diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index e4fe94b4a1..fce6efdd1c 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -31,7 +31,7 @@ }, "ghcr.io/devcontainers/features/node:1": { "nodeGypDependencies": true, - "version": "18.19.0" + "version": "20.11.1" }, "ghcr.io/devcontainers/features/rust:1": { "version": "1.74", @@ -42,7 +42,7 @@ "version": "v3.20.3" }, "ghcr.io/dhoeric/features/trivy:1.0.0": { - "version": "0.49.1" + "version": "0.52.1" } }, "customizations": { @@ -62,7 +62,8 @@ "eamodio.gitlens", "streetsidesoftware.code-spell-checker", "github.vscode-pull-request-github", - "codeandstuff.package-json-upgrade" + "codeandstuff.package-json-upgrade", + "AquaSecurityOfficial.trivy-vulnerability-scanner" ] } }, diff --git a/.github/workflows/cacti-dev-container-vscode-publish.yaml b/.github/workflows/cacti-dev-container-vscode-publish.yaml index 4e40aeb10c..e73cfda4d2 100644 --- a/.github/workflows/cacti-dev-container-vscode-publish.yaml +++ b/.github/workflows/cacti-dev-container-vscode-publish.yaml @@ -1,7 +1,7 @@ name: connector-fabric-publish env: - NODEJS_VERSION: v20.3.0 + NODEJS_VERSION: v20.11.1 IMAGE_NAME: cacti-dev-container-vscode on: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7766c2726c..1878744659 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,18 +1,6 @@ -# Below are the full description for the shorten job names: -# -# ce - cactus-example -# cp - cactus-plugin -# cpk - cactus-plugin-keychain -# cpl - cactus-plugin-ledger -# cplc - cactus-plugin-ledger-connector -# plc - plugin-ledger-connector -# cpp - cactus-plugin-persistence -# ct - cactus-test -# ctp - cactus-test-plugin --- env: NODEJS_VERSION: v18.18.2 - RUN_TRIVY_SCAN: true jobs: ActionLint: uses: ./.github/workflows/actionlint.yaml @@ -39,7 +27,6 @@ jobs: plugin-ledger-connector-ethereum-changed: ${{ steps.changes.outputs.plugin-ledger-connector-ethereum-changed }} plugin-ledger-connector-iroha2-changed: ${{ steps.changes.outputs.plugin-ledger-connector-iroha2-changed }} plugin-ledger-connector-quorum-changed: ${{ steps.changes.outputs.plugin-ledger-connector-quorum-changed }} - plugin-ledger-connector-stellar-changed: ${{ steps.changes.outputs.plugin-ledger-connector-stellar-changed }} plugin-htlc-coordinator-besu-changed: ${{ steps.changes.outputs.plugin-htlc-coordinator-besu-changed }} test-tooling-changed: ${{ steps.changes.outputs.test-tooling-changed }} ghcr-corda-all-in-one-obligation-changed: ${{ steps.changes.outputs.ghcr-corda-all-in-one-obligation-changed }} @@ -135,15 +122,6 @@ jobs: - './packages/cactus-plugin-keychain-memory/**' # - './.github/workflows/ci.yaml' - plugin-ledger-connector-stellar-changed: - - './packages/cacti-plugin-ledger-connector-stellar/**' - - './packages/cactus-common/**' - - './packages/cactus-core/**' - - './packages/cactus-core-api/**' - - './packages/cactus-test-tooling/**' - - './packages/cactus-plugin-keychain-memory/**' - # - './.github/workflows/ci.yaml' - test-tooling-changed: - './packages/cactus-test-tooling/**' - './packages/cactus-common/**' @@ -269,7 +247,7 @@ jobs: - name: Set env.GIT_INDEX_FILE_COUNT id: set_env_git_index_file_count run: | - echo "GIT_INDEX_FILE_COUNT=$(git status --porcelain | wc -l)" >> "$GITHUB_ENV" + echo "GIT_INDEX_FILE_COUNT=$(git status --porcelain | wc -l)" >> $GITHUB_ENV - name: Print env.GIT_INDEX_FILE_COUNT id: print_env_git_index_file_count @@ -554,7 +532,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ce-carbon-accounting-backend: + cactus-example-carbon-accounting-backend: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -580,7 +558,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ce-carbon-accounting-business-logic-plugin: + cactus-example-carbon-accounting-business-logic-plugin: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -605,7 +583,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ce-carbon-accounting-frontend: + cactus-example-carbon-accounting-frontend: continue-on-error: false env: DEV_BUILD_DISABLED: false @@ -631,7 +609,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ce-supply-chain-backend: + cactus-example-supply-chain-backend: continue-on-error: false env: DUMP_DISK_USAGE_INFO_DISABLED: false @@ -659,7 +637,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ce-supply-chain-business-logic-plugin: + cactus-example-supply-chain-business-logic-plugin: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -684,7 +662,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ce-supply-chain-frontend: + cactus-example-supply-chain-frontend: continue-on-error: false env: DEV_BUILD_DISABLED: false @@ -710,7 +688,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-consortium-manual: + cactus-plugin-consortium-manual: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -735,7 +713,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-htlc-coordinator-besu: + cactus-plugin-htlc-coordinator-besu: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -762,7 +740,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-htlc-eth-besu: + cactus-plugin-htlc-eth-besu: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -787,7 +765,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-htlc-eth-besu-erc20: + cactus-plugin-htlc-eth-besu-erc20: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -812,7 +790,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-keychain-aws-sm: + cactus-plugin-keychain-aws-sm: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -838,7 +816,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-keychain-azure-kv: + cactus-plugin-keychain-azure-kv: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -864,7 +842,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpk-google-sm: + cactus-plugin-keychain-google-sm: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -890,7 +868,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpk-memory: + cactus-plugin-keychain-memory: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -915,7 +893,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpk-memory-wasm: + cactus-plugin-keychain-memory-wasm: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -941,7 +919,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpk-vault: + cactus-plugin-keychain-vault: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -967,7 +945,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpl-connector-aries: + cactus-plugin-ledger-connector-aries: continue-on-error: false needs: - build-dev @@ -994,7 +972,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpl-connector-besu: + cactus-plugin-ledger-connector-besu: permissions: write-all continue-on-error: false needs: @@ -1057,7 +1035,7 @@ jobs: fail-on-alert: true alert-comment-cc-users: '@petermetz' - cpl-connector-polkadot: + cactus-plugin-ledger-connector-polkadot: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1085,7 +1063,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpl-connector-corda: + cactus-plugin-ledger-connector-corda: continue-on-error: false needs: - build-dev @@ -1115,38 +1093,8 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - - cpl-connector-stellar: - continue-on-error: false - needs: - - build-dev - - compute_changed_packages - if: needs.compute_changed_packages.outputs.plugin-ledger-connector-stellar-changed == 'true' - env: - FULL_BUILD_DISABLED: true - JEST_TEST_PATTERN: packages/cacti-plugin-ledger-connector-stellar/src/test/typescript/(unit|integration|benchmark)/.*/*.test.ts - JEST_TEST_RUNNER_DISABLED: false - TAPE_TEST_RUNNER_DISABLED: true - runs-on: ubuntu-22.04 - steps: - - name: Use Node.js ${{ env.NODEJS_VERSION }} - uses: actions/setup-node@v4.0.2 - with: - node-version: ${{ env.NODEJS_VERSION }} - - uses: actions/checkout@v4.1.1 - - - id: yarn-cache - name: Restore Yarn Cache - uses: actions/cache@v4.0.1 - with: - key: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - path: ./.yarn/ - restore-keys: | - ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - - run: ./tools/ci.sh - - plc-fabric-0: + plugin-ledger-connector-fabric-0: needs: - build-dev - compute_changed_packages @@ -1179,7 +1127,7 @@ jobs: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - plc-fabric-1: + plugin-ledger-connector-fabric-1: needs: - build-dev - compute_changed_packages @@ -1212,7 +1160,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-javascript-source.test.ts - plc-fabric-2: + plugin-ledger-connector-fabric-2: continue-on-error: false needs: - build-dev @@ -1245,7 +1193,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-typescript-source.test.ts - plc-fabric-3: + plugin-ledger-connector-fabric-3: needs: - build-dev - compute_changed_packages @@ -1278,7 +1226,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-lock-asset.test.ts - plc-fabric-4: + plugin-ledger-connector-fabric-4: continue-on-error: false needs: - build-dev @@ -1311,7 +1259,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/openapi/openapi-validation.test.ts - plc-fabric-5: + plugin-ledger-connector-fabric-5: continue-on-error: false needs: - build-dev @@ -1344,7 +1292,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/openapi/openapi-validation-go.test.ts - plc-fabric-6: + plugin-ledger-connector-fabric-6: continue-on-error: false needs: - build-dev @@ -1377,7 +1325,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/unit/identity-internal-crypto-utils.test.ts - plc-fabric-7: + plugin-ledger-connector-fabric-7: continue-on-error: false needs: - build-dev @@ -1410,7 +1358,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/identity-client.test.ts - plc-fabric-8: + plugin-ledger-connector-fabric-8: continue-on-error: false needs: - build-dev @@ -1443,7 +1391,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-with-identities.test.ts - plc-fabric-9: + plugin-ledger-connector-fabric-9: continue-on-error: false needs: - build-dev @@ -1476,7 +1424,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/obtain-profiles.test.ts - plc-fabric-10: + plugin-ledger-connector-fabric-10: needs: - build-dev - compute_changed_packages @@ -1509,7 +1457,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-golang-source.test.ts - plc-fabric-11: + plugin-ledger-connector-fabric-11: continue-on-error: false needs: - build-dev @@ -1542,7 +1490,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/add-orgs.test.ts - plc-fabric-12: + plugin-ledger-connector-fabric-12: continue-on-error: false needs: - build-dev @@ -1575,7 +1523,7 @@ jobs: - run: npm run configure - run: yarn ts-node ./packages/cactus-plugin-ledger-connector-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-with-ws-ids.test.ts - cplc-go-ethereum-socketio: + cactus-plugin-ledger-connector-go-ethereum-socketio: continue-on-error: false env: DEV_BUILD_DISABLED: false @@ -1601,7 +1549,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cplc-iroha2: + cactus-plugin-ledger-connector-iroha2: continue-on-error: false needs: - build-dev @@ -1629,7 +1577,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cplc-ethereum: + cactus-plugin-ledger-connector-ethereum: continue-on-error: false needs: - build-dev @@ -1656,7 +1604,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cplc-quorum: + cactus-plugin-ledger-connector-quorum: continue-on-error: false needs: - build-dev @@ -1676,7 +1624,7 @@ jobs: with: node-version: ${{ env.NODEJS_VERSION }} - uses: actions/checkout@v4.1.1 - + - id: yarn-cache name: Restore Yarn Cache uses: actions/cache@v4.0.1 @@ -1686,20 +1634,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - - - name: Build an image from Dockerfile - run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-plugin-ledger-connector-quorum/Dockerfile -t plugin-ledger-connector-quorum - - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} - name: Run Trivy vulnerability scan for plugin-ledger-connector-quorum - uses: aquasecurity/trivy-action@0.19.0 - with: - image-ref: 'plugin-ledger-connector-quorum' - format: 'table' - exit-code: '1' - ignore-unfixed: false - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - cplc-sawtooth: + cactus-plugin-ledger-connector-sawtooth: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1723,7 +1658,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cplc-xdai: + cactus-plugin-ledger-connector-xdai: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1750,7 +1685,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cpp-ethereum: + cactus-plugin-persistence-ethereum: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1775,7 +1710,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - cp-object-store-ipfs: + cactus-plugin-object-store-ipfs: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1818,7 +1753,7 @@ jobs: # - uses: actions/checkout@v4.1.1 # - id: yarn-cache-dir-path # name: Get yarn cache directory path - # run: echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT" + # run: echo "::set-output name=dir::$(yarn cache dir)" # - id: yarn-cache # name: Restore Yarn Cache # uses: actions/cache@v4.0.1 @@ -1828,7 +1763,7 @@ jobs: # restore-keys: | # ${{ runner.os }}-yarn- # - run: ./tools/ci.sh - cp-bungee-hermes: + cactus-plugin-bungee-hermes: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1853,7 +1788,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ct-api-client: + cactus-test-api-client: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1878,7 +1813,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ct-cmd-api-server: + cactus-test-cmd-api-server: continue-on-error: false needs: - build-dev @@ -1907,7 +1842,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ct-geth-ledger: + cactus-test-geth-ledger: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1932,7 +1867,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ctp-consortium-manual: + cactus-test-plugin-consortium-manual: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1958,7 +1893,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ctp-htlc-eth-besu: + cactus-test-plugin-htlc-eth-besu: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -1991,7 +1926,7 @@ jobs: - name: Run solidity tests run: cd packages/cactus-plugin-htlc-eth-besu && forge test -vvvvv - ctp-htlc-eth-besu-erc20: + cactus-test-plugin-htlc-eth-besu-erc20: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -2018,7 +1953,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ctp-ledger-connector-besu: + cactus-test-plugin-ledger-connector-besu: continue-on-error: false needs: - build-dev @@ -2038,7 +1973,7 @@ jobs: with: node-version: ${{ env.NODEJS_VERSION }} - uses: actions/checkout@v4.1.1 - + - id: yarn-cache name: Restore Yarn Cache uses: actions/cache@v4.0.1 @@ -2048,7 +1983,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ctp-ledger-connector-quorum: + cactus-test-plugin-ledger-connector-quorum: continue-on-error: false needs: - build-dev @@ -2076,7 +2011,7 @@ jobs: restore-keys: | ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - run: ./tools/ci.sh - ctp-ledger-connector-ethereum: + cactus-test-plugin-ledger-connector-ethereum: continue-on-error: false env: FULL_BUILD_DISABLED: true @@ -2091,14 +2026,17 @@ jobs: with: node-version: ${{ env.NODEJS_VERSION }} - uses: actions/checkout@v4.1.1 + - id: yarn-cache-dir-path + name: Get yarn cache directory path + run: echo "::set-output name=dir::$(yarn cache dir)" - id: yarn-cache name: Restore Yarn Cache uses: actions/cache@v4.0.1 with: - key: ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} - path: ./.yarn/ + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + path: ${{ steps.yarn-cache-dir-path.outputs.dir }} restore-keys: | - ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }} + ${{ runner.os }}-yarn- - run: ./tools/ci.sh cactus-test-tooling: continue-on-error: false @@ -2160,7 +2098,16 @@ jobs: steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-besu-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/besu-all-in-one/ -f ./tools/docker/besu-all-in-one/Dockerfile -t cactus-besu-all-in-one + - name: Run Trivy vulnerability scan for cactus-besu-all-in-one + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-besu-all-in-one' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-cmd-api-server: runs-on: ubuntu-22.04 needs: @@ -2170,14 +2117,13 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-cmd-api-server run: DOCKER_BUILDKIT=1 docker build . -f ./packages/cactus-cmd-api-server/Dockerfile -t cactus-cmd-api-server - - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} - name: Run Trivy vulnerability scan for cactus-cmd-api-server - uses: aquasecurity/trivy-action@0.19.0 + - name: Run Trivy vulnerability scan for cactus-cmd-api-server + uses: aquasecurity/trivy-action@0.52.1 with: image-ref: 'cactus-cmd-api-server' format: 'table' exit-code: '1' - ignore-unfixed: false + ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' ghcr-connector-besu: @@ -2189,14 +2135,13 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-connector-besu run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-besu/ -f ./packages/cactus-plugin-ledger-connector-besu/Dockerfile -t cactus-connector-besu - - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} - name: Run Trivy vulnerability scan for cactus-connector-besu - uses: aquasecurity/trivy-action@0.19.0 + - name: Run Trivy vulnerability scan for cactus-connector-besu + uses: aquasecurity/trivy-action@0.52.1 with: image-ref: 'cactus-connector-besu' format: 'table' exit-code: '1' - ignore-unfixed: false + ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' ghcr-connector-corda-server: @@ -2209,14 +2154,13 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-connector-corda-server run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-corda/src/main-server/ -f ./packages/cactus-plugin-ledger-connector-corda/src/main-server/Dockerfile -t cactus-connector-corda-server - - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} - name: Run Trivy vulnerability scan for cactus-connector-corda-server - uses: aquasecurity/trivy-action@0.19.0 + - name: Run Trivy vulnerability scan for cactus-connector-corda-server + uses: aquasecurity/trivy-action@0.52.1 with: image-ref: 'cactus-connector-corda-server' format: 'table' exit-code: '1' - ignore-unfixed: false + ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' ghcr-connector-fabric: @@ -2229,14 +2173,13 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-connector-fabric run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-ledger-connector-fabric/ -f ./packages/cactus-plugin-ledger-connector-fabric/Dockerfile -t cactus-connector-fabric - - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} - name: Run Trivy vulnerability scan for cactus-connector-fabric - uses: aquasecurity/trivy-action@0.19.0 + - name: Run Trivy vulnerability scan for cactus-connector-fabric + uses: aquasecurity/trivy-action@0.52.1 with: image-ref: 'cactus-connector-fabric' format: 'table' exit-code: '1' - ignore-unfixed: false + ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' ghcr-corda-all-in-one: @@ -2247,8 +2190,16 @@ jobs: steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-corda-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile - + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/Dockerfile -t cactus-corda-all-in-one + - name: Run Trivy vulnerability scan for cactus-corda-all-in-one + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-corda-all-in-one' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-corda-all-in-one-flowdb: runs-on: ubuntu-22.04 steps: @@ -2264,7 +2215,15 @@ jobs: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-corda-all-in-one-obligation run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-all-in-one-obligation - + - name: Run Trivy vulnerability scan for cactus-corda-all-in-one-obligation + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-corda-all-in-one-obligation' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-dev-container-vscode: runs-on: ubuntu-22.04 needs: @@ -2281,49 +2240,80 @@ jobs: - name: npm_install_@devcontainers/cli@0.44.0 run: npm install -g @devcontainers/cli@0.44.0 - name: npx_yes_devcontainers_cli_build - run: npx --yes @devcontainers/cli@0.44.0 build --workspace-folder="./" --log-level=trace --push=false --config="./.devcontainer/devcontainer.json" --image-name="$IMAGE_NAME" + run: npx --yes @devcontainers/cli@0.44.0 build --workspace-folder=./ --log-level=trace --push=false --config=./.devcontainer/devcontainer.json --image-name=$IMAGE_NAME ghcr-example-carbon-accounting: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-example-carbon-accounting - run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile - + run: DOCKER_BUILDKIT=1 docker build . -f ./examples/carbon-accounting/Dockerfile -t cactus-example-carbon-accounting + - name: Run Trivy vulnerability scan for cactus-example-carbon-accounting + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-example-carbon-accounting' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-example-supply-chain-app: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-example-supply-chain-app run: DOCKER_BUILDKIT=1 docker build . -f ./examples/cactus-example-supply-chain-backend/Dockerfile -t cactus-example-supply-chain-app - + - name: Run Trivy vulnerability scan for cactus-example-supply-chain-app + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-example-supply-chain-app' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-fabric-all-in-one: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-fabric-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x - + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v1.4.x -t cactus-fabric-all-in-one + - name: Run Trivy vulnerability scan for cactus-fabric-all-in-one + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-fabric-all-in-one' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-fabric2-all-in-one: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-fabric2-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x - + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/fabric-all-in-one/ -f ./tools/docker/fabric-all-in-one/Dockerfile_v2.x -t cactus-fabric2-all-in-one + - name: Run Trivy vulnerability scan for cactus-fabric2-all-in-one + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-fabric2-all-in-one' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-keychain-vault-server: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-keychain-vault-server run: DOCKER_BUILDKIT=1 docker build ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/ -f ./packages/cactus-plugin-keychain-vault/src/cactus-keychain-vault-server/Dockerfile -t cactus-keychain-vault-server - - if: ${{ env.RUN_TRIVY_SCAN == 'true' }} - name: Run Trivy vulnerability scan for cactus-keychain-vault-server - uses: aquasecurity/trivy-action@0.19.0 + - name: Run Trivy vulnerability scan for cactus-keychain-vault-server + uses: aquasecurity/trivy-action@0.52.1 with: image-ref: 'cactus-keychain-vault-server' format: 'table' exit-code: '1' - ignore-unfixed: false + ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH' ghcr-quorum-all-in-one: @@ -2331,15 +2321,31 @@ jobs: steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-quorum-all-in-one - run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile - + run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-all-in-one/ -f ./tools/docker/quorum-all-in-one/Dockerfile -t cactus-quorum-all-in-one + - name: Run Trivy vulnerability scan for cactus-quorum-all-in-one + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-quorum-all-in-one' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ghcr-quorum-multi-party-all-in-one: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.1.1 - name: ghcr.io/hyperledger/cactus-quorum-multi-party-all-in-one run: DOCKER_BUILDKIT=1 docker build ./tools/docker/quorum-multi-party-all-in-one/ -f ./tools/docker/quorum-multi-party-all-in-one/Dockerfile -t cactus-quorum-multi-party-all-in-one - + - name: Run Trivy vulnerability scan for cactus-quorum-multi-party-all-in-one + uses: aquasecurity/trivy-action@0.52.1 + with: + image-ref: 'cactus-quorum-multi-party-all-in-one' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' name: Cactus_CI 'on': pull_request: @@ -2350,4 +2356,4 @@ name: Cactus_CI push: branches: - main - - dev \ No newline at end of file + - dev diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 86f6098895..aaa17ff8f8 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -14,6 +14,7 @@ "eamodio.gitlens", "streetsidesoftware.code-spell-checker", "github.vscode-pull-request-github", - "codeandstuff.package-json-upgrade" + "codeandstuff.package-json-upgrade", + "AquaSecurityOfficial.trivy-vulnerability-scanner" ] } diff --git a/examples/cactus-example-supply-chain-backend/compose-dev.yaml b/examples/cactus-example-supply-chain-backend/compose-dev.yaml new file mode 100644 index 0000000000..a92f7012bb --- /dev/null +++ b/examples/cactus-example-supply-chain-backend/compose-dev.yaml @@ -0,0 +1,12 @@ +services: + app: + entrypoint: + - sleep + - infinity + image: docker/dev-environments-default:stable-1 + init: true + volumes: + - type: bind + source: /var/run/docker.sock + target: /var/run/docker.sock + diff --git a/install_nvm.sh b/install_nvm.sh new file mode 100644 index 0000000000..50fbd3abf3 --- /dev/null +++ b/install_nvm.sh @@ -0,0 +1,461 @@ +#!/usr/bin/env bash + +{ # this ensures the entire script is downloaded # + +nvm_has() { + type "$1" > /dev/null 2>&1 +} + +nvm_echo() { + command printf %s\\n "$*" 2>/dev/null +} + +nvm_grep() { + GREP_OPTIONS='' command grep "$@" +} + +nvm_default_install_dir() { + [ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm" +} + +nvm_install_dir() { + if [ -n "$NVM_DIR" ]; then + printf %s "${NVM_DIR}" + else + nvm_default_install_dir + fi +} + +nvm_latest_version() { + nvm_echo "v0.38.0" +} + +nvm_profile_is_bash_or_zsh() { + local TEST_PROFILE + TEST_PROFILE="${1-}" + case "${TEST_PROFILE-}" in + *"/.bashrc" | *"/.bash_profile" | *"/.zshrc") + return + ;; + *) + return 1 + ;; + esac +} + +# +# Outputs the location to NVM depending on: +# * The availability of $NVM_SOURCE +# * The method used ("script" or "git" in the script, defaults to "git") +# NVM_SOURCE always takes precedence unless the method is "script-nvm-exec" +# +nvm_source() { + local NVM_GITHUB_REPO + NVM_GITHUB_REPO="${NVM_INSTALL_GITHUB_REPO:-nvm-sh/nvm}" + local NVM_VERSION + NVM_VERSION="${NVM_INSTALL_VERSION:-$(nvm_latest_version)}" + local NVM_METHOD + NVM_METHOD="$1" + local NVM_SOURCE_URL + NVM_SOURCE_URL="$NVM_SOURCE" + if [ "_$NVM_METHOD" = "_script-nvm-exec" ]; then + NVM_SOURCE_URL="https://raw.githubusercontent.com/${NVM_GITHUB_REPO}/${NVM_VERSION}/nvm-exec" + elif [ "_$NVM_METHOD" = "_script-nvm-bash-completion" ]; then + NVM_SOURCE_URL="https://raw.githubusercontent.com/${NVM_GITHUB_REPO}/${NVM_VERSION}/bash_completion" + elif [ -z "$NVM_SOURCE_URL" ]; then + if [ "_$NVM_METHOD" = "_script" ]; then + NVM_SOURCE_URL="https://raw.githubusercontent.com/${NVM_GITHUB_REPO}/${NVM_VERSION}/nvm.sh" + elif [ "_$NVM_METHOD" = "_git" ] || [ -z "$NVM_METHOD" ]; then + NVM_SOURCE_URL="https://github.com/${NVM_GITHUB_REPO}.git" + else + nvm_echo >&2 "Unexpected value \"$NVM_METHOD\" for \$NVM_METHOD" + return 1 + fi + fi + nvm_echo "$NVM_SOURCE_URL" +} + +# +# Node.js version to install +# +nvm_node_version() { + nvm_echo "$NODE_VERSION" +} + +nvm_download() { + if nvm_has "curl"; then + curl --fail --compressed -q "$@" + elif nvm_has "wget"; then + # Emulate curl with wget + ARGS=$(nvm_echo "$@" | command sed -e 's/--progress-bar /--progress=bar /' \ + -e 's/--compressed //' \ + -e 's/--fail //' \ + -e 's/-L //' \ + -e 's/-I /--server-response /' \ + -e 's/-s /-q /' \ + -e 's/-sS /-nv /' \ + -e 's/-o /-O /' \ + -e 's/-C - /-c /') + # shellcheck disable=SC2086 + eval wget $ARGS + fi +} + +install_nvm_from_git() { + local INSTALL_DIR + INSTALL_DIR="$(nvm_install_dir)" + local NVM_VERSION + NVM_VERSION="${NVM_INSTALL_VERSION:-$(nvm_latest_version)}" + if [ -n "${NVM_INSTALL_VERSION:-}" ]; then + # Check if version is an existing ref + if command git ls-remote "$(nvm_source "git")" "$NVM_VERSION" | nvm_grep -q "$NVM_VERSION" ; then + : + # Check if version is an existing changeset + elif ! nvm_download -o /dev/null "$(nvm_source "script-nvm-exec")"; then + nvm_echo >&2 "Failed to find '$NVM_VERSION' version." + exit 1 + fi + fi + + local fetch_error + if [ -d "$INSTALL_DIR/.git" ]; then + # Updating repo + nvm_echo "=> nvm is already installed in $INSTALL_DIR, trying to update using git" + command printf '\r=> ' + fetch_error="Failed to update nvm with $NVM_VERSION, run 'git fetch' in $INSTALL_DIR yourself." + else + fetch_error="Failed to fetch origin with $NVM_VERSION. Please report this!" + nvm_echo "=> Downloading nvm from git to '$INSTALL_DIR'" + command printf '\r=> ' + mkdir -p "${INSTALL_DIR}" + if [ "$(ls -A "${INSTALL_DIR}")" ]; then + # Initializing repo + command git init "${INSTALL_DIR}" || { + nvm_echo >&2 'Failed to initialize nvm repo. Please report this!' + exit 2 + } + command git --git-dir="${INSTALL_DIR}/.git" remote add origin "$(nvm_source)" 2> /dev/null \ + || command git --git-dir="${INSTALL_DIR}/.git" remote set-url origin "$(nvm_source)" || { + nvm_echo >&2 'Failed to add remote "origin" (or set the URL). Please report this!' + exit 2 + } + else + # Cloning repo + command git clone "$(nvm_source)" --depth=1 "${INSTALL_DIR}" || { + nvm_echo >&2 'Failed to clone nvm repo. Please report this!' + exit 2 + } + fi + fi + # Try to fetch tag + if command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" fetch origin tag "$NVM_VERSION" --depth=1 2>/dev/null; then + : + # Fetch given version + elif ! command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" fetch origin "$NVM_VERSION" --depth=1; then + nvm_echo >&2 "$fetch_error" + exit 1 + fi + command git -c advice.detachedHead=false --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" checkout -f --quiet FETCH_HEAD || { + nvm_echo >&2 "Failed to checkout the given version $NVM_VERSION. Please report this!" + exit 2 + } + if [ -n "$(command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" show-ref refs/heads/master)" ]; then + if command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" branch --quiet 2>/dev/null; then + command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" branch --quiet -D master >/dev/null 2>&1 + else + nvm_echo >&2 "Your version of git is out of date. Please update it!" + command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" branch -D master >/dev/null 2>&1 + fi + fi + + nvm_echo "=> Compressing and cleaning up git repository" + if ! command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" reflog expire --expire=now --all; then + nvm_echo >&2 "Your version of git is out of date. Please update it!" + fi + if ! command git --git-dir="$INSTALL_DIR"/.git --work-tree="$INSTALL_DIR" gc --auto --aggressive --prune=now ; then + nvm_echo >&2 "Your version of git is out of date. Please update it!" + fi + return +} + +# +# Automatically install Node.js +# +nvm_install_node() { + local NODE_VERSION_LOCAL + NODE_VERSION_LOCAL="$(nvm_node_version)" + + if [ -z "$NODE_VERSION_LOCAL" ]; then + return 0 + fi + + nvm_echo "=> Installing Node.js version $NODE_VERSION_LOCAL" + nvm install "$NODE_VERSION_LOCAL" + local CURRENT_NVM_NODE + + CURRENT_NVM_NODE="$(nvm_version current)" + if [ "$(nvm_version "$NODE_VERSION_LOCAL")" == "$CURRENT_NVM_NODE" ]; then + nvm_echo "=> Node.js version $NODE_VERSION_LOCAL has been successfully installed" + else + nvm_echo >&2 "Failed to install Node.js $NODE_VERSION_LOCAL" + fi +} + +install_nvm_as_script() { + local INSTALL_DIR + INSTALL_DIR="$(nvm_install_dir)" + local NVM_SOURCE_LOCAL + NVM_SOURCE_LOCAL="$(nvm_source script)" + local NVM_EXEC_SOURCE + NVM_EXEC_SOURCE="$(nvm_source script-nvm-exec)" + local NVM_BASH_COMPLETION_SOURCE + NVM_BASH_COMPLETION_SOURCE="$(nvm_source script-nvm-bash-completion)" + + # Downloading to $INSTALL_DIR + mkdir -p "$INSTALL_DIR" + if [ -f "$INSTALL_DIR/nvm.sh" ]; then + nvm_echo "=> nvm is already installed in $INSTALL_DIR, trying to update the script" + else + nvm_echo "=> Downloading nvm as script to '$INSTALL_DIR'" + fi + nvm_download -s "$NVM_SOURCE_LOCAL" -o "$INSTALL_DIR/nvm.sh" || { + nvm_echo >&2 "Failed to download '$NVM_SOURCE_LOCAL'" + return 1 + } & + nvm_download -s "$NVM_EXEC_SOURCE" -o "$INSTALL_DIR/nvm-exec" || { + nvm_echo >&2 "Failed to download '$NVM_EXEC_SOURCE'" + return 2 + } & + nvm_download -s "$NVM_BASH_COMPLETION_SOURCE" -o "$INSTALL_DIR/bash_completion" || { + nvm_echo >&2 "Failed to download '$NVM_BASH_COMPLETION_SOURCE'" + return 2 + } & + for job in $(jobs -p | command sort) + do + wait "$job" || return $? + done + chmod a+x "$INSTALL_DIR/nvm-exec" || { + nvm_echo >&2 "Failed to mark '$INSTALL_DIR/nvm-exec' as executable" + return 3 + } +} + +nvm_try_profile() { + if [ -z "${1-}" ] || [ ! -f "${1}" ]; then + return 1 + fi + nvm_echo "${1}" +} + +# +# Detect profile file if not specified as environment variable +# (eg: PROFILE=~/.myprofile) +# The echo'ed path is guaranteed to be an existing file +# Otherwise, an empty string is returned +# +nvm_detect_profile() { + if [ "${PROFILE-}" = '/dev/null' ]; then + # the user has specifically requested NOT to have nvm touch their profile + return + fi + + if [ -n "${PROFILE}" ] && [ -f "${PROFILE}" ]; then + nvm_echo "${PROFILE}" + return + fi + + local DETECTED_PROFILE + DETECTED_PROFILE='' + + if [ -n "${BASH_VERSION-}" ]; then + if [ -f "$HOME/.bashrc" ]; then + DETECTED_PROFILE="$HOME/.bashrc" + elif [ -f "$HOME/.bash_profile" ]; then + DETECTED_PROFILE="$HOME/.bash_profile" + fi + elif [ -n "${ZSH_VERSION-}" ]; then + DETECTED_PROFILE="$HOME/.zshrc" + fi + + if [ -z "$DETECTED_PROFILE" ]; then + for EACH_PROFILE in ".profile" ".bashrc" ".bash_profile" ".zshrc" + do + if DETECTED_PROFILE="$(nvm_try_profile "${HOME}/${EACH_PROFILE}")"; then + break + fi + done + fi + + if [ -n "$DETECTED_PROFILE" ]; then + nvm_echo "$DETECTED_PROFILE" + fi +} + +# +# Check whether the user has any globally-installed npm modules in their system +# Node, and warn them if so. +# +nvm_check_global_modules() { + local NPM_COMMAND + NPM_COMMAND="$(command -v npm 2>/dev/null)" || return 0 + [ -n "${NVM_DIR}" ] && [ -z "${NPM_COMMAND%%$NVM_DIR/*}" ] && return 0 + + local NPM_VERSION + NPM_VERSION="$(npm --version)" + NPM_VERSION="${NPM_VERSION:--1}" + [ "${NPM_VERSION%%[!-0-9]*}" -gt 0 ] || return 0 + + local NPM_GLOBAL_MODULES + NPM_GLOBAL_MODULES="$( + npm list -g --depth=0 | + command sed -e '/ npm@/d' -e '/ (empty)$/d' + )" + + local MODULE_COUNT + MODULE_COUNT="$( + command printf %s\\n "$NPM_GLOBAL_MODULES" | + command sed -ne '1!p' | # Remove the first line + wc -l | command tr -d ' ' # Count entries + )" + + if [ "${MODULE_COUNT}" != '0' ]; then + # shellcheck disable=SC2016 + nvm_echo '=> You currently have modules installed globally with `npm`. These will no' + # shellcheck disable=SC2016 + nvm_echo '=> longer be linked to the active version of Node when you install a new node' + # shellcheck disable=SC2016 + nvm_echo '=> with `nvm`; and they may (depending on how you construct your `$PATH`)' + # shellcheck disable=SC2016 + nvm_echo '=> override the binaries of modules installed with `nvm`:' + nvm_echo + + command printf %s\\n "$NPM_GLOBAL_MODULES" + nvm_echo '=> If you wish to uninstall them at a later point (or re-install them under your' + # shellcheck disable=SC2016 + nvm_echo '=> `nvm` Nodes), you can remove them from the system Node as follows:' + nvm_echo + nvm_echo ' $ nvm use system' + nvm_echo ' $ npm uninstall -g a_module' + nvm_echo + fi +} + +nvm_do_install() { + if [ -n "${NVM_DIR-}" ] && ! [ -d "${NVM_DIR}" ]; then + if [ -e "${NVM_DIR}" ]; then + nvm_echo >&2 "File \"${NVM_DIR}\" has the same name as installation directory." + exit 1 + fi + + if [ "${NVM_DIR}" = "$(nvm_default_install_dir)" ]; then + mkdir "${NVM_DIR}" + else + nvm_echo >&2 "You have \$NVM_DIR set to \"${NVM_DIR}\", but that directory does not exist. Check your profile files and environment." + exit 1 + fi + fi + if [ -z "${METHOD}" ]; then + # Autodetect install method + if nvm_has git; then + install_nvm_from_git + elif nvm_has nvm_download; then + install_nvm_as_script + else + nvm_echo >&2 'You need git, curl, or wget to install nvm' + exit 1 + fi + elif [ "${METHOD}" = 'git' ]; then + if ! nvm_has git; then + nvm_echo >&2 "You need git to install nvm" + exit 1 + fi + install_nvm_from_git + elif [ "${METHOD}" = 'script' ]; then + if ! nvm_has nvm_download; then + nvm_echo >&2 "You need curl or wget to install nvm" + exit 1 + fi + install_nvm_as_script + else + nvm_echo >&2 "The environment variable \$METHOD is set to \"${METHOD}\", which is not recognized as a valid installation method." + exit 1 + fi + + nvm_echo + + local NVM_PROFILE + NVM_PROFILE="$(nvm_detect_profile)" + local PROFILE_INSTALL_DIR + PROFILE_INSTALL_DIR="$(nvm_install_dir | command sed "s:^$HOME:\$HOME:")" + + SOURCE_STR="\\nexport NVM_DIR=\"${PROFILE_INSTALL_DIR}\"\\n[ -s \"\$NVM_DIR/nvm.sh\" ] && \\. \"\$NVM_DIR/nvm.sh\" # This loads nvm\\n" + + # shellcheck disable=SC2016 + COMPLETION_STR='[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion\n' + BASH_OR_ZSH=false + + if [ -z "${NVM_PROFILE-}" ] ; then + local TRIED_PROFILE + if [ -n "${PROFILE}" ]; then + TRIED_PROFILE="${NVM_PROFILE} (as defined in \$PROFILE), " + fi + nvm_echo "=> Profile not found. Tried ${TRIED_PROFILE-}~/.bashrc, ~/.bash_profile, ~/.zshrc, and ~/.profile." + nvm_echo "=> Create one of them and run this script again" + nvm_echo " OR" + nvm_echo "=> Append the following lines to the correct file yourself:" + command printf "${SOURCE_STR}" + nvm_echo + else + if nvm_profile_is_bash_or_zsh "${NVM_PROFILE-}"; then + BASH_OR_ZSH=true + fi + if ! command grep -qc '/nvm.sh' "$NVM_PROFILE"; then + nvm_echo "=> Appending nvm source string to $NVM_PROFILE" + command printf "${SOURCE_STR}" >> "$NVM_PROFILE" + else + nvm_echo "=> nvm source string already in ${NVM_PROFILE}" + fi + # shellcheck disable=SC2016 + if ${BASH_OR_ZSH} && ! command grep -qc '$NVM_DIR/bash_completion' "$NVM_PROFILE"; then + nvm_echo "=> Appending bash_completion source string to $NVM_PROFILE" + command printf "$COMPLETION_STR" >> "$NVM_PROFILE" + else + nvm_echo "=> bash_completion source string already in ${NVM_PROFILE}" + fi + fi + if ${BASH_OR_ZSH} && [ -z "${NVM_PROFILE-}" ] ; then + nvm_echo "=> Please also append the following lines to the if you are using bash/zsh shell:" + command printf "${COMPLETION_STR}" + fi + + # Source nvm + # shellcheck source=/dev/null + \. "$(nvm_install_dir)/nvm.sh" + + nvm_check_global_modules + + nvm_install_node + + nvm_reset + + nvm_echo "=> Close and reopen your terminal to start using nvm or run the following to use it now:" + command printf "${SOURCE_STR}" + if ${BASH_OR_ZSH} ; then + command printf "${COMPLETION_STR}" + fi +} + +# +# Unsets the various functions defined +# during the execution of the install script +# +nvm_reset() { + unset -f nvm_has nvm_install_dir nvm_latest_version nvm_profile_is_bash_or_zsh \ + nvm_source nvm_node_version nvm_download install_nvm_from_git nvm_install_node \ + install_nvm_as_script nvm_try_profile nvm_detect_profile nvm_check_global_modules \ + nvm_do_install nvm_reset nvm_default_install_dir nvm_grep +} + +[ "_$NVM_ENV" = "_testing" ] || nvm_do_install + +} # this ensures the entire script is downloaded # diff --git a/jwtsecret.hex b/jwtsecret.hex new file mode 100644 index 0000000000..a18873cba6 --- /dev/null +++ b/jwtsecret.hex @@ -0,0 +1 @@ +d3544df446c697eb2fd8a956792e03f2d5602625eca55d79d473ecaa6c752fff \ No newline at end of file