - return "", err - } - // Now: time to apply the LinkSystem, and do the actual store operation! lnk, err := lsys.Store( linking.LinkContext{}, // The zero value is fine. Configure it it you want cancellability or other features. diff --git a/utils/json_test.go b/utils/json_test.go new file mode 100644 index 00000000..36e94c20 --- /dev/null +++ b/utils/json_test.go @@ -0,0 +1,35 @@ +package utils + +import ( + "github.com/stretchr/testify/require" + "testing" +) + +func TestAndValidateCIDGeneration(t *testing.T) { + testCases := []struct { + name string + content string + expected string + }{ + // empty string and empty json blows up + // { + // "empty string", "", "bafyreiengp2sbi6ez34a2jctv34bwyjl7yoliteleaswgcwtqzrhmpyt2m", + // }, + // { + // "empty json", "{}", "bafyreihpfkdvib5muloxlj5b3tgdwibjdcu3zdsuhyft33z7gtgnlzlkpm", + // }, + + { + "test record", "{\"build_artifact_cid\":\"QmP8jTG1m9GSDJLCbeWhVSVgEzCPPwXRdCRuJtQ5Tz9Kc9\",\"repo_registration_record_cid\":\"QmSnuWmxptJZdLJpKRarxBMS2Ju2oANVrgbr2xWbie9b2D\",\"tls_cert_cid\":\"QmbWqxBEKC3P8tqsKc98xmWNzrzDtRLMiMPL8wBuTGsMnR\",\"type\":\"WebsiteRegistrationRecord\",\"url\":\"https://cerc.io\",\"version\":\"0.0.1\"}", + "bafyreiek4hnoqmits66bjyxswapplweuoqe4en2ux6u772o4y3askpd3ny", + }, + } + + for _, tc := range testCases { + deprecatedAndCorrect, _ := CIDFromJSONBytes([]byte(tc.content)) + newImpl, err := CIDFromJSONBytesUsingIpldPrime([]byte(tc.content)) + require.NoError(t, err) + require.Equal(t, deprecatedAndCorrect, newImpl, tc.name) + require.Equal(t, tc.expected, newImpl) + } +} From c61f2683296e3fc54a3932917a28b033621d8e41 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 2 Feb 2023 17:00:42 -0500 Subject: [PATCH 6/8] run all tests (#89) * run all tests * run all tests * bad env arg passing... done through docker compose environment now * auction nameservice tests branch of sdk * only run nameservice test * documentation did not match script * run all --- .github/workflows/test.yml | 2 +- tests/sdk_tests/Dockerfile-sdk | 2 +- tests/sdk_tests/docker-compose.yml | 3 +++ tests/sdk_tests/run-all-tests.sh | 18 ++++++++++++++++++ 4 files changed, 23 insertions(+), 2 deletions(-) create mode 100755 tests/sdk_tests/run-all-tests.sh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 82cb654c..20e83ca9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -102,7 +102,7 @@ jobs: run: docker compose up -d - name: run-tests.sh working-directory: tests/sdk_tests - run: ./run-tests.sh + run: ./run-all-tests.sh # integration_tests: diff --git a/tests/sdk_tests/Dockerfile-sdk b/tests/sdk_tests/Dockerfile-sdk index c1705213..5c9ac9eb 100644 --- a/tests/sdk_tests/Dockerfile-sdk +++ b/tests/sdk_tests/Dockerfile-sdk @@ -47,7 +47,7 @@ WORKDIR /app RUN \ git clone https://github.com/cerc-io/laconic-sdk.git \ && cd laconic-sdk \ - && git checkout jest_timeout \ + && git checkout auction_nameservice_tests \ && yarn install WORKDIR /app/laconic-sdk diff --git a/tests/sdk_tests/docker-compose.yml b/tests/sdk_tests/docker-compose.yml index aa886496..f9ed9ea1 100644 --- a/tests/sdk_tests/docker-compose.yml +++ b/tests/sdk_tests/docker-compose.yml @@ -2,6 +2,9 @@ services: laconicd: restart: unless-stopped image: cerc-io/laconicd:local-test + environment: + - TEST_AUCTION_ENABLED=true + - TEST_REGISTRY_EXPIRY=true command: ["sh", "/docker-entrypoint-scripts.d/create-fixturenet.sh"] volumes: - ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh diff --git a/tests/sdk_tests/run-all-tests.sh b/tests/sdk_tests/run-all-tests.sh new file mode 100755 index 00000000..c3969e57 --- /dev/null +++ b/tests/sdk_tests/run-all-tests.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +if [ -n "$CERC_SCRIPT_DEBUG" ]; then + set -x +fi +# Get the key from laconicd +laconicd_key=$( docker compose exec laconicd echo y | docker compose exec laconicd laconicd keys export mykey --unarmored-hex --unsafe ) +# Set parameters for the test suite +cosmos_chain_id=laconic_9000-1 +laconicd_rest_endpoint=http://laconicd:1317 +laconicd_gql_endpoint=http://laconicd:9473/api +# Run tests +docker network inspect sdk_tests_default +sleep 30s + +docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test" +docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:auctions" +docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:nameservice-expiry" +docker logs sdk_tests-laconicd-1 From 4b318822d9b853acf125d8ef425585cb648ec08d Mon Sep 17 00:00:00 2001 From: "A. F. Dudley" Date: Sat, 4 Feb 2023 19:00:17 +0400 Subject: [PATCH 7/8] Delete SECURITY.md --- SECURITY.md | 62 ----------------------------------------------------- 1 file changed, 62 deletions(-) delete mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index d471281e..00000000 --- a/SECURITY.md +++ /dev/null @@ -1,62 +0,0 @@ -# Security - -As part of our vulnerability disclosure policy, we operate a security vulnerability program through [Immunefi](https://immunefi.com/). This document serves as a complementary guideline for reporting vulnerabilities and how the disclosure process is managed. Please refer to the official Evmos [bug bounty program](https://immunefi.com/bounty/evmos/) for up-to-date information. - -## Guidelines - -We require that all researchers: - -- Use the Evmos [bug bounty program](https://immunefi.com/bounty/evmos/) on Immunefi to disclose all vulnerabilities, and avoid posting vulnerability information in public places, including GitHub, Discord, Telegram, Twitter or other non-private channels. -- Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data. -- Keep any information about vulnerabilities that you’ve discovered confidential between yourself and the engineering team until the issue has been resolved and disclosed -- Avoid posting personally identifiable information, privately or publicly - -If you follow these guidelines when reporting an issue to us, we commit to: - -- Not pursue or support any legal action related to your research on this vulnerability -- Work with you to understand, resolve and ultimately disclose the issue in a timely fashion - -## Disclosure Process - -Evmos uses the following disclosure process: - -1. Once a security report is received via the Immunefi Bug Bounty program, the team works to verify the issue and confirm its severity level using [CVSS](https://nvd.nist.gov/vuln-metrics/cvss) or [Immunefi’s Vulnerability Severity Classification System v2.2](https://immunefi.com/immunefi-vulnerability-severity-classification-system-v2-2/). - 1. Two people from the affected project will review, replicate and acknowledge the report within 48-96 hours of the alert according to the table below: - | Security Level | Hours to First Response (ACK) from Escalation | - | -------------------- | --------------------------------------------- | - | Critical | 48 | - | High | 96 | - | Medium | 96 | - | Low or Informational | 96 | - | None | 96 | - - 2. If the report is not applicable or reproducible, the Security Lead (or Security Secondary) will revert to the reporter to request more info or close the report. - 3. The report is confirmed by the Security Lead to the reporter. -2. The team determines the vulnerability’s potential impact on Evmos. - 1. Vulnerabilities with `Informational` and `Low` categorization will result in creating a public issue. - 2. Vulnerabilities with `Medium` categorization will result in the creation of an internal ticket and patch of the code. - 3. Vulnerabilities with `High` or `Critical` will result in the [creation of a new Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/creating-a-repository-security-advisory) - -Once the vulnerability severity is defined, the following steps apply: - -- For `High` and `Critical`: - 1. Patches are prepared for supported releases of Evmos in a [temporary private fork](https://docs.github.com/en/code-security/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability) of the repository. - 2. Only relevant parties will be notified about an upcoming upgrade. These being validators, the core developer team, and users directly affected by the vulnerability. - 3. 24 hours following this notification, relevant releases with the patch will be made public. - 4. The nodes and validators update their Evmos and Ethermint dependencies to use these releases. - 5. A week (or less) after the security vulnerability has been patched on Evmos, we will disclose that the mentioned release contained a security fix. - 6. After an additional 2 weeks, we will publish a public announcement of the vulnerability. We also publish a security Advisory on GitHub and publish a [CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) - -- For `Informational` , `Low` and `Medium` severities: - 1. `Medium` and `Low` severity bug reports are included in a public issue and will be incorporated in the current sprint and patched in the next release. `Informational` reports are additionally categorized as with low or medium priority and might not be included in the next release. - 2. One week after the releases go out, we will publish a post with further details on the vulnerability as well as our response to it. - -This process can take some time. Every effort will be made to handle the bug in as timely a manner as possible, however, it's important that we follow the process described above to ensure that disclosures are handled consistently and to keep Ethermint and its downstream dependent projects, including but not limited to Evmos, as secure as possible. - -### Payment Process - -The payment process will be executed according to Evmos’s Immunefi Bug Bounty program Rules. - -### Contact - -The Evmos Security Team is constantly being monitored. If you need to reach out to the team directly, please reach out via email: [security@evmos.org](mailto:security@evmos.org) From c227a38e9ac9ca9d61ad07b4d3d9f7a32ed7d173 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 10 Feb 2023 14:44:27 -0500 Subject: [PATCH 8/8] tests must be run against different chain configurations (#91) * tests must be run against different chain configurations * compose args order matters * x bit not set on auction tests shell script * always run docker compose down... possibly to avoid insufficient funds error after a failed run * add arg to docker compose down for auction and nameservice-expiry * switch to main branch --- .github/workflows/test.yml | 27 ++++++++++++++-- tests/sdk_tests/Dockerfile-sdk | 1 - tests/sdk_tests/docker-compose-auctions.yml | 31 +++++++++++++++++++ .../sdk_tests/docker-compose-nameservice.yml | 31 +++++++++++++++++++ tests/sdk_tests/docker-compose.yml | 3 -- tests/sdk_tests/run-auction-tests.sh | 16 ++++++++++ ...sts.sh => run-nameservice-expiry-tests.sh} | 6 ++-- 7 files changed, 105 insertions(+), 10 deletions(-) create mode 100644 tests/sdk_tests/docker-compose-auctions.yml create mode 100644 tests/sdk_tests/docker-compose-nameservice.yml create mode 100755 tests/sdk_tests/run-auction-tests.sh rename tests/sdk_tests/{run-all-tests.sh => run-nameservice-expiry-tests.sh} (62%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 20e83ca9..37167aa4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -102,8 +102,31 @@ jobs: run: docker compose up -d - name: run-tests.sh working-directory: tests/sdk_tests - run: ./run-all-tests.sh - + run: ./run-tests.sh + - name: reset containers for auction tests + working-directory: tests/sdk_tests + if: always() + run: docker compose down + - name: start auction containers + working-directory: tests/sdk_tests + run: docker compose -f docker-compose-auctions.yml up -d + - name: run-acution-tests.sh + working-directory: tests/sdk_tests + run: ./run-auction-tests.sh + - name: reset containers for nameservice tests + working-directory: tests/sdk_tests + if: always() + run: docker compose -f docker-compose-auctions.yml down + - name: start auction containers + working-directory: tests/sdk_tests + run: docker compose -f docker-compose-nameservice.yml up -d + - name: run-nameservice-expiry-tests.sh + working-directory: tests/sdk_tests + run: ./run-nameservice-expiry-tests.sh + - name: reset containers for nameservice tests + working-directory: tests/sdk_tests + if: always() + run: docker compose -f docker-compose-nameservice.yml down # integration_tests: # runs-on: ubuntu-latest diff --git a/tests/sdk_tests/Dockerfile-sdk b/tests/sdk_tests/Dockerfile-sdk index 5c9ac9eb..fd9d6cc9 100644 --- a/tests/sdk_tests/Dockerfile-sdk +++ b/tests/sdk_tests/Dockerfile-sdk @@ -47,7 +47,6 @@ WORKDIR /app RUN \ git clone https://github.com/cerc-io/laconic-sdk.git \ && cd laconic-sdk \ - && git checkout auction_nameservice_tests \ && yarn install WORKDIR /app/laconic-sdk diff --git a/tests/sdk_tests/docker-compose-auctions.yml b/tests/sdk_tests/docker-compose-auctions.yml new file mode 100644 index 00000000..9b0df5fd --- /dev/null +++ b/tests/sdk_tests/docker-compose-auctions.yml @@ -0,0 +1,31 @@ +services: + laconicd: + restart: unless-stopped + image: cerc-io/laconicd:local-test + environment: + - TEST_AUCTION_ENABLED=true + command: ["sh", "/docker-entrypoint-scripts.d/create-fixturenet.sh"] + volumes: + - ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh + healthcheck: + test: ["CMD", "curl", "-v", "http://127.0.0.1:6060"] + interval: 1s + timeout: 5s + retries: 30 + ports: + - "6060" + - "26657" + - "26656" + - "9473" + - "8545" + - "8546" + - "9090" + - "9091" + - "1317" + + sdk-test-runner: + image: cerc-io/laconic-sdk-tester:local-test + depends_on: + laconicd: + condition: service_healthy + command: tail -F /dev/null diff --git a/tests/sdk_tests/docker-compose-nameservice.yml b/tests/sdk_tests/docker-compose-nameservice.yml new file mode 100644 index 00000000..17614108 --- /dev/null +++ b/tests/sdk_tests/docker-compose-nameservice.yml @@ -0,0 +1,31 @@ +services: + laconicd: + restart: unless-stopped + image: cerc-io/laconicd:local-test + environment: + - TEST_REGISTRY_EXPIRY=true + command: ["sh", "/docker-entrypoint-scripts.d/create-fixturenet.sh"] + volumes: + - ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh + healthcheck: + test: ["CMD", "curl", "-v", "http://127.0.0.1:6060"] + interval: 1s + timeout: 5s + retries: 30 + ports: + - "6060" + - "26657" + - "26656" + - "9473" + - "8545" + - "8546" + - "9090" + - "9091" + - "1317" + + sdk-test-runner: + image: cerc-io/laconic-sdk-tester:local-test + depends_on: + laconicd: + condition: service_healthy + command: tail -F /dev/null diff --git a/tests/sdk_tests/docker-compose.yml b/tests/sdk_tests/docker-compose.yml index f9ed9ea1..aa886496 100644 --- a/tests/sdk_tests/docker-compose.yml +++ b/tests/sdk_tests/docker-compose.yml @@ -2,9 +2,6 @@ services: laconicd: restart: unless-stopped image: cerc-io/laconicd:local-test - environment: - - TEST_AUCTION_ENABLED=true - - TEST_REGISTRY_EXPIRY=true command: ["sh", "/docker-entrypoint-scripts.d/create-fixturenet.sh"] volumes: - ../../init.sh:/docker-entrypoint-scripts.d/create-fixturenet.sh diff --git a/tests/sdk_tests/run-auction-tests.sh b/tests/sdk_tests/run-auction-tests.sh new file mode 100755 index 00000000..d1a05d17 --- /dev/null +++ b/tests/sdk_tests/run-auction-tests.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +if [ -n "$CERC_SCRIPT_DEBUG" ]; then + set -x +fi +# Get the key from laconicd +laconicd_key=$( docker compose exec laconicd echo y | docker compose exec laconicd laconicd keys export mykey --unarmored-hex --unsafe ) +# Set parameters for the test suite +cosmos_chain_id=laconic_9000-1 +laconicd_rest_endpoint=http://laconicd:1317 +laconicd_gql_endpoint=http://laconicd:9473/api +# Run tests +docker network inspect sdk_tests_default +sleep 30s +docker logs sdk_tests-laconicd-1 + +docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:auctions" diff --git a/tests/sdk_tests/run-all-tests.sh b/tests/sdk_tests/run-nameservice-expiry-tests.sh similarity index 62% rename from tests/sdk_tests/run-all-tests.sh rename to tests/sdk_tests/run-nameservice-expiry-tests.sh index c3969e57..572eaa46 100755 --- a/tests/sdk_tests/run-all-tests.sh +++ b/tests/sdk_tests/run-nameservice-expiry-tests.sh @@ -11,8 +11,6 @@ laconicd_gql_endpoint=http://laconicd:9473/api # Run tests docker network inspect sdk_tests_default sleep 30s - -docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test" -docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:auctions" -docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:nameservice-expiry" docker logs sdk_tests-laconicd-1 + +docker compose exec sdk-test-runner sh -c "COSMOS_CHAIN_ID=${cosmos_chain_id} LACONICD_REST_ENDPOINT=${laconicd_rest_endpoint} LACONICD_GQL_ENDPOINT=${laconicd_gql_endpoint} PRIVATE_KEY=${laconicd_key} yarn test:nameservice-expiry"