Skip to content

Add gosec

Add gosec #310

Workflow file for this run

name: ci
on:
push:
branches:
- '**'
concurrency:
group: ci-${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
jobs:
lint_test:
uses: babylonlabs-io/.github/.github/workflows/reusable_go_lint_test.yml@hiep/add-gosec
secrets: inherit
with:
run-unit-tests: true
run-integration-tests: false
run-lint: true
run-build: true
run-gosec: true
docker_pipeline:
uses: babylonlabs-io/.github/.github/workflows/reusable_docker_pipeline.yml@hiep/add-gosec
secrets: inherit
with:
publish: false
dockerfile: ./contrib/images/babylond/Dockerfile
repoName: babylond
###############################################################################
### E2E ###
###############################################################################
e2e-docker-build-babylon:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build docker babylond
run: |
make -C contrib/images babylond-e2e
- name: Docker save babylon
run: |
docker save -o /tmp/docker-babylond.tar.gz babylonlabs-io/babylond:latest
- name: Upload babylon artifact
uses: actions/upload-artifact@v4
with:
name: babylond-${{ github.sha }} # so it renovates at every new sha
path: /tmp/docker-babylond.tar.gz
e2e-docker-build-babylon-before-upgrade:
runs-on: ubuntu-22.04
steps:
# - name: Artifact babylond-before-upgrade exists # TODO: check why it doesn't work to load from older workflow runs .-.
# uses: xSAVIKx/artifact-exists-action@v0
# id: check-babylond-before-upgrade
# with:
# name: babylond-before-upgrade
- name: Checkout repository
uses: actions/checkout@v4
- name: Build docker babylond-before-upgrade
run: |
make -C contrib/images babylond-before-upgrade
- name: Docker save babylond-before-upgrade
run: |
docker save -o /tmp/docker-babylond-before-upgrade.tar.gz babylonlabs-io/babylond-before-upgrade:latest
- name: Upload babylond-before-upgrade artifact
uses: actions/upload-artifact@v4
with:
name: babylond-before-upgrade
path: /tmp/docker-babylond-before-upgrade.tar.gz
# retention-days: 90 active this back if artifact-exists-action works
e2e-docker-build-e2e-init-chain:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build docker init-chain
run: |
make -C contrib/images e2e-init-chain
- name: Docker save init-chain
run: |
docker save -o /tmp/docker-init-chain.tar.gz babylonlabs-io/babylond-e2e-init-chain:latest
- name: Upload init-chain artifact
uses: actions/upload-artifact@v4
with:
name: init-chain
path: /tmp/docker-init-chain.tar.gz
# retention-days: 90
e2e-run-ibc-transfer:
needs: [e2e-docker-build-babylon]
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download babylon artifact
uses: actions/download-artifact@v4
with:
name: babylond-${{ github.sha }}
path: /tmp
- name: Docker load babylond
run: |
docker load < /tmp/docker-babylond.tar.gz
- name: Login to Docker Hub # load hermes
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Run e2e TestIBCTranferTestSuite
run: |
make test-e2e-cache-ibc-transfer
e2e-run-btc-timestamping:
needs: [e2e-docker-build-babylon]
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download babylon artifact
uses: actions/download-artifact@v4
with:
name: babylond-${{ github.sha }}
path: /tmp
- name: Docker load babylond
run: |
docker load < /tmp/docker-babylond.tar.gz
- name: Cache Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Run e2e TestBTCTimestampingTestSuite
run: |
make test-e2e-cache-btc-timestamping
e2e-run-btc-timestamping-phase-2-hermes:
needs: [e2e-docker-build-babylon]
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download babylon artifact
uses: actions/download-artifact@v4
with:
name: babylond-${{ github.sha }}
path: /tmp
- name: Docker load babylond
run: |
docker load < /tmp/docker-babylond.tar.gz
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Run e2e TestBTCTimestampingPhase2HermesTestSuite
run: |
make test-e2e-cache-btc-timestamping-phase-2-hermes
e2e-run-btc-timestamping-phase-2-rly:
needs: [e2e-docker-build-babylon]
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download babylon artifact
uses: actions/download-artifact@v4
with:
name: babylond-${{ github.sha }}
path: /tmp
- name: Docker load babylond
run: |
docker load < /tmp/docker-babylond.tar.gz
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Run e2e TestBTCTimestampingPhase2RlyTestSuite
run: |
make test-e2e-cache-btc-timestamping-phase-2-rly
e2e-run-btc-staking:
needs: [e2e-docker-build-babylon]
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download babylon artifact
uses: actions/download-artifact@v4
with:
name: babylond-${{ github.sha }}
path: /tmp
- name: Docker load babylond
run: |
docker load < /tmp/docker-babylond.tar.gz
- name: Cache Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Run e2e TestBTCStakingTestSuite
run: |
make test-e2e-cache-btc-staking
e2e-run-upgrade-signet:
needs: [e2e-docker-build-babylon, e2e-docker-build-babylon-before-upgrade, e2e-docker-build-e2e-init-chain]
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Download babylon artifact
uses: actions/download-artifact@v4
with:
name: babylond-${{ github.sha }}
path: /tmp
- name: Download babylond-before-upgrade artifact
uses: actions/download-artifact@v4
with:
name: babylond-before-upgrade
path: /tmp
- name: Download init-chain artifact
uses: actions/download-artifact@v4
with:
name: init-chain
path: /tmp
- name: Docker load babylond
run: |
docker load < /tmp/docker-babylond.tar.gz
- name: Docker load babylond-before-upgrade
run: |
docker load < /tmp/docker-babylond-before-upgrade.tar.gz
- name: Docker load init chain
run: |
docker load < /tmp/docker-init-chain.tar.gz
- name: Cache Go
uses: actions/setup-go@v5
with:
go-version: 1.21
- name: Run e2e TestSoftwareUpgradeSignetLaunchTestSuite
run: |
sudo make test-e2e-cache-upgrade-signet