From b9773297f9f989340cb3020d1fab4cdd8960fd97 Mon Sep 17 00:00:00 2001
From: Peter Somogyvari <peter.somogyvari@accenture.com>
Date: Fri, 8 Mar 2024 21:55:50 -0800
Subject: [PATCH] test: retire npm-test-registry and whitepaper builder images

1. They have vulnerabilities that are non-trivial effort to fix.
2. We haven't used them in a while so it makes sense for them to retire.
3. We can put them back in action whenever they become needed again,
they'll always be available in the git commit log.
4. This saves on CI resources which is something we are short on and
constantly need to optimize further.

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
---
 .../workflows/cactus-whitepaper-publish.yaml  | 60 -------------------
 .github/workflows/ci.yaml                     | 30 ----------
 .../workflows/test-npm-registry-publish.yaml  | 60 -------------------
 tools/docker/test-npm-registry/Dockerfile     |  3 -
 tools/docker/test-npm-registry/README.md      | 40 -------------
 tools/docker/test-npm-registry/config.yaml    | 54 -----------------
 6 files changed, 247 deletions(-)
 delete mode 100644 .github/workflows/cactus-whitepaper-publish.yaml
 delete mode 100644 .github/workflows/test-npm-registry-publish.yaml
 delete mode 100644 tools/docker/test-npm-registry/Dockerfile
 delete mode 100644 tools/docker/test-npm-registry/README.md
 delete mode 100644 tools/docker/test-npm-registry/config.yaml

diff --git a/.github/workflows/cactus-whitepaper-publish.yaml b/.github/workflows/cactus-whitepaper-publish.yaml
deleted file mode 100644
index c4e7701098..0000000000
--- a/.github/workflows/cactus-whitepaper-publish.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-name: whitepaper-publish
-
-on:
-  push:
-    # Publish `main` as Docker `latest` image.
-    branches:
-      - main
-
-    # Publish `v1.2.3` tags as releases.
-    tags:
-      - v*
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-env:
-  IMAGE_NAME: cactus-whitepaper
-
-jobs:
-  # Push image to GitHub Packages.
-  # See also https://docs.docker.com/docker-hub/builds/
-  build-tag-push-container:
-    runs-on: ubuntu-20.04
-    env:
-      DOCKER_BUILDKIT: 1
-      DOCKERFILE_PATH: ./whitepaper/Dockerfile
-      DOCKER_BUILD_DIR: ./whitepaper/
-    permissions:
-      packages: write
-      contents: read
-
-    steps:
-      - uses: actions/checkout@v3.5.2
-
-      - name: Build image
-        run: docker build $DOCKER_BUILD_DIR --file $DOCKERFILE_PATH --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}"
-
-      - name: Log in to registry
-        # This is where you will update the PAT to GITHUB_TOKEN
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-
-      - name: Push image
-        run: |
-          SHORTHASH=$(git rev-parse --short "$GITHUB_SHA")
-          TODAYS_DATE="$(date +%F)"
-          DOCKER_TAG="$TODAYS_DATE-$SHORTHASH"
-          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
-          # Change all uppercase to lowercase
-          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-          # Do not use the `latest` tag at all, tag with date + git short hash if there is no git tag
-          [ "$VERSION" == "main" ] && VERSION=$DOCKER_TAG
-          echo IMAGE_ID=$IMAGE_ID
-          echo VERSION=$VERSION
-          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
-          docker push $IMAGE_ID:$VERSION
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5315eed85d..8867db4e1c 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -2358,36 +2358,6 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
-  ghcr-test-npm-registry:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3.5.2
-      - name: ghcr.io/hyperledger/cactus-test-npm-registry
-        run: DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -f ./tools/docker/test-npm-registry/Dockerfile -t cactus-test-npm-registry
-      - name: Run Trivy vulnerability scan for cactus-test-npm-registry
-        uses: aquasecurity/trivy-action@0.11.2
-        with:
-          image-ref: 'cactus-test-npm-registry'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
-  ghcr-whitepaper:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3.5.2
-      - name: ghcr.io/hyperledger/cactus-whitepaper
-        run: DOCKER_BUILDKIT=1 docker build ./whitepaper/ -f ./whitepaper/Dockerfile -t cactus-whitepaper
-      - name: Run Trivy vulnerability scan for cactus-whitepaper
-        uses: aquasecurity/trivy-action@0.11.2
-        with:
-          image-ref: 'cactus-whitepaper'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
 name: Cactus_CI
 'on':
   pull_request:
diff --git a/.github/workflows/test-npm-registry-publish.yaml b/.github/workflows/test-npm-registry-publish.yaml
deleted file mode 100644
index 9a02b60999..0000000000
--- a/.github/workflows/test-npm-registry-publish.yaml
+++ /dev/null
@@ -1,60 +0,0 @@
-name: test-npm-registry-publish
-
-on:
-  push:
-    # Publish `main` as Docker `latest` image.
-    branches:
-      - main
-
-    # Publish `v1.2.3` tags as releases.
-    tags:
-      - v*
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
-
-env:
-  IMAGE_NAME: cactus-test-npm-registry
-
-jobs:
-  # Push image to GitHub Packages.
-  # See also https://docs.docker.com/docker-hub/builds/
-  build-tag-push-container:
-    runs-on: ubuntu-20.04
-    env:
-      DOCKER_BUILDKIT: 1
-      DOCKERFILE_PATH: ./tools/docker/test-npm-registry/Dockerfile
-      DOCKER_BUILD_DIR: ./tools/docker/test-npm-registry/
-    permissions:
-      packages: write
-      contents: read
-
-    steps:
-      - uses: actions/checkout@v3.5.2
-
-      - name: Build image
-        run: docker build $DOCKER_BUILD_DIR --file $DOCKERFILE_PATH --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}"
-
-      - name: Log in to registry
-        # This is where you will update the PAT to GITHUB_TOKEN
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
-
-      - name: Push image
-        run: |
-          SHORTHASH=$(git rev-parse --short "$GITHUB_SHA")
-          TODAYS_DATE="$(date +%F)"
-          DOCKER_TAG="$TODAYS_DATE-$SHORTHASH"
-          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
-          # Change all uppercase to lowercase
-          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-          # Do not use the `latest` tag at all, tag with date + git short hash if there is no git tag
-          [ "$VERSION" == "main" ] && VERSION=$DOCKER_TAG
-          echo IMAGE_ID=$IMAGE_ID
-          echo VERSION=$VERSION
-          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
-          docker push $IMAGE_ID:$VERSION
diff --git a/tools/docker/test-npm-registry/Dockerfile b/tools/docker/test-npm-registry/Dockerfile
deleted file mode 100644
index 54df3fd89c..0000000000
--- a/tools/docker/test-npm-registry/Dockerfile
+++ /dev/null
@@ -1,3 +0,0 @@
-FROM verdaccio/verdaccio:5.16
-
-COPY ./config.yaml /verdaccio/conf/config.yaml
diff --git a/tools/docker/test-npm-registry/README.md b/tools/docker/test-npm-registry/README.md
deleted file mode 100644
index 4491c840b8..0000000000
--- a/tools/docker/test-npm-registry/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# test-npm-registry container image
-
-Used for locally verifying publishing commands before using them on npm publicly.
-The image is configured by default to not require any authentication at all and
-therefore it is a great fit for testing, but most never be used for production
-deployments of any kind.
-
-The reason why this image had to be created was because some of our packages
-that have front-end code embedded in them can take up more than 10MB in size
-and verdaccio by default does not allow bigger request payloads than that so
-we had to increase it to a higher limit via the configuration file `config.yaml`.
-
-## Usage
-
-1. Start the container and publish it's port `4873` to the host machine:
-    ```sh
-    docker run -it --rm --publish 4873:4873 ghcr.io/hyperledger/cactus-test-npm-registry:2021-12-20-81fd36c7
-    ```
-2. Verify a canary publish with this container instead of using npmjs.com
-by specifying the registry URL as http://localhost:4873 such as
-    ```sh
-    npx lerna publish \
-        --canary \
-        --force-publish \
-        --dist-tag $(git branch --show-current) \
-        --preid $(git branch --show-current).$(git rev-parse --short HEAD) \
-        --registry http://localhost:4873
-    ```
-
-## Build image locally:
-
-```sh
-DOCKER_BUILDKIT=1 docker build ./tools/docker/test-npm-registry/ -t ctnr
-```
-
-## Run image locally
-
-```sh
-docker run -it --rm --publish 4873:4873 ctnr
-```
diff --git a/tools/docker/test-npm-registry/config.yaml b/tools/docker/test-npm-registry/config.yaml
deleted file mode 100644
index 300106142d..0000000000
--- a/tools/docker/test-npm-registry/config.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-#
-# This is the config file used for the docker images.
-# It allows all users to do anything, so don't use it on production systems.
-#
-# Do not configure host and port under `listen` in this file
-# as it will be ignored when using docker.
-# see https://github.com/verdaccio/verdaccio/blob/verdaccio%406.0.0-6-next.24/website/docs/docker.md
-#
-
-# The only reason why we need a custom built docker image is because there is
-# no way to configure the existing container images to have a max body size
-# higher than the default 10 MB without mounting a volume with a config file
-max_body_size: 1000mb
-
-# path to a directory with all packages
-storage: /verdaccio/storage
-
-# a list of other known repositories we can talk to
-uplinks:
-  npmjs:
-    url: https://registry.npmjs.org/
-
-packages:
-  '@scope/*':
-    # scoped packages
-    access: $all
-    publish: $all
-    proxy: npmjs
-  '@*/*':
-    # scoped packages
-    access: $all
-    publish: $all
-    proxy: npmjs
-  '**':
-    # allow all users (including non-authenticated users) to read and
-    # publish all packages
-    #
-    # you can specify usernames/groupnames (depending on your auth plugin)
-    # and three keywords: "$all", "$anonymous", "$authenticated"
-    access: $all
-
-    # allow anyone to publish packages so there is no need to register a user
-    publish: $all
-
-    # if package is not available locally, proxy requests to 'npmjs' registry
-    proxy: npmjs
-
-# log settings
-logs:
-  - { type: stdout, format: pretty, level: trace }
-  #- {type: file, path: verdaccio.log, level: info}
-
-listen:
-  - 0.0.0.0:4873
\ No newline at end of file