diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1659a507..56484ca8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,124 +1,124 @@ -name: CI - -on: [ push ] - -jobs: - pre-commit: - name: Linting - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up python - uses: actions/setup-python@v2 - with: - python-version: 3.10.10 - - # Install poetry - - name: Load cached Poetry installation - uses: actions/cache@v2 - with: - path: ~/.local - key: poetry-0 - - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - version: 1.5.1 - virtualenvs-create: true - virtualenvs-in-project: true - installer-parallel: true - - # Install dependencies - - name: Install dependencies - run: poetry install --no-interaction --no-root - - # Run precommit - - name: Run precommit - run: poetry run pre-commit run --all-files - - # Markdown lint - - name: markdownlint-cli - uses: nosborn/github-action-markdown-cli@v3.3.0 - with: - config_file: .markdownlint.yaml - files: . - dot: true - ignore_files: .venv/ - test: - name: Testing - runs-on: ubuntu-latest - env: - ENVIRONMENT: test - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up python - uses: actions/setup-python@v2 - with: - python-version: 3.10.10 - - # Install poetry - - name: Load cached Poetry installation - uses: actions/cache@v2 - with: - path: ~/.local - key: poetry-0 - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - version: 1.5.1 - virtualenvs-create: true - virtualenvs-in-project: true - installer-parallel: true - - # Install dependencies - - name: Install dependencies - run: poetry install --no-interaction --no-root - - # Run tests - - name: Run tests - run: poetry run coverage run -m pytest src - - # Check coverage - - name: Check test coverage - run: poetry run coverage report - - security: - name: pip-audit - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up python - uses: actions/setup-python@v2 - with: - python-version: 3.10.10 - - # Install poetry - - name: Load cached Poetry installation - uses: actions/cache@v2 - with: - path: ~/.local - key: poetry-0 - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - version: 1.5.1 - virtualenvs-create: true - virtualenvs-in-project: true - installer-parallel: true - - - name: Install dependencies - run: poetry install --no-interaction --no-root - - - name: Export requirements - run: poetry export -f requirements.txt --without-hashes > audit_requirements.txt - - # Run audit - - uses: pypa/gh-action-pip-audit@v1.0.7 - with: - inputs: audit_requirements.txt +#name: CI +# +#on: [ push ] +# +#jobs: +# pre-commit: +# name: Linting +# runs-on: ubuntu-latest +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# +# - name: Set up python +# uses: actions/setup-python@v2 +# with: +# python-version: 3.10.10 +# +# # Install poetry +# - name: Load cached Poetry installation +# uses: actions/cache@v2 +# with: +# path: ~/.local +# key: poetry-0 +# +# - name: Install Poetry +# uses: snok/install-poetry@v1 +# with: +# version: 1.5.1 +# virtualenvs-create: true +# virtualenvs-in-project: true +# installer-parallel: true +# +# # Install dependencies +# - name: Install dependencies +# run: poetry install --no-interaction --no-root +# +# # Run precommit +# - name: Run precommit +# run: poetry run pre-commit run --all-files +# +# # Markdown lint +# - name: markdownlint-cli +# uses: nosborn/github-action-markdown-cli@v3.3.0 +# with: +# config_file: .markdownlint.yaml +# files: . +# dot: true +# ignore_files: .venv/ +# test: +# name: Testing +# runs-on: ubuntu-latest +# env: +# ENVIRONMENT: test +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# +# - name: Set up python +# uses: actions/setup-python@v2 +# with: +# python-version: 3.10.10 +# +# # Install poetry +# - name: Load cached Poetry installation +# uses: actions/cache@v2 +# with: +# path: ~/.local +# key: poetry-0 +# - name: Install Poetry +# uses: snok/install-poetry@v1 +# with: +# version: 1.5.1 +# virtualenvs-create: true +# virtualenvs-in-project: true +# installer-parallel: true +# +# # Install dependencies +# - name: Install dependencies +# run: poetry install --no-interaction --no-root +# +# # Run tests +# - name: Run tests +# run: poetry run coverage run -m pytest src +# +# # Check coverage +# - name: Check test coverage +# run: poetry run coverage report +# +# security: +# name: pip-audit +# runs-on: ubuntu-latest +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# +# - name: Set up python +# uses: actions/setup-python@v2 +# with: +# python-version: 3.10.10 +# +# # Install poetry +# - name: Load cached Poetry installation +# uses: actions/cache@v2 +# with: +# path: ~/.local +# key: poetry-0 +# - name: Install Poetry +# uses: snok/install-poetry@v1 +# with: +# version: 1.5.1 +# virtualenvs-create: true +# virtualenvs-in-project: true +# installer-parallel: true +# +# - name: Install dependencies +# run: poetry install --no-interaction --no-root +# +# - name: Export requirements +# run: poetry export -f requirements.txt --without-hashes > audit_requirements.txt +# +# # Run audit +# - uses: pypa/gh-action-pip-audit@v1.0.7 +# with: +# inputs: audit_requirements.txt diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index f2c0bc14..06c3b389 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,53 +1,53 @@ -name: Docker - -on: [ push ] - -jobs: - docker: - name: Build Docker Image - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: Docker meta - id: meta - uses: docker/metadata-action@v3 - with: - images: | - europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator - tags: | - type=ref,event=branch - type=ref,event=tag - type=sha - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Login to GAR - uses: docker/login-action@v1 - with: - registry: europe-west4-docker.pkg.dev - username: _json_key - password: ${{ secrets.GAR_JSON_KEY }} - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - scanner: - name: Trivy scanner - runs-on: ubuntu-latest - needs: docker - steps: - - id: commit-hash - uses: pr-mpt/actions-commit-hash@v2 - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator:sha-${{ steps.commit-hash.outputs.short }}' - format: 'table' - exit-code: '1' - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - ignore-unfixed: true +#name: Docker +# +#on: [ push ] +# +#jobs: +# docker: +# name: Build Docker Image +# runs-on: ubuntu-latest +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# - name: Docker meta +# id: meta +# uses: docker/metadata-action@v3 +# with: +# images: | +# europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator +# tags: | +# type=ref,event=branch +# type=ref,event=tag +# type=sha +# - name: Set up Docker Buildx +# uses: docker/setup-buildx-action@v1 +# - name: Login to GAR +# uses: docker/login-action@v1 +# with: +# registry: europe-west4-docker.pkg.dev +# username: _json_key +# password: ${{ secrets.GAR_JSON_KEY }} +# - name: Build and push +# uses: docker/build-push-action@v2 +# with: +# context: . +# push: ${{ github.event_name != 'pull_request' }} +# tags: ${{ steps.meta.outputs.tags }} +# labels: ${{ steps.meta.outputs.labels }} +# scanner: +# name: Trivy scanner +# runs-on: ubuntu-latest +# needs: docker +# steps: +# - id: commit-hash +# uses: pr-mpt/actions-commit-hash@v2 +# +# - name: Run Trivy vulnerability scanner +# uses: aquasecurity/trivy-action@master +# with: +# image-ref: 'europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator:sha-${{ steps.commit-hash.outputs.short }}' +# format: 'table' +# exit-code: '1' +# vuln-type: 'os,library' +# severity: 'CRITICAL,HIGH' +# ignore-unfixed: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8fc5eb3f..8c12bb31 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -11,20 +11,6 @@ jobs: strategy: matrix: include: - - OS: ubuntu-20.04 - PYTHON_VERSION: 3.10.10 - BUILD_CMD: | - export PYTHONHASHSEED=42 - export BUILD_FILE_NAME=operator-${RELEASE_VERSION}-linux-amd64; - mkdir ${BUILD_FILE_NAME}; - git rev-parse --short HEAD > GIT_SHA - poetry run pyinstaller \ - --distpath ./${BUILD_FILE_NAME} \ - ./operator.spec; - tar -zcvf ${BUILD_FILE_NAME}.tar.gz ${BUILD_FILE_NAME}; - mkdir /tmp/artifacts; - cp ${BUILD_FILE_NAME}.tar.gz /tmp/artifacts; - sha256sum ${BUILD_FILE_NAME}.tar.gz | head -c 64 > /tmp/artifacts/${BUILD_FILE_NAME}.sha256; - OS: macos-11 PYTHON_VERSION: 3.10.10 @@ -33,6 +19,7 @@ jobs: export BUILD_FILE_NAME=operator-${RELEASE_VERSION}-darwin-amd64; mkdir ${BUILD_FILE_NAME}; git rev-parse --short HEAD > GIT_SHA + poetry run python src/main.py --help poetry run pyinstaller \ --distpath ./${BUILD_FILE_NAME} \ ./operator.spec; @@ -41,23 +28,6 @@ jobs: cp ${BUILD_FILE_NAME}.tar.gz /tmp/artifacts; shasum -a 256 ${BUILD_FILE_NAME}.tar.gz | head -c 64 > /tmp/artifacts/${BUILD_FILE_NAME}.sha256 - - OS: windows-latest - PYTHON_VERSION: 3.10.10 - BUILD_CMD: | - $RELEASE_VERSION = $env:GITHUB_REF.replace('refs/tags/', '') - $BUILD_FILE_NAME = "operator-" + $RELEASE_VERSION + "-windows-amd64" - $BUILD_FILE_NAME_PATH = ".\" + $BUILD_FILE_NAME - git rev-parse --short HEAD > GIT_SHA - poetry run pyinstaller ` - --distpath ./${BUILD_FILE_NAME} ` - ./operator.spec; - $ZIP_FILE_NAME = $BUILD_FILE_NAME + ".zip" - Compress-Archive -Path $BUILD_FILE_NAME_PATH -DestinationPath $ZIP_FILE_NAME - mkdir \tmp\artifacts - copy $ZIP_FILE_NAME \tmp\artifacts\ - $CHECKSUM_FILE_NAME_PASH = "\tmp\artifacts\" + $BUILD_FILE_NAME + ".sha256" - certUtil -hashfile $ZIP_FILE_NAME SHA256 | findstr /i /v "SHA256" | findstr /i /v "CertUtil" > $CHECKSUM_FILE_NAME_PASH - steps: - uses: actions/checkout@v2 diff --git a/operator.spec b/operator.spec index 1ccf6c49..64bdd680 100644 --- a/operator.spec +++ b/operator.spec @@ -2,20 +2,17 @@ from PyInstaller.utils.hooks import collect_data_files from sys import platform -if platform == "linux" or platform == "linux2": - datas = [ - ('src/common/abi/*', 'src/common/abi/'), - ('src/common/word_lists/*', 'src/common/word_lists/'), - ('./pyproject.toml', '.'), - ('./GIT_SHA', '.'), - ] +if platform == "darwin": + binaries=[('/usr/lib/libkrb5.3.3.dylib', '.' )], else: - datas = [ - ('src/common/abi/*', 'src/common/abi/'), - ('src/common/word_lists/*', 'src/common/word_lists/'), - ('./pyproject.toml', '.'), - ('./GIT_SHA', '.') - ] + binaries = [] + +datas = [ + ('src/common/abi/*', 'src/common/abi/'), + ('src/common/word_lists/*', 'src/common/word_lists/'), + ('./pyproject.toml', '.'), + ('./GIT_SHA', '.') + ] datas += collect_data_files('certifi') datas += collect_data_files('coincurve') @@ -29,7 +26,7 @@ block_cipher = None a = Analysis( ['src/main.py'], pathex=[], - binaries=[], + binaries=binaries, datas=datas, hiddenimports=['multiaddr.codecs.uint16be', 'multiaddr.codecs.idna'], hookspath=[],