merge current develop

.env.template

@@ -1,4 +1,20 @@
-## GUARDIAN ECOSYSTEM ENVIRONMENT NAME
-# if you already started to use actively Guardian leave GUARDIAN_ENV empty when you want to use it as usual  
-# if you want to use a new environment configure GUARDIAN_ENV with a significative environment name
-GUARDIAN_ENV=""
+# GUARDIAN ECOSYSTEM ENVIRONMENT NAME
+# if you have already started actively using Guardian, leave GUARDIAN_ENV blank if you want to continue use it as normal
+# if you want to use a new environment, configure GUARDIAN_ENV with a meaningful environment name
+GUARDIAN_ENV=
+
+# GUARDIAN_VERSION
+# This variable specifies the version tag for Guardian services images.
+# It is used for multiple services in Docker Compose configurations without the "-build" postfix.
+#
+# Usage:
+# - Set to a specific version number for reproducible builds (e.g., "2.27.1")
+# - Leave empty to use the default version specified in the Docker Compose file
+#
+# Examples:
+# GUARDIAN_VERSION=2.27.1
+# GUARDIAN_VERSION=latest
+# GUARDIAN_VERSION=
+#
+# Note: If not set, it defaults to "latest" in the Docker Compose file.
+GUARDIAN_VERSION=

.github/CODEOWNERS

@@ -0,0 +1,49 @@
+###################################
+##### Global Protection Rule ######
+###################################
+# NOTE: This rule is overriden by the more specific rules below. This is the catch-all rule for all files not covered by the more specific rules below.
+*                                               @hashgraph/envision-blockchain-hedera
+
+############################
+#####  Project Files  ######
+############################
+
+*/src/**                                         @hashgraph/guardian-committers @hashgraph/guardian-maintainers
+*/tests/**                                       @hashgraph/guardian-committers @hashgraph/guardian-maintainers
+
+
+#########################
+#####  Core Files  ######
+#########################
+
+# NOTE: Must be placed last to ensure enforcement over all other rules
+
+# Protection Rules for Github Configuration Files and Actions Workflows
+/.github/                                       @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/release-engineering-managers
+/.github/workflows/                             @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/guardian-committers
+
+# NodeJS project files
+package.json                                    @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/developer-advocates @hashgraph/guardian-committers
+package-lock.json                               @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/developer-advocates @hashgraph/guardian-committers
+jest.config.mjs                                 @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/developer-advocates @hashgraph/guardian-committers
+
+# Codacy Tool Configurations
+/config/                                        @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/developer-advocates
+.remarkrc                                       @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/developer-advocates
+
+# Semantic Release Configuration
+.releaserc                                      @hashgraph/devops-ci @hashgraph/devops-ci-committers
+
+# Self-protection for root CODEOWNERS files (this file should not exist and should definitely require approval)
+/CODEOWNERS                                     @hashgraph/release-engineering-managers
+
+# Protect the repository root files
+/README.md                                      @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/release-engineering-managers @hashgraph/guardian-maintainers
+**/LICENSE                                      @hashgraph/release-engineering-managers @hashgraph/guardian-maintainers
+
+# CodeCov configuration
+**/codecov.yml                                  @hashgraph/devops-ci @hashgraph/devops-ci-committers
+
+# Git Ignore definitions
+**/.gitignore                                   @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/release-engineering-managers
+**/.gitignore.*                                 @hashgraph/devops-ci @hashgraph/devops-ci-committers @hashgraph/release-engineering-managers

.github/dependabot.yml

@@ -3,11 +3,14 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: weekly
     open-pull-requests-limit: 10
+    target-branch: "develop"
+
   - package-ecosystem: npm
     directory: "/"
     schedule:
       interval: weekly
     open-pull-requests-limit: 15
     target-branch: "develop"
+    versioning-strategy: increase-if-necessary

.github/workflows/add-documentation-to-repo.yaml

@@ -10,10 +10,10 @@ on:
 jobs:
   runService:
     name: Run Service
-    runs-on: [self-hosted, Linux, medium, ephemeral]
+    runs-on: guardian-linux-medium
     strategy:
       matrix:
-        node-version: [ 20.x ]
+        node-version: [ 20.18.1 ]
         mongodb-version: [ 7.0.5 ]
     steps:
       - name: Harden Runner
@@ -22,10 +22,10 @@ jobs:
           egress-policy: audit
 
       - name: Checkout Code
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af #v4.1.0
         with:
           node-version: ${{ matrix.node-version }}
 
@@ -38,9 +38,9 @@ jobs:
         run: yarn install
 
       - name: Start NatsMQ
-        uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
+        uses: step-security/nats-action@0306fc1c4e4f49dbe4db5865a3135ab1516a5aee # v0.1.0
         with:
-          port: "4222"
+          port: '4222'
 
       - name: Config Repo
         run: |
@@ -50,7 +50,7 @@ jobs:
           git checkout "${GITHUB_REF:11}"
 
       - name: Start MongoDB
-        uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
+        uses: step-security/mongodb-github-action@ff3d5a3dec0957be7ef99d3d1c9ca4499e8a4cb8 # v1.11.0
         with:
           mongodb-version: ${{ matrix.mongodb-version }}
 

.github/workflows/api-manual.yml

@@ -1,4 +1,5 @@
 name: Guardian CI API Tests(Manual)
+run-name: Guardian CI API Tests(Manual) - ${{ inputs.tags }}
 on:
     workflow_dispatch:
         inputs:
@@ -7,24 +8,18 @@ on:
                 description: Tags for run(smoke, accounts, firstPool and etc.)
                 default: 'all'
         description: 'Manual run'
-
 jobs:
     buildAndTest:
         name: Build and Test (Manual)
-        runs-on: [self-hosted, Linux, medium, ephemeral]
+        runs-on: ubuntu-latest
         services:
-            ipfs-node:
-                image: ipfs/kubo:latest
-                ports:
-                    - 8080:8080
-                    - 5001:5001
             cache:
                 image: registry.redict.io/redict
                 ports:
                     - 6379:6379
         strategy:
             matrix:
-                node-version: [ 20.x ]
+                node-version: [ 20.18.1 ]
                 mongodb-version: [ 7.0.5 ]
         steps:
             - name: Harden Runner
@@ -33,10 +28,12 @@ jobs:
                   egress-policy: audit
 
             - name: Checkout Code
-              uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+              with:
+                  ref: 'develop'
 
             - name: Use Node.js ${{ matrix.node-version }}
-              uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 #v4.0.2
+              uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af #v4.1.0
               with:
                   node-version: ${{ matrix.node-version }}
 
@@ -50,6 +47,8 @@ jobs:
 
             - name: Build packages
               run: |
+                  # sudo apt-get update
+                  # sudo apt-get install -y libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 libasound2 libxtst6 xauth xvfb
                   pushd interfaces
                   yarn run build
                   popd
@@ -65,6 +64,9 @@ jobs:
                   pushd auth-service
                   yarn run build
                   popd
+                  pushd queue-service
+                  yarn run build
+                  popd
                   pushd guardian-service
                   yarn run build
                   popd
@@ -77,14 +79,13 @@ jobs:
                   pushd api-gateway
                   yarn run build
                   popd
-
             - name: Start NatsMQ
-              uses: onichandame/nats-action@a8144f9009c5f67c39edd6a50f9de659c44bd135 # v0.0.0
+              uses: step-security/nats-action@0306fc1c4e4f49dbe4db5865a3135ab1516a5aee # v0.1.0
               with:
-                  port: "4222"
+                  port: '4222'
 
             - name: Start MongoDB
-              uses: supercharge/mongodb-github-action@5a87bd81f88e2a8b195f8b7b656f5cda1350815a # v1.11.0
+              uses: step-security/mongodb-github-action@ff3d5a3dec0957be7ef99d3d1c9ca4499e8a4cb8 # v1.11.0
               with:
                   mongodb-version: ${{ matrix.mongodb-version }}
 
@@ -110,8 +111,16 @@ jobs:
                   npm start &
                   sleep 20
                   popd
+                  pushd queue-service
+                  npm start &
+                  sleep 20
+                  popd
                   pushd worker-service
                   npm start &
+                  npm start &
+                  npm start &
+                  npm start &
+                  npm start &
                   sleep 20
                   popd
                   pushd api-gateway
@@ -123,21 +132,25 @@ jobs:
                   CI: true
                   OPERATOR_ID: ${{ secrets.CI_HEDERA_ACCOUNT }}
                   OPERATOR_KEY: ${{ secrets.CI_HEDERA_PRIV_KEY }}
+                  JWT_PRIVATE_KEY: ${{ secrets.CI_JWT_PRIVATE_KEY }}
+                  JWT_PUBLIC_KEY: ${{ secrets.CI_JWT_PUBLIC_KEY }}
                   IPFS_NODE_ADDRESS: http://localhost:5001
-                  IPFS_PROVIDER: local
-                  IPFS_PUBLIC_GATEWAY: http://localhost:8080/ipfs/${cid}
+                  IPFS_PROVIDER: web3storage
+                  IPFS_PUBLIC_GATEWAY: https://dweb.link/ipfs/${cid}
+                  IPFS_STORAGE_KEY: ${{ secrets.E2E_IPFS_STORAGE_KEY }}
+                  IPFS_STORAGE_PROOF: ${{ secrets.E2E_IPFS_STORAGE_PROOF }}
+                  ACCESS_TOKEN_UPDATE_INTERVAL: 600000
 
             - name: Run tests with Cypress
               run: |
                   lsb_release -a
                   sudo apt-get install libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 libasound2 libxtst6 xauth xvfb
                   pushd e2e-tests
-                  npm install --force
-                  ELECTRON_RUN_AS_NODE=1 npx cypress run --env "portApi=3002,operatorId=${{ secrets.CI_HEDERA_ACCOUNT }},operatorKey=${{ secrets.CI_HEDERA_PRIV_KEY }},grepTags=${{ inputs.tags }},grepFilterSpecs=true" --spec cypress/e2e/api-tests/**/*.cy.js            
+                  npm install
+                  npx cypress run --env "portApi=3002,operatorId=${{ secrets.CI_HEDERA_ACCOUNT }},operatorKey=${{ secrets.CI_HEDERA_PRIV_KEY }},grepTags=${{ inputs.tags }},grepFilterSpecs=true" --spec "cypress/e2e/api-tests/**/*.cy.js" --browser chrome         
                   popd
-
             - name: Publish API Test Results
-              uses: EnricoMi/publish-unit-test-result-action@30eadd5010312f995f0d3b3cff7fe2984f69409e # v2.16.1
+              uses: EnricoMi/publish-unit-test-result-action@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0
               if: always()
               with:
                   files: e2e-tests/cypress/test_results/**/*.xml