fix(connector-fabric): address CVEs: CVE-2022-21190, CVE-2021-3918 #1616
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright IBM Corp. All Rights Reserved. | |
# | |
# SPDX-License-Identifier: CC-BY-4.0 | |
# This is a basic workflow to help you get started with Actions | |
name: Test Asset Exchange Corda | |
# Controls when the workflow will run | |
on: | |
# Triggers the workflow on push or pull request events but only for the main branch | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
check_code_changed: | |
outputs: | |
status: ${{ steps.changes.outputs.weaver_code_changed }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/[email protected] | |
- uses: dorny/[email protected] | |
id: changes | |
with: | |
filters: | | |
weaver_code_changed: | |
- './weaver/**!(*.md|*.css|*.html|*.jpg|*.jpeg|*.png)' | |
- '.github/workflows/test_weaver-asset-exchange-corda.yaml' | |
asset-exchange-corda: | |
needs: check_code_changed | |
if: ${{ false && needs.check_code_changed.outputs.status == 'true' }} | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/[email protected] | |
- name: Set up JDK 8 | |
uses: actions/[email protected] | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
# CORDA NETWORK | |
- name: Generate github.properties | |
run: | | |
echo "Using ${GITHUB_ACTOR} user." | |
echo "username=${GITHUB_ACTOR}" >> github.properties | |
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.properties | |
echo "url=https://maven.pkg.github.com/${GITHUB_ACTOR}/cacti" >> github.properties | |
echo "Using ${GITHUB_ACTOR} user." | |
echo "username=${GITHUB_ACTOR}" >> github.main.properties | |
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.main.properties | |
echo "url=https://maven.pkg.github.com/hyperledger/cacti" >> github.main.properties | |
./scripts/get-cordapps.sh || mv github.main.properties github.properties | |
cat github.properties | |
working-directory: weaver/tests/network-setups/corda | |
# CORDA NETWORK | |
- name: Start Corda Network | |
run: | | |
make start-network1 PROFILE=3-nodes | |
sleep 100 | |
docker logs corda_partya_1 | |
docker logs corda_partyb_1 | |
working-directory: weaver/tests/network-setups/corda | |
# FABRIC CLI | |
- name: Setup Corda CLI init | |
run: ./scripts/initAsset.sh 1 | |
working-directory: weaver/samples/corda/corda-simple-application | |
- name: Asset Exchange Corda CLI Tests | |
run: | | |
COUNT=0 | |
TOTAL=5 | |
# Lock 50 tokens | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 180 -r "O=PartyA,L=London,C=GB" -p t1:50 1> tmp.out | |
cat tmp.out | grep "HTLC Lock State created with contract ID Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/') | |
# Is Asset locked | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out | |
cat tmp.out | grep "Is Asset Locked Response: true" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# Claim asset | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients claim-asset -cid $CID -s secrettext 1> tmp.out | |
cat tmp.out | grep "Asset Claim Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# Timeout | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 5 -r "O=PartyB,L=London,C=GB" -p t1:50 1> tmp.out | |
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/') | |
sleep 5 | |
cat tmp.out | |
## Is asset lock false | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out | |
cat tmp.out | grep "Is Asset Locked Response: false" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
## Unlock asset | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients unlock-asset -cid $CID 1> tmp.out | |
cat tmp.out | grep "Asset Unlock Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# RESULT | |
echo "Passed $COUNT/$TOTAL Tests." | |
if [ $COUNT == $TOTAL ]; then | |
exit 0 | |
else | |
exit 1 | |
fi | |
working-directory: weaver/samples/corda/corda-simple-application | |
asset-exchange-corda-local: | |
needs: check_code_changed | |
if: needs.check_code_changed.outputs.status == 'true' | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/[email protected] | |
- name: Set up JDK 8 | |
uses: actions/[email protected] | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
- name: Build Java Protos | |
run: make build | |
working-directory: weaver/common/protos-java-kt | |
# Build Dependencies | |
- name: Build Corda Interop App | |
run: make build-local | |
working-directory: weaver/core/network/corda-interop-app | |
- name: Build Corda Interop SDK | |
run: make build | |
working-directory: weaver/sdks/corda | |
- name: Build Corda SimpleApplication | |
run: make build-local | |
working-directory: weaver/samples/corda/corda-simple-application | |
# CORDA NETWORK | |
- name: Start Corda Network | |
run: | | |
make start-network1-local PROFILE=3-nodes | |
sleep 100 | |
docker logs corda_partya_1 | |
docker logs corda_partyb_1 | |
working-directory: weaver/tests/network-setups/corda | |
# FABRIC CLI | |
- name: Setup Corda CLI init | |
run: ./scripts/initAsset.sh 1 | |
working-directory: weaver/samples/corda/corda-simple-application | |
- name: Asset Exchange Corda CLI Tests | |
run: | | |
COUNT=0 | |
TOTAL=5 | |
# Lock 50 tokens | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 180 -r "O=PartyA,L=London,C=GB" -p t1:50 1> tmp.out | |
cat tmp.out | grep "HTLC Lock State created with contract ID Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/') | |
# Is Asset locked | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out | |
cat tmp.out | grep "Is Asset Locked Response: true" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# Claim asset | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients claim-asset -cid $CID -s secrettext 1> tmp.out | |
cat tmp.out | grep "Asset Claim Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# Timeout | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients lock-asset -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 5 -r "O=PartyB,L=London,C=GB" -p t1:50 1> tmp.out | |
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/') | |
sleep 5 | |
cat tmp.out | |
## Is asset lock false | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients is-asset-locked -cid $CID 1> tmp.out | |
cat tmp.out | grep "Is Asset Locked Response: false" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
## Unlock asset | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients unlock-asset -cid $CID 1> tmp.out | |
cat tmp.out | grep "Asset Unlock Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# RESULT | |
echo "Passed $COUNT/$TOTAL Tests." | |
if [ $COUNT == $TOTAL ]; then | |
exit 0 | |
else | |
exit 1 | |
fi | |
working-directory: weaver/samples/corda/corda-simple-application | |
house-token-exchange-corda: | |
needs: check_code_changed | |
if: ${{ false && needs.check_code_changed.outputs.status == 'true' }} | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/[email protected] | |
- uses: dorny/[email protected] | |
id: changes | |
with: | |
filters: | | |
weaver_code_changed: | |
- './weaver/**!(*.md|*.css|*.html|*.jpg|*.jpeg|*.png)' | |
- '.github/workflows/test_weaver-asset-exchange-corda.yaml' | |
- name: Set up JDK 8 | |
uses: actions/[email protected] | |
with: | |
java-version: '8' | |
distribution: 'adopt' | |
# CORDA NETWORK | |
- name: Generate github.properties | |
run: | | |
echo "Using ${GITHUB_ACTOR} user." | |
echo "username=${GITHUB_ACTOR}" >> github.properties | |
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.properties | |
echo "url=https://maven.pkg.github.com/${GITHUB_ACTOR}/cacti" >> github.properties | |
echo "Using ${GITHUB_ACTOR} user." | |
echo "username=${GITHUB_ACTOR}" >> github.main.properties | |
echo "password=${{ secrets.GITHUB_TOKEN }}" >> github.main.properties | |
echo "url=https://maven.pkg.github.com/hyperledger/cacti" >> github.main.properties | |
./scripts/get-cordapps.sh || mv github.main.properties github.properties | |
cat github.properties | |
working-directory: weaver/tests/network-setups/corda | |
# CORDA NETWORK | |
- name: Start Corda Network | |
run: | | |
make start-network1 APP_NAME=house PROFILE=3-nodes | |
sleep 100 | |
docker logs corda_partya_1 | |
docker logs corda_partyb_1 | |
docker logs corda_partyc_1 | |
working-directory: weaver/tests/network-setups/corda | |
# CORDA CLI | |
- name: Build CLI | |
run: | | |
cp ../../../tests/network-setups/corda/github.properties . | |
make build-cli | |
working-directory: weaver/samples/corda/corda-simple-application | |
- name: Setup Corda CLI init | |
run: ./scripts/initHouseToken.sh 1 | |
working-directory: weaver/samples/corda/corda-simple-application | |
- name: House Token Exchange Corda CLI Tests | |
run: | | |
COUNT=0 | |
TOTAL=5 | |
# Lock 50 tokens | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients house-token lock -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 180 -r "O=PartyA,L=London,C=GB" -o "O=PartyC,L=London,C=GB" -p house:10 1> tmp.out | |
cat tmp.out | grep "HTLC Lock State created with contract ID Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/') | |
# Is Asset locked | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients house-token is-locked -cid $CID 1> tmp.out | |
cat tmp.out | grep "Is Asset Locked Response: true" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# Claim asset | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients house-token claim -cid $CID -s secrettext 1> tmp.out | |
cat tmp.out | grep "Asset Claim Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# Timeout | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients house-token lock -f -h64 ivHErp1x4bJDKuRo6L5bApO/DdoyD/dG0mAZrzLZEIs= -t 10 -r "O=PartyB,L=London,C=GB" -p house:20 1> tmp.out | |
CID=$(cat tmp.out | grep "HTLC Lock State created with contract ID Right" | sed -e 's/.*Right(b=\(.*\))\./\1/') | |
sleep 10 | |
cat tmp.out | |
## Is asset lock false | |
CORDA_PORT=10009 ./clients/build/install/clients/bin/clients house-token is-locked -cid $CID 1> tmp.out | |
cat tmp.out | grep "Is Asset Locked Response: false" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
## Unlock asset | |
CORDA_PORT=10006 ./clients/build/install/clients/bin/clients house-token unlock -cid $CID 1> tmp.out | |
cat tmp.out | grep "Asset Unlock Response: Right" && COUNT=$(( COUNT + 1 )) && echo "PASS" | |
cat tmp.out | |
# RESULT | |
echo "Passed $COUNT/$TOTAL Tests." | |
if [ $COUNT == $TOTAL ]; then | |
exit 0 | |
else | |
exit 1 | |
fi | |
working-directory: weaver/samples/corda/corda-simple-application |