Merge branch 'develop' into update-deps-11-1-24

.github/workflows/auto-release.yml

@@ -19,7 +19,7 @@ jobs:
         uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Need PACKAGE_ADMIN_PAT token so when the tag is created, the tag automation runs
           token: ${{ secrets.PACKAGE_ADMIN_PAT }}
@@ -51,7 +51,7 @@ jobs:
           fi
 
       - name: Checkout develop branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Need PACKAGE_ADMIN_PAT token so when the tag is created, the tag automation runs
           token: ${{ secrets.PACKAGE_ADMIN_PAT }}

.github/workflows/build.yaml

@@ -41,10 +41,10 @@ jobs:
         uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node 20.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: '20.16'
 
@@ -82,9 +82,20 @@ jobs:
       - name: Copy sqlite3
         run: cp ${{ matrix.sqlite-path }}node_sqlite3.node ./dist/
 
+      - name: Test for secrets access
+        id: check_secrets
+        shell: bash
+        run: |
+          unset HAS_SIGNING_SECRET
+
+          if [ -n "$SIGNING_SECRET" ]; then HAS_SIGNING_SECRET='true' ; fi
+          echo "HAS_SIGNING_SECRET=${HAS_SIGNING_SECRET}" >> "$GITHUB_OUTPUT"
+        env:
+          SIGNING_SECRET: "${{ secrets.SM_CLIENT_CERT_FILE_B64 }}"
+
       # Windows Code Signing
       - name: Sign windows artifacts
-        if: matrix.runs-on == 'windows-2019'
+        if: matrix.runs-on == 'windows-2019' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
         uses: chia-network/actions/digicert/windows-sign@main
         with:
           sm_api_key: ${{ secrets.SM_API_KEY }}
@@ -95,36 +106,48 @@ jobs:
 
       # Mac .pkg build + sign
       - name: Import Apple installer signing certificate
-        if: matrix.runs-on == 'macos-latest'
-        uses: Apple-Actions/import-codesign-certs@v1
+        if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
+        uses: Apple-Actions/import-codesign-certs@v3
         with:
           keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
           p12-file-base64: ${{ secrets.APPLE_DEV_ID_INSTALLER }}
           p12-password: ${{ secrets.APPLE_DEV_ID_INSTALLER_PASS }}
 
       - name: Import Apple Application signing certificate
-        if: matrix.runs-on == 'macos-latest'
-        uses: Apple-Actions/import-codesign-certs@v1
+        if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
+        uses: Apple-Actions/import-codesign-certs@v3
         with:
           create-keychain: false # Created when importing the first cert
           keychain-password: ${{ secrets.KEYCHAIN_PASSWORD }}
           p12-file-base64: ${{ secrets.APPLE_DEV_ID_APP }}
           p12-password: ${{ secrets.APPLE_DEV_ID_APP_PASS }}
 
-      - name: Build Mac .pkg
+      - name: Prep building Mac .pkg
         if: matrix.runs-on == 'macos-latest'
         run: |
           rm -rf ${{ github.workspace }}/build-scripts/macos/darwin/application || true
           cp -r ${{ github.workspace }}/dist ${{ github.workspace }}/build-scripts/macos/application
 
+      - name: Sign Mac binaries
+        if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
+        run: |
           echo "Signing the binaries"
           codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp --options=runtime --entitlements ${{ github.workspace }}/build-scripts/macos/entitlements.mac.plist ${{ github.workspace }}/build-scripts/macos/application/cadt
           codesign -f -s "Developer ID Application: Chia Network Inc." --timestamp ${{ github.workspace }}/build-scripts/macos/application/node_sqlite3.node
 
+      - name: Build Mac .pkg
+        if: matrix.runs-on == 'macos-latest'
+        run: |
           # Makes the .pkg in ./build-scripts/macos/target/pkg
           echo "Building the .pkg"
           bash ${{ github.workspace }}/build-scripts/macos/build-macos.sh CADT
 
+          mkdir -p ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload
+          cp ${{ github.workspace }}/build-scripts/macos/target/pkg/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/CADT-macos-installer-x64.pkg
+
+      - name: Notarize Mac .pkg
+        if: matrix.runs-on == 'macos-latest' && steps.check_secrets.outputs.HAS_SIGNING_SECRET
+        run: |
           mkdir -p ${{ github.workspace }}/build-scripts/macos/target/pkg-signed
 
           echo "Signing the .pkg"
@@ -138,12 +161,15 @@ jobs:
           --team-id "${{ secrets.APPLE_TEAM_ID }}" \
           "${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg"
 
+          rm -f ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/*
+          mv ${{ github.workspace }}/build-scripts/macos/target/pkg-signed/CADT-macos-installer-x64.pkg ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload/
+
       - name: Upload Mac Installer
         if: matrix.runs-on == 'macos-latest'
         uses: actions/upload-artifact@v3
         with:
           name: cadt-mac-installer
-          path: ${{ github.workspace }}/build-scripts/macos/target/pkg-signed
+          path: ${{ github.workspace }}/build-scripts/macos/target/ready-to-upload
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v3
@@ -156,14 +182,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: arm64
 
       - uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Determine npm cache key
         id: npm-cache
@@ -172,7 +198,7 @@ jobs:
           echo "CACHE_KEY=$CACHE_KEY" >> $GITHUB_OUTPUT
 
       - name: Setup NPM Cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: node_modules
           key: ${{ steps.npm-cache.outputs.CACHE_KEY }}
@@ -207,7 +233,7 @@ jobs:
             platform: arm64
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Download Linux artifacts
         uses: actions/download-artifact@v3
@@ -292,7 +318,7 @@ jobs:
           zip -r cadt-linux-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip cadt-linux-x64
 
       - name: Release
-        uses: softprops/action-gh-release@v0.1.15
+        uses: softprops/action-gh-release@v2.0.9
         with:
           files: |
             cadt-windows-x64-${{ steps.tag-name.outputs.TAGNAME }}.zip

.github/workflows/ensure-version-increment.yml

@@ -19,12 +19,12 @@ jobs:
       - uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: branch-repo
 
       - name: Checkout main
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: main
           path: main-repo

.github/workflows/tests.yaml

@@ -19,7 +19,7 @@ jobs:
       - uses: Chia-Network/actions/clean-workspace@main
 
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Ignore Husky
         run: npm pkg delete scripts.prepare

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cadt",
-  "version": "1.7.18",
+  "version": "1.7.19",
   "_comment": "DONT CHANGE MAJOR UNLESS DATAMODEL CHANGES: The major version corresponds to the datamodel version your using, so 2.0.0 means it'll use datamodel v2",
   "private": true,
   "bin": "build/server.js",

src/models/governance/governance.model.js

@@ -30,7 +30,7 @@ class Governance extends Model {
     const governanceVersionId = await datalayer.createDataLayerStore();
 
     const revertOrganizationIfFailed = async () => {
-      logger.info('Reverting Failed Governance Body Creation');
+      logger.warn('Reverting Failed Governance Body Creation');
       await Meta.destroy({ where: { metaKey: 'governanceBodyId' } });
     };
 
@@ -44,7 +44,6 @@ class Governance extends Model {
     );
 
     const onConfirm = async () => {
-      logger.info('Organization confirmed, you are ready to go');
       await Meta.upsert({
         metaKey: 'governanceBodyId',
         metaValue: governanceVersionId,
@@ -53,6 +52,7 @@ class Governance extends Model {
         metaKey: 'mainGoveranceBodyId',
         metaValue: governanceBodyId,
       });
+      logger.info('Governance body confirmed, you are ready to go');
     };
 
     if (!USE_SIMULATOR) {

src/tasks/mirror-check.js

@@ -1,5 +1,5 @@
 import { SimpleIntervalJob, Task } from 'toad-scheduler';
-import { Organization } from '../models';
+import { Meta, Organization } from '../models';
 import {
   assertDataLayerAvailable,
   assertWalletIsSynced,
@@ -8,8 +8,10 @@ import { logger } from '../config/logger.js';
 import { getConfig } from '../utils/config-loader';
 import { getMirrorUrl } from '../utils/datalayer-utils';
 import dotenv from 'dotenv';
+import datalayer from '../datalayer';
 
-const CONFIG = getConfig().APP;
+const APP_CONFIG = getConfig().APP;
+const GOVERNANCE_CONFIG = getConfig().GOVERNANCE;
 dotenv.config();
 
 // This task checks if there are any mirrors that have not been properly mirrored and then mirrors them if not
@@ -20,43 +22,90 @@ const task = new Task('mirror-check', async () => {
     await assertWalletIsSynced();
 
     // Default AUTO_MIRROR_EXTERNAL_STORES to true if it is null or undefined
-    const shouldMirror = CONFIG?.AUTO_MIRROR_EXTERNAL_STORES ?? true;
+    const shouldMirror = APP_CONFIG?.AUTO_MIRROR_EXTERNAL_STORES ?? true;
 
-    if (!CONFIG.USE_SIMULATOR && shouldMirror) {
-      runMirrorCheck();
+    if (!APP_CONFIG.USE_SIMULATOR && shouldMirror) {
+      await runMirrorCheck();
     }
   } catch (error) {
     logger.error(
-      `Retrying in ${CONFIG?.TASKS?.MIRROR_CHECK_TASK_INTERVAL || 300} seconds`,
+      `Retrying in ${APP_CONFIG?.TASKS?.MIRROR_CHECK_TASK_INTERVAL || 300} seconds`,
       error,
     );
   }
 });
 
 const job = new SimpleIntervalJob(
   {
-    seconds: CONFIG?.TASKS?.MIRROR_CHECK_TASK_INTERVAL || 300,
+    seconds: APP_CONFIG?.TASKS?.MIRROR_CHECK_TASK_INTERVAL || 300,
     runImmediately: true,
   },
   task,
   { id: 'mirror-check', preventOverrun: true },
 );
 
 const runMirrorCheck = async () => {
+  const mirrorUrl = await getMirrorUrl();
+
+  if (!mirrorUrl) {
+    logger.info(
+      'DATALAYER_FILE_SERVER_URL not set, skipping mirror announcements',
+    );
+    return;
+  }
+
+  // get governance info if governance node
+  const governanceOrgUidResult = await Meta.findOne({
+    where: { metaKey: 'governanceBodyId' },
+    attributes: ['metaValue'],
+    raw: true,
+  });
+  const governanceRegistryIdResult = await Meta.findOne({
+    where: { metaKey: 'mainGoveranceBodyId' },
+    attributes: ['metaValue'],
+    raw: true,
+  });
+
+  if (
+    governanceOrgUidResult?.metaValue &&
+    governanceRegistryIdResult?.metaValue
+  ) {
+    // add governance mirrors if instance is governance
+    // There is logic within the addMirror function to check if the mirror already exists
+    await Organization.addMirror(
+      governanceOrgUidResult?.metaValue,
+      mirrorUrl,
+      true,
+    );
+    await Organization.addMirror(
+      governanceRegistryIdResult?.metaValue,
+      mirrorUrl,
+      true,
+    );
+  } else if (GOVERNANCE_CONFIG?.GOVERNANCE_BODY_ID) {
+    const governanceStoreValue = await datalayer.getSubscribedStoreData(
+      GOVERNANCE_CONFIG.GOVERNANCE_BODY_ID,
+    );
+
+    if (governanceStoreValue?.v1) {
+      // add governance mirrors if non-governance instance
+      await Organization.addMirror(
+        GOVERNANCE_CONFIG.GOVERNANCE_BODY_ID,
+        mirrorUrl,
+        true,
+      );
+      await Organization.addMirror(governanceStoreValue.v1, mirrorUrl, true);
+    } else {
+      logger.warn('error adding governance mirrors');
+    }
+  }
+
   const organizations = await Organization.getOrgsMap();
   const orgs = Object.keys(organizations);
   for (const org of orgs) {
     const orgData = organizations[org];
-    const mirrorUrl = await getMirrorUrl();
-    if (mirrorUrl) {
-      // There is logic within the addMirror function to check if the mirror already exists
-      await Organization.addMirror(orgData.orgUid, mirrorUrl, true);
-      await Organization.addMirror(orgData.registryId, mirrorUrl, true);
-    } else {
-      logger.info(
-        'DATALAYER_FILE_SERVER_URL not set, skipping mirror announcement',
-      );
-    }
+    await Organization.addMirror(orgData.orgUid, mirrorUrl, true);
+    await Organization.addMirror(orgData.registryId, mirrorUrl, true);
   }
 };