Skip to content

Commit

Permalink
Konradstaniec/add remote signer module (#33)
Browse files Browse the repository at this point in the history
* Add remote signer module

* run tests through root make file

* Adapt signer to phase-2

* add cosmos keyring

* add change log

* pr comments

* Make gosec work

* minor fixes
  • Loading branch information
KonradStaniec authored Nov 21, 2024
1 parent a07b496 commit 1717509
Show file tree
Hide file tree
Showing 44 changed files with 4,800 additions and 2 deletions.
22 changes: 21 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
run-lint: true
run-build: true
run-gosec: true
gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil ./..."
gosec-args: "-exclude-generated -exclude-dir=itest -exclude-dir=testutil -exclude-dir=covenant-signer ./..."

docker_pipeline:
uses: babylonlabs-io/.github/.github/workflows/[email protected]
Expand All @@ -25,3 +25,23 @@ jobs:
publish: false
dockerfile: ./Dockerfile
repoName: covenant-emulator

go_sec_covenant_signer:
runs-on: ubuntu-24.04
env:
GO111MODULE: on
steps:
- name: Fetch Repository
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: '^1.23.x'
check-latest: true
cache: false
- name: Install Gosec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run Gosec (covenant-signer)
working-directory: ./covenant-signer
run: gosec ./...

3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)

## Unreleased

* [#33](https://github.com/babylonlabs-io/covenant-emulator/pull/33) Add remote
signer sub module

## v0.8.0

### Bug fixes
Expand Down
4 changes: 3 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,12 @@ build-docker:

test:
go test ./...
cd covenant-signer; go test ./...

test-e2e:
cd $(TOOLS_DIR); go install -trimpath $(BABYLON_PKG)
go test -mod=readonly -timeout=25m -v $(PACKAGES_E2E) -count=1 --tags=e2e
cd covenant-signer; make test-e2e

mock-gen:
mkdir -p $(MOCKS_DIR)
Expand Down Expand Up @@ -125,4 +127,4 @@ release:
else
release:
@echo "Error: GITHUB_TOKEN is not defined. Please define it before running 'make release'."
endif
endif
34 changes: 34 additions & 0 deletions covenant-signer/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
FROM golang:1.23.1-alpine as builder

# Use muslc for static libs
ARG BUILD_TAGS="muslc"

RUN apk add --no-cache --update openssh git make build-base linux-headers libc-dev \
pkgconfig zeromq-dev musl-dev alpine-sdk libsodium-dev \
libzmq-static libsodium-static gcc

# Build
WORKDIR /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer
# Cache dependencies
COPY go.mod go.sum /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/
# Copy the rest of the files
COPY ./ /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/

RUN CGO_LDFLAGS="$CGO_LDFLAGS -lstdc++ -lm -lsodium" \
CGO_ENABLED=1 \
BUILD_TAGS=$BUILD_TAGS \
LINK_STATICALLY=true \
make build

# FINAL IMAGE
FROM alpine:3.16 AS run

RUN addgroup --gid 1138 -S covenant-signer && adduser --uid 1138 -S covenant-signer -G covenant-signer

RUN apk add bash curl jq

COPY --from=builder /go/src/github.com/babylonlabs-io/covenant-emulator/covenant-signer/build/covenant-signer /bin/covenant-signer

WORKDIR /home/covenant-signer
RUN chown -R covenant-signer /home/covenant-signer
USER covenant-signer
41 changes: 41 additions & 0 deletions covenant-signer/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
DOCKER = $(shell which docker)
BUILDDIR ?= $(CURDIR)/build

PACKAGES_E2E=$(shell go list ./... | grep '/itest')

ldflags := $(LDFLAGS)
build_tags := $(BUILD_TAGS)
build_args := $(BUILD_ARGS)

ifeq ($(VERBOSE),true)
build_args += -v
endif

ifeq ($(LINK_STATICALLY),true)
ldflags += -linkmode=external -extldflags "-Wl,-z,muldefs -static" -v
endif

BUILD_TARGETS := build install
BUILD_FLAGS := --tags "$(build_tags)" --ldflags '$(ldflags)'

all: build install

build: BUILD_ARGS := $(build_args) -o $(BUILDDIR)

$(BUILD_TARGETS): go.sum $(BUILDDIR)/
go $@ -mod=readonly $(BUILD_FLAGS) $(BUILD_ARGS) ./...

$(BUILDDIR)/:
mkdir -p $(BUILDDIR)/

build-docker:
$(DOCKER) build --tag babylonlabs-io/covenant-signer -f Dockerfile \
$(shell git rev-parse --show-toplevel)

.PHONY: build build-docker install tests

test:
go test ./...

test-e2e:
go test -mod=readonly -timeout=25m -v $(PACKAGES_E2E) -count=1 --tags=e2e
32 changes: 32 additions & 0 deletions covenant-signer/cmd/dumpDefaultCfgCmd.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package cmd

import (
"fmt"

"github.com/babylonlabs-io/covenant-emulator/covenant-signer/config"
"github.com/spf13/cobra"
)

func init() {
rootCmd.AddCommand(dumpCfgCmd)
}

var dumpCfgCmd = &cobra.Command{
Use: "dump-cfg",
Short: "dumps default configuration file",
RunE: func(cmd *cobra.Command, args []string) error {
path, err := cmd.Flags().GetString(configPathKey)
if err != nil {
return err
}

err = config.WriteConfigToFile(path, config.DefaultConfig())

if err != nil {
return err
}

fmt.Printf("Default configuration file dumped to: %s \n", path)
return nil
},
}
39 changes: 39 additions & 0 deletions covenant-signer/cmd/root.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package cmd

import (
"path/filepath"

"github.com/btcsuite/btcd/btcutil"
"github.com/spf13/cobra"
)

var (
// Used for flags.
configPath string
configPathKey = "config"

rootCmd = &cobra.Command{
Use: "covenant-signer",
Short: "remote signing serivce to perform covenant duties",
}

// C:\Users\<username>\AppData\Local\signer on Windows
// ~/.signer on Linux
// ~/Library/Application Support/signer on MacOS
dafaultConfigDir = btcutil.AppDataDir("signer", false)
dafaultConfigPath = filepath.Join(dafaultConfigDir, "config.toml")
)

// Execute executes the root command.
func Execute() error {
return rootCmd.Execute()
}

func init() {
rootCmd.PersistentFlags().StringVar(
&configPath,
configPathKey,
dafaultConfigPath,
"path to the configuration file",
)
}
73 changes: 73 additions & 0 deletions covenant-signer/cmd/signerCmd.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
package cmd

import (
"fmt"

"github.com/spf13/cobra"

"github.com/babylonlabs-io/covenant-emulator/covenant-signer/config"
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/keystore/cosmos"
m "github.com/babylonlabs-io/covenant-emulator/covenant-signer/observability/metrics"
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/signerapp"
"github.com/babylonlabs-io/covenant-emulator/covenant-signer/signerservice"
)

func init() {
rootCmd.AddCommand(runSignerCmd)
}

var runSignerCmd = &cobra.Command{
Use: "start",
Short: "starts the signer service",
RunE: func(cmd *cobra.Command, args []string) error {
configPath, err := cmd.Flags().GetString(configPathKey)
if err != nil {
return err
}
cfg, err := config.GetConfig(configPath)
if err != nil {
return err
}

parsedConfig, err := cfg.Parse()

if err != nil {
return err
}

var prk signerapp.PrivKeyRetriever
if parsedConfig.KeyStoreConfig.KeyStoreType == config.CosmosKeyStore {
kr, err := cosmos.NewCosmosKeyringRetriever(parsedConfig.KeyStoreConfig.CosmosKeyStore)
if err != nil {
return err
}
prk = kr
} else {
return fmt.Errorf("unknown key store type")
}

app := signerapp.NewSignerApp(
prk,
)

metrics := m.NewCovenantSignerMetrics()

srv, err := signerservice.New(
cmd.Context(),
parsedConfig,
app,
metrics,
)

if err != nil {
return err
}

metricsAddress := fmt.Sprintf("%s:%d", cfg.Metrics.Host, cfg.Metrics.Port)

m.Start(metricsAddress, metrics.Registry)

// TODO: Add signal handling and gracefull shutdown
return srv.Start()
},
}
Loading

0 comments on commit 1717509

Please sign in to comment.